(mellow music) >> Hello everyone, welcome to theCUBE's coverage of AWS Startup Showcase. This is the closing panel session on AI machine learning, the top startups generating generative AI on AWS. It's a great panel. This is going to be the experts talking about riding the wave in generative AI. We got Ankur Mehrotra, who's the director and general manager of AI and machine learning at AWS, and Clem Delangue, co-founder and CEO of Hugging Face, and Ori Goshen, who's the co-founder and CEO of AI21 Labs. Ori from Tel Aviv dialing in, and rest coming in here on theCUBE. Appreciate you coming on for this closing session for the Startup Showcase. >> Thanks for having us. >> Thank you for having us. >> Thank you. >> I'm super excited to have you all on. Hugging Face was recently in the news with the AWS relationship, so congratulations. Open source, open science, really driving the machine learning. And we got the AI21 Labs access to the LLMs, generating huge scale live applications, commercial applications, coming to the market, all powered by AWS. So everyone, congratulations on all your success, and thank you for headlining this panel. Let's get right into it. AWS is powering this wave here. We're seeing a lot of push here from applications. Ankur, set the table for us on the AI machine learning. It's not new, it's been goin' on for a while. Past three years have been significant advancements, but there's been a lot of work done in AI machine learning. Now it's released to the public. Everybody's super excited and now says, "Oh, the future's here!" It's kind of been going on for a while and baking. Now it's kind of coming out. What's your view here? Let's get it started. >> Yes, thank you. So, yeah, as you may be aware, Amazon has been in investing in machine learning research and development since quite some time now. And we've used machine learning to innovate and improve user experiences across different Amazon products, whether it's Alexa or Amazon.com. But we've also brought in our expertise to extend what we are doing in the space and add more generative AI technology to our AWS products and services, starting with CodeWhisperer, which is an AWS service that we announced a few months ago, which is, you can think of it as a coding companion as a service, which uses generative AI models underneath. And so this is a service that customers who have no machine learning expertise can just use. And we also are talking to customers, and we see a lot of excitement about generative AI, and customers who want to build these models themselves, who have the talent and the expertise and resources. For them, AWS has a number of different options and capabilities they can leverage, such as our custom silicon, such as Trainium and Inferentia, as well as distributed machine learning capabilities that we offer as part of SageMaker, which is an end-to-end machine learning development service. At the same time, many of our customers tell us that they're interested in not training and building these generative AI models from scratch, given they can be expensive and can require specialized talent and skills to build. And so for those customers, we are also making it super easy to bring in existing generative AI models into their machine learning development environment within SageMaker for them to use. So we recently announced our partnership with Hugging Face, where we are making it super easy for customers to bring in those models into their SageMaker development environment for fine tuning and deployment. And then we are also partnering with other proprietary model providers such as AI21 and others, where we making these generative AI models available within SageMaker for our customers to use. So our approach here is to really provide customers options and choices and help them accelerate their generative AI journey. >> Ankur, thank you for setting the table there. Clem and Ori, I want to get your take, because the riding the waves, the theme of this session, and to me being in California, I imagine the big surf, the big waves, the big talent out there. This is like alpha geeks, alpha coders, developers are really leaning into this. You're seeing massive uptake from the smartest people. Whether they're young or around, they're coming in with their kind of surfboards, (chuckles) if you will. These early adopters, they've been on this for a while; Now the waves are hitting. This is a big wave, everyone sees it. What are some of those early adopter devs doing? What are some of the use cases you're seeing right out of the gate? And what does this mean for the folks that are going to come in and get on this wave? Can you guys share your perspective on this? Because you're seeing the best talent now leaning into this. >> Yeah, absolutely. I mean, from Hugging Face vantage points, it's not even a a wave, it's a tidal wave, or maybe even the tide itself. Because actually what we are seeing is that AI and machine learning is not something that you add to your products. It's very much a new paradigm to do all technology. It's this idea that we had in the past 15, 20 years, one way to build software and to build technology, which was writing a million lines of code, very rule-based, and then you get your product. Now what we are seeing is that every single product, every single feature, every single company is starting to adopt AI to build the next generation of technology. And that works both to make the existing use cases better, if you think of search, if you think of social network, if you think of SaaS, but also it's creating completely new capabilities that weren't possible with the previous paradigm. Now AI can generate text, it can generate image, it can describe your image, it can do so many new things that weren't possible before. >> It's going to really make the developers really productive, right? I mean, you're seeing the developer uptake strong, right? >> Yes, we have over 15,000 companies using Hugging Face now, and it keeps accelerating. I really think that maybe in like three, five years, there's not going to be any company not using AI. It's going to be really kind of the default to build all technology. >> Ori, weigh in on this. APIs, the cloud. Now I'm a developer, I want to have live applications, I want the commercial applications on this. What's your take? Weigh in here. >> Yeah, first, I absolutely agree. I mean, we're in the midst of a technology shift here. I think not a lot of people realize how big this is going to be. Just the number of possibilities is endless, and I think hard to imagine. And I don't think it's just the use cases. I think we can think of it as two separate categories. We'll see companies and products enhancing their offerings with these new AI capabilities, but we'll also see new companies that are AI first, that kind of reimagine certain experiences. They build something that wasn't possible before. And that's why I think it's actually extremely exciting times. And maybe more philosophically, I think now these large language models and large transformer based models are helping us people to express our thoughts and kind of making the bridge from our thinking to a creative digital asset in a speed we've never imagined before. I can write something down and get a piece of text, or an image, or a code. So I'll start by saying it's hard to imagine all the possibilities right now, but it's certainly big. And if I had to bet, I would say it's probably at least as big as the mobile revolution we've seen in the last 20 years. >> Yeah, this is the biggest. I mean, it's been compared to the Enlightenment Age. I saw the Wall Street Journal had a recent story on this. We've been saying that this is probably going to be bigger than all inflection points combined in the tech industry, given what transformation is coming. I guess I want to ask you guys, on the early adopters, we've been hearing on these interviews and throughout the industry that there's already a set of big companies, a set of companies out there that have a lot of data and they're already there, they're kind of tinkering. Kind of reminds me of the old hyper scaler days where they were building their own scale, and they're eatin' glass, spittin' nails out, you know, they're hardcore. Then you got everybody else kind of saying board level, "Hey team, how do I leverage this?" How do you see those two things coming together? You got the fast followers coming in behind the early adopters. What's it like for the second wave coming in? What are those conversations for those developers like? >> I mean, I think for me, the important switch for companies is to change their mindset from being kind of like a traditional software company to being an AI or machine learning company. And that means investing, hiring machine learning engineers, machine learning scientists, infrastructure in members who are working on how to put these models in production, team members who are able to optimize models, specialized models, customized models for the company's specific use cases. So it's really changing this mindset of how you build technology and optimize your company building around that. Things are moving so fast that I think now it's kind of like too late for low hanging fruits or small, small adjustments. I think it's important to realize that if you want to be good at that, and if you really want to surf this wave, you need massive investments. If there are like some surfers listening with this analogy of the wave, right, when there are waves, it's not enough just to stand and make a little bit of adjustments. You need to position yourself aggressively, paddle like crazy, and that's how you get into the waves. So that's what companies, in my opinion, need to do right now. >> Ori, what's your take on the generative models out there? We hear a lot about foundation models. What's your experience running end-to-end applications for large foundation models? Any insights you can share with the app developers out there who are looking to get in? >> Yeah, I think first of all, it's start create an economy, where it probably doesn't make sense for every company to create their own foundation models. You can basically start by using an existing foundation model, either open source or a proprietary one, and start deploying it for your needs. And then comes the second round when you are starting the optimization process. You bootstrap, whether it's a demo, or a small feature, or introducing new capability within your product, and then start collecting data. That data, and particularly the human feedback data, helps you to constantly improve the model, so you create this data flywheel. And I think we're now entering an era where customers have a lot of different choice of how they want to start their generative AI endeavor. And it's a good thing that there's a variety of choices. And the really amazing thing here is that every industry, any company you speak with, it could be something very traditional like industrial or financial, medical, really any company. I think peoples now start to imagine what are the possibilities, and seriously think what's their strategy for adopting this generative AI technology. And I think in that sense, the foundation model actually enabled this to become scalable. So the barrier to entry became lower; Now the adoption could actually accelerate. >> There's a lot of integration aspects here in this new wave that's a little bit different. Before it was like very monolithic, hardcore, very brittle. A lot more integration, you see a lot more data coming together. I have to ask you guys, as developers come in and grow, I mean, when I went to college and you were a software engineer, I mean, I got a degree in computer science, and software engineering, that's all you did was code, (chuckles) you coded. Now, isn't it like everyone's a machine learning engineer at this point? Because that will be ultimately the science. So, (chuckles) you got open source, you got open software, you got the communities. Swami called you guys the GitHub of machine learning, Hugging Face is the GitHub of machine learning, mainly because that's where people are going to code. So this is essentially, machine learning is computer science. What's your reaction to that? >> Yes, my co-founder Julien at Hugging Face have been having this thing for quite a while now, for over three years, which was saying that actually software engineering as we know it today is a subset of machine learning, instead of the other way around. People would call us crazy a few years ago when we're seeing that. But now we are realizing that you can actually code with machine learning. So machine learning is generating code. And we are starting to see that every software engineer can leverage machine learning through open models, through APIs, through different technology stack. So yeah, it's not crazy anymore to think that maybe in a few years, there's going to be more people doing AI and machine learning. However you call it, right? Maybe you'll still call them software engineers, maybe you'll call them machine learning engineers. But there might be more of these people in a couple of years than there is software engineers today. >> I bring this up as more tongue in cheek as well, because Ankur, infrastructure's co is what made Cloud great, right? That's kind of the DevOps movement. But here the shift is so massive, there will be a game-changing philosophy around coding. Machine learning as code, you're starting to see CodeWhisperer, you guys have had coding companions for a while on AWS. So this is a paradigm shift. How is the cloud playing into this for you guys? Because to me, I've been riffing on some interviews where it's like, okay, you got the cloud going next level. This is an example of that, where there is a DevOps-like moment happening with machine learning, whether you call it coding or whatever. It's writing code on its own. Can you guys comment on what this means on top of the cloud? What comes out of the scale? What comes out of the benefit here? >> Absolutely, so- >> Well first- >> Oh, go ahead. >> Yeah, so I think as far as scale is concerned, I think customers are really relying on cloud to make sure that the applications that they build can scale along with the needs of their business. But there's another aspect to it, which is that until a few years ago, John, what we saw was that machine learning was a data scientist heavy activity. They were data scientists who were taking the data and training models. And then as machine learning found its way more and more into production and actual usage, we saw the MLOps become a thing, and MLOps engineers become more involved into the process. And then we now are seeing, as machine learning is being used to solve more business critical problems, we're seeing even legal and compliance teams get involved. We are seeing business stakeholders more engaged. So, more and more machine learning is becoming an activity that's not just performed by data scientists, but is performed by a team and a group of people with different skills. And for them, we as AWS are focused on providing the best tools and services for these different personas to be able to do their job and really complete that end-to-end machine learning story. So that's where, whether it's tools related to MLOps or even for folks who cannot code or don't know any machine learning. For example, we launched SageMaker Canvas as a tool last year, which is a UI-based tool which data analysts and business analysts can use to build machine learning models. So overall, the spectrum in terms of persona and who can get involved in the machine learning process is expanding, and the cloud is playing a big role in that process. >> Ori, Clem, can you guys weigh in too? 'Cause this is just another abstraction layer of scale. What's it mean for you guys as you look forward to your customers and the use cases that you're enabling? >> Yes, I think what's important is that the AI companies and providers and the cloud kind of work together. That's how you make a seamless experience and you actually reduce the barrier to entry for this technology. So that's what we've been super happy to do with AWS for the past few years. We actually announced not too long ago that we are doubling down on our partnership with AWS. We're excited to have many, many customers on our shared product, the Hugging Face deep learning container on SageMaker. And we are working really closely with the Inferentia team and the Trainium team to release some more exciting stuff in the coming weeks and coming months. So I think when you have an ecosystem and a system where the AWS and the AI providers, AI startups can work hand in hand, it's to the benefit of the customers and the companies, because it makes it orders of magnitude easier for them to adopt this new paradigm to build technology AI. >> Ori, this is a scale on reasoning too. The data's out there and making sense out of it, making it reason, getting comprehension, having it make decisions is next, isn't it? And you need scale for that. >> Yes. Just a comment about the infrastructure side. So I think really the purpose is to streamline and make these technologies much more accessible. And I think we'll see, I predict that we'll see in the next few years more and more tooling that make this technology much more simple to consume. And I think it plays a very important role. There's so many aspects, like the monitoring the models and their kind of outputs they produce, and kind of containing and running them in a production environment. There's so much there to build on, the infrastructure side will play a very significant role. >> All right, that's awesome stuff. I'd love to change gears a little bit and get a little philosophy here around AI and how it's going to transform, if you guys don't mind. There's been a lot of conversations around, on theCUBE here as well as in some industry areas, where it's like, okay, all the heavy lifting is automated away with machine learning and AI, the complexity, there's some efficiencies, it's horizontal and scalable across all industries. Ankur, good point there. Everyone's going to use it for something. And a lot of stuff gets brought to the table with large language models and other things. But the key ingredient will be proprietary data or human input, or some sort of AI whisperer kind of role, or prompt engineering, people are saying. So with that being said, some are saying it's automating intelligence. And that creativity will be unleashed from this. If the heavy lifting goes away and AI can fill the void, that shifts the value to the intellect or the input. And so that means data's got to come together, interact, fuse, and understand each other. This is kind of new. I mean, old school AI was, okay, got a big model, I provisioned it long time, very expensive. Now it's all free flowing. Can you guys comment on where you see this going with this freeform, data flowing everywhere, heavy lifting, and then specialization? >> Yeah, I think- >> Go ahead. >> Yeah, I think, so what we are seeing with these large language models or generative models is that they're really good at creating stuff. But I think it's also important to recognize their limitations. They're not as good at reasoning and logic. And I think now we're seeing great enthusiasm, I think, which is justified. And the next phase would be how to make these systems more reliable. How to inject more reasoning capabilities into these models, or augment with other mechanisms that actually perform more reasoning so we can achieve more reliable results. And we can count on these models to perform for critical tasks, whether it's medical tasks, legal tasks. We really want to kind of offload a lot of the intelligence to these systems. And then we'll have to get back, we'll have to make sure these are reliable, we'll have to make sure we get some sort of explainability that we can understand the process behind the generated results that we received. So I think this is kind of the next phase of systems that are based on these generated models. >> Clem, what's your view on this? Obviously you're at open community, open source has been around, it's been a great track record, proven model. I'm assuming creativity's going to come out of the woodwork, and if we can automate open source contribution, and relationships, and onboarding more developers, there's going to be unleashing of creativity. >> Yes, it's been so exciting on the open source front. We all know Bert, Bloom, GPT-J, T5, Stable Diffusion, that work up. The previous or the current generation of open source models that are on Hugging Face. It has been accelerating in the past few months. So I'm super excited about ControlNet right now that is really having a lot of impact, which is kind of like a way to control the generation of images. Super excited about Flan UL2, which is like a new model that has been recently released and is open source. So yeah, it's really fun to see the ecosystem coming together. Open source has been the basis for traditional software, with like open source programming languages, of course, but also all the great open source that we've gotten over the years. So we're happy to see that the same thing is happening for machine learning and AI, and hopefully can help a lot of companies reduce a little bit the barrier to entry. So yeah, it's going to be exciting to see how it evolves in the next few years in that respect. >> I think the developer productivity angle that's been talked about a lot in the industry will be accelerated significantly. I think security will be enhanced by this. I think in general, applications are going to transform at a radical rate, accelerated, incredible rate. So I think it's not a big wave, it's the water, right? I mean, (chuckles) it's the new thing. My final question for you guys, if you don't mind, I'd love to get each of you to answer the question I'm going to ask you, which is, a lot of conversations around data. Data infrastructure's obviously involved in this. And the common thread that I'm hearing is that every company that looks at this is asking themselves, if we don't rebuild our company, start thinking about rebuilding our business model around AI, we might be dinosaurs, we might be extinct. And it reminds me that scene in Moneyball when, at the end, it's like, if we're not building the model around your model, every company will be out of business. What's your advice to companies out there that are having those kind of moments where it's like, okay, this is real, this is next gen, this is happening. I better start thinking and putting into motion plans to refactor my business, 'cause it's happening, business transformation is happening on the cloud. This kind of puts an exclamation point on, with the AI, as a next step function. Big increase in value. So it's an opportunity for leaders. Ankur, we'll start with you. What's your advice for folks out there thinking about this? Do they put their toe in the water? Do they jump right into the deep end? What's your advice? >> Yeah, John, so we talk to a lot of customers, and customers are excited about what's happening in the space, but they often ask us like, "Hey, where do we start?" So we always advise our customers to do a lot of proof of concepts, understand where they can drive the biggest ROI. And then also leverage existing tools and services to move fast and scale, and try and not reinvent the wheel where it doesn't need to be. That's basically our advice to customers. >> Get it. Ori, what's your advice to folks who are scratching their head going, "I better jump in here. "How do I get started?" What's your advice? >> So I actually think that need to think about it really economically. Both on the opportunity side and the challenges. So there's a lot of opportunities for many companies to actually gain revenue upside by building these new generative features and capabilities. On the other hand, of course, this would probably affect the cogs, and incorporating these capabilities could probably affect the cogs. So I think we really need to think carefully about both of these sides, and also understand clearly if this is a project or an F word towards cost reduction, then the ROI is pretty clear, or revenue amplifier, where there's, again, a lot of different opportunities. So I think once you think about this in a structured way, I think, and map the different initiatives, then it's probably a good way to start and a good way to start thinking about these endeavors. >> Awesome. Clem, what's your take on this? What's your advice, folks out there? >> Yes, all of these are very good advice already. Something that you said before, John, that I disagreed a little bit, a lot of people are talking about the data mode and proprietary data. Actually, when you look at some of the organizations that have been building the best models, they don't have specialized or unique access to data. So I'm not sure that's so important today. I think what's important for companies, and it's been the same for the previous generation of technology, is their ability to build better technology faster than others. And in this new paradigm, that means being able to build machine learning faster than others, and better. So that's how, in my opinion, you should approach this. And kind of like how can you evolve your company, your teams, your products, so that you are able in the long run to build machine learning better and faster than your competitors. And if you manage to put yourself in that situation, then that's when you'll be able to differentiate yourself to really kind of be impactful and get results. That's really hard to do. It's something really different, because machine learning and AI is a different paradigm than traditional software. So this is going to be challenging, but I think if you manage to nail that, then the future is going to be very interesting for your company. >> That's a great point. Thanks for calling that out. I think this all reminds me of the cloud days early on. If you went to the cloud early, you took advantage of it when the pandemic hit. If you weren't native in the cloud, you got hamstrung by that, you were flatfooted. So just get in there. (laughs) Get in the cloud, get into AI, you're going to be good. Thanks for for calling that. Final parting comments, what's your most exciting thing going on right now for you guys? Ori, Clem, what's the most exciting thing on your plate right now that you'd like to share with folks? >> I mean, for me it's just the diversity of use cases and really creative ways of companies leveraging this technology. Every day I speak with about two, three customers, and I'm continuously being surprised by the creative ideas. And the future is really exciting of what can be achieved here. And also I'm amazed by the pace that things move in this industry. It's just, there's not at dull moment. So, definitely exciting times. >> Clem, what are you most excited about right now? >> For me, it's all the new open source models that have been released in the past few weeks, and that they'll keep being released in the next few weeks. I'm also super excited about more and more companies getting into this capability of chaining different models and different APIs. I think that's a very, very interesting development, because it creates new capabilities, new possibilities, new functionalities that weren't possible before. You can plug an API with an open source embedding model, with like a no-geo transcription model. So that's also very exciting. This capability of having more interoperable machine learning will also, I think, open a lot of interesting things in the future. >> Clem, congratulations on your success at Hugging Face. Please pass that on to your team. Ori, congratulations on your success, and continue to, just day one. I mean, it's just the beginning. It's not even scratching the service. Ankur, I'll give you the last word. What are you excited for at AWS? More cloud goodness coming here with AI. Give you the final word. >> Yeah, so as both Clem and Ori said, I think the research in the space is moving really, really fast, so we are excited about that. But we are also excited to see the speed at which enterprises and other AWS customers are applying machine learning to solve real business problems, and the kind of results they're seeing. So when they come back to us and tell us the kind of improvement in their business metrics and overall customer experience that they're driving and they're seeing real business results, that's what keeps us going and inspires us to continue inventing on their behalf. >> Gentlemen, thank you so much for this awesome high impact panel. Ankur, Clem, Ori, congratulations on all your success. We'll see you around. Thanks for coming on. Generative AI, riding the wave, it's a tidal wave, it's the water, it's all happening. All great stuff. This is season three, episode one of AWS Startup Showcase closing panel. This is the AI ML episode, the top startups building generative AI on AWS. I'm John Furrier, your host. Thanks for watching. (mellow music)

(soft music) >> Welcome back to Chicago guys and gals. Lisa Martin here with John Furrier. We have been covering Ansible Fest '22 for the last two days. This is our show wrap. We're going to leave you with some great insights into the things that we were able to dissect over the last two days. John, this has been an action packed two days. A lot of excitement, a lot of momentum. Good to be back in person. >> It's great to be back in person. It was the first time for you to do Ansible Fest. >> Yes. >> My first one was 2019 in person. That's the last time they had an event in person. So again, it's a very chill environment here, but it's content packed, great active loyal community and is growing. It's changing. Ansible now owned by Red Hat, and now Red Hat owned by IBM. Kind of see some game changing kind of movements here on the chess board, so to speak, in the industry. Ansible has always been a great product. It started in open source. It evolved configuration management configuring servers, networks. You know, really the nuts and bolts of IT. And became a fan favorite mainly because it was built by the fans and I think that never stopped. And I think you started to see an opportunity for Ansible to be not only just a, I won't say niche product or niche kind of use case to being the overall capabilities for large scale enterprise system architectures, system management. So it's very interesting. I mean I find it fascinating how, how it stays relevant and cool and continues to power through a massive shift >> A massive shift. They've done a great job though since the inception and through the acquisition of being still community first. You know, we talked a lot yesterday and today about helping organizations become automation first that Ansible has really stayed true to its roots in being community first, community driven and really that community flywheel was something that was very obvious the last couple of days. >> Yeah, I mean the community thing is is is their production system. I mean if you look at Red Hat, their open source, Ansible started open source, good that they're together. But what people may or may not know about Ansible is that they build their product from the community. So the community actually makes the suggestions. Ansible's just in listening modes. So when you have a system that's that efficient where you have direct working backwards from the customer like that, it's very efficient. Now, as a product manager you might want to worry about scope creep, but at the end of the day they do a good job of democratizing that process. So again, very strong product production system with open source, very relevant, solves the right problems. But this year the big story to me is the cultural shift of Ansible's relevance. And I think with multicloud on the horizon, operations is the new kind of developer kind of ground. DevOps has been around for a while. That's now shifted up to the developer themselves, the cloud native developer. But at cloud scale and hybrid computing, it's about the operations. It's about the data and the security. All of it's about the data. So to me there's a new ops configuration operating model that you're seeing people use, SRE and DevOps. That's the new culture, and the persona's changing. The operator of a large scale enterprise is going to be a lot different than it was past five, 10 years. So major cultural shift, and I think this community's going to step up to that position and fill that role. >> They seem to be having a lot of success meeting people where they are, meeting the demographics, delivering on how their community wants to work, how they want to collaborate. But yesterday you talked about operations. We talked a lot about Ops as code. Talk about what does that mean from your perspective, and what did you hear from our guests on the program with respect that being viable? >> Well great, that's a great point. Ops as code is the kind of their next layer of progression. Infrastructure is code. Configuration is code. Operations is code. To me that means running the company as software. So software influencing how operators, usually hardware in the past. Now it's infrastructure and software going to run things. So ops as code's, the next progression in how people are going to manage it. And I think most people think of that as enterprises get larger, when they hear words like SRE, which stands for Site Reliable Engineer. That came out of Google, and Google had all these servers that ran the search engine and at scale. And so one person managed boatload of servers and that was efficient. It was like a multiple 10x engineer, they used to call it. So that that was unique to Google but not everyone's Google. So it became language or parlance for someone who's running infrastructure but not everyone's that scale. So scale is a big issue. Ops as code is about scale and having that program ability as an operator. That's what Ops as code is. And that to me is a sign of where the scale meets the automation. Large scale is hard to do. Automating at large scale is even harder. So that's where Ansible fits in with their new automation platform. And you're seeing new things like signing code, making sure it's trusted and verified. So that's the software supply chain issue. So they're getting into the world where software, open source, automation are all happening at scale. So to me that's a huge concept of Ops as code. It's going to be very relevant, kind of the next gen positioning. >> Let's switch gears and talk about the partner ecosystem. We had Stefanie Chiras on yesterday, one of our longtime theCUBE alumni, talking about what they're doing with AWS in the marketplace. What was your take on that, and what's the "what's in it for me" for both Red Hat, Ansible and AWS? >> Yeah, so the big news on the automation platform was one. The other big news I thought was really, I won't say watered down, but it seems small but it's not. It's the Amazon Web Services relationship with Red Hat, now Ansible, where Ansible's now a product in AWS's marketplace. AWS marketplace is kind of hanging around. It's a catalog right now. It's not the most advanced technical system in the world, and it does over 2 billion plus revenue transactions. So even if it's just sitting there as a large marketplace, that's already doing massive amounts of disruption in the procurement, how software is bought. So we interviewed them in the past, and they're innovating on that. They're going to make that a real great platform. But the fact that Ansible's in the marketplace means that their sales are going to go up, number one. Number two, that means customers can consume it simply by clicking a button on their Amazon bill. That means they don't have to do anything. It's like getting a PO for free. It's like, hey, I'm going to buy Ansible, click, click, click. And then by the way, draw that down from their commitment to AWS. So that means Amazon's going into business with Ansible, and that is a huge revenue thing for Ansible, but also an operational efficiency thing that gives them more of an advantage over the competition. >> Talk what's in it for me as a customer. At Red Hat Summit a few months ago they announced similar partnership with Azure. Now we're talking about AWS. Customers are living in this hybrid cloud world, often by default. We're going to see that proliferate. What do you think this means for customers in terms of being able to- >> In the marketplace deal or Ansible? >> Yeah, the marketplace deal, but also what Red Hat and Ansible are doing with the hyperscalers to enable customers to live successfully in the hyper hybrid cloud world. >> It's just in the roots of the company. They give them the choice to consume the product on clouds that they like. So we're seeing a lot of clients that have standardized on AWS with their dev teams but also have productivity software on Azure. So you have the large enterprises, they sit on both clouds. So you know, Ansible, the customer wants to use Ansible anyway, they want that to happen. So it's a natural thing for them to work anywhere. I call that the Switzerland strategy. They'll play with all the clouds. Even though the clouds are fighting against each other, and they have to to differentiate, there's still going to be some common services. I think Ansible fits this shim layer between clouds but also a bolt on. Now that's a really a double win for them. They can bolt on to the cloud, Azure and bolt on to AWS and Google, and also be a shim layer technically in clouds as well. So there's two technical advantages to that strategy >> Can Ansible be a facilitator of hybrid cloud infrastructure for organizations, or a catalyst? >> I think it's going to be a gateway on ramp or gateway to multicloud or supercloud, as we call it, because Ansible's in that configuration layer. So you know, it's interesting to hear the IBM research story, which we're going to get to in a second around how they're doing the AI for Ansible with that wisdom project. But the idea of configuring stuff on the fly is really a concept that's needed for multicloud 'Cause programs don't want to have to configure anything. (he laughs) So standing up an application to run on Azure that's on AWS that spans both clouds, you're going to need to have that automation, and I think this is an opportunity whether they can get it or not, we'll see. I think Red Hat is probably angling on that hard, and I can see them kind of going there and some of the commentary kind of connects the dots for that. >> Let's dig into some of news that came out today. You just alluded to this. IBM research, we had on with Red Hat. Talk about what they call project wisdom, the value in that, what it also means for for Red Hat and IBM working together very synergistically. >> I mean, I think the project wisdom is an interesting dynamic because you got the confluence of the organic community of Ansible partnering with a research institution of IBM research. And I think that combination of practitioners and research groups is going to map itself out to academic and then you're going to see this kind of collaboration going forward. So I think it's a very nuanced story, but the impact to me is very clear that this is the new power brokers in the tech industry, because researchers have a lot of muscle in terms of deep research in the academic area, and the practitioners are the ones who are actually doing it. So when you bring those two forces together, that pretty much trumps any kind of standards bodies or anything else. So I think that's a huge signaling benefit to Ansible and Red Hat. I think that's an influence of Red Hat being bought by IBM. But the project itself is really amazing. It's taking AI and bringing it to Ansible, so you can do automated configurations. So for people who don't know how to code they can actually just automate stuff and know the process. I don't need to be a coder, I can just use the AI to do that. That's a low code, no code dynamic. That kind of helps with skill gaps, because I need to hire someone to do that. Today if I want to automate something, and I don't know how to code, I've got to get someone who codes. Here I can just do it and automate it. So if that continues to progress the way they want it to, that could literally be a game changer, 'cause now you have software configuring machines and that's pretty badass in my opinion. So that thought that was pretty cool. And again it's just an evolution of how AI is becoming more relevant. And I think it's directionally correct, and we'll see how it goes. >> And they also talked about we're nearing an inflection point in AI. You agree? >> Yeah I think AI is at an inflection point because it just falls short on the scale side. You see it with chatbots, NLP. You see what Amazon's doing. They're building these models. I think we're one step away from model scaling. I think the building the models is going to be one of these things where you're going to start to see marketplace and models and you start to composability of AI. That's where it's going to get very interesting to see which cloud is the best AI scale. So I think AI at scale's coming, and that's going to be something to watch really closely. >> Something exciting. Another thing that was big news today was the event driven Ansible. Talk about that, and that's something they've been working on in conjunction with the community for quite a while. They were very proud of that release and what that's going to enable organizations to do. >> Well I think that's more meat on the bone on the AI side 'cause in the big trend right now is MLAI ops. You hear that a lot. Oh, data ops or AI ops. What event driven automation does is allows you to take things that are going on in your world, infrastructure, triggers, alarms, notifications, data pipelining flows, things that go on in the plumbing of infrastructure. are being monitored and observed. So when events happen they trigger events. You want to stream something, you send a trigger and things happen. So these are called events. Events are wide ranging number of events. Kafka streaming for data. You got anything that produces data is an event. So harnessing that data into a pipeline is huge. So doing that at scale, that's where I think that product's a home run, and I think that's going to be a very valuable product, 'cause once you understand what the event triggers are, you then can automate that, and no humans involved. So that will save a lot of time for people in the the higher pay grade of MLAI ops automate some of that low level plumbing. They move their skill set to something more valuable or more impactful. >> And we talked about, speaking of impact, we talked about a lot of the business impact that organizations across industries are going to be able to likely achieve by using that. >> Yeah, I mean I think that you're going to see the community fill the gap on that. I mean the big part about all this is that their community builds the product and they have the the playbooks and they're shareable and they're reusable. So we produce content as a media company. They'd talk about content as is playbooks and documentation for people to use. So reuse and and reusing these playbooks is a huge part of it. So as they build up these catalogs and these playbooks and rules, it gets better by the community. So it's going to be interesting to see the adoption. That's going to be a big tell sign for what's going to happen. >> Yep, we get definitely are going to be watching that space. And the last thing, we got to talk to a couple of customers. We talked to Wells Fargo who says "We are a tech company that does banking," which I loved. We got to talk with Rockwell Automation. What are some of your takeaways from how the customers are leveraging Ansible and the technology to drive their businesses forward to meet demanding customers where they are? >> I think you're seeing the script flipping a little bit here, where the folks that used to use Ansible for configuration are flipping to be on the front edge of the innovation strategy where what process to automate is going to drive the profitability and scale. Cause you're talking about things like skill gaps, workflows. These are business constructs and people These are assets so they have economic value. So before it was just, IT serve the business, configure some servers, do some stuff. When you start getting into automation where you have expertise around what this means, that's economic value. So I think you're going to see the personas change significantly in this community where they're on the front lines, kind of like developers are. That's why ops as code is to me a developer kind of vibe. That's going to completely change how operations runs in IT. And I think that's going to be a very interesting cultural shift. And some will make it, some won't. That's going to be a big thing. Some people say, I'm going to retire. I'm old school storage server person, or no, I'm the new guard. I'm going to be the new team. I'm going be on the right side of history here. So they're clearly going down that right path in my opinion. >> What's your overall summary in the last minute of what this event delivered the last couple of days in terms of really talking about the transformation of enterprises and industries through automation? >> I think the big takeaway from me in listening and reading the tea leaves was the Ansible company and staff and the community together. It was really a call for arms. Like, hey, we've had it right from the beginning. We're on the right wave and the wave's getting bigger. So expand your scope, uplevel your skills. They're on the right side of history. And I think the message was engage more. Bring more people in because it is open source, and if they are on that track, you're going to see more of hey, we got it right, let's continue. So they got platform release. They got the key products coming out after years of work. So you know, they're doing their work. And the message I heard was, it's bigger than we thought. So I think that's interesting. We'll see what that means. We're going to unpack that after the event in series of showcases. But yeah, it was very positive, I thought. Very positive. >> Yeah, I think there was definitely some surprises in there for them. John, thank you so much. It's been a pleasure co-hosting with you the last couple of days, really uncovering what Ansible is doing, what they're enabling customers in every industry to achieve. >> Been fun. >> Yes. All right for my co-host, John Furrier, I'm Lisa Martin. You've been watching theCUBE's coverage of Ansible Fest 2022 live from Chicago. We hope you take good care and we'll see you soon.

(upbeat music) >> Hello everyone, welcome to this special Cube conversation. I'm John Furrier, host of theCube. We're here in Palo Alto. We've got some remote guests. Going to break down the Fortinet vulnerability, which was confirmed last week as a critical vulnerability that exposed a zero-day flaw for some of their key products, obviously, FortiOS and FortiProxy for remote attacks. So we're going to break this down. It's a real time vulnerability that happened is discovered in the industry. Horizon3.ai is one of the companies that was key in identifying this. And they have a product that helps companies detect and remediate and a bunch of other cool things you've heard on the cube here. We've got James Horseman, an exploit developer. Love the title. Got to got to say, I'm not going to lie. I like that one. And Zach Hanley, who's the chief attack engineer at Horizon3.ai. Gentlemen, first, thank you for joining the Cube conversation. >> Thank you. It's good to be here. >> Yeah, thank you so much for having us. >> So before we get into the whole Fortinet, this vulnerability that was exposed and how you guys are playing into this I just got to say I love the titles. Exploit developer, Chief Attack Engineers, you don't see that every day. Explain the titles Zach, let's start with you. Chief Attack Engineer, what do you do? >> Yeah, sure. So the gist of it is, is that there is a lot to do and the cybersecurity world. And we made up a new engineering title called Attack Engineer because there's so many different things an attacker will actually do over the course of attack. So we just named them an engineer. And I lead that team that helps develop the offensive capabilities for our product. >> Got it. James, you're the Exploit Developer, exploiting. What are you exploiting? What's going on there? >> So what I'll do in a day to day is we'll take N-days, which are vulnerabilities that have been disclosed to a vendor, but not yet publicly patched necessarily or a pocket exists for them. And I'll try to reverse engineer and find them, so we can integrate them into our product and our customers can use them to make sure that they're actually secure. And then if there's no interesting N-days to go after, we'll sometimes search for zero-days, which are vulnerabilities in products that the vendor doesn't yet know about. >> Yeah, and those are most critical. Those things can being really exploited and cause a lot of damage. Well James, thanks for coming on. We're here to talk about the vulnerability that happened with Fortinet and their products zero-day vulnerability. But first with the folks, for context, Horizon3.ai is a new startup rapidly growing. They've been on theCube. The CEOs, Snehal and team have described their product as an autonomous pen testing. But as part of that, they also have more of a different approach to testing environment. So they're constantly putting companies under pressure. Let's get into it. Let's get into this hack. So you guys are kind of like, I call it the early warning detection system. You're seeing things early because your product's constantly testing infrastructure. Okay? Over time, all the time always on. How did this come come about? How did you guys see this? What happened? Take us through. >> Yeah, sure. I'll start off. So on Friday, we saw on Twitter, which is actually a really good source of threat intelligence these days, We saw a person released details that 40 minutes sent advanced warning email that a critical vulnerability had been discovered and that an emergency patch was released. And the details that we saw, we saw that was an authentication bypass and we saw that it affected the 40 OS, 40 proxy and the 40 switch manager. And we knew right off the bat those are some of their most heavily used products. And for us to understand how this vulnerability worked and for us to actually help our clients and other people around the world understand it, we needed to get after it. So after that, James and I got on it, and then James can tell you what we did after we first heard. >> Yeah. Take us through play by play. >> Sure. So we saw it was a 9.8 CVSS, which means it's easy to exploit and low complexity and also kind of gives you the keys that take them. So we like to see those because they're easy to find, easy to go after. They're big wins. So as soon as we saw this come out we downloaded some firmware for 40 OS. And the first few hours were really about unpacking the firmware, seeing if we could even to get it run. We got it running a a VMware VMDK file. And then we started to unpack the firmware to see what we could find inside. And that was probably at least half of the time. There seemed to be maybe a little bit of obfuscation in the firmware. We were able to analyze the VDMK files and get them mounted and we saw that they were, their operating system was compressed. And when we went to decompress them we were getting some strange decompression errors, corruption errors. And we were kind of scratching our heads a little bit, like you know, "What's going on here?" "These look like they're legitimately compressed files." And after a while we noticed they had what seemed to be a different decompression tool than what we had on our systems also in that VMDK. And so we were able to get that running and decompress the firmware. And from there we were off to the races to dive deeper into the differences between the vulnerable firmware and the patch firmware. >> So the compressed files were hidden. They basically hid the compressed files. >> Yeah, we're not so sure if they were intentionally obfuscated or maybe it was just a really old version of that compression algorithm. It was the XZ compression tool. >> Got it. So what happens next? So take us through. So you discovered, you guys tested. What do you guys do next? How did this thing... I mean, I saw the news it hit heavily. You know, they updated, everyone updated their catalog for patching. So this kind of hangs out there. There's a time lag out there. What's the state of the security at that time? Say Friday, it breaks over the weekend, potentially a lot of attacks might have happened. >> Yeah, so they chose to release this emergency pre-warning on Friday, which is a terrible day because most people are probably already swamped with work or checking out for the weekend. And by Sunday, James and I had actually figured out the vulnerability. Well, to make the timeline a little shorter. But generally what we do between when we discover or hear news of the CV and when we actually pocket is there's a lot of what we call patch diffing. And that's when we take the patched version and the unpatched version and we run it through a tool that kind of shows us the differences. And those differences are really key insight into, "Hey, what was actually going on?" "How did this vulnerability happen?" So between Friday and Sunday, we were kind of scratching our heads and had some inspiration Sunday night and we actually figured it out. So Sunday night, we released news on Twitter that we had replicated the exploit. And the next day, Monday morning, finally, Fortinet actually released their PSIRT notice, where they actually announced to the world publicly that there was a vulnerability and here are the mitigation steps that you can take to mitigate the vulnerability if you cannot patch. And they also release some indicators of compromise but their indicators of compromise were very limited. And what we saw was a lot of people on social media, hey asking like, "These indicators of compromise aren't sufficient." "We can't tell if we've been compromised." "Can you please give us more information?" So because we already had the exploit, what we did was we exploited our test Fortinet devices in our lab and we collected our own indicators of compromise and we wrote those up and then released them on Tuesday, so that people would have a better indication to judge their environments if they've been already exploited in the wild by this issue. Which they also announced in their PSIRT that it was a zero-day being exploited in the wild It wasn't a security researcher that originally found the issue. >> So unpack the difference for the folks that don't know the difference between a zero-day versus a research note. >> Yeah, so a zero-day is essentially a vulnerability that is exploited and taken advantage of before it's made public. An N-day, where a security researcher may find something and report it, that and then once they announce the CVE, that's considered an N-day. So once it's known, it's an N-day and once if it's exploited before that, it's a zero-day. >> Yeah. And the difference is zero-day people can get in there and get into it. You guys saw it Friday on Twitter you move into action Fortinet goes public on Monday. The lag between those days is critical time. What was going on? Why are you guys doing this? Is this part of the autonomous pen testing product? Is this part of what you guys do? Why Horizon3.ai? Is this part of your business model? Or was this was one of those things where you guys just jumped on it? Take us through Friday to Monday. >> James, you want to take this one? >> Sure. So we want to hop on it because we want to be able to be the first to have a tool that we can use to exploit our customer system in a safe manner to prove that they're vulnerable, so then they can go and fix it. So the earlier that we have these tools to exploit the quicker our customers can patch and verify that they are no longer vulnerable. So that's the drive for us to go after these breaking exploits. So like I said, Friday we were able to get the firmware, get it decompressed. We actually got a test system up and running, familiarized ourself with the system a little bit. And we just started going through the patch. And one of the first things we noticed was in their API server, they had a a dip where they started including some extra HTTP headers when they proxied a connection to one of their backend servers. And there were, I believe, three headers. There was a HTTP forwarded header, a Vdom header, and a Cert header. And so we took those strings and we put them into our de-compiled version of the firmware to kind of start to pinpoint an area for us to look because this firmware is gigantic. There's tons of files to look at. And so having that patch is really critical to being able to quickly reverse engineer what they did to find the original exploit. So after we put those strings into our firmware, we found some interesting parts centered around authorization and authentication for these devices. And what we found was when you set a specific forwarded header, the system, for lack of better term, thought that you were on the inside. So a lot of these systems they'll have kind of, two methods of entry. One is through the front door, where if you come in you have to provide some credentials. They don't really trust you. You have to provide a cookie or some kind of session ID in order to be allowed to make requests. And the other side is kind of through the back door, where it looks like you are part of the system itself. So if you want to ask for a particular resource, if you look like you're part of the system they're not going to scrutinize you too much. They'll just let you do whatever you want to do. So really the nature of this exploit was we were able to manipulate some of those HTP headers to trick the system into thinking that we were coming in through the back door when we really coming in through the front. >> So take me through that that impact. That means remote execution. I can come in remotely and anonymous and act like I'm on the inside system. >> Yeah. >> And that's the case of the kingdom as you said earlier, right? >> Yeah. So the crux of the vulnerability is it allows you to make any kind of request you want to this system as if you were an administrator. So it lets you control the interfaces, set them up or down, lets you create packet captures, lets you add and remove users. And what we tried to do, which surprisingly the exploit didn't let us do was to create a new admin user. So there was some kind of extra code in there to stop somebody that did get that extra access to create an admin user. And so that kind of bummed us out. And so after we discovered the exploit we were kind of poking around to see what we could do with it, couldn't create an admin user. We were like, "Oh no, what are we going to do?" And eventually we came up with the idea to modify the existing administrator user. And that the exploit did allow us to do. So our initial POC, took some SSH keys adding them to an existing administrative user and then we were able to SSH in through the system. >> Awesome. Great, description. All right, so Zach, let's get to you for a second. So how does this happen? What does this... How did we get here? What was the motivation? If you're the chief attacker and you want to make this exploit happen, take me through what the other guy's thinking and what he did or she. >> Sure. So you mean from like the attacker's perspective, why are they doing this? >> Yeah. How'd this exploit happen? >> Yeah. >> And what was it motivated by? Was it a mistake? Was it intentional? >> Yeah, ultimately, like, I don't think any vendor purposefully creates vulnerabilities, but as you create a system and it builds and builds, it gets more complex and naturally logic bugs happen. And this was a logic bug. So there's no blame Fortinet for like, having this vulnerability and like, saying it's like, a back door. It just happens. You saw throughout this last year, F5 had a very similar vulnerability, VMware had a very similar vulnerability, all introducing authentication bypasses. So from the attacker's mindset, why they're actually going after this is a lot of these devices that Fortinet has, are on the edge of corporate networks and ransomware and whatever else. If you're a an APT, you want to get into organizations. You want to get from the outside to the inside. So these edge devices are super important and they're going to get a lot of eyes from attackers trying to figure out different ways to get into the system. And as you saw, this was in the wild exploited and that's how Fortinet became aware of it. So obviously there are some attackers out there doing this right now. >> Well, this highlights your guys' business model. I love what you guys do. I think it's a unique and needed approach. You take on the role of, I guess white hacker as... white hat hacker as a service. I don't know what to call it. You guys are constantly penetrating, testing, creating value for the customers to avoid in this case a product that's popular that just had the situation and needed to be resolved. And the hard part is how do you do it, right? So again, there's all these things are going on. This is the future of security where you need to have these, I won't say simulations, but constant kind of testing at scale. >> Yeah. >> I mean, you got the edge, it takes one little entry point to get into the network. It could be anywhere. >> Yeah, it definitely security, it has to be continuous these days. Because if you're only doing a pen test once a year or twice a year you have a year to six months of risk just building and building. And there's countless vulnerabilities and countless misconfigurations that can be introduced into a your network as the time goes on. >> Well, autonomous pen testing- >> Just because you're- >> ... is great. That's awesome stuff. I think it just frees up the talent in the organization to do other things and again, get on the real important stuff. >> Just because your network was secure yesterday doesn't mean it's going to be secure today. So in addition to your defense in depth and making sure that you have all the right configurations, you want to be continuously testing the security of your network to make sure that no new vulnerabilities have been introduced. >> And with the cloud native modern application environment we have now, hardware's got to keep up. More logic potential vulnerability could emerge. You just never know when that one N-vulnerability is going to be there. And so constantly looking out for is a really big deal. >> Definitely. Yeah, the switch to cloud and moving into hybrid cloud has introduced a lot more complexity in environments. And it's definitely another hole attackers going and after. >> All right. Well I got you guys here. I really appreciate the commentary on this vulnerability and this exploit opportunity that Fortinet had to move fast and you guys helped them and the customers. In general, as you guys see the security business now and the practitioners out there, there's a lot of pain points. What are the most powerful acute pain points that the security ops guys (laughing) are dealing with right now? Is it just the constant barrage of attacks? What's the real pain right now? >> I think it really matters on the organization. I think if you're looking at it from a in the news level, where you're constantly seeing all these security products being offered. The reality is, is that the majority of companies in the US actually don't have a security staff. They maybe have an IT guy, just one and he's not a security guy. So he's having to manage helping his company have the resources he needs, but also then he's overwhelmed with all the security things that are happening in the world. So I think really time and resources are the pain points right now. >> Awesome. James, any comment? >> Yeah, just to add to what Zach said, these IT guys they're put under pressure. These Fortinet devices, they could be used in a company that just recently transitioned to a lot of work from home because of COVID and whatnot. And they put these devices online and now they're under pressure to keep them up to date, keep them configured and keep them patched. But anytime you make a change to a system, there's a risk that it goes down. And if the employees can't VPN or log in from home anymore, then they can't work. The company can't make money. So it's really a balancing act for that IT guy to make sure that his environment is up to date, while also making sure it's not taken down for any reason. So it's a challenging position to be in and prioritizing what you need to fix and when is definitely a difficult problem. >> Well, this is a great example, this news article and this. Fortinet news highlights the Horizon3.ai advantage and what you guys do. I think this is going to be the table stakes for security in the industry as people have to build their own, I call it the militia. You got to have your own testing. (laughing) You got to have your own way to help protect yourself. And one of them is to know what's going on all the time every day, today and tomorrow. So congratulations and thanks for sharing the exploit here on this zero-day flaw that was exposed. Thanks for for coming on. >> Yeah, thanks for having us. >> Thank you. >> Okay. This is theCube here in Palo Alto, California. I'm John Furrier. You're watching security update, security news, breaking down the exploit, the zero-day flaw that was exploited at least one attack that was documented. Fortinet devices now identified and patched. This is theCube. Thanks for watching. (upbeat music)

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>Hey, everyone. Welcome to the AWS partner, showcase women in tech. I'm Lisa Martin from the cube. And today we're gonna be looking into the exciting evolution of women in the tech industry. I'm going to be joined by Danielle GShock, the ISP PSA director at AWS. And we have the privilege of speaking with some wicked smart women from Teradata NetApp. JFI a 10th revolution group, company and honeycomb.io. We're gonna look at some of the challenges and biases that women face in the tech industry, especially in leadership roles. We're also gonna be exploring how are these tech companies addressing diversity, equity and inclusion across their organizations? How can we get more young girls into stem earlier in their careers? So many questions. So let's go ahead and get started. This is the AWS partner showcase women in tech. Hey, everyone. Welcome to the AWS partner showcase. This is season one, episode three. And I'm your host, Lisa Martin. I've got two great guests here with me to talk about women in tech. Hillary Ashton joins us the chief product officer at Terry data. And Danielle Greshaw is back with us, the ISV PSA director at AWS ladies. It's great to have you on the program talking through such an important topic, Hillary, let's go ahead and start with you. Give us a little bit of an intro into you, your background, and a little bit about Teradata. >>Yeah, absolutely. So I'm Hillary Ashton. I head up the products organization. So that's our engineering product management office of the CTO team. Um, at Teradata I've been with Terra data for just about three years and really have spent the last several decades. If I can say that in the data and analytics space, um, I spent time, uh, really focused on the value of, of analytics at scale, and I'm super excited to be here at Teradata. I'm also a mom of two teenage boys. And so as we talk about women in tech, I think there's, um, uh, lots of different dimensions and angles of that. Um, at Teradata, we are partnered very deeply with AWS and happy to talk a little bit more about that, um, throughout this discussion as well. >>Excellent. A busy mom of two teen boys. My goodness. I don't know how you do it. Let's now look, Atter data's views of diversity, equity and inclusion. It's a, the, it's a topic that's important to everyone, but give us a snapshot into some of the initiatives that Terra data has there. >>Yeah, I have to say, I am super proud to be working at Teradata. We have gone through, uh, a series of transformations, but I think it starts with culture and we are deeply committed to diversity, equity and inclusion. It's really more than just a statement here. It's just how we live our lives. Um, and we use, uh, data to back that up. Um, in fact, we were named one of the world's most ethical companies for the 13th year in a row. Um, and all of our executive leadership team has taken an oath around D E and I that's available on LinkedIn as well. So, um, in fact, our leadership team reporting into the CEO is just about 50 50, um, men and women, which is the first time I've worked in a company where that has been the case. And I think as individuals, we can probably appreciate what a huge difference that makes in terms of not just being a representative, but truly being on a, on a diverse and equitable, uh, team. And I think it really, uh, improves the behaviors that we can bring, um, to our office. >>There's so much value in that. It's I impressive to see about a 50 50 at the leadership level. That's not something that we see very often. Tell me how you, Hillary, how did you get into tech? Were you an engineering person by computer science, or did you have more of a zigzaggy path to where you are now? >>I'm gonna pick door number two and say more zigzaggy. Um, I started off thinking, um, that I started off as a political science major or a government major. Um, and I was probably destined to go into, um, the law field, but actually took a summer course at Harvard. I did not go to Harvard, but I took a summer course there and learned a lot about multimedia and some programming. And that really set me on a trajectory of how, um, data and analytics can truly provide value and, and outcomes to our customers. Um, and I have been living that life ever since. Um, I graduated from college, so, um, I was very excited and privileged in my early career to, uh, work in a company where I found after my first year that I was managing, um, uh, kids, people who had graduated from Harvard business school and from MIT Sloan school. Um, and that was super crazy, cuz I did not go to either of those schools, but I sort of have always had a natural knack for how do you take technology and, and the really cool things that technology can do, but because I'm not a programmer by training, I'm really focused on the value that I'm able to help, um, organizations really extract value, um, from the technology that we can create, which I think is fantastic. >>I think there's so much value in having a zigzag path into tech. You bring Danielle, you and I have talked about this many times you bring such breadth and such a wide perspective. That really is such a value. Add to teams. Danielle, talk to us from AWS's perspective about what can be done to encourage more young women to get and under and underrepresented groups as well, to get into stem and stay. >>Yeah, and this is definitely a challenge as we're trying to grow our organization and kind of shift the numbers. And the reality is, especially with the more senior folks in our organization, unless you bring folks with a zigzag path, the likelihood is you won't be able to change the numbers that you have. Um, but for me, it's really been about, uh, looking at that, uh, the folks who are just graduating college, maybe in other roles where they are adjacent to technology and to try to spark their interest and show that yes, they can do it because oftentimes it's really about believing in themselves and, and realizing that we need folks with all sorts of different perspectives to kind of come in, to be able to help really, um, provide both products and services and solutions for all types of people inside of technology, which requires all sorts of perspectives. >>Yeah, the diverse perspectives. There's so much value and there's a lot of data that demonstrates how much value revenue impact organizations can make by having diversity, especially at the leadership level. Hillary, let's go back to you. We talked about your career path. You talked about some of the importance of the focus on de and I at Tarana, but what are, what do you think can be done to encourage, to sorry, to recruit more young women and under groups into tech, any, any carrot there that you think are really important that we need to be dangling more of? >>Yeah, absolutely. And I'll build on what Danielle just said. I think the, um, bringing in diverse understandings, um, of, of customer outcomes, I mean, I, the we've really moved from technology for technology's sake and I know AWS and entirety to have had a lot of conversations on how do we drive customer outcomes that are differentiated in the market and really being customer centric and technology is wonderful. You can do wonderful things with it. You can do not so wonderful things with it as well, but unless you're really focused on the outcomes and what customers are seeking, um, technology is not hugely valuable. And so I think bringing in people who understand, um, voice of customer who understand those outcomes, and those are not necessarily the, the, the folks who are PhD in mathematics or statistics, um, those can be people who understand a day in the life of a data scientist or a day in the life of a citizen data scientist. And so really working to bridge the high impact technology with the practical kind of usability, usefulness of data and analytics in our cases, I think is something that we need more of in tech and sort of demystifying tech and freeing technology so that everybody can use it and having a really wide range of people who understand not just the bits and bites and, and how to program, but also the value in outcomes that technology through data and analytics can drive. >>Yeah. You know, we often talk about the hard skills, but this, their soft skills are equally, if not more important that even just being curious, being willing to ask questions, being not afraid to be vulnerable, being able to show those sides of your personality. I think those are important for, for young women and underrepresented groups to understand that those are just as important as some of the harder technical skills that can be taught. >>That's right. >>What do you think about from a bias perspective, Hillary, what have you seen in the tech industry and how do you think we can leverage culture as you talked about to help dial down some of the biases that are going on? >>Yeah. I mean, I think first of all, and, and there's some interesting data out there that says that 90% of the population, which includes a lot of women have some inherent bias in their day, day behaviors when it comes to to women in particular. But I'm sure that that is true across all kinds of, of, um, diverse and underrepresented folks in, in the world. And so I think acknowledging that we have bias and actually really learning how, what that can look like, how that can show up. We might be sitting here and thinking, oh, of course I don't have any bias. And then you realize that, um, as you, as you learn more about, um, different types of bias, that actually you do need to kind of, um, account for that and change behaviors. And so I think learning is sort of a fundamental, um, uh, grounding for all of us to really know what bias looks like, know how it shows up in each of us. >>Um, if we're leaders know how it shows up in our teams and make sure that we are constantly getting better, we're, we're not gonna be perfect anytime soon. But I think being on a path to improvement to overcoming bias, um, is really, is really critical. And part of that is really starting the dialogue, having the conversations, holding ourselves and each other accountable, um, when things aren't going in, in a, in a Coptic way and being able to talk openly about that, that felt, um, like maybe there was some bias in that interaction and how do we, um, how do we make good on that? How do we change our, our behavior? Fundamentally of course, data and analytics can have some bias in it as well. And so I think as we look at the, the technology aspect of bias, um, looking at at ethical AI, I think is a, a really important, uh, additional area. And I'm sure we could spend another 20 minutes talking about that, but I, I would be remiss if I didn't talk more about sort of the bias, um, and the over the opportunity to overcome bias in data and analytics as well. >>Yeah. The opportunity to overcome it is definitely there you bring up a couple of really good points, Hillary. It, it starts with awareness. We need to be aware that there are inherent biases in data in thought. And also to your other point, hold people accountable ourselves, our teammates, that's critical to being able to, to dial that back down, Daniel, I wanna get your perspective on, on your view of women in leadership roles. Do you think that we have good representation or we still have work to do in there? >>I definitely think in both technical and product roles, we definitely have some work to do. And, you know, when I think about, um, our partnership with Teradata, part of the reason why it's so important is, you know, Teradata solution is really the brains of a lot of companies. Um, you know, the what, how, what they differentiate on how they figure out insights into their business. And it's, it's all about the product itself and the data and the same is true at AWS. And, you know, we really could do some work to have some more women in these technical roles, as well as in the product, shaping the products. Uh, just for all the reasons that we just kind of talked about over the last 10 minutes, um, in order to, you know, move bias out of our, um, out of our solutions and also to just build better products and have, uh, better, you know, outcomes for customers. So I think there's a bit of work to do still. >>I agree. There's definitely a bit of work to do, and it's all about delivering those better outcomes for customers at the end of the day, we need to figure out what the right ways are of doing that and working together in a community. Um, we've had obviously a lot had changed in the last couple of years, Hillary, what's your, what have you seen in terms of the impact that the pandemic has had on this status of women in tech? Has it been a pro is silver lining the opposite? What are you seeing? >>Yeah, I mean, certainly there's data out there that tells us factually that it has been, um, very difficult for women during COVID 19. Um, women have, uh, dropped out of the workforce for a wide range of, of reasons. Um, and, and that I think is going to set us back all of us, the, the Royal us or the Royal we back, um, years and years. Um, and, and it's very unfortunate because I think we we're at a time when we're making great progress and now to see COVID, um, setting us back in, in such a powerful way. I think there's work to be done to understand how do we bring people back into the workforce. Um, how do we do that? Understanding work life balance, better understanding virtual and remote, working better. I think in the technology sector, um, we've really embraced, um, hybrid virtual work and are, are empowering people to bring their whole selves to work. >>And I think if anything, these, these zoom calls have, um, both for the men and the women on my team. In fact, I would say much more. So for the men on my team, I'm seeing, I was seeing more kids in the background, more kind of split childcare duties, more ability to start talking about, um, other responsibilities that maybe they had, uh, especially in the early days of COVID where maybe daycares were shut down. And, um, you had, you know, maybe a parent was sick. And so we saw quite a lot of, um, people bringing their whole selves to the office, which I think was, was really wonderful. Um, uh, even our CEO saw some of that. And I think, um, that that really changes the dialogue, right? It changes it to maybe scheduling meetings at a time when, um, people can do it after daycare drop off. >>Um, and really allowing that both for men and for women makes it better for, for women overall. So I would like to think that this hybrid working, um, environment and that this, um, uh, whole view into somebody's life that COVID has really provided for probably for white collar workers, if I'm being honest for, um, people who are in a, at a better point of privilege, they don't necessarily have to go into the office every day. I would like to think that tech can lead the way in, um, you know, coming out of the, the old COVID. I don't know if we have a new COVID coming, but the old COVID and really leading the way for women and for people, um, to transform how we do work, um, leveraging data and analytics, but also, um, overcoming some of the, the disparities that exist for women in particular in the workforce. >>Yeah, I think there's, there's like we say, there's a lot of opportunity there and I like your point of hopefully tech can be that guiding light that shows us this can be done. We're all humans at the end of the day. And ultimately if we're able to have some sort of work life balance, everything benefits, our work or more productive, higher performing teams impacts customers, right? There's so much value that can be gleaned from, from that hybrid model and embracing for humans. We need to be able to, to work when we can, we've learned that you don't have to be, you know, in an office 24, 7 commuting, crazy hours flying all around the world. We can get a lot of things done in a ways that fit people's lives rather than taking command over it. Wanna get your advice, Hillary, if you were to talk to your younger self, what would be some of the key pieces of advice you would say? And Danielle and I have talked about this before, and sometimes we, we would both agree on like, ask more questions. Don't be afraid to raise your hand, but what advice would you give your younger self and that younger generation in terms of being inspired to get into tech >>Oh, inspired and being in tech? You know, I think looking at technology as, in some ways, I feel like we do a disservice to, um, inclusion when we talk about stem, cuz I think stem can be kind of daunting. It can be a little scary for people for younger people. When I, when I go and talk to folks at schools, I think stem is like, oh, all the super smart kids are over there. They're all like maybe they're all men. And so, um, it's, it's a little, uh, intimidating. Um, and stem is actually, you know, especially for, um, people joining the workforce today. It's actually how you've been living your life since you were born. I mean, you know, stem inside and out because you walk around with a phone and you know how to get your internet working and like that is technology right. >>Fundamentally. And so demystifying stem as something that is around how we, um, actually make our, our lives useful and, and, and how we can change outcomes. Um, through technology I think is maybe a different lens to put on it. So, and there's absolutely for, for hard sciences, there's absolutely a, a great place in the world for folks who wanna pursue that and men and women can do that. So I, I don't want to be, um, uh, setting the wrong expectations, but I, I think stem is, is very holistic in, um, in the change that's happening globally for us today across economies, across global warming, across all kinds of impactful issues. And so I think everybody who's interested in, in some of that world change can participate in stem. It just may be through a different, through a different lens than how we classically talk about stem. >>So I think there's great opportunity to demystify stem. I think also, um, what I would tell my younger self is choose your bosses wisely. And that sounds really funny. That sounds like inside out almost, but I think choose the person that you're gonna work for in your first five to seven years. And it might be more than one person, but be, be selective, maybe be a little less selective about the exact company or the exact title. I think picking somebody that, you know, we talk about mentors and we talk about sponsors and those are important. Um, but the person you're gonna spend in your early career, a lot of your day with a lot, who's gonna influence a lot of the outcomes for you. That is the person that you, I think want to be more selective about, um, because that person can set you up for success and give you opportunities and set you on course to be, um, a standout or that person can hold you back. >>And that person can put you in the corner and not invite you to the meetings and not give you those opportunities. And so we're in an economy today where you actually can, um, be a little bit picky about who you go and work for. And I would encourage my younger self. I actually, I just lucked out actually, but I think that, um, my first boss really set me, um, up for success, gave me a lot of feedback and coaching. Um, and some of it was really hard to hear, but it really set me up for, for, um, the, the path that I've been on ever since. So it, that would be my advice. >>I love that advice. I it's brilliant. I didn't think it choose your bosses wisely. Isn't something that we primarily think about. I think a lot of people think about the big name companies that they wanna go after and put on a resume, but you bring up a great point. And Danielle and I have talked about this with other guests about mentors and sponsors. I think that is brilliant advice and also more work to do to demystify stem. But luckily we have great family leaders like the two of you helping us to do that. Ladies, I wanna thank you so much for joining me on the program today and talking through what you're seeing in de and I, what your companies are doing and the opportunities that we have to move the needle. Appreciate your time. >>Thank you so much. Great to see you, Danielle. Thank you Lisa, to see you. >>My pleasure for my guests. I'm Lisa Martin. You're watching the AWS partner showcase season one, episode three. Hey everyone. Welcome to the AWS partner showcase. This is season one, episode three, with a focus on women in tech. I'm your host, Lisa Martin. I've got two guests here with me, Sue Peretti, the EVP of global AWS strategic alliances at Jefferson Frank, a 10th revolution group company, and Danielle brushoff. One of our cube alumni joins us ISV PSA director, ladies. It's great to have you on the program talking about a, a topic that is near and dear to my heart at women in tech. >>Thank you, Lisa. >>So let's go ahead and start with you. Give the audience an understanding of Jefferson Frank, what does the company do and about the partnership with AWS? >>Sure. Um, so let's just start, uh, Jefferson Frank is a 10th revolution group company. And if you look at it, it's really talent as a service. So Jefferson Frank provides talent solutions all over the world for AWS clients, partners and users, et cetera. And we have a sister company called revelent, which is a talent creation company within the AWS ecosystem. So we create talent and put it out in the ecosystem. Usually underrepresented groups over half of them are women. And then we also have, uh, a company called rubra, which is a delivery model around AWS technology. So all three companies fall under the 10th revolution group organization. >>Got it. Danielle, talk to me a little bit about from AWS's perspective and the focus on hiring more women in technology and about the partnership. >>Yes. I mean, this has definitely been a focus ever since I joined eight years ago, but also just especially in the last few years we've grown exponentially and our customer base has changed. You know, we wanna have, uh, an organization interacting with them that reflects our customers, right. And, uh, we know that we need to keep pace with that even with our growth. And so we've very much focused on early career talent, um, bringing more women and underrepresented minorities into the organization, sponsoring those folks, promoting them, uh, giving them paths to growth, to grow inside of the organization. I'm an example of that. Of course I benefit benefited from it, but also I try to bring that into my organization as well. And it's super important. >>Tell me a little bit about how you benefited from that, Danielle. >>Um, I just think that, um, you know, I I've been able to get, you know, a seat at the table. I think that, um, I feel as though I have folks supporting me, uh, very deeply and wanna see me succeed. And also they put me forth as, um, you know, a, represent a representative, uh, to bring more women into the organization as well. And I think, um, they give me a platform, uh, in order to do that, um, like this, um, but also many other, uh, spots as well. Um, and I'm happy to do it because I feel that, you know, if you always wanna feel that you're making a difference in your job, and that is definitely a place where I get that time and space in order to be that representative to, um, bring more, more women into benefiting from having careers in technology, which there's a lot of value there, >>A lot of value. Absolutely. So back over to you, what are some of the trends that you are seeing from a gender diversity perspective in tech? We know the, the numbers of women in technical positions, uh, right. There's so much data out there that shows when girls start dropping up, but what are some of the trends that you are seeing? >>So it's, that's a really interesting question. And, and Lisa, I had a whole bunch of data points that I wanted to share with you, but just two weeks ago, uh, I was in San Francisco with AWS at the, at the summit. And we were talking about this. We were talking about how we can collectively together attract more women, not only to, uh, AWS, not only to technology, but to the AWS ecosystem in particular. And it was fascinating because I was talking about, uh, the challenges that women have and how hard to believe, but about 5% of women who were in the ecosystem have left in the past few years, which was really, really, uh, something that shocked everyone when we, when we were talking about it, because all of the things that we've been asking for, for instance, uh, working from home, um, better pay, uh, more flexibility, uh, better maternity leave seems like those things are happening. >>So we're getting what we want, but people are leaving. And it seemed like the feedback that we got was that a lot of women still felt very underrepresented. The number one thing was that they, they couldn't be, you can't be what you can't see. So because they, we feel collectively women, uh, people who identify as women just don't see enough women in leadership, they don't see enough mentors. Um, I think I've had great mentors, but, but just not enough. I'm lucky enough to have a pres a president of our company, the president of our company, Zoe Morris is a woman and she does lead by example. So I'm very lucky for that. And Jefferson, Frank really quickly, we put out a hiring a salary and hiring guide a career and hiring guide every year and the data points. And that's about 65 pages long. No one else does it. Uh, it gives an abundance of information around, uh, everything about the AWS ecosystem that a hiring manager might need to know. But there is what, what I thought was really unbelievable was that only 7% of the people that responded to it were women. So my goal, uh, being that we have such a very big global platform is to get more women to respond to that survey so we can get as much information and take action. So >>Absolutely 7%. So a long way to go there. Danielle, talk to me about AWS's focus on women in tech. I was watching, um, Sue, I saw that you shared on LinkedIn, the Ted talk that the CEO and founder of girls and co did. And one of the things that she said was that there was a, a survey that HP did some years back that showed that, um, 60%, that, that men will apply for jobs if they only meet 60% of the list of requirements. Whereas with females, it's far, far less, we've all been in that imposter syndrome, um, conundrum before. But Danielle, talk to us about AWS, a specific focus here to get these numbers up. >>I think it speaks to what Susan was talking about, how, you know, I think we're approaching it top and bottom, right? We're looking out at what are the, who are the women who are currently in technical positions and how can we make AWS an attractive place for them to work? And that's all a lot of the changes that we've had around maternity leave and, and those types of things, but then also, um, more flexible working, uh, can, you know, uh, arrangements, but then also, um, early, how can we actually impact early, um, career women and actually women who are still in school. Um, and our training and certification team is doing amazing things to get, um, more girls exposed to AWS, to technology, um, and make it a less intimidating place and have them look at employees from AWS and say like, oh, I can see myself in those people. >>Um, and kind of actually growing the viable pool of candidates. I think, you know, we're, we're limited with the viable pool of candidates, um, when you're talking about mid to late career. Um, but how can we, you know, help retrain women who are coming back into the workplace after, you know, having a child and how can we help with military women who want to, uh, or underrepresented minorities who wanna move into AWS, we have a great military program, but then also just that early high school, uh, career, you know, getting them in, in that trajectory. >>Sue, is that something that Jefferson Frank is also able to help with is, you know, getting those younger girls before they start to feel there's something wrong with me. I don't get this. Talk to us about how Jefferson Frank can help really drive up that in those younger girls. >>Uh, let me tell you one other thing to refer back to that summit that we did, uh, we had breakout sessions and that was one of the topics. What can cuz that's the goal, right? To make sure that, that there are ways to attract them. That's the goal? So some of the things that we talked about was mentoring programs, uh, from a very young age, some people said high school, but then we said even earlier, goes back to you. Can't be what you can't see. So, uh, getting mentoring programs, uh, established, uh, we also talked about some of the great ideas was being careful of how we speak to women using the right language to attract them. And some, there was a teachable moment for, for me there actually, it was really wonderful because, um, an African American woman said to me, Sue and I, I was talking about how you can't be what you can't see. >>And what she said was Sue, it's really different. Um, for me as an African American woman, uh, or she identified, uh, as nonbinary, but she was relating to African American women. She said, your white woman, your journey was very different than my journey. And I thought, this is how we're going to learn. I wasn't offended by her calling me out at all. It was a teachable moment. And I thought I understood that, but those are the things that we need to educate people on those, those moments where we think we're, we're saying and doing the right thing, but we really need to get that bias out there. So here at Jefferson, Frank, we're, we're trying really hard to get that careers and hiring guide out there. It's on our website to get more women, uh, to talk to it, but to make suggestions in partnership with AWS around how we can do this mentoring, we have a mentor me program. We go around the country and do things like this. We, we try to get the education out there in partnership with AWS. Uh, we have a, a women's group, a women's leadership group, uh, so much that, that we do, and we try to do it in partnership with AWS. >>Danielle, can you comment on the impact that AWS has made so far, um, regarding some of the trends and, and gender diversity that Sue was talking about? What's the impact that's been made so far with this partnership? >>Well, I mean, I think just being able to get more of the data and have awareness of leaders, uh, on how <laugh>, you know, it used to be a, a couple years back, I would feel like sometimes the, um, uh, solving to bring more women into the organization was kind of something that folks thought, oh, this is Danielle is gonna solve this. You know? And I think a lot of folks now realize, oh, this is something that we all need to solve for. And a lot of my colleagues who maybe a couple years ago, didn't have any awareness or didn't even have the tools to do what they needed to do in order to improve the statistics on their, or in their organizations. Now actually have those tools and are able to kind of work with, um, work with companies like Susan's work with Jefferson Frank in order to actually get the data and actually make good decisions and feel as though, you know, they, they often, these are not lived experiences for these folks, so they don't know what they don't know. And by providing data and providing awareness and providing tooling and then setting goals, I think all of those things have really turned, uh, things around in a very positive way. >>And so you bring up a great point about from a diversity perspective, what is Jefferson Frank doing to, to get those data points up, to get more women of, of all well, really underrepresented minorities to, to be able to provide that feedback so that you can, can have the data and gleamy insights from it to help companies like AWS on their strategic objectives. >>Right? So as I, when I go back to that higher that, uh, careers in hiring guide, that is my focus today, really because the more data that we have, I mean, the, and the data takes, uh, you know, we need people to participate in order to, to accurately, uh, get a hold of that data. So that's why we're asking, uh, we're taking the initiative to really expand our focus. We are a global organization with a very, very massive database all over the world, but if people don't take action, then we can't get the right. The, the, the data will not be as accurate as we'd like it to be. Therefore take better action. So what we're doing is we're asking people all over the, all over the world to participate on our website, Jefferson frank.com, the se the high, uh, in the survey. So we can learn as much as we can. >>7% is such a, you know, Danielle and I we're, we've got to partner on this just to sort of get that message out there, get more data so we can execute, uh, some of the other things that we're doing. We're, we're partnering in. As I mentioned, more of these events, uh, we're, we're doing around the summits, we're gonna be having more ed and I events and collecting more information from women. Um, like I said, internally, we do practice what we preach and we have our own programs that are, that are out there that are within our own company where the women who are talking to candidates and clients every single day are trying to get that message out there. So if I'm speaking to a client or one of our internal people are speaking to a client or a candidate, they're telling them, listen, you know, we really are trying to get these numbers up. >>We wanna attract as many people as we can. Would you mind going to this, uh, hiring guide and offering your own information? So we've gotta get that 7% up. We've gotta keep talking. We've gotta keep, uh, getting programs out there. One other thing I wanted to Danielle's point, she mentioned, uh, women in leadership, the number that we gathered was only 9% of women in leadership within the AWS ecosystem. We've gotta get that number up, uh, as well because, um, you know, I know for me, when I see people like Danielle or, or her peers, it inspires me. And I feel like, you know, I just wanna give back, make sure I send the elevator back to the first floor and bring more women in to this amazing ecosystem. >>Absolutely. That's not that metaphor I do too, but we, but to your point to get that those numbers up, not just at AWS, but everywhere else we need, it's a help me help use situation. So ladies underrepresented minorities, if you're watching go to the Jefferson Frank website, take the survey, help provide the data so that the woman here that are doing this amazing work, have it to help make decisions and have more of females and leadership roles or underrepresented minorities. So we can be what we can see. Ladies, thank you so much for joining me today and sharing what you guys are doing together to partner on this important. Cause >>Thank you for having me, Leah, Lisa, >>Thank you. My pleasure for my guests. I'm Lisa Martin. You're watching the cubes coverage of the AWS partner showcase. Thanks for your time. Hey everyone. Welcome to the AWS partner showcase season one, episode three women in tech. I'm your host, Lisa Martin. We've got two female rock stars here with me next. Stephanie Curry joins us the worldwide head of sales and go to market strategy for AWS at NetApp and Danielle GShock is back one of our QM ISV PSA director at AWS. Looking forward to a great conversation, ladies, about a great topic, Stephanie, let's go ahead and start with you. Give us an overview of your story, how you got into tech and what inspired you. >>Thanks so much, Lisa and Danielle. It's great to be on this show with you. Um, thank you for that. Uh, my name's Stephanie cur, as Lisa mentioned, I'm the worldwide head of sales for, uh, AWS at NetApp and run a global team of sales people that sell all things AWS, um, going back 25 years now, uh, when I first started my career in tech, it was kind of by accident. Um, I come from a different background. I have a business background and a technical background from school, um, but had been in a different career and I had an opportunity to try something new. Um, I had an ally really that reached out to me and said, Hey, you'd be great for this role. And I thought, I'd take a chance. I was curious. Um, and, uh, it, it turned out to be a 25 year career, um, that I'm really, really excited about and, and, um, really thankful for that person, for introducing me to the, to the industry >>25 years in counting. I'm sure Danielle, we've talked about your background before. So what I wanna focus on with you is the importance of diversity for high performance. I know what a machine AWS is, and Stephanie'll come back to you with the same question, but talk about that, Danielle, from your perspective, that importance, um, for diversity to drive the performance. >>Yeah. Yeah. I truly believe that, you know, in order to have high performing teams, that you have to have people from all different types of backgrounds and experiences. And we do find that oftentimes being, you know, field facing, if we're not reflecting our customers and connecting with them deeply, um, on, on the levels that they're at, we, we end up missing them. And so for us, it's very important to bring people of lots of different technical backgrounds experiences. And of course, both men, women, and underrepresented minorities and put that forth to our customers, um, in order to make that connection and to end up with better outcomes. So >>Definitely it's all about outcomes, Stephanie, your perspective and NetApp's perspective on diversity for creating highly performant teams and organizations. >>I really aligned with Danielle on the comment she made. And in addition to that, you know, just from building teams in my, um, career know, we've had three times as many women on my team since we started a year ago and our results are really showing in that as well. Um, we find the teams are stronger, they're more collaborative and to Danielle's point really reflective, not only our partners, but our customers themselves. So this really creates connections, which are really, really important to scale our businesses and, and really, uh, meet the customer where they're at as well. So huge proponent of that ourselves, and really finding that we have to be intentional in our hiring and intentional in how we attract diversity to our teams. >>So Stephanie let's stay with you. So a three X increase in women on the team in a year, especially the kind of last year that we've had is really incredible. I, I like your, I, your thoughts on there needs to be a, there needs to be focus and, and thought in how teams are hired. Let's talk about attracting and retaining those women now, especially in sales roles, we all know the number, the percentages of women in technical roles, but what are some of the things that, that you do Stephanie, that NetApp does to attract and retain women in those sales roles? >>The, the attracting part's really interesting. And we find that, you know, you, you read the stats and I'd say in my experience, they're also true in the fact that, um, a lot of women would look at a job description and say, I can't do a hundred percent of that, that, so I'm not even going to apply with the women that we've attracted to our team. We've actually intentionally reached out and targeted those people in a good way, um, to say, Hey, we think you've got what it takes. Some of the feedback I've got from those women are, gosh, I didn't think I could ever get this role. I didn't think I had the skills to do that. And they've been hired and they are doing a phenomenal job. In addition to that, I think a lot of the feedback I've got from these hires are, Hey, it's an aggressive sales is aggressive. Sales is competitive. It's not an environment that I think I can be successful in. And what we're showing them is bring those softer skills around collaboration, around connection, around building teams. And they do, they do bring a lot of that to the team. Then they see others like them there and they know they can be successful cuz they see others like them on the team, >>The whole concept of we can't be what we can't see, but we can be what we can't see is so important. You said a couple things, Stephanie, that really stuck with me. And one of them was an interview on the Cub I was doing, I think a couple weeks ago, um, about women in tech. And the stat that we talked about was that women will apply will not apply for a job unless they meet 100% of the skills and the requirements that it's listed, but men will, if they only meet 60. And I, that just shocked me that I thought, you know, I, I can understand that imposter syndrome is real. It's a huge challenge, but the softer skills, as you mentioned, especially in the last two years, plus the ability to communicate, the ability to collaborate are incredibly important to, to drive that performance of any team of any business. >>Absolutely. >>Danielle, talk to me about your perspective and AWS as well for attracting and retaining talent. And, and, and particularly in some of those challenging roles like sales that as Stephanie said, can be known as aggressive. >>Yeah, for sure. I mean, my team is focused on the technical aspect of the field and we definitely have an uphill battle for sure. Um, two things we are focused on first and foremost is looking at early career women and that how we, how can we bring them into this role, whether in they're in support functions, uh, cl like answering the phone for support calls, et cetera, and how, how can we bring them into this organization, which is a bit more strategic, more proactive. Um, and then the other thing that as far as retention goes, you know, sometimes there will be women who they're on a team and there are no other women on that team. And, and for me, it's about building community inside of AWS and being part of, you know, we have women on solution architecture organizations. We have, uh, you know, I just personally connect people as well and to like, oh, you should meet this person. Oh, you should talk to that person. Because again, sometimes they can't see someone on their team like them and they just need to feel anchored, especially as we've all been, you know, kind of stuck at home, um, during the pandemic, just being able to make those connections with women like them has been super important and just being a, a long tenured Amazonian. Um, that's definitely one thing I'm able to, to bring to the table as well. >>That's so important and impactful and spreads across organizations in a good way. Daniel let's stick with you. Let's talk about some of the allies that you've had sponsors, mentors that have really made a difference. And I said that in past tense, but I also mean in present tense, who are some of those folks now that really inspire you? >>Yeah. I mean, I definitely would say that one of my mentors and someone who, uh, ha has been a sponsor of my career has, uh, Matt YK, who is one of our control tower GMs. He has really sponsored my career and definitely been a supporter of mine and pushed me in positive ways, which has been super helpful. And then other of my business partners, you know, Sabina Joseph, who's a cube alum as well. She definitely has been, was a fabulous partner to work with. Um, and you know, between the two of us for a period of time, we definitely felt like we could, you know, conquer the world. It's very great to go in with a, with another strong woman, um, you know, and, and get things done, um, inside of an organization like AWS. >>Absolutely. And S I've, I've agreed here several times. So Stephanie, same question for you. You talked a little bit about your kind of, one of your, uh, original early allies in the tech industry, but talk to me about allies sponsors, mentors who have, and continue to make a difference in your life. >>Yeah. And, you know, I think it's a great differentiation as well, right? Because I think that mentors teach us sponsors show us the way and allies make room for us at the table. And that is really, really key difference. I think also as women leaders, we need to make room for others at the table too, and not forget those softer skills that we bring to the table. Some of the things that Danielle mentioned as well about making those connections for others, right. And making room for them at the table. Um, some of my allies, a lot of them are men. Brian ABI was my first mentor. Uh, he actually is in the distribution, was in distribution, uh, with advent tech data no longer there. Um, Corey Hutchinson, who's now at Hashi Corp. He's also another ally of mine and remains an ally of mine, even though we're not at the same company any longer. Um, so a lot of these people transcend careers and transcend, um, um, different positions that I've held as well and make room for us. And I think that's just really critical when we're looking for allies and when allies are looking for us, >>I love how you described allies, mentors and sponsors Stephanie. And the difference. I didn't understand the difference between a mentor and a sponsor until a couple of years ago. Do you talk with some of those younger females on your team so that when they come into the organization and maybe they're fresh outta college, or maybe they've transitioned into tech so that they can also learn from you and understand the importance and the difference between the allies and the sponsors and the mentors? >>Absolutely. And I think that's really interesting because I do take, uh, an extra, uh, approach an extra time to really reach out to the women that have joined the team. One. I wanna make sure they stay right. I don't want them feeling, Hey, I'm alone here and I need to, I need to go do something else. Um, and they are located around the world, on my team. They're also different age groups, so early in career, as well as more senior people and really reaching out, making sure they know that I'm there. But also as Danielle had mentioned, connecting them to other people in the community that they can reach out to for those same opportunities and making room for them >>Make room at the table. It's so important. And it can, you never know what a massive difference and impact you can make on someone's life. And I, and I bet there's probably a lot of mentors and sponsors and allies of mine that would be surprised to know, uh, the massive influence they've had Daniel back over. Let's talk about some of the techniques that you employ, that AWS employees to make the work environment, a great place for women to really thrive and, and be retained as Stephanie was saying. Of course that's so important. >>Yeah. I mean, definitely I think that the community building, as well as we have a bit more programmatic mentorship, um, we're trying to get to the point of having a more programmatic sponsorship as well. Um, but I think just making sure that, um, you know, both everything from, uh, recruit to onboard to ever boarding that, uh, they they're the women who come into the organization, whether it's they're coming in on the software engineering side or the field side or the sales side that they feel as that they have someone, uh, working with them to help them drive their career. Those are the key things that were, I think from an organizational perspective are happening across the board. Um, for me personally, when I run my organization, I'm really trying to make sure that people feel that they can come to me at any time open door policy, make sure that they're surfacing any times in which they are feeling excluded or anything like that, any challenges, whether it be with a customer, a partner or with a colleague. Um, and then also of course, just making sure that I'm being a good sponsor, uh, to, to people on my team. Um, that is key. You can talk about it, but you have to start with yourself as well. >>That's a great point. You you've got to, to start with yourself and really reflect on that. Mm-hmm <affirmative> and look, am I, am I embodying what it is that I need? And not that I know they need that focused, thoughtful intention on that is so importants, let's talk about some of the techniques that you use that NetApp uses to make the work environment a great place for those women are marginalized, um, communities to really thrive. >>Yeah. And I appreciate it and much like Danielle, uh, and much like AWS, we have some of those more structured programs, right around sponsorship and around mentorship. Um, probably some growth there, opportunities for allies, because I think that's more of a newer concept in really an informal structure around the allies, but something that we're growing into at NetApp, um, on my team personally, I think, um, leading by example's really key. And unfortunately, a lot of the, um, life stuffs still lands on the women, whether we like it or not. Uh, I have a very, uh, active husband in our household, but I still carry when it push comes to shove it's on me. Um, and I wanna make sure that my team knows it's okay to take some time and do the things you need to do with your family. Um, I'm I show up as myself authentically and I encourage them to do the same. >>So it's okay to say, Hey, I need to take a personal day. I need to focus on some stuff that's happening in my personal life this week now, obviously to make sure your job's covered, but just allowing some of that softer vulnerability to come into the team as well, so that others, um, men and women can feel they can do the same thing. And that it's okay to say, I need to balance my life and I need to do some other things alongside. Um, so it's the formal programs, making sure people have awareness on them. Um, I think it's also softly calling people out on biases and saying, Hey, I'm not sure if you know, this landed that way, but I just wanted to make you aware. And usually the feedback is, oh my gosh, I didn't know. And could you coach me on something that I could do better next time? So all of this is driven through our NetApp formal programs, but then it's also how you manifest it on the teams that we're leading. >>Absolutely. And sometimes having that mirror to reflect into can be really eye-opening and, and allow you to, to see things in a completely different light, which is great. Um, you both talked about, um, kind of being what you, uh, can see, and, and I know both companies are upset customer obsessed in a good way. Talk to me a little bit, Danielle, go back over to you about the AWS NetApp partnership. Um, some of that maybe alignment on, on performance on obviously you guys are very well aligned, uh, in terms of that, but also it sounds like you're quite aligned on diversity and inclusion. >>Well, we definitely do. We have the best partnerships with companies in which we have these value alignments. So I think that is a positive thing, of course, but just from a, from a partnership perspective, you know, from my five now plus years of being a part of the APN, this is, you know, one of the most significant years with our launch of FSX for NetApp. Um, with that, uh, key key service, which we're making available natively on AWS. I, I can't think of a better Testament to the, to the, um, partnership than that. And that's doing incredibly well and it really resonates with our customers. And of course it started with customers and their need for NetApp. Uh, so, you know, that is a reflection, I think, of the success that we're having together. >>And Stephanie talk to, uh, about the partnership from your perspective, NetApp, AWS, what you guys are doing together, cultural alignment, but also your alignment on really bringing diversity into drive performance. >>Yeah, I think it's a, a great question. And I have to say it's just been a phenomenal year. Our relationship has, uh, started before our first party service with FSX N but definitely just, um, uh, the trajectory, um, between the two companies since the announcement about nine months ago has just taken off to a, a new level. Um, we feel like an extended part of the family. We worked together seamlessly. A lot of the people in my team often say we feel like Amazonians. Um, and we're really part of this transformation at NetApp from being that storage hardware company into being an ISV and a cloud company. And we could not do this without the partnership with AWS and without the, uh, first party service of Fs XM that we've recently released. Um, I think that those joint values that Danielle referred to are critical to our success, um, starting with customer obsession and always making sure that we are doing the right thing for the customer. >>We coach our team teams all the time on if you are doing the right thing for the customers, you cannot do anything wrong. Just always put the customer at the, in the center of your decisions. And I think that there is, um, a lot of best practice sharing and collaboration as we go through this change. And I think a lot of it is led by the diverse backgrounds that are on the team, um, female, male, um, race and so forth, and just to really, uh, have different perspectives and different experiences about how we approach this change. Um, so we definitely feel like a part of the family. Uh, we are absolutely loving, uh, working with the AWS team and our team knows that we are the right place, the right time with the right people. >>I love that last question for each of you. And I wanna stick with you Stephanie advice to your younger self, think back five years. What advice would you seen what you've accomplished and maybe the thet route that you've taken along the way, what would you advise your youngest Stephanie self. >>Uh, I would say keep being curious, right? Keep being curious, keep asking questions. And sometimes when you get a no, it's not a bad thing, it just means not right now and find out why and, and try to get feedback as to why maybe that wasn't the right opportunity for you. But, you know, just go for what you want. Continue to be curious, continue to ask questions and find a support network of people around you that wanna help you because they are there and they, they wanna see you be successful too. So never be shy about that stuff. >><laugh> absolutely. And I always say failure does not have to be an, a bad F word. A no can be the beginning of something. Amazing. Danielle, same question for you. Thinking back to when you first started in your career, what advice would you give your younger self? >>Yeah, I think the advice I'd give my younger self would be, don't be afraid to put yourself out there. Um, it's certainly, you know, coming from an engineering background, maybe you wanna stay behind the scenes, not, not do a presentation, not do a public speaking event, those types of things, but back to what the community really needs, this thing. Um, you know, I genuinely now, uh, took me a while to realize it, but I realized I needed to put myself out there in order to, um, you know, allow younger women to see what they could be. So that would be the advice I would give. Don't be afraid to put yourself out there. >>Absolutely. That advice that you both gave are, is so fantastic, so important and so applicable to everybody. Um, don't be afraid to put yourself out there, ask questions. Don't be afraid of a, no, that it's all gonna happen at some point or many points along the way. That can also be good. So thank you ladies. You inspired me. I appreciate you sharing what AWS and NetApp are doing together to strengthen diversity, to strengthen performance and the advice that you both shared for your younger selves was brilliant. Thank you. >>Thank you. >>Thank you >>For my guests. I'm Lisa Martin. You're watching the AWS partner showcase. See you next time. Hey everyone. Welcome to the AWS partner showcase season one, episode three women in tech. I'm your host, Lisa Martin. I've got two female rock stars joining me. Next Vero Reynolds is here engineering manager, telemetry at honeycomb, and one of our cube alumni, Danielle Ock ISV PSA director at AWS. Join us as well. Ladies. It's great to have you talking about a very important topic today. >>Thanks for having us. >>Yeah, thanks for having me. Appreciate it. >>Of course, Vera, let's go ahead and start with you. Tell me about your background and tech. You're coming up on your 10th anniversary. Happy anniversary. >>Thank you. That's right. I can't believe it's been 10 years. Um, but yeah, I started in tech in 2012. Um, I was an engineer for most of that time. Uh, and just recently as a March, switched to engineering management here at honeycomb and, um, you know, throughout my career, I was very much interested in all the things, right. And it was a big FOMO as far as trying a few different, um, companies and products. And I've done things from web development to mobile to platforms. Um, it would be apt to call me a generalist. Um, and in the more recent years I was sort of gravitating more towards developer tool space. And for me that, uh, came in the form of cloud Foundry circle CI and now honeycomb. Um, I actually had my eye on honeycomb for a while before joining, I came across a blog post by charity majors. >>Who's one of our founders and she was actually talking about management and how to pursue that and whether or not it's right, uh, for your career. And so I was like, who is this person? I really like her, uh, found the company. They were pretty small at the time. So I was sort of keeping my eye on them. And then when the time came around for me to look again, I did a little bit more digging, uh, found a lot of talks about the product. And on the one hand they really spoke to me as the solution. They talked about developers owning their coding production and answering questions about what is happening, what are your users seeing? And I felt that pain, I got what they were trying to do. And also on the other hand, every talk I saw at the time was from, uh, an amazing woman <laugh>, which I haven't seen before. Uh, so I came across charity majors again, Christine Y our other founder, and then Liz Jones, who's our principal developer advocate. And that really sealed the deal for me as far as wanting to work here. >>Yeah. Honeycomb is interesting. This is a female founded company. You're two leaders. You mentioned that you like the technology, but you were also attracted because you saw females in the leadership position. Talk to me a little bit about what that's like working for a female led organization at honeycomb. >>Yeah. You know, historically, um, we have tried not to over index on that because there was this, uh, maybe fear awareness of, um, it taking away from our legitimacy as an engineering organization, from our success as a company. Um, but I'm seeing that, uh, rhetoric shift recently because we believe that with great responsibility, uh, with great power comes great responsibility, and we're trying to be more intentional as far as using that attribute of our company. Um, so I would say that for me, it was, um, a choice between a few offers, right. And that was a selling point for sure, because again, I've never experienced it and I've really seen how much they walk that walk. Um, even me being here and me moving into management, I think were both, um, ways in which they really put a lot of trust and support in me. And so, um, I it's been a great ride. >>Excellent. Sounds like it. Before we bring Danielle in to talk about the partnership. I do wanna have you there talk to the audience a little bit about honeycomb, what technology it's delivering and what are its differentiators. >>Yeah, absolutely. Um, so honeycomb is an observability tool, uh, that enables engineers to answer questions about the code that runs in production. And, um, we work with a number of various customers. Some of them are Vanguards, slack. Hello, fresh, just to name a couple, if you're not familiar with observability tooling, it's akin to traditional application performance monitoring, but we believe that observability is succeeding APM because, uh, APM tools were built at the time of monoliths and they just weren't designed to help us answer questions about complex distributed systems that we work with today, where things can go wrong anywhere in that chain. And you can't predict what you're gonna need to ask ahead of time. So some of the ways that we are different is our ability to store and query really rich data, which we believe is the key to understanding those complex systems. >>What I mean by rich data is, um, something that has a lot of attributes. So for example, when an error happens, knowing who it happened to, which user ID, which, um, I don't know, region, they were in, um, what, what, what they were doing at the time and what was happening at the rest of your system. And our ingest engine is really fast. You can do it in as little as three seconds and we call data like this. I said, kind of rich data, contextual data. We refer it as having high ality and high dimensionality, which are big words. But at the end of the day, what that means is we can store and we can query the data. We can do it really fast. And to give you an example of how that looks for our customers, let's say you have a developer team who are using comb to understand and observe their system. >>And they get a report that a user is experiencing a slowdown or something's wrong. They can go into comb and figure out that this only happens to users who are using a particular language pack with their app. And they operated their app last week, that it only happens when they are trying to upload a file. And so it's this level of granularity and being able to zoom in and out, um, under your data that allows you to understand what's happening, especially when you have an incident going on, right. Or your really important high profile customer is telling you that something's wrong. And we can do that. Even if everything else in your other tools looks fine, right? All of your dashboards are okay. You're not actually getting paged on it, but your customers are telling you that something's wrong. Uh, and we believe that's where we shine in helping you there. >>Excellent. It sounds like that's where you really shine that real time visibility is so critical these days. Danielle, Danielle, wanna bring you into the conversation. Talk to us a little bit about the honeycomb partnership from the AWS lens. >>Yeah. So excuse me, observability is obviously a very important, uh, segment in the cloud space, very important to AWS, um, because a lot of all of our customers, uh, as they build their systems distributed, they need to be able to see where, where things are happening in the complex systems that they're building. And so honeycomb is a, is an advanced technology partner. Um, they've been working with us for quite some time and they have a, uh, their solution is listed on the marketplace. Um, definitely something that we see a lot of demand with our customers and they have many integrations, uh, which, you know, we've seen is key to success. Um, being able to work seamlessly with the rest of the services inside of the AWS platform. And I know that they've done some, some great things with people who are trying to develop games on top of AWS, uh, things in that area as well. And so, uh, very important partner in the observa observability market that we have >>Back to you, let's kind of unpack the partnership, the significance that honeycomb ha is getting from being partners with an organization as potent and pivotal as AWS. >>Yeah, absolutely. Um, I know this predates me to some extent, but I know for a long time, AWS and honeycomb has really pushed the envelope together. And, um, I think it's a beneficial relationship for both ends. There's kind of two ways of looking at it. On the one side, there is our own infrastructure. So honeycomb runs on AWS and actually one of our critical workloads that supports that fast query engine that I mentioned uses Lambda. And it does so in a pretty Orthodox way. So we've had a longstanding conversation with the AWS team as far as drawing outside those lines and kind of figuring out how to use this technology in a way that works for us and hopefully will work for other customers of theirs as well. Um, that also allows us to ask for early access for certain features when they become available. >>And then that way we can be sort of the Guinea pigs and try things out, um, in a way that migrates our system and optimizes our own performance, but also allows again, other customers of AWS to follow in that path. And then the other side of that partnership is really supporting our customers who are both honeycomb users and AWS users, because it's, as you imagine, quite a big overlap, and there are certain ways in which we can allow our customers to more easily get their data from AWS to honeycomb. So for example, last year we built a tool, um, based on the new Lambda extension capability that allowed our users who run their applications in Lambdas to get that telemetry data out of their applications and into honeycomb. And it man was win, win. >>Excellent. So I'm hearing a lot of synergies from a technology perspective, you're sticking with you, and then Danielle will bring you in, let's talk about how honeycomb supports D and I across its organization. And how is that synergistic with AWS's approach? Yeah, >>Yeah, absolutely. So I sort of alluded to that hesitancy to over index on the women led aspect of ourselves. Um, but again, a lot of things are shifting, we're growing a lot. And so we are recognizing that we need to be more intentional with our DEI initiatives, and we also notice that we can do better and we should do better. And to that, and we're doing a few things differently, um, that are pretty recent initiatives. We are partnering with organizations that help us target specific communities that are underrepresented in tech. Um, some examples would be after tech hu Latinas in tech among, um, a number of others. And another initiative is DEI head start. That's something that is an internal, um, practice that we started that includes reaching out to underrepresented applicants before any new job for honeycomb becomes live. So before we posted to LinkedIn, before it's even live on our job speech, and the idea there is to kind of balance our pipeline of applicants, which the hope is will lead to more diverse hires in the long term. >>That's a great focus there. Danielle, I know we've talked about this before, but for the audience, in terms of the context of the honeycomb partnership, the focus at AWS for D E and I is really significant, unpack that a little bit for us. >>Well, let me just bring it back to just how we think about it, um, with the companies that we work with, but also in, in terms of, you know, what we want to be able to do, excuse me, it's very important for us to, you know, build products that reflect, uh, the customers that we have. And I think, you know, working with, uh, a company like honeycomb that is looking to differentiate in a space, um, by, by bringing in, you know, the experiences of many different types of people I genuinely believe. And I'm sure Vera also believes that by having those diverse perspectives, that we're able to then build better products for our customers. Um, and you know, it's one of, one of our leadership principles, uh, is, is rooted in this. I write a lot, it asks for us to seek out diverse perspectives. Uh, and you can't really do that if everybody kind of looks the same and thinks the same and has the same background. So I think that is where our de and I, um, you know, I thought process is rooted and, you know, companies like honeycomb that give customers choice and differentiate and help them, um, to do what they need to do in their unique, um, environments is super important. So >>The, the importance of thought diversity cannot be underscored enough. It's something that is, can be pivotal to organizations. And it's very nice to hear that that's so fundamental to both companies, Barry, I wanna go back to you for a second. You, I think you mentioned this, the DEI head start program, that's an internal program at honeycomb. Can you shed a little bit of light on that? >>Yeah, that's right. And I actually am in the process of hiring a first engineer for my team. So I'm learning a lot of these things firsthand, um, and how it works is we try to make sure to pre-load our pipeline of applicants for any new job opening we have with diverse candidates to the best of our abilities, and that can involve partnering with the organizations that I mentioned or reaching out to our internal network, um, and make sure that we give those applicants a head start, so to speak. >>Excellent. I like that. Danielle, before we close, I wanna get a little bit of, of your background. We've got various background in tag, she's celebrating her 10th anniversary. Give me a, a short kind of description of the journey that you've navigated through being a female in technology. >>Yeah, thanks so much. I really appreciate, uh, being able to share this. So I started as a software engineer, uh, back actually in the late nineties, uh, during the, the first.com bubble and, uh, have, have spent quite a long time actually as an individual contributor, um, probably working in software engineering teams up through 2014 at a minimum until I joined AWS, uh, as a customer facing solutions architect. Um, I do think spending a lot of time, hands on definitely helped me with some of the imposter syndrome, um, issues that folks suffer from not to say I don't at all, but it, it certainly helped with that. And I've been leading teams at AWS since 2015. Um, so it's really been a great ride. Um, and like I said, I'm very happy to see all of our engineering teams change, uh, as far as their composition. And I'm, I'm grateful to be part of it. >>It's pretty great to be able to witness that composition change for the better last question for each of you. And we're almost out of time and Danielle, I'm gonna stick with you. What's your advice, your recommendations for women who either are thinking about getting into tech or those who may be in tech, maybe they're in individual positions and they're not sure if they should apply for that senior leadership position. What do you advise them to do? >>I mean, definitely for the individual contributors, tech tech is a great career, uh, direction, um, and you will always be able to find women like you, you have to maybe just work a little bit harder, uh, to join, have community, uh, in that. But then as a leader, um, representation is very important and we can bring more women into tech by having more leaders. So that's my, you just have to take the lead, >>Take the lead, love that there. Same question for you. What's your advice and recommendations for those maybe future female leaders in tech? >>Yeah, absolutely. Um, Danielle mentioned imposter syndrome and I think we all struggle with it from time to time, no matter how many years it's been. And I think for me, for me, the advice would be if you're starting out, don't be afraid to ask, uh, questions and don't be afraid to kind of show a little bit of ignorance because we've all been there. And I think it's on all of us to remember what it's like to not know how things work. And on the flip side of that, if you are a more senior IC or, uh, in a leadership role, also being able to model just saying, I don't know how this works and going and figuring out answers together because that was a really powerful shift for me early in my career is just to feel like I can say that I don't know something. >>I totally agree. I've been in that same situation where just ask the question because you I'm guaranteed, there's a million outta people in the room that probably has the, have the same question and because of imposter syndrome, don't wanna admit, I don't understand that. Can we back up, but I agree with you. I think that is, um, one of the best things. Raise your hand, ask a question, ladies. Thank you so much for joining me talking about honeycomb and AWS, what you're doing together from a technology perspective and the focus efforts that each company has on D E and I, we appreciate your insights. Thank you so much for having us great talking to you. My pleasure, likewise for my guests, I'm Lisa Martin. You're watching the AWS partner showcase women in check. Welcome to the AWS partner showcase I'm Lisa Martin, your host. This is season one, episode three, and this is a great episode that focuses on women in tech. I'm pleased to be joined by Danielle Shaw, the ISV PSA director at AWS, and the sponsor of this fantastic program. Danielle, it's great to see you and talk about such an important topic. >>Yes. And I will tell you, all of these interviews have just been a blast for me to do. And I feel like there has been a lot of gold that we can glean from all of the, um, stories that we heard on these interviews and good advice that I myself would not have necessarily thought of. So >>I agree. And we're gonna get to set, cuz advice is one of the, the main things that our audience is gonna hear. We have Hillary Ashton, you'll see from TETA there, Reynolds joins us from honeycomb, Stephanie Curry from NetApp and Sue Paris from Jefferson Frank. And the topics that we dig into are first and foremost, diversity equity and inclusion. That is a topic that is incredibly important to every organization. And some of the things Danielle that our audiences shared were really interesting to me. One of the things that I saw from a thematic perspective over and over was that like D Reynolds was talking about the importance of companies and hiring managers and how they need to be intentional with de and I initiatives. And that intention was a, a, a common thing that we heard. I'm curious what your thoughts are about that, that we heard about being intentional working intentionally to deliver a more holistic pool of candidates where de I is concerned. What are your, what were some of the things that stuck out to you? >>Absolutely. I think each one of us is working inside of organizations where in the last, you know, five to 10 years, there's been a, you know, a strong push in this direction, mostly because we've really seen, um, first and foremost, by being intentional, that you can change the, uh, the way your organization looks. Um, but also just that, you know, without being intentional, um, there was just a lot of, you know, outcomes and situations that maybe weren't great for, um, you know, a healthy, um, and productive environment, uh, working environment. And so, you know, a lot of these companies have made a big investments and put forth big initiatives that I think all of us are involved in. And so we're really excited to get out here and talk about it and talk about, especially as these are all partnerships that we have, how, you know, these align with our values. So >>Yeah, that, that value alignment mm-hmm <affirmative> that you bring up is another thing that we heard consistently with each of the partners, there's a cultural alignment, there's a customer obsession alignment that they have with AWS. There's a D E and I alignment that they have. And I, I think everybody also kind of agreed Stephanie Curry talked about, you know, it's really important, um, for diversity on it, on, on impacting performance, highly performant teams are teams that are more diverse. I think we heard that kind of echoed throughout the women that we talked to in >>This. Absolutely. And I absolutely, and I definitely even feel that, uh, with their studies out there that tell you that you make better products, if you have all of the right input and you're getting all many different perspectives, but not just that, but I can, I can personally see it in the performing teams, not just my team, but also, you know, the teams that I work alongside. Um, arguably some of the other business folks have done a really great job of bringing more women into their organization, bringing more underrepresented minorities. Tech is a little bit behind, but we're trying really hard to bring that forward as well to in technical roles. Um, but you can just see the difference in the outcomes. Uh, at least I personally can just in the adjacent teams of mine. >>That's awesome. We talked also quite a bit during this episode about attracting women and underrepresented, um, groups and retaining them. That retention piece is really key. What were some of the things that stuck out to you that, um, you know, some of the guests talked about in terms of retention? >>Yeah. I think especially, uh, speaking with Hillary and hearing how, uh, Teradata is thinking about different ways to make hybrid work work for everybody. I think that is definitely when I talk to women interested in joining AWS, oftentimes that might be one of the first, uh, concerns that they have. Like, am I going to be able to, you know, go pick my kid up at four o'clock at the bus, or am I going to be able to, you know, be at my kids' conf you know, conference or even just, you know, have enough work life balance that I can, um, you know, do the things that I wanna do outside of work, uh, beyond children and family. So these are all very important, um, and questions that especially women come and ask, but also, um, you know, it kind of is a, is a bellwether for, is this gonna be a company that allows me to bring my whole self to work? And then I'm also gonna be able to have that balance that I need need. So I think that was something that is, uh, changing a lot. And many people are thinking about work a lot differently. >>Absolutely. The pandemic not only changed how we think about work, you know, initially it was, do I work from home or do I live at work? And that was legitimately a challenge that all of us faced for a long time period, but we're seeing the hybrid model. We're seeing more companies be open to embracing that and allowing people to have more of that balance, which at the end of the day, it's so much better for product development for the customers, as you talked about there's, it's a win-win. >>Absolutely. And, you know, definitely the first few months of it was very hard to find that separation to be able to put up boundaries. Um, but I think at least I personally have been able to find the way to do it. And I hope that, you know, everyone is getting that space to be able to put those boundaries up to effectively have a harmonious, you know, work life where you can still be at home most of the time, but also, um, you know, have that cutoff point of the day or at least have that separate space that you can feel that you're able to separate the two. >>Yeah, absolutely. And a lot of that from a work life balance perspective leads into one of the next topics that we covered in detail with, and that's mentors and sponsors the differences between them recommendations from, uh, the women on the panel about how to combat imposter syndrome, but also how to leverage mentors and sponsors throughout your career. One of the things that, that Hillary said that I thought was fantastic, advice were mentors and sponsors are concerned is, is be selective in picking your bosses. We often see people, especially younger folks, not necessarily younger folks. I shouldn't say that that are attracted to a company it's brand maybe, and think more about that than they do the boss or bosses that can help guide them along the way. But I thought that was really poignant advice that Hillary provided something that I'm gonna take into consideration myself. >>Yeah. And I honestly hadn't thought about that, but as I reflect through my own career, I can see how I've had particular managers who have had a major impact on helping me, um, with my career. But, you know, if you don't have the ability to do that, or maybe that's not a luxury that you have, I think even if you're able to, you know, find a mentor for a period of time or, um, you know, just, just enable for you to be able to get from say a point a to point B just for a temporary period. Um, just so you can grow into your next role, have a, have a particular outcome that you wanna drive, have a particular goal in mind find that person who's been there and done that and can really help you get through. If you don't have the luxury of picking your manager mentor, who can help you get to the next step. >>Exactly. That, that I thought that advice was brilliant and something that I hadn't really considered either. We also talked with several of the women about imposter syndrome. You know, that's something that everybody, I think, regardless of gender of your background, everybody feels that at some point. So I think one of the nice things that we do in this episode is sort of identify, yes, imposter syndrome is real. This is, this is how it happened to me. This is I navigated around or got over it. I think there's some great advice there for the audience to glean as well about how to dial down the imposter syndrome that they might be feeling. >>Absolutely. And I think the key there is just acknowledging it. Um, but also just hearing all the different techniques on, on how folks have dealt with it because everybody does, um, you know, even some of the smartest, most confident men I've, I've met in, uh, industry still talk to me about how they have it and I'm shocked by it oftentimes, but, um, it is very common and hopefully we, we talk about some good techniques to, to deal with that. >>I think we do, you know, one of the things that when we were asking the, our audience, our guests about advice, what would they tell their younger selves? What would they tell young women or underrepresented groups in terms of becoming interested in stem and in tech and everybody sort of agreed on me, don't be afraid to raise your hand and ask questions. Um, show vulnerabilities, not just as the employee, but even from a leadership perspective, show that as a leader, I, I don't have all the answers. There are questions that I have. I think that goes a long way to reducing the imposter syndrome that most of us have faced at some point in our lives. And that's just, don't be afraid to ask questions. You never know, oh, how can people have the same question sitting in the room? >>Well, and also, you know, for folks who've been in industry for 20, 25 years, I think we can just say that, you know, it's a, it's a marathon, it's not a sprint and you're always going to, um, have new things to learn and you can spend, you know, back to, we talked about the zing and zagging through careers, um, where, you know, we'll have different experiences. Um, all of that kind of comes through just, you know, being curious and wanting to continue to learn. So yes, asking questions and being vulnerable and being able to say, I don't know all the answers, but I wanna learn is a key thing, uh, especially culturally at AWS, but I'm sure with all of these companies as well, >>Definitely I think it sounded like it was really ingrained in their culture. And another thing too, that we also talked about is the word, no, doesn't always mean a dead end. It can often mean not right now or may, maybe this isn't the right opportunity at this time. I think that's another important thing that the audience is gonna learn is that, you know, failure is not necessarily a bad F word. If you turn it into opportunity, no isn't necessarily the end of the road. It can be an opener to a different door. And I, I thought that was a really positive message that our guests, um, had to share with the, the audience. >>Yeah, totally. I can, I can say I had a, a mentor of mine, um, a very, uh, strong woman who told me, you know, your career is going to have lots of ebbs and flows and that's natural. And you know that when you say that, not right now, um, that's a perfect example of maybe there's an ebb where it might not be the right time for you now, but something to consider in the future. But also don't be afraid to say yes, when you can. <laugh> >>Exactly. Danielle, it's been a pleasure filming this episode with you and the great female leaders that we have on. I'm excited for the audience to be able to learn from Hillary Vera, Stephanie Sue, and you so much valuable content in here. We hope you enjoy this partner showcase season one, episode three, Danielle, thanks so much for helping >>Us with it's been a blast. I really appreciate it >>All audience. We wanna enjoy this. Enjoy the episode.

>> Announcer: theCube presents HPE Discover 2022 brought to you by HPE. >> Hello and welcome back to theCube's continuous coverage HPE Discover 2022 and from Las Vegas the formerly Sands Convention Center now Venetian, John Furrier and Dave Vellante here were excited to welcome in Jen Huffstetler. Who's the Chief product Sustainability Officer at Intel Jen, welcome to theCube thanks for coming on. >> Thank you very much for having me. >> You're really welcome. So you dial back I don't know, the last decade and nobody really cared about it but some people gave it lip service but corporations generally weren't as in tune, what's changed? Why has it become so top of mind? >> I think in the last year we've noticed as we all were working from home that we had a greater appreciation for the balance in our lives and the impact that climate change was having on the world. So I think across the globe there's regulations industry and even personally, everyone is really starting to think about this a little more and corporations specifically are trying to figure out how are they going to continue to do business in these new regulated environments. >> And IT leaders generally weren't in tune cause they weren't paying the power bill for years it was the facilities people, but then they started to come together. How should leaders in technology, business tech leaders, IT leaders, CIOs, how should they be thinking about their sustainability goals? >> Yeah, I think for IT leaders specifically they really want to be looking at the footprint of their overall infrastructure. So whether that is their on-prem data center, their cloud instances, what can they do to maximize the resources and lower the footprint that they contribute to their company's overall footprint. So IT really has a critical role to play I think because as you'll find in IT, the carbon footprint of the data center of those products in use is actually it's fairly significant. So having a focus there will be key. >> You know compute has always been one of those things where, you know Intel's been makes chips so that, you know heat is important in compute. What is Intel's current goals? Give us an update on where you guys are at. What's the ideal goal in the long term? Where are you now? You guys always had a focus on this for a long, long time. Where are we now? Cause I won't say the goalpost of changed, they're changing the definitions of what this means. What's the current state of Intel's carbon footprint and overall goals? >> Yeah, no thanks for asking. As you mentioned, we've been invested in lowering our environmental footprint for decades in fact, without action otherwise, you know we've already lowered our carbon footprint by 75%. So we're really in that last mile. And that is why when we recently announced a very ambitious goal Net-Zero 2040 for our scope one and two for manufacturing operations, this is really an industry leading goal. And partly because the technology doesn't even exist, right? For the chemistries and for making the silicon into the sand into, you know, computer chips yet. And so by taking this bold goal, we're going to be able to lead the industry, partner with academia, partner with consortia, and that drive is going to have ripple effects across the industry and all of the components in semiconductors. >> Is there a changing definition of Net-Zero? What that means, cause some people say they're Net-Zero and maybe in one area they might be but maybe holistically across the company as it becomes more of a broader mandate society, employees, partners, Wall Street are all putting pressure on companies. Is the Net-Zero conversation changed a little bit or what's your view on that? >> I think we definitely see it changing with changing regulations like those coming forth from the SEC here in the US and in Europe. Net-Zero can't just be lip service anymore right? It really has to be real reductions on your footprint. And we say then otherwise and even including in our supply chain goals what we've taken new goals to reduce, but our operations are growing. So I think everybody is going through this realization that you know, with the growth, how do we keep it lower than it would've been otherwise, keep focusing on those reductions and have not just renewable credits that could have been bought in one location and applied to a different geographical location but real credible offsets for where the the products manufactured or the computes deployed. >> Jen, when you talk about you've reduced already by 75% you're on that last mile. We listened to Pat Gelsinger very closely up until recently he was the number one most frequently had on theCube guest. He's been busy I guess. But as you apply that discipline to where you've been, your existing business and now Pat's laid out this plan to increase the Foundry business how does that affect your... Are you able to carry through that reduction to, you know, the new foundries? Do you have to rethink that? How does that play in? >> Certainly, well, the Foundry expansion of our business with IBM 2.0 is going to include the existing factories that already have the benefit of those decades of investment and focus. And then, you know we have clear goals for our new factories in Ohio, in Europe to achieve goals as well. That's part of the overall plan for Net-Zero 2040. It's inclusive of our expansion into Foundry which means that many, many many more customers are going to be able to benefit from the leadership that Intel has here. And then as we onboard acquisitions as any company does we need to look at the footprint of the acquisition and see what we can do to align it with our overall goals. >> Yeah so sustainable IT I don't know for some reason was always an area of interest to me. And when we first started, even before I met you, John we worked with PG&E to help companies get rebates for installing technologies that would reduce their carbon footprint. >> Jen: Very forward thinking. >> And it was a hard thing to get, you know, but compute was the big deal. And there were technologies and I remember virtualization at the time was one and we would go in and explain to the PG&E engineers how that all worked. Cause they had metrics and that they wanted to see, but anyway, so virtualization was clearly one factor. What are the technologies today that people should be paying, flash storage was another one. >> John: AI's going to have a big impact. >> Reduce the spinning disk, but what are the ones today that are going to have an impact? >> Yeah, no, that's a great question. We like to think of the built in acceleration that we have including some of the early acceleration for virtualization technologies as foundational. So built in accelerated compute is green compute and it allows you to maximize the utilization of the transistors that you already have deployed in your data center. This compute is sitting there and it is ready to be used. What matters most is what you were talking about, John that real world workload performance. And it's not just you know, a lot of specsmanship around synthetic benchmarks, but AI performance with the built in acceleration that we have in Xeon processors with the Intel DL Boost, we're able to achieve four X, the AI performance per Watts without you know, doing that otherwise. You think about the consolidation you were talking about that happened with virtualization. You're basically effectively doing the same thing with these built in accelerators that we have continued to add over time and have even more coming in our Sapphire Generation. >> And you call that green compute? Or what does that mean, green compute? >> Well, you are greening your compute. >> John: Okay got it. >> By increasing utilization of your resources. If you're able to deploy AI, utilize the telemetry within the CPU that already exists. We have customers KDDI in Japan has a great Proofpoint that they already announced on their 5G data center, lowered their data center power by 20%. That is real bottom line impact as well as carbon footprint impact by utilizing all of those built in capabilities. So, yeah. >> We've heard some stories earlier in the event here at Discover where there was some cooling innovations that was powering moving the heat to power towns and cities. So you start to see, and you guys have been following this data center and been part of the whole, okay and hot climates, you have cold climates, but there's new ways to recycle energy where's that cause that sounds very Sci-Fi to me that oh yeah, the whole town runs on the data center exhaust. So there's now systems thinking around compute. What's your reaction to that? What's the current view on re-engineering a system to take advantage of that energy or recycling? >> I think when we look at our vision of sustainable compute over this horizon it's going to be required, right? We know that compute helps to solve society's challenges and the demand for it is not going away. So how do we take new innovations looking at a systems level as compute gets further deployed at the edge, how do we make it efficient? How do we ensure that that compute can be deployed where there is air pollution, right? So some of these technologies that you have they not only enable reuse but they also enable some you know, closing in of the solution to make it more robust for edge deployments. It'll allow you to place your data center wherever you need it. It no longer needs to reside in one place. And then that's going to allow you to have those energy reuse benefits either into district heating if you're in, you know Northern Europe or there's examples with folks putting greenhouses right next to a data center to start growing food in what we're previously food deserts. So I don't think it's science fiction. It is how we need to rethink as a society. To utilize everything we have, the tools at our hand. >> There's a commercial on the radio, on the East Coast anyway, I don't know if you guys have heard of it, it's like, "What's your one thing?" And the gentleman comes on, he talks about things that you can do to help the environment. And he says, "What's your one thing?" So what's the one thing or maybe it's not just one that IT managers should be doing to affect carbon footprint? >> The one thing to affect their carbon footprint, there are so many things. >> Dave: Two, three, tell me. >> I think if I was going to pick the one most impactful thing that they could do in their infrastructure is it's back to John's comment. It's imagine if the world deployed AI, all the benefits not only in business outcomes, you know the revenue, lowering the TCO, but also lowering the footprint. So I think that's the one thing they could do. If I could throw in a baby second, it would be really consider how you get renewable energy into your computing ecosystem. And then you know, at Intel, when we're 80% renewable power, our processors are inherently low carbon because of all the work that we've done others have less than 10% renewable energy. So you want to look for products that have low carbon by design, any Intel based system and where you can get renewables from your grid to ask for it, run your workload there. And even the next step to get to sustainable computing it's going to take everyone, including every enterprise to think differently and really you know, consider what would it look like to bring renewables onto my site? If I don't have access through my local utility and many customers are really starting to evaluate that. >> Well Jen its great to have you on theCube. Great insight into the current state of the art of sustainability and carbon footprint. My final question for you is more about the talent out there. The younger generation coming in I'll say the pressure, people want to work for a company that's mission driven we know that, the Wall Street impact is going to be financial business model and then save the planet kind of pressure. So there's a lot of talent coming in. Is there awareness at the university level? Is there a course where can, do people get degrees in sustainability? There's a lot of people who want to come into this field what are some of the talent backgrounds of people learning or who might want to be in this field? What would you recommend? How would you describe how to onboard into the career if they want to contribute? What are some of those factors? Cause it's not new, new, but it's going to be globally aware. >> Yeah well there certainly are degrees with focuses on sustainability maybe to look at holistically at the enterprise, but where I think the globe is really going to benefit, we didn't really talk about the software inefficiency. And as we delivered more and more compute over the last few decades, basically the programming languages got more inefficient. So there's at least 35% inefficiency in the software. So being a software engineer, even if you're not an AI engineer. So AI would probably be the highest impact being a software engineer to focus on building new applications that are going to be efficient applications that they're well utilizing the transistor that they're not leaving zombie you know, services running that aren't being utilized. So I actually think-- >> So we got a program in assembly? (all laughing) >> (indistinct), would get really offended. >> Get machine language. I have to throw that in sorry. >> Maybe not that bad. (all laughing) >> That's funny, just a joke. But the question is what's my career path. What's a hot career in this area? Sustainability, AI totally see that. Anything else, any other career opportunities you see or hot jobs or hot areas to work on? >> Yeah, I mean, just really, I think it takes every architect, every engineer to think differently about their design, whether it's the design of a building or the design of a processor or a motherboard we have a whole low carbon architecture, you know, set of actions that are we're underway that will take to the ecosystem. So it could really span from any engineering discipline I think. But it's a mindset with which you approach that customer problem. >> John: That system thinking, yeah. >> Yeah sustainability designed in. Jen thanks so much for coming back in theCube, coming on theCube. It's great to have you. >> Thank you. >> All right. Dave Vellante for John Furrier, we're sustaining theCube. We're winding down day three, HPE Discover 2022. We'll be right back. (upbeat music)

>>Hey everyone. Welcome to the AWS partner showcase season one, episode three women in tech. I'm your host. Lisa Martin. I've got two female rock stars joining me. Next Vera Reynolds is here engineering manager, telemetry at honeycomb, and one of our Cub alumni, Danielle GShock ISV PSA director at AWS joins us as well. Ladies. It's great to have you talking about a very important topic today. >>Thanks for having us. Yeah, thanks for having me. Appreciate it. >>Of course, Vera, let's go ahead and start with you. Tell me about your background and tech. You're coming up on your 10th anniversary. Happy anniversary. >>Thank you. That's right. I can't believe it's been 10 years, but yeah, I started in tech in 2012. I was an engineer for most of that time. And just recently, as of March switched to engineering management here at honeycomb and, you know, throughout my career, I was very much interested in all the things, right. And it was a big FOMO as far as trying a few different companies and products, and I've done things from web development to mobile, to platforms. It would be apt to call me a generalist. And in the more recent years, I was sort of gravitating more towards developer tool space. And for me, that came in the form of cloud Foundry circle CI, and now honeycomb. I actually had my eye on honeycomb for a while before joining, I came across a blog post by charity majors. Who's one of our founders and she was actually talking about management and how to pursue that and whether or not it's right for your career. >>And so I was like, who is this person? I really like her found the company. They were pretty small at the time. So I was sort of keeping my eye on them. And then when the time came around for me to look again, I did a little bit more digging, found a lot of talks about the product. And on the one hand, they really spoke to me as the solution. They talked about developers owning their coding in production and answering questions about what is happening, what are your users seeing? And I felt that pain, I got what they were trying to do. And also on the other hand, every talk I saw at the time was from an amazing woman, which I haven't seen before. So I came across charity majors again, Christine Young, who's our other founder. And then Liz Frank Jones, who's our, our principal developer advocate. And that really sealed the deal for me as far as wanting to work here. >>Yeah. Honeycomb is interesting. This is a female founded company. You two leaders, you mentioned that you liked the technology, but you were also attracted because you saw females and the leadership position. Talk to me a little bit about what that's like working for a female led organization at honeycomb. >>Yeah. You know, historically we have tried not to over index on that because there was this maybe fear or rareness of it taking away from our legitimacy as an engineering organization, from our success as a company. But I'm seeing that rhetoric shift recently because we believe that with great responsibility with great power comes great responsibility. And we're trying to be more intentional as far as using that attribute of our company. So I would say that for me, it was a choice between a few offers, right. And that was a selling point, for sure, because again, I've never experienced it and I've really seen how much they walk that walk. Even me being here and me moving into management, I think were both ways in which they really put a lot of trust and support in me. And so I it's been a great ride. >>Excellent. Sounds like it. Before we bring Danielle in to talk about the partnership. I do wanna have you here, talk to the audience a little bit about honeycomb, what technology it's delivering and what are its differentiators. >>Yeah, absolutely. So honeycomb is an observability tool that enables engineers to answer questions about the code that runs in production. And we work with a number of various customers. Some of them are Vanguards, slack. Hello, fresh. Just to name a couple. If you're not familiar with observability tooling, it's akin to traditional application performance monitoring, but we believe that observability is succeeding APM because APM tools were built at the time of monoliths and they just weren't designed to help us answer questions about complex distributed systems that we work with today, where things can go wrong anywhere in that chain. And you can't predict what you're gonna need to ask ahead of time. So some of the ways that we are different is our ability to store and query really rich data, which we believe is the key to understanding those complex systems. What I mean by rich data is something that has a lot of attributes. >>So for example, when an error happens, knowing who it happened to, which user ID, which I don't know region, they were in, what, what they were doing at the time and what was happening at the rest of your system. And our ingest engine is really fast. You could do it in as little as three seconds and we call data like this. I said, kind of rich data, contextual data. We refer it as having high ity and high dimensionality, which are big words. But at the end of the day, what that means is we can store and we can query this data and we can do it really fast. And to give you an example of how that looks for our customers, let's say you have a developer team who are using honeycomb to understand and observe their system. And they get a report that a user is experiencing a slowdown or something's wrong. >>They can go into honeycomb and figure out that this only happens to users who are using a particular language pack with their app. And they operated their app last week, that it only happens when they are trying to upload a file. And so it's this level of granularity and being able to zoom in and out under data that allows you to understand what's happening, especially when you have an incident going on, right. Or your really important high profile customer is telling you that something's wrong. And we can do that. Even if everything else in your other tools looks fine, right? All of your dashboards are okay. You're not actually getting paged on it, but your customers are telling you that something's wrong. And we believe that's where we shine in helping you there. >>Excellent. It sounds like that's where you really shine that realtime visibility is so critical these days. Danielle, Danielle, wanna bring you into the conversation. Talk to us a little bit about the honeycomb partnership from the AWS lens. >>Yeah. So excuse me, observability is obviously a very important segment in the cloud space, very important to AWS, because a lot of all of our customers, as they build their systems distributed, they need to be able to see where, where things are happening in the complex systems that they're building. And so honeycomb is a, is an advanced technology partner. They've been working with us for quite some time and they have a, their solution is listed on the marketplace. Definitely something that we see a lot of demand with our customers, and they have many integrations, which, you know, we've seen is key to success. Being able to work seamlessly with the rest of the services inside of the AWS platform. And I know that they've done some, some great things with people who are trying to develop games on top of AWS things in that area as well. And so very important partner in the observa observability market that we have >>You back to you, let's kind of unpack the partnership, the significance that honeycomb ha is getting from being partners with an organization as potent and pivotal as AWS. >>Yeah, absolutely. I know that this predates me to some extent, but I know for a long time, AWS and honeycomb has really pushed the envelope together. And I think it's a beneficial relationship for both ends. There is kind of two ways of looking at it. On the one side, there is our own infrastructure. So honeycomb runs on AWS and actually one of our critical workloads that supports that fast query engine that I mentioned uses Lambda. And it does so in a pretty Orthodox way. So we've had a long standing conversation with the AWS team as far as drawing outside those lines and kind of figuring out how to use the technology in a way that works for us and hopefully will work for other customers of theirs as well. That also allows us to ask for early access for certain features when they become available. >>And then that way we can be sort of the Guinea pigs and try things out in a way that migrates our system and optimizes our own performance, but also allows again, other customers of AWS to follow in that path. And then the other side of that partnership is really supporting our customers who are both honeycomb users and AWS users, because it's, as you imagine, quite a big overlap, and there are certain ways in which we can allow our customers to more easily get their data from AWS to honeycomb. So for example, last year we built a tool based on the new Lambda extension capability that allowed our users who run their applications in Lambdas to get that tele, telemetry data out of their applications and into honeycomb and it land was win-win >>Excellent. So I'm hearing a lot of synergies from a technology perspective, you're sticking with you, and then Danielle will bring you in. Let's talk about how honeycomb supports D and I across its organization. And how is that synergistic with AWS's approach? Yeah, >>Yeah, absolutely. So I, I sort of alluded to that hesitancy to over index on the women led aspect of ourselves. But again, a lot of things are shifting, we're growing a lot. And so we are recognizing that we need to be more intentional with our DEI initiatives, and we also notice that we can do better and we should do better. And to that, and we're doing a few things differently that are pretty recent initiatives. We are partnering with organizations that help us target specific communities that are underrepresented in tech. Some examples would be after tech hu Latinas in tech among a number of others. And another initiative is DEI head start. That's something that is an internal practice that we started that includes reaching out to underrepresented applicants before any new job for honeycomb becomes live. So before we posted to LinkedIn, before it's even live on our job speech, and the idea there is to kind of balance our pipeline of applicants, which the hope is we'll lead to more diverse hires in the long term. >>That's a great focus there. Danielle, I know we've talked about this before, but for the audience, in terms of the context of the honeycomb partnership, the focus at AWS for D E and I is really significant, unpack that a little bit for us. >>Well, let me just bring it back to just how we think about it with the companies that we work with, but also in, in terms of, you know, what we want to be able to do, excuse me, it's very important for us to, you know, build products that reflect the customers that we have. And I think, you know, working with a company like honeycomb that is looking to differentiate in a space by, by bringing in, you know, the experiences of many different types of people I genuinely believe. And I'm sure Vera also believes that by having those diverse perspectives, that we're able to then build better products for our customers. And, you know, it's one of, one of our leadership principles is, is rooted in this. I write a lot, it asks for us to seek out diverse perspectives and you can't really do that if everybody kind of looks the same and thinks the same and has the same background. So I think that is where our de and I, you know, I thought process is rooted and, you know, companies like honeycomb that give customers choice and differentiate and help them to do what they need to do in their unique environments is super important. So >>The, the importance of thought diversity cannot be underscored enough. It's something that is, can be pivotal to organizations. And it's very nice to hear that that's so fundamental to both companies, Barry, I wanna go back to you for a second. You, I think you mentioned this, the DEI headstart program, that's an internal program at honeycomb. Can you shed a little bit of light on that? >>Yeah, that's right. And I actually am in the process of hiring a first engineer for my team. So I'm learning a lot of these things firsthand and how it works is we try to make sure to pre-load our pipeline of applicants for any new job opening we have with diverse candidates to the best of our abilities. And that can involve partnering with the organizations that I mentioned or reaching out to our internal network and make sure that we give those applicants a head start, so to speak. >>Excellent. I like that. Danielle, before we close, I wanna get a little bit of, of your background. We've got various background in tech, she's celebrating her 10th anniversary. Give me a, a short kind of description of the journey that you've navigated through being a female in technology. >>Yeah, thanks so much. I really appreciate being able to share this. So I started as a software engineer back actually in the late nineties during the, the first.com bubble and have, have spent quite a long time actually as an individual contributor, probably working in software engineering teams up through 2014 at a minimum until I joined AWS as a customer facing solutions architect. I do think spending a lot of time, hands on, definitely helped me with some of the imposter syndrome issues that folks suffer from not to say I don't at all, but it, it certainly helped with that. And I've been leading teens at AWS since 2015. So it's really been a great ride. And like I said, I'm very happy to see all of our engineering teams change as far as their composition. And I'm, I'm grateful to be part of it. >>It's pretty great to be able to witness that composition change for the better last question for each of you. And we're almost out of time and Danielle, I'm gonna stick with you. What's your advice or your recommendations for women who either are thinking about getting into tech or those who may be in tech, maybe they're in individual contributor positions and they're not sure if they should apply for that senior leadership position. What do you advise them to do? >>I mean, definitely for the individual contributors, tech tech is a great career direction and you will always be able to find women like you, you have to maybe just work a little bit harder to join, have community in that. But then as a leader, representation is very important and we can bring more women into tech by having more leaders. So that's my, you just have to take the lead, >>Take the lead, love it there. Same question for you. What's your advice and recommendations for those maybe future female leaders in tech? >>Yeah, absolutely. Danielle mentioned imposter syndrome and I think we all struggle with it from time to time, no matter how many years it's been. And I think for me, for me, the advice would be if you're starting out, don't be afraid to ask questions and don't be afraid to kind of show a, a little bit of ignorance because we've all been there. And I think it's on all of us to remember what it's like to not know how things work. And on the flip side of that, if you are a more senior IC or in a leadership role, also being able to model just saying, I don't know how this works and going and figuring out answers together because that was a really powerful shift for me early in my career is just to feel like I can say that I don't know something. >>I totally agree. I've been in that same situation where just ask the question because you I'm guaranteed. There's a million other people in the room that probably has the, have the same question. And because of imposter syndrome, don't wanna admit, I don't understand that. Can we back up, but I agree with you. I think that is one of the best things. Raise your hand, ask a question, ladies. Thank you so much for joining me talking about honeycomb and AWS, what you're doing together from a technology perspective and the focus efforts that each company has on D and I, we appreciate your insights. >>Thank you so much for having us great talking to you. >>My pleasure, likewise for my guests, I'm Lisa Martin. You're watching the AWS partner showcase women in check.

>>Hey everyone. Welcome to the AWS partner showcase season one, episode three women in tech. I'm your host. Lisa Martin. I've got two female rock stars joining me. Next Vera Reynolds is here engineering manager, telemetry at honeycomb, and one of our Cub alumni, Danielle GShock ISV PSA director a at AWS joins us as well. Ladies. It's great to have you talking about a very important topic today. >>Thanks for having us. Yeah, thanks for having me. Appreciate it. >>Of course, Vera, let's go ahead and start with you. Tell me about your background and tech. You're coming up on your 10th anniversary. Happy anniversary. >>Thank you. That's right. I can't believe it's been 10 years, but yeah, I started in tech in 2012. I was an engineer for most of that time. And just recently, as of March switched to engineering management here at honeycomb and, you know, throughout my career, I was very much interested in all the things, right. And it was a big FOMO as far as trying a few different companies and products. And I've done things from web development to mobile, to platforms. It would be apt to call me a generalist. And in the more recent years, I was sort of gravitating more towards developer tool space. And for me, that came in the form of cloud Foundry circle CI, and now honeycomb. I actually had my eye on honeycomb for a while before joining, I came across a blog post by charity majors. Who's one of our founders and she was actually talking about management and how to pursue that and whether or not it's right for your career. >>And so I was like, who is this person? I really like her found the company. They were pretty small at the time. So I was sort of keeping my eye on them. And then when the time came around for me to look again, I did a little bit more digging, found a lot of talks about the product. And on the one hand, they really spoke to me as the solution. They talked about developers owning their coding in production and answering questions about what is happening, what are your users seeing? And I felt that pain, I got what they were trying to do. And also on the other hand, every talk I saw at the time was from an amazing woman, which I haven't seen before. So I came across charity majors again, Christine yen, who our other founder, and then Liz Frank Jones, who our principal developer advocate. And that really sealed the deal for me as far as wanting to work here. >>Yeah. Honeycomb is interesting. This is a female founded company. You're two leaders. You mentioned that you like the technology, but you were also attracted because you saw females in the leadership position. Talk to me a little bit about what that's like working for a female led organization at honeycomb. >>Yeah. You know, historically we have tried not to over index on that because there was this maybe fear or rareness of it taking away from our legitimacy as an engineering organization, from our success as a company. But I'm seeing that rhetoric shift recently because we believe that with great responsibility with great power comes great responsibility. And we're trying to be more intentional as far as using that attribute of our company. So I would say that for me, it was a choice between a few offers, right. And that was a selling point, for sure, because again, I've never experienced it and I've really seen how much they walk that walk. Even me being here and me moving into management, I think were both ways in which they really put a lot of trust and support in me. And so I it's been a great ride. >>Excellent. Sounds like it. Before we bring Danielle in to talk about the partnership. I do wanna have you here, talk to the audience a little bit about honeycomb, what technology it's delivering and what are its differentiators. >>Yeah, absolutely. So honeycomb is an observability tool that enables engineers to answer questions about the code that runs in production. And we work with a number of various customers. Some of them are Vanguard, slack. Hello, fresh. Just to name a couple. If you're not familiar with observability tooling, it's akin to traditional application performance monitoring, but we believe that observability is succeeding APM because APM tools were built at the time of monoliths and they just weren't designed to help us answer questions about complex distributed systems that we work with today, where things can go wrong anywhere in that chain. And you can't predict what you're gonna need to ask ahead of time. So some of the ways that we are different is our ability to store and query really rich data, which we believe is the key to understanding those complex systems. What I mean by rich data is something that has a lot of attributes. >>So for example, when an error happens, knowing who it happened to, which user ID, which I don't know region, they were in, what, what, what they were doing at the time and what was happening at the rest of your system. And our ingest engine is really fast. You can do it in as little as three seconds and we call data like this. I said, kind of rich data, contextual data. We refer it as having high ity and high dimensionality, which are big words. But at the end of the day, what that means is we can store and we can query this data and we can do it really fast. And to give you an example of how that looks for our customers, let's say you have a developer team who are using comb to understand and observe their system. And they get a report that a user is experiencing a slowdown or something's wrong. >>They can go into honeycomb and figure out that this only happens to users who are using a particular language pack with their app. And they operated their app last week, that it only happens when they are trying to upload a file. And so it's this level of granularity and being able to zoom in and out under data that allows you to understand what's happening, especially when you have an incident going on, right. Or your really important high profile customer is telling you that something's wrong. And we can do that. Even if everything else in your other tools looks fine, right? All of your dashboards are okay. You're not actually getting paged on it, but your customers are telling you that something's wrong. And we believe that's where we shine in helping you there. >>Excellent. It sounds like that's where you really shine that real time visibility is so critical these days. Danielle, Danielle, wanna bring you into the conversation. Talk to us a little bit about the honeycomb partnership from the AWS lens. >>Yeah. So excuse me, observability is obviously a very important segment in the cloud space, very important to AWS, because a lot of all of our customers, as they build their systems distributed, they need to be able to see where, where things are happening in the complex systems that they're building. And so honeycomb is a, is an advanced technology partner. They've been working with us for quite some time and they have a, their solution is listed on the marketplace. Definitely something that we see a lot of demand with our customers, and they have many integrations, which, you know, we've seen is key to success. Being able to work seamlessly with the rest of the services inside of the AWS platform. And I know that they've done some, some great things with people who are trying to develop games on top of AWS things in that area as well. And so very important partner in the observa observability market that we have. >>Vera a back to you, let's kind of unpack the partnership, the significance that honeycomb ha is getting from being partners with an organization as potent and pivotal as AWS. >>Yeah, absolutely. I Don know that this Predates me to some extent, but I Don know for a long time, AWS and honeycomb has really pushed the envelope together. And I think it's a beneficial relationship for both ends. There's kind of two ways of looking at it. On the one side, there is our own infrastructure. So honeycomb runs on AWS and actually one of our critical workloads that supports that fast query engine that I mentioned uses Lambda. And it does also in a pretty unorthodox way. So we've had a long standing conversation with the AWS team as far as drawing outside those lines and kind of figuring out how to use the technology in a way that works for us and hopefully will work for other customers of theirs as well. That also allows us to ask for early access for certain features when they become available. >>And then that way we can be sort of the Guinea pigs and try things out in a way that migrates our system and optimizes our own performance, but also allows again, other customers of AWS to follow in that path. And then the other side of that partnership is really supporting our customers who are both honeycomb users and AWS users, because it's, as you imagine, quite a big overlap, and there are certain ways in which we can allow our customers to more easily get their data from AWS to honeycomb. So for example, last year, we built a tool based on the new Lambda extension capability that allowed our users who run their applications in Lambdas to get that tele telemetry data out of their applications and into honeycomb and demand was win-win >>Excellent. So I'm hearing a lot of synergies from a technology perspective, you're sticking with you, and then Danielle will bring you in. Let's talk about how honeycomb supports D E and I across its organization. And how is that synergistic with AWS's approach Vera? >>Yeah, absolutely. So I sort of alluded to that hesitancy to over index on the women led aspect of ourselves. But again, a lot of things are shifting, we're growing a lot. And so we are recognizing that we need to be more intentional with our DEI initiatives, and we also notice that we can do better and we should do better. And to that end, we're doing a few things differently that are pretty recent initiatives. We are partnering with organizations that help us target specific communities that are underrepresented in tech. Some examples would be Africa, tech hu Latinas in tech among a number of others. And another initiative is DEI head start. That's something that is an internal practice that we started that includes reaching out to underrepresented applicants before any new job for honeycomb becomes live. So before we posted to LinkedIn, before it's even live on our job speech, and the idea there is to kind of balance our pipeline of applicants, which the hope is will lead to more diverse hires in the long term. >>That's a great focus there. Danielle, I know we've talked about this before, but for the audience, in terms of the context of the honeycomb partnership, the focus at AWS for D E and I is really significant, unpack that a little bit for us. >>Well, let me just bring it back to just how we think about it with the companies that we work with, but also in, in terms of, you know, what we want to be able to do, excuse me, it's very important for us to, you know, build products that reflect the customers that we have. And I think, you know, working with a company like honeycomb that is looking to differentiate in a space by, by bringing in, you know, the experiences of many different types of people I genuinely believe. And I'm sure Vera also believes that by having those diverse perspectives, that we're able to then build better products for our customers. And, you know, it's one of, one of our leadership principles is, is rooted in this. I write a lot, it asks for us to seek out diverse perspectives and you can't really do that if everybody kind of looks the same and thinks the same and has the same background. So I think that is where our de and I, you know, I thought process is rooted and, you know, companies like honeycomb that give customers choice and differentiate and help them to do what they need to do in their unique environments is super important. So >>The, the importance of thought diversity cannot be underscored enough. It's something that is, can be pivotal to organizations. And it's very nice to hear that that's so fundamental to both companies, Barry, I wanna go back to you for a second. You, I think you mentioned this, the DEI head start program, that's an internal program at honeycomb. Can you shed a little bit of light on that? >>Yeah, that's right. And I actually am in the process of hiring a first engineer for my team. So I'm learning a lot of these things firsthand and how it works is we try to make sure to pre-load our pipeline of applicants for any new job opening we have with diverse candidates to the best of our abilities. And that can involve partnering with the organizations that I mentioned or reaching out to our internal network and make sure that we give those applicants a head start, so to speak. >>Excellent. I like that. Danielle, before we close, I wanna get a little bit of, of your background. We've got various background in tech, she's celebrating her 10th anniversary. Give me a, a short kind of description of the journey that you've navigated through being a female in technology. >>Yeah, thanks so much. I really appreciate being able to share this. So I started as a software engineer back actually in the late nineties during the, the first.com bubble and have, have spent quite a long time actually as an individual contributor, probably working in software engineering teams up through 2014 at a minimum until I joined AWS as a customer facing solutions architect. I do think spending a lot of time, hands on, definitely helped me with some of the imposter syndrome issues that folks suffer from not to say I don't at all, but it, it certainly helped with that. And I've been leading teen at AWS since 2015. So it's really been a great ride. And like I said, I'm very happy to see all of our engineering teams change as far as their composition. And I'm, I'm grateful to be part of it. >>It's pretty great to be able to witness that composition change for the better last question for each of you. And we're almost out of time and Danielle, I'm gonna stick with you. What's your advice, your recommendations for women who either are thinking about getting into tech or those who may be in tech, maybe they're in individual contributor positions, and they're not sure if they should apply for that senior leadership position. What do you advise them to do? >>I mean, definitely for the individual contributors, tech tech is a great career direction and you will always be able to find women like you, you have to maybe just work a little bit harder to join, have community in that. But then as a leader, representation is very important and we can bring more women into tech by having more leaders. So that's my, you just have to take the lead, >>Take the lead. Love that various same question for you. What's your advice and recommendations for those maybe future female leaders in tech? >>Yeah, absolutely. Danielle mentioned imposter syndrome and I think we all struggle with it from time to time, no matter how many years it's been. And I think for me, for me, the advice would be if you're starting out, don't be afraid to ask questions and don't be afraid to kind of show a bit, a little bit of ignorance because we've all been there. And I think it's on all of us to remember what it's like to not know how things work. And on the flip side of that, if you are a more senior IC or in a leadership role, also being able to model just saying, I don't know how this works and going and figuring out answers together because that was a really powerful shift for me early in my career is just to feel like I can say that I don't know something. >>I totally agree. I've been in that same situation where just ask the question because you I'm guaranteed. There's a million outta people in the room that probably has the, have the same question and because an imposter syndrome don't wanna admit, I don't understand that. Can we back up, but I agree with you. I think that is one of the best things. Raise your hand and ask a question, ladies. Thank you so much for joining me talking about honeycomb and AWS, what you're doing together from a technology perspective and the focus efforts that each company has on D E and I, we appreciate your insights. >>Thank you so much for having us talking to >>My pleasure. Likewise, for my guests, I'm Lisa Martin. You're watching the AWS partner showcase women in.

(bright music) >> Welcome back everyone to theCUBE's coverage of AWS re:Invent 2021 in person. So a live event, physical in-person, also virtual hybrid. So a lot of great action online, check out the website. All the videos are there on theCUBE, as well as what's going on all of the actions on site and theCUBE's here. I'm John Furrier, your host with Dave Vellante, my cohost. Finally, we've got David Brown, VP of Elastic Compute Cloud. EC2, the bread and butter. Our favorite part of Amazon. David, great to have you back on theCUBE in person. >> John, it's great to be back. It's the first time I'd been on theCUBE in person as well. A lot of virtual events with you guys, but it's amazing to be back at re:Invent. >> We're so excited for you. I know, Matt Garman and I've talked in the past. We've talked in the past. EC2 is just an amazing product. It's always been the core block of AWS. More and more action happening and developers are now getting more action and there's well, we wrote a big piece about it. What's going on? The Silicon's really paying off. You've got to also general purpose Intel and AMD, and you've got the custom silicon, all working together. What's the new update? Give us a scoop. >> Well, John, it's actually 15 years of EC2 this year and I've been lucky to be on that team for 14 years and so incredible to see the growth. It's been an amazing journey. The thing that's really driven us, two things. One is supporting new workloads. And so what are the workloads that customers have available out there trying to do on the cloud that we don't support and launch new instance types. And that's the first thing. The second one is price performance. How do we give customers more performance at a continuously decreasing price year-over-year? And that's just driven innovation across EC2 over the years with things like Graviton. All of our inferential chips are custom silicon, but also instance types with the latest Intel Ice Lake CPU's, latest Milan. We just announced the AMD Milan instance. It's just constantly innovation across the ever-increasing list of instances. So super exciting. >> So instances become the new thing. Provision an instance, spin up an instance. Instance becomes, and you can get instances, flavors, almost like flavors, right? >> David: Yeah. >> Take us through the difference between an instance and then the EC2 itself. >> That's correct, yeah. So we actually have, by end of the year, right now we have over 475 different instances available to you whether it's GPU accelerators, high-performance computing instances, memory optimized, just enormous number. We'll actually hit 500 by the end of the year, but that is it. I mean, customers are looking for different types of machines and those are the instances. >> So the Custom Silicon, it's one of the most interesting developments. We've written about it. AWS secret weapon is one of them. I wonder if you could take us back to the decision points and the journey. The Annapurna acquisition, you started working with them as a partner, then you said, all right, let's just buy the company. >> David: Yeah. >> And then now, you're seeing the acceleration, your time to tapeout is way, way compressed. Maybe what was the catalyst and maybe we can get into where it's going. >> Yeah, absolutely. Super interesting story 'cause it actually starts all the way back in 2008. In 2008, EC2 had actually been around for just a little under two years. And if you remember back then, everybody was like, will virtualize and hypervisors, specialization would never really get you the same performances, what they were calling bare metal back then. Everybody's looking at the cloud. And so we took a look at that. And I mean, network latencies, in some cases with hypervisors were as high as 200 or 300 milliseconds. And it was a number of real challenges. And so we knew that we would have to change the way that virtualization works and get into hardware. And so in 2010, 2011, we started to look at how could I offload my network processing, my IO processing to additional hardware. And that's what we delivered our first Nitro card in 2012 and 2013. We actually offloaded all of the processing of network to a Nitro card. And that Nitro card actually had a Annapurna arm chip on it. Our Nitro 1 chip. >> For the offload? >> The offload card, yeah. And so that's when my team started to code for Arm. We started to work on our Linux works for Arm. We actually had to write our own operating system initially 'cause there weren't any operating systems available we could use. And so that's what we started this journey. And over the years, when we saw how well it worked for networking, we said, let's do it for storage as well. And then we said, Hey, we could actually improve security significantly. And by 2017, we'd actually offloaded 100% of everything we did on that server to our offload cards Leaving a 100% of the server available for customers. And we're still actually the only cloud provider that does that today. >> Just to interject, in the data center today, probably 30% of the general purpose cores are used for offloads. You're saying 0% in the cloud. >> On our nitro instances, so every instance we've launched since 2017, our C5. We use 0% of that central core. And you can actually see that in our instance types. If you look at our largest instance type, you can see that we're giving you 96 cores and we're giving you, and our largest instance, 24 terabytes of memory. We're not giving you 23.6 terabytes 'cause we need some. It's all given to you as the customer. >> So much more efficient, >> Much, much more efficient, much better, better price performance as well. But then ultimately those Nitro chips, we went through Nitro 1, Nitro 2, Nitro 3, Nitro 4. We said, Hey, could we build a general purpose server chip? Could we actually bring Arm into the cloud? And in 2018, we launched the A1 instance, which was our Graviton1 instance. And what we didn't tell people at the time is that it was actually the same chip we were using on our network card. So essentially, it was a network card that we were giving to you as a server. But what it did is it sparked the ecosystem. That's why we put it out there. And I remember before launch, some was saying, is this just going to be a university project? Are we going to see people from big universities using Arm in the cloud? Was it really going to take off? And the response was amazing. The ecosystem just grew. We had customers move to it and immediately begin to see improvements. And we knew that a year later, Graviton2 was going to come out. And Graviton2 was just an amazing chip. It continues to see incredible adoption, 40% price performance improvement over other instances. >> So this is worth calling out because I think that example of the network card, I mean, innovation can come from anywhere. This is what Jassy always would say is do the experiments. Think about the impact of what's going on here. You're focused on a mission. Let's get that processing of the lowest cost, pick up some workloads. So you're constantly tinkering with tuning the engine. New discovery comes in. Nitro is born. The chip comes in. But I think the fundamental thing, and I want to get your reaction to this 'cause we've put this out there on our post on Sunday. And I said, in every inflection point, I'm old enough, my birthday was yesterday. I'm old enough to know that. >> David: I saw that. >> I'm old enough to know that in the eighties, the client server shifts. Every inflection point where development changed, the methodology, the mindset or platforms change, all the apps went to the better platform. Who wants to run their application on a slower platform? And so, and those inflects. So now that's happening now, I believe. So you got better performance and I'm imagining that the app developers are coding for it. Take us through how you see that because okay, you're offering up great performance for workloads. Now it's cloud workloads. That's almost all apps. Can you comment on that? >> Well, it has been really interesting to see. I mean, as I said, we were unsure who was going to use it when we initially launched and the adoption has been amazing. Initially, obviously it's always, a lot of the startups, a lot of the more agile companies that can move a lot faster, typically a little bit smaller. They started experimenting, but the data got out there. That 40% price performance was a reality. And not only for specific workloads, it was broadly successful across a number of workloads. And so we actually just had SAP who obviously is an enormous enterprise, supporting enterprises all over the world, announced that they are going to be moving the S/4 HANA Cloud to run on Graviton2. It's just phenomenal. And we've seen enterprises of that scale and game developers, every single vertical looking to move to Graviton2 and get that 40% price performance. >> Now we have to, as analysts, we have to say, okay, how did you get to that 40%? And you have to make some assumptions obviously. And it feels like you still have some dry powder when you looked at Graviton2. I think you were running, I don't know, it's speculated anyway. I don't know if you guys, it's your data, two and a half, 2.5 gigahertz. >> David: Yeah. >> I don't know if we can share what's going on with Graviton3, but my point is you had some dry powder and now with Graviton3, quite a range of performance, 'cause it really depends on the workload. >> David: That's right. >> Maybe you could give some insight as to that. What can you share about how you tuned Graviton3? >> When we look at benchmarking, we don't want to be trying to find that benchmark that's highly tuned and then put out something that is, Hey, this is the absolute best we can get it to and that's 40%. So that 40% is actually just on average. So we just went and ran real world workloads. And we saw some that were 55%. We saw some that were 25. It depends on what it was, but on average, it was around the 35, 45%, and we said 40%. And the great thing about that is customers come back and say, Hey, we saw 40% in this workload. It wasn't that I had to tune it. And so with Graviton3, launching this week. Available in our C7g instance, we said 25%. And that is just a very standard benchmark in what we're seeing. And as we start to see more customer workloads, I think it's going to be incredible to see what that range looks like. Graviton2 for single-threaded applications, it didn't give you that much of a performance. That's what we meant by cloud applications, generally, multi-threaded. In Graviton3, that's no longer the case. So we've had some customers report up to 80% performance improvements of Graviton2 to Graviton3 when the application was more of a single-threaded application. So we started to see. (group chattering) >> You have to keep going, the time to market is compressing. So you have that, go ahead, sorry. >> No, no, I always want to add one thing on the difference between single and multi-threaded applications. A lot of legacy, you're single threaded. So this is kind of an interesting thing. So the mainframe, migration stuff, you start to see that. Is that where that comes in the whole? >> Well, a lot of the legacy apps, but also even some of the new apps, like single threading like video transcoding, for example, is all done on a single core. It's very difficult. I mean, almost impossible to do that multi-threaded way. A lot of the crypto algorithms as well, encryption and cryptography is often single core. So with Graviton3, we've seen a significant performance boost for video encoding, cryptographic algorithms, that sort of thing, which really impacts even the most modern applications. >> So that's an interesting point because now single threaded is where the vertical use cases come in. It's not like more general purpose OS kind of things. >> Yeah, and Graviton has already been very broad. I think we're just knocking down the last few verticals where maybe it didn't support it and now it absolutely does. >> And if an ISV then ports, like an SAP's ports to Graviton, then the customer doesn't see any, I mean, they're going to see the performance difference, but they don't have to think about it. >> David: Yeah. >> They just say, I choose that instance and I'm going to get better price performance. >> Exactly, so we've seen that from our ISVs. We've also been doing that with our AWS services. So services like EMR, RDS, Elastic Cache, it will be moving and making Graviton2 available for customers, which means the customer doesn't have to do the migration at all. It's all done for them. They just pick the instance and get the price performance benefits, and so yeah. >> I think, oh, no, that was serverless. Sorry. >> Well, Lambda actually just did launch on Graviton2. And I think they were talking about a 35% price performance improvement. >> Who was that? >> Lambda, a couple of months ago. >> So what does an ISV have to do to port to Graviton. >> It's relatively straightforward, and this is actually one of the things that has slowed customers down is the, wow, that must be a big migration. And that ecosystem that I spoke about is the important part. And today, with all the Linux operating systems being available for Arm running on Graviton2, with all of the container runtimes being available, and then slowly open source applications in ISV is being available. It's actually really, really easy. And we just ran the Graviton2 four-day challenge. And we did that because we actually had an enterprise migrate one of the largest production applications in just four days. Now, I probably wouldn't recommend that to most enterprises that we see is a little too fast, but they could actually do that. >> But just from a numbers standpoint, that's insanely amazing. I mean, when you think about four days. >> Yeah. >> And when we talked on virtually last year, this year, I can't remember now. You said, we'll just try it. >> David: That's right. >> And see what happens, so I presume a lot of people have tried it. >> Well, that's my advice. It's the unknown, it's the what will it take? So take a single engineer, tell them and give them a time. Say you have one week, get this running on Graviton2, and I think the results are pretty amazing, very surprised. >> We were one of the first, if not the first to say that Arm is going to be dominant in the enterprise. We know it's dominant in the Edge. And when you look at the performance curves and the time to tape out, it's just astounding. And I don't know if people appreciate that relative to the traditional Moore's law curve. I mean, it's a style. And then when you combine the power of the CPU, the GPU, the NPU, kind of what Apple does in the iPhone, it blows away the historical performance curves. And you're on that curve. >> That's right. >> I wonder if you could sort of explain that. >> So with Graviton, we're optimizing just across every single part of AWS. So one of the nice things is we actually own that end-to-end. So when it starts with the early design of Graviton2 and Graviton3, and we obviously working on other chips right now. We're actually using the cloud to do all of the electronic design automation. So we're able to test with AWS how that Graviton3 chip is going to work long before we've even started taping it out. And so those workloads are running on high-frequency CPU's on Graviton. Actually we're using Graviton to build Graviton now in the cloud. The other thing we're doing is we're making sure that the Annapurna team that's building those CPUs is deeply engaged with my team and we're going to ultimately go and build those instances so that when that chip arrives from tapeout. I'm not waiting nine months or two years, like would normally be the case, but I actually had an instance up and running within a week or two on somebody's desk studying to do the integration. And that's something we've optimized significantly to get done. And so it allows us to get that iteration time. It also allows us to be very, very accurate with our tapeouts. We're not having to go back with Graviton. They're all A1 chips. We're not having to go back and do multiple runs of these things because we can do so much validation and performance testing in the cloud ahead of time. >> This is the epiphany of the Arm model. >> It really is. >> It's a standard. When you send it to the fab, they know what's going to work. You hit volume and it's just no fab. >> Well, this is a great thread. We'll stay on this 'cause Adam told us when we met with them for re:Invent that they're seeing a lot more visibility into use cases at the scale. So the scale gives you an advantage on what instances might work. >> And makes the economics works. >> Makes the economics work, hence the timing, the shrinking time to market, not there, but also for the apps. Talk about the scale advantage you guys have. >> Absolutely. I mean, the scale advantage of AWS plays out in a number of ways for our customers. The first thing is being able to deliver highly optimized hardware. So we don't just look at the Graviton3 CPU, you were speaking about the core count and the frequency and Peter spoke about a lot of that in his keynote yesterday. But we look at how does the Graviton3 CPU work with the rest of the instance. What is the right balance between the CPU and memory? The CPU and the Hydro. What's the performance and the drive? We just launched the Nitro SSD, which is now we've actually building our own custom SSDs for Nitro getting better performance, being able to do updates, better security, making it more cloudy. We're just saying, we've been challenged with the SSD in the parts. The other place that scales really helping is in capacity. Being able to make sure that we can absorb things like the COVID spike, or the stuff you see in the financial industry with just enormous demand for compute. We can do that because of our scale. We are able to scale. And the final area is actually in quality because I have such an enormous fleet. I'm actually able to drive down AFR. So annual failure rates, are we well below what the mathematical theoretical tenant or possibility is? So if you look at what's put on that actual sticker on the box that says you should be able to get a full percent AFR. At scale and with focus, we're actually able to get that down to significantly below what the mathematical entitlement was actually be. >> Yeah, it's incredible. I've got a great, and this is the advantage, and that's why I believe anyone who's writing applications that has includes a database, data transfer, any kind of execution of code will use the stack. >> Why would they? Really, why? We've seen this, like you said before, whether it was PC, then the fastest Pentium or somebody. >> Why would you want your app to run slower? >> Unix box, right? ISVS want it to run as fast and as cheaply as possible. Now power plays into it as well. >> Yeah, well, we do have, I agree with what you're saying. We do have a number of customers that are still looking to run on x86, but obviously customers that want windows. Windows isn't available for Arm and so that's a challenge. They'll continue to do that. And you know the way we do look at it is most law kind of died out on us in 2002, 2003. And what I'm hoping is, not necessarily bringing wars a little back, but then we say, let's not accept the 10%, 15% improvement year-over-year. There's absolutely more we can all be doing. And so I'm excited to see where the x86 world's going and they doing a lot of great stuff. Intel Ice Lakes looking amazing. Milan is really great to have an AWS as well. >> Well, I'm thinking it's fair point 'cause we certainly look what Pat's doing it at Intel and he's remaking the company. I've said he's going to follow on the Arm playbook in my mind a little bit, and which is the right thing to do. So competition is a good thing. >> David: Absolutely. >> We're excited for you and a great to see Graviton and you guys have this kind of inflection point. We've been tracking for a while, but now the world's starting to see it. So congratulations to your team. >> David: Thank you. >> Just a couple of things. You guys have some news on instances. Talk about the deprecation issue and how you guys are keeping instances alive real quick. >> Yeah, we're super customer obsessed at Amazon. And so that really drives us. And one of the worst things for us to do is to have to tell a customer that we no longer supporting a service. We recently actually just deprecated the ECG classic network. I'm not sure if you saw that and that's actually off the 10 years of continuing to support it. And the only reason we did it is we have a tiny percentage of customers still using that from back in 2012. But one of the challenges is obviously instance hardware eventually will ultimately time out and fail and have hardware issues as it gets older and older. And so we didn't want to be in a place, in EC2, where we would have to constantly go to customers and say that M1 small, that C3, whatever you were running, it's no longer supported, please move. That's just a text that customers shouldn't have to do. And if they still getting value out of an older instance, let them keep using it. So we actually just announced at re:Invent, in my keynote on Tuesday, the longevity support for EC2 instances, which means we will never come back to you again and ask you to please get off an instance, because we can actually emulate all those instances on our Nitro system. And so all of these instances are starting to migrate to Nitro. You're getting all the benefits of Nitro for now some of our older zen instances, but also you don't have to worry about that work. That's just not something you need to do to get off in all the instance. >> That's great. That's a great test service. Stay on as long as you want. When you're ready to move, move. Okay, final question for you. I know we've got time, I want to get this in. The global network, you guys are known for AWS cloud WAN serve. Gives you updates on what's going on with that. >> So Werner just announced that in his keynote and over the last two to three years or so, we've seen a lot of customers starting to use the AWS backbone, which is extensive. I mean, you've seen the slides in Werner's keynote. It really does span the world. I think it's probably one of the largest networks out there. Customers starting to use that for actually their branch office communication. So instead of going and provisioning the own international MPLS networks and that sort of thing, they say, let me onboard to AWS with VPN or direct connect, and I can actually run the AWS backbone around the world. Now doing that actually has some complexity. You got to think about transit gateways. You got to think about those inter-region peering. And AWS cloud when takes all of that complexity away, you essentially create a cloud WAN, connecting to it to VPN or direct connect, and you can even go and actually set up network segments. So essentially VLANs for different parts of the organization. So super excited to get out that out of there. >> So the ease of use is the key there. >> Massively easy to use. and we have 26 SD-WAN partners. We even partnering with folks like Verizon and Swisscom in Switzerland to telco to actually allow them to use it for their customers as well. >> We'll probably use your service someday when we have a global rollout date. >> Let's do that, CUBE Global. And then the other was the M1 EC2 instance, which got a lot of applause. >> David: Absolutely. >> M1, I think it was based on A15. >> Yeah, that's for Mac. We've got to be careful 'cause M1 is our first instance as well. >> Yeah right, it's a little confusion there. >> So it's a Mac. The EC2 Mac is with M1 silicon from Apple, which super excited to put out there. >> Awesome. >> David Brown, great to see you in person. Congratulations to you and the team and all the work you guys have done over the years. And now that people starting to realize the cloud platform, the compute just gets better and better. It's a key part of the system. >> Thanks John, it's great to be here. >> Thanks for sharing. >> The SiliconANGLE is here. We're talking about custom silicon here on AWS. I'm John Furrier with Dave Vellante. You're watching theCUBE. The global leader in tech coverage. We'll be right back with more covers from re:Invent after this break. (bright music)

>>mhm >>Welcome to this cube conversation here in Palo alto California. I'm john Kerry host of the cube. We've got a great awesome conversation with the Ceo and co founder of harness a hot startup jodi Benson who is the co founder and Ceo but also the co founder of unusual ventures which is a really awesome venture capital firm, doing some great work investment but also they have great content over there for entrepreneurs and for people in the community And of course he's also the founder of big labs, his playground. If you're building out new applications also well known for being the founder of Ap dynamics of super successful billion dollar exit as a startup, Salto, Cisco now doing a lot of things and driving harness, solving big problems. So joe t mouthful intro there, you've done a lot. Congratulations on your an amazing entrepreneur career and now your next uh next next opportunities harness among other things. So congratulations. Thank you for coming. >>Thank you john and glad to be here. >>You guys are solving a big problem in software delivery. Obviously software changing the world. You're seeing open source projects increasing in order of magnitude enterprises jumping on open source in general adoption, large scale with cloud software is being delivered faster than ever before and with cloud scale and now edge this huge challenges around how software deployed, managed maintained. You got, we're talking about space to how do you do break fix in space, all these things are happening at a massive scale across the world. You are solving a big problem. So take a minute to explain what harnesses doing, why you guys exist, why you jumping in into this venture. >>Sure. Yeah. You know what harness mission is to simplify supper delivery and make it uh top notch for everyone. Like if you look at like you know the likes of google and facebook and netflix and amazon these companies are mastered the process of software delivery like and your engineers write code and the code is shipped to the end users and they can do it like multiple times a day at their scale and you know at the complexity that they have but most other business in the world they all want to be software companies but it's extremely, extremely hard for them to get there and I saw this firsthand when I was at epidemics as you know as Ceo last there we're about 12 1300 employees in the company and we had about about 3 50 or so engineers in the company For every 10 or 12 engineers, we had one person whose job was to write automation and scripting and tooling for trying to ships off you know uh you know all kind of scripting kind of stuff. We'll write scripts and chef and puppet and sensible and to deploy in aws and whatnot. And you know one day we're doing the math were like you know we have you know about overall about 30 people whose job was to do devops engineering by writing automation etc to deploy somewhere and I would do the math like you know, one engineer cost is 200 k loaded cost at six million a year that you're spending six million a year just writing deployment, scripting, you know, and even with that we were nowhere close to world class like world class is in like what you would think you could ship every day, we chip on demand, you could, you know, you could deploy software, ship software all of that right? And that was the, you know, I looked at that as a problem inside of dynamics and all they have done with customers, I would talk to like large banks, insurance companies and retailers and telcos and I would hear the same challenge like you know, we hear about devops, we go to the all these devops conferences and events and we see the same 10 companies, you know presenting how the home grew some kind of a devops system for software delivery etc. And you know, I mean that was like, you know, we just, we cannot survive with this like and as the world we need to have uh the right kind of platforms for software delivery and simplify this so that everyone could become as good as a google netflix amazon etcetera that stand of our mission at harness that can we take every business in the world, you know and in a few weeks or a few months, can we get them as sophisticated and good in terms of their dueling for software delivery as a google facebook amazon, those kind of companies would be and that's, that's what we're doing. So >>It's a great ambition and by the way it's a bold move and it's needed. I'll tell you, it's interesting. You mentioned some of those commentary about shipping code at that speed Facebook Google. They had that they had they were forced to do that and again they have all that benefit the mainstream enterprise doesn't. But if you even go back 20 years ago, 15 years ago, that's when Amazon was born. You see two and S three is celebrating their 15th birthday. Software. Yeah, hyper scale has had some good moves there. But the average business went from craft, you know, waterfall QA department go back a little bit slower. I won't say slow motion but manageable now with the speed of shipping and the speed of the scale, that's a huge issue. What kind of pressure do you see that putting on the developer, the individual, not just the system because you got the system of development and the devil and the developers themselves. >>I think the developers have have done quite well to this. I feel like, you know, if you look at the software development part of itself, you know the agile development has been happening for quite some time. So developers have learned how to ship things fast and like in a week sprint or a two week sprint or in in kind of faster cycles. They have moved off from the waterfall kind of models like many years ago now. So that's the suffering development side of things then you have the infrastructure side of things which is the like any province in infrastructure fast. Can you get hardware fast? That's the, you know, the cloud has done that well where the challenges the process, the developers are writing code fast enough these days and you have the, you know, the infrastructure itself could be prov isn't and maintained and and and change fast enough but how do you bring it all together and there is the entire process around it. That's not moving fast enough. So that's where the bottom language. So I feel the, you know, and the process is not good. The developer experience becomes really bad bad because developers are waiting for the process to go and you know, they write some code and the code is sitting on the shelf and they are waiting for things. >>Uh they get all pissed off and mad. What's the holdup? Why what's the process? And then security shifting left, wait a minute to go back and rewrite code. This is huge. I want to just get back and just nail it quickly if you don't mind honing in on the value proposition. What is the harness value proposition? What is the pitch, what are you, what are you offering? What are you solving? Can you nail in on that real quick? >>Sure. So what harness is swallowing is simplifying that software delivery by plane, so developer writes code and that code goes goes through a bunch of steps so a bunch of steps which is uh you know you build the code then you you know test the code, you know, then you do integration tests, then you you know go through your security checks, then you go through a compliance checks, then you go through more dusting, then you're deploying a staging environment, then you go one to do a bunch of things on it. Then you start deploying in production environment but in production you will deploy on like a small part of production, verify everything is working well, it's not working well, you'll roll it back, it's working well then you deploy two more things. This entire process could take like weeks for people to do and this is mostly automated, you know in kind of uh uh you know this kind of random scripts here and there etcetera. So we simplify the entire process that you could describe your process in the language, I just described like you know in a very descriptive declarative kind of way like this is the process I want to achieve and hardness will automatically create your pipelines for this. This kind of process and most of these pipelines have a lot of heavy use of intelligence and um L two, it could go from one step to another, like, so many times, like when you say, you know, deploy the guard and and and 1% of my production environment and see everything is working well and if everything is working well, go to the next 10%. But how do you figure out if everything is working well and that's where the intelligence and um El comes in like, you know, what we learn, what is a normal behavior of your application, how does a normal part of the code works like, you know, there, what's the performance behavior, what is a functional behavior? What errors it is? And if everything is good then you go to the next step so that entire cycle harness automatically, uh you know, uh managers and its automated, you know, if you get governance, you get like, you know, high degree of automation, you get a high degree of, you know, security, you get high degree of like, you know, uh uh you know, quality around him. And so it's it's think of like the, the Ci cd has a lot of developers know and know this process is is ci cd on steroids available to you, Right? So you >>sound like you're making it easier on the Ci cd pipeline process, standing it up, detecting it, prototyping it, if you will, for lack of a better description, get get used to the pipeline and then move it out, roll it out and build your own in a way >>that, is that what is that what you're doing? It's like, you know, a lot of these complex ci city pipelines, what people need, you know, it can take them like three months, six months to to put it uh you know, put it together the harness, it's like an hour, an hour, you could put it together, you know, very, very sophisticated uh Ci cd pipeline and the pipeline is, you know, automated is is, you know, it's it's intelligent around like, you know, what is the normal behavior of your of your applications? Uh It's it's just so phenomenally different than how people have done ci cd before that we simplify the process. Automate the process, you know, and make it manageable and very ready to get involved. >>It's funny you mentioned the three weeks weeks it could take to do the csd pipeline. Of course, that doesn't factor in the what happens when you roll it out, people start complaining, playing with it, breaking it, then you gotta go back and do it again. I mean, that's real and that's a real problem, I mean, can you just going to give a taste of the scar tissue that goes on there. What's some of the what are some of the what some of the pain points that you solve? >>Yeah. So, I think the that is that really becomes the core of the pain point, like, you know, people need, like high amount of dependability, easy to change things, you know, it's we call it like the lack of intelligent automation, you know, and the and this heavy amount of developer toil that the developers have to do so much work around around making all of this work like you know it has to be simplified. So that's that's where our value product comes in like you know, it's it's you know uh you can get like a visual builder and like minutes you can build out the entire process which is your job stability at city pipeline or you could also do like a declarative Yamil interface and just like you know in a few lines just right up whatever process you would want and we would review should be shipped with all kind of integrations with every cloud environment, every monitoring system, every system, every kind of testing process, every kind of security scanning so you can just drag and drop and in minutes eur, europe and running, it just creates so much velocity in this entire process. And also this manageability that people have struggled with >>morale to I mean you can imagine the morale developers go up significantly when you start seeing that the developer productivity has always been a big thing but this intelligent automation conversations huge. Some people have it, some people don't, people say they have it, what is how can you, how can the company figure out uh if someone's really got the real deal when it comes to intelligent automation because again, automation is the is key into devops. >>Yeah, I think I I almost started like you know like if you look at the generational evolution of things like the the first generation was uh you know developer writes code and then it will give you will give it to some some mighty at men who will go and deploy the code, run some commands and do things like tradition to was writing scripts that you're right, a lot of scripts that was automation but it was kind of dumb our dimension and that's how we have, you know that that's where the industry is so actually break now even most of it, the third generation is when the automation is you don't write scripts to you know uh to automate things, you tell our system what you want to achieve and it generates automation for you, right? And that's what we call intelligent automation. Where it's all declarative and all the you don't have to maintain a lot of you know scripts etcetera because they are, you know, they can't keep up with it. You know, you have to change the process all the time and if you change the process, it doesn't work, it becomes completely, you know, uh you know, it becomes very fragile to manage it. So that's that's really where intelligent automation comes in, you know, I look at like, you know, if you can have like uh like you look at like a wrestler, you know, making cars the entire assembly line is automated, but it's, but it's if you want to change something in the assembly line, even that process is automated and it's very simple. Right? So it's and that's what gives them so much uh you know, uh you know, uh let's say control and manageability around the manufacturing process. So the software delivery, uh you know, by assembly line, which is the software software by ci cd piper and really should be a more sophisticated and more intelligent as well now. And that's that's an exhibition, >>jodi. You're also pointing out something that we cover a lot on the cube and we've been writing about is how modern software practices are changing, where this team makeup or whatever its speed is key, but also getting data. Everyone who's successful with cloud and cloud scale and now you got the edge opening up and like I said, even space is going to be programmable, Everything's programmable. And the key is to get the data from the use cases right, get something deployed, look at it, get some data and then double down and make it better. That's a modern approach, not build it and then rebuild it and tear it down and rebuild it, which you're kind of leaning into this idea of let's get some delivery going, let's structure it and then feed it more so that the developers can iterate with with, with the pipeline and this is this again, can scale, can you talk about that? Can you comment on your reaction to that? >>Yeah, definitely. That's exactly how we look at it. Like, you know, you uh you want developers to kind of like say they want to do a, you know, automated process to deploy in their communities infrastructure in matter of minutes, you should be able to get started, but now it's like, you know, there's so much data that comes into it. Like, you know that you have monitoring systems systems like ab dynamics and you're like and data dog and you're logging systems your Splunk and elastic and you know, some logic, you have your, you know, different kind of testing systems here, your security scanning, so there's so much data in it. They're like, you know, terabytes and terabytes of data from it. So when you start doing your deployments, we could also come seem all of the data and see like what was the impact of those deployments or court changes in each of these monitoring, dusting, logging gonna systems and you know, what, how the data changes and then now is that based on that we can learn like, you know, what should be your ideal process and what will break in your process and that's that's the how harness platform works. That's the core of that intelligent automation networks, they're expanding it now to bring a few more of the devops use cases into it Also like the one is cloud cost management because when you, when you, you know, uh you know when we started shipping, there's a lot of people would tell us like, you know, you're you're doing a great job helping us managing the quality, which we always were concerned about like when we're deploying things so you know, security, you know, functionality etcetera. But cloud cost is a big challenge as well. You have your paying like tens and tens of millions of dollars to the cloud providers. And when developers do things in an automated way, it could increase without cost suddenly and we don't know what to do how to manage that. So that's the, you know, we we introduced a new model called cloud cost management to as part of the develops software delivery process that every time you're shipping code and we also figure out like, you know, what with impact on on your on your podcast, you know, can we automate the, you know, uh if there is there is too much impact, can we automate the, you know, the roll back around it, you know, can you get and you can you can we stop the delivery process at that point, can we help you troubleshoot and, you know, reduce the cost down? So that's, you know, that's cost becomes another another another dimension to it. Uh you know, then we recently just added uh you know, the next level that's managing feature Flags. And a lot of the time software developers are adding feature flags to like this feature would be given to this consumer and like, you know, and this feature will be given to this consumer until you test it out through uh test kind of thing and like, you know, what is the impact of, you know, uh turning a feature on versus off, you know, we're bringing that into the same ci cd pipeline. So it's kind of an integrated approach to this uh you know, our intelligently automated biplane instead of these uh small point approaches that just very hard to manage. >>I mean the level of data involved the creature flag for instance, the great is an amazing thing because that allows you to do things that used to be extremely difficult to provision. I mean just picking the color of icon, for instance, this kind of blue, I mean I was just, you hear about this, these kinds of things happening at scale and the date is pretty accurate when it comes in. So I think that's an example of the kind of speed and agility that developers want and the question I want to ask you though on that point because this opens up the whole next conversation, you guys have a modern approach and so much traction and you've recently raised big rounds of funding as you go to the market place, your experienced entrepreneur and uh and Ceo you've seen the waves before. What's the big wave that you're on now? What's the big momentum tailwind for harness? Is it the fact that you're creating value for developers or is it the system that you're integrating into with the intelligence to make things smarter and more scalable? What's the or is it all the above? Can you just share what that that story is? >>Yeah, I think it's, it's, it's really, really both of them. But you know, what are our business case when you go to people who tell them like say, if you're you know, 200 developers. uh, you know, we can give you the world's best software delivery tooling at the cost of half to one developer. Right? So like, you know, so which is like 44, 200 person organization at like 200 to 200 to $300,000 a year. They will get the best software delivery tooling better than a Google Facebook Amazon kind of companies very, very quickly. So our, our entire value prop is built on that like a developer experience gets much better. The productivity gets much better. Developers on an average are spending like 20-30% of the time on deployment, delivery-related toil, like unnecessary stuff that we deal with. So it's only 30% more efficiency gain for the developers. Their quality of life gets better that they don't need to worry about like weekends and nights to babysit your deployments and you know, things breaking and troubleshooting things all the time. Right? So that's that's a that's a big big value. But as a business you get much more velocity your innovation velocity is much higher. You know your risk on your, you know your consumers is much lower because your quality of the of of you know how your ship becomes becomes better. So our business case of like you know at the past of like 1-2 develops engineers will get you the best develops uh you know tooling in the world possible. You know it's not a hard business case for us to make, right? That's that's what we we we look at, it becomes pretty pretty obvious for you know as people try our product, you know the business case >>you don't have to really pass the I. Q. Test to figure this one out, okay everyone's happier and you have more options to scale and make more money in new opportunities not just existing business. I mean the feature flagging these new features you can build a new value and take more territory if you're a business or whatever your objective is so clear value. Can you give an example of some recent successes you've had or or traction points that you think is worth notable that people can get their arms around. >>Yeah definitely like you know we are we're helping a lot of uh you know a lot of customers you know doing uh like completely changing their uh their uh their process of software delivery, you know, 11 recent example, uh nationwide insurance, you know, nationwide insurance, you know, moving from their data center kind of approach to public cloud and to communities and to microservices, like a major cloud native re architecture and in a very ambitious aggressive project to do it, you know, in a in a in a short period of time and harness becomes a platform for them to kind of, you know, uh to remove all the bottom leg around the process, the software delivery process. You know, they obviously they still have to do the developer side of things and they have to do the cloud infrastructure side of things, which is they're doing. But the entire process of how you bring together, you know, harness becomes accelerated around it. So a lot of these kind of stories that we when we kind of create this fundamental transformation for our for our for our customers, you know, uh you know, moving to to a public cloud, you know, moving to microservices, moving to communities, you know, re architect things, but they become much faster. Cloud native higher, you know, a true software company and you know, I would say that's that's something we we we we take a they can take a lot of pride in, I think are always our biggest challenge is uh is to is to is to evangelize and and convince the market that this is possible to do with the product, because historically people have got told like, you know, the only way you can do this kind of software delivery processes and tooling is by engineering it on your own. So everyone wants us on the path of writing their own, you know, and and it's very hard for every, every company in the world to become very good in writing your own software delivery, tooling and processes and systems, etcetera. Right? So it's uh and that's it. So, you know, there is still that that education and evangelism needs to be done, that, you know, there is uh there is no point, you're trying to do it on your own, you can get a platform that can do it all for you and you can focus on the your core business of, you know, what you want to innovate on. >>And I think the Devil's movement hasn't been pioneered and you have to hand roll everything and that's the way it was. But now, as the mainstream market picks this up, you're standing on the shoulders of those pioneers, you are one of them. It's awesome to see this modern approach because it's really playing out in real time again, you've done that before, joe t so it's impressive and, you know, you've seen the movie and developed and the earlier versions pre devops. So, so as cloud native comes and start scaling it's going to be for the rest of us. So, great, great that you're providing the platform and the tools and software. I got to ask you if you don't mind because a lot of people are looking at ways for modern approaches to organizing their teams, how would you define the modern devops movement? You look at devops one point. Oh, we got here. Okay, cloud, cloud native, cloud scale, modern applications, pipe lining. Now, we're looking at a whole another level of confluence of uh of integration and speed. How would you define the modern devops movement? >>Yeah, I think that's a that's a very good question. I think that the core of modern devops, what I would call it develops to point to me is developers self service. It was like the first generation of develops was they create this kind of a devoPS team and then the developers will give all the, you know, delivery related stuff that develops team and the devops team starts to become a bottle, like everywhere now, like in the developed steam job is to build a ci pipeline and the city pipeline and the deployment scripts and you know, do like, you know, you want to do a canary deployment, they have to figure it out how to do it, they have to do, like, you know, you are uh you know, all sort of things that the that needs to be done, you create a central develops team and you give it to them and they become like, you know, uh become a big bottleneck, we look at the modern develops or the next generation and develops has to be done around focusing on the developer experience that and making it all self service for the developers. So you have, you have, let's say you are definitely in for a micro service and it's like, you know 57 engineers, you know, modeling a micro service you want like that, they can go and say this is for our micro service, you know, in a matter of minutes or hours, they can engineer the process without having to lean on a central deVOPS team and to do all the work for them and that's you know, by by maybe a modeler or in some kind of mammal interface or something. That's very easy for them, their experience is so easy that they can manage it themselves without the central deVOPS team have to write it all or cut it all and manage it all. But at the same time the center deVOPS teams, job becomes a bar and governance that can they define the guardrails, that they can define the guardrails on like, you know, you have to have this level of security before something goes into production, you have to have this level of quality before something goes into production, you have to have like, you know, uh this, your cost could not be more than this, right? So you define, so in this instance, instead of the center develops team is doing all the work themselves on writing all the stuff they define the guard rails and it becomes a very easy cell service experience of the developers should do things within those, those guard rails. This is what the modern never actually, >>that's awesome and also accelerate more business value And you're nailing it joe t thank you for coming on and great. Uh, the Ceo on the cube ceo and co founder harness harness dot IO. You guys got free trials, free downloads. You got a great, uh, by as you go model also. Um, you're an entrepreneur at heart. Uh, co founder of unusual ventures, Big Labs appdynamics. Now harness. Congratulations. Thanks for coming on. >>Hey, thank you john. >>Okay, this is a cube conversation. I'm john for here in Palo alto California with the cube. Thanks for watching.

>> Announcer: From around the Globe, it's theCUBE with coverage of Kube Con and Cloud Native Con Europe 2021 virtual brought to you by Red Hat, the cloud native computing foundation and ecosystem partners. >> Hello, and welcome back to theCUBE's coverage of Kube Con and Cloud Native Con 2021 virtual. I'm John Furrier, host of theCUBE, here with a great guest, I'm excited to talk to. His company, that he was part of founding CTO, was bought by Red Hat. Ali Golshan, Senior Director of Global Software Engineer at Red Hat, formerly CTO of StackRox. Ali thanks for coming on, I appreciate it. Thanks for joining us. >> Thanks for having me excited to be here. >> So big acquisition in January, where we covered it on SiliconANGLE, You guys, security company, venture backed amplify Sequoya and on and on. Big part of Red Hat story in their security as developers want to shift left as they say and as more and more modern applications are being developed. So congratulations. So real quick, just quick highlight of what you guys do as a company and inside Red Hat. >> Sure, so the company's premise was built around how do you bring security the entire application life cycle. So StackRox focuses on sort of three big areas that we talk about. One is, how do you secure the supply chain? The second part of it is, how do you secure infrastructure and foster management and then the third part is now, how do you protect the workload that run on top of that infrastructure. So this is the part that aligned really well with Red Hat which is, Red Hat had wanted to take a lot of what we do around infrastructure, foster management configuration management and developer tools integrated into a lot of the things they do and obviously the workload protection part was a very seamless part of integrating us into the OpenShift part because we were built around cloud native constructs and obviously Red Hat having some of the foremost experts around cloud native sort of created a really great asset. >> Yeah, you guys got a great story. Obviously cloud native applications are rocking and rolling. You guys were in early serverless emerges, Kubernetes and then security in what I call the real time developer workflow. Ones that are building really fast, pushing code. Now it's called day two operations. So cloud native did two operations kind of encapsulates this new environment. You guys were right in the sweet spot of that. So this became quite the big deal, Red Hat saw an opportunity to bring you in. What was the motivation when you guys did the deal Was it like, "wow" this is a good fit. How did you react? What was the vibe at the StackRox when this was all going down? >> Yeah, so I think there's really three areas you look for, anytime a company comes up and sort of starts knocking on your door. One is really, is the team going to be the right fit? Is the culture going to be the right environment for the people? For us, that was a big part of what we were taking into consideration. We found Red Hat's general culture, how they approach people and sort of the overall approach the community was very much aligned with what we were trying to do. The second part of it was really the product fit. So we had from very early on started to focus purely on the Kubernetes components and doing everything we could, we call it sort of our product approach built in versus bolted on and this is sort of a philosophy that Red Hat had adopted for a long time and it's a part of a lot of their developer tools, part of their shift left story as well as part of OpenShift. And then the third part of it was really the larger strategy of how do you go to market. So we were hitting that point where we were in triple digit customers and we were thinking about scalability and how to scale the company. And that was the part that also fit really well which was obviously, RedHat more and more hearing from their customers about the importance and the criticality of security. So that last part happened to be one part. We ended up spending a lot of time on it, ended up being sort of three out of three matches that made this acquisition happen. >> Well congratulations, always great to see startups in the right position. Good hustle, great product, great market. You guys did a great job, congratulations. >> Thank you. >> Now, the big news here at KubeCon as Linux foundation open-source, you guys are announcing that you're open-sourcing at StackRox, this is huge news, obviously, you now work for an open-source company and so that was probably a part of it. Take us through the news, this is the top story here for this segment tickets through open-source. Take us through the news. >> Yeah, so traditionally StackRox was a proprietary tool. We do have open-source tooling but the entire platform in itself was a proprietary tool. This has been a number of discussions that we've had with the Red Hat team from the very beginning. And it sort of aligns around a couple of core philosophies. One is obviously Red Hat at its core being an open-source company and being very much plugged into the community and working with users and developers and engineers to be able to sort of get feedback and build better products. But I think the other part of it is that, I think a lot of us from a historic standpoint have viewed security to be a proprietary thing as we've always viewed the sort of magic algorithms or black boxes or some magic under the hood that really moved the needle. And that happens not to be the case anymore also because StackRox's philosophy was really built around Kubernetes and Built-in, we feel like one of the really great messages around wide open-source of security product is to build that trust with the community being able to expose, here's how the product works, here's how it integrates here are the actions it takes here's the ramifications or repercussions of some of the decisions you may make in the product. Those all I feel make for very good stories of how you build connection, trust and communication with the community and actually get feedback on it. And obviously at its core, the company being very much focused on Kubernetes developer tools, service manage, these are all open-source toolings obviously. So, for us it was very important to sort of talk the talk and walk the walk and this is sort of an easy decision at the end of the day for us to take the platform open-source. And we're excited about it because I think most still want a productized supported commercial product. So while it's great to have some of the tip of the spear customers look at it and adopt the open-source and be able to drive it themselves. We're still hearing from a lot of the customers that what they do want is really that support and that continuous management, maintenance and improvement around the product. So we're actually pretty excited. We think it's only going to increase our velocity and momentum into the community. >> Well, I got some questions on how it's going to work but I do want to get your comment because I think this is a pretty big deal. I had a conversation about 10 years ago with Doug Cutting, who was the founder of Hadoop, And he was telling me a story about a company he worked for, you know all this coding, they went under and the IP was gone, the software was gone and it was a story to highlight that proprietary software sometimes can never see the light of day and it doesn't continue. Here, you guys are going to continue the story, continue the code. How does that feel? What's your expectations? How's that going to work? I'm assuming that's what you're going to open it up which means that anyone can download the code. Is that right? Take us through how to first of all, do you agree with that this is going to stay alive and how's it going to work? >> Yeah, I mean, I think as a founder one of the most fulfilling things to have is something you build that becomes sustainable and stands the test of time. And I think, especially in today's world open-source is a tool that is in demand and only in a market that's growing is really a great way to do that. Especially if you have a sort of an established user base and the customer base. And then to sort of back that on top of thousands of customers and users that come with Red Hat in itself, gives us a lot of confidence that that's going to continue and only grow further. So the decision wasn't a difficult one, although transparently, I feel like even if we had pushed back I think Red Hat was pretty determined about open-source and we get anyway, but it's to say that we actually were in agreement to be able to go down that path. I do think that there's a lot of details to be worked out because obviously there's sort of a lot of the nuances in how you build product and manage it and maintain it and then, how do you introduce community feedback and community collaboration as part of open-source projects is another big part of it. I think the part we're really excited about is, is that it's very important to have really good community engagement, maintenance and response. And for us, even though we actually discussed this particular strategy during StackRox, one of the hindering aspects of that was really the resources required to be able to manage and maintain such a massive open-source project. So having Red Hat behind us and having a lot of this experience was very relevant. I think, as a, as a startup to start proprietary and suddenly open it and try to change your entire business model or go to market strategy commercialization, changed the entire culture of the company can sometimes create a lot of headwind. And as a startup, like sort of I feel like every year just trying not to die until you create that escape velocity. So those were I think some of the risk items that Red Hat was able to remove for us and as a result made the decision that much easier. >> Yeah, and you got the mothership with Red Hat they've done it before, they've been doing it for generations. You guys, you're in the startup, things are going crazy. It's like whitewater rafting, it's like everything's happening so fast. And now you got the community behind you cause you're going to have the CNC if you get Kubecon. I mean, it's a pretty great community, the support is amazing. I think the only thing the engineers might want to worry about is go back into the code base and clean things up a bit, as you start to see the code I'm like, wait a minute, their names are on it. So, it's always always a fun time and all serious now this is a big story on the DevSecOps. And I want to get your thoughts on this because kubernetes is still emerging, and DevOps is awesome, we've been covering that in for all of the life of theCUBE for the 11 years now and the greatness of DevOps but now DevSecOps is critical and Kubernetes native security is what people are looking at. When you look at that trend only continuing, what's your focus? What do you see? Now that you're in Red Hat as the CTO, former CTO of StackRox and now part of the Red Hat it's going to get bigger and stronger Kubernetes native and shifting left-hand or DevSecOps. What's your focus? >> Yeah, so I would say our focus is really around two big buckets. One is, Kubernetes native, sort of a different way to think about it as we think about our roadmap planning and go-to-market strategy is it's mutually exclusive with being in infrastructure native, that's how we think about it and as a startup we really have to focus on an area and Kubernetes was a great place for us to focus on because it was becoming the dominant orchestration engine. Now that we have the resources and the power of Red Hat behind us, the way we're thinking about this is infrastructure native. So, thinking about cloud native infrastructure where you're using composable, reusable, constructs and objects, how do you build potential offerings or features or security components that don't rely on third party tools or components anymore? How do you leverage the existing infrastructure itself to be able to conduct some of these traditional use cases? And one example we use for this particular scenario is networking. Networking, the way firewalling in segmentation was typically done was, people would tweak IP tables or they would install, for example, a proxy or a container that would terminate MTLS or become inline and it would create all sorts of sort of operational and risk overhead for users and for customers. And one of the things we're really proud of as sort of the company that pioneered this notion of cloud native security is if you just leverage network policies in Kubernetes, you don't have to be inline you don't have to have additional privileges, you don't have to create additional risks or operational overhead for users. So we're taking those sort of core philosophies and extending them. The same way we did to Kubernetes all the way through service manager, we're doing the same sorts of things Istio being able to do a lot of the things people are traditionally doing through for example, proxies through layer six and seven, we want to do through Istio. And then the same way for example, we introduced a product called GoDBledger which was an open-source tool, which would basically look at a yaml on helm charts and give you best practices responses. And it's something you we want for example to your get repositories. We want to take those sort of principles, enabling developers, giving them feedback, allowing them not to break their existing workflows and leveraging components in existing infrastructure to be able to sort of push security into cloud native. And really the two pillars we look at are ensuring we can get users and customers up and running as quickly as possible and reduce as much as possible operational overhead for them over time. So we feel these two are really at the core of open-sourcing in building into the infrastructure, which has sort of given us momentum over the last six years and we feel pretty confident with Red Hat's help we can even expand that further. >> Yeah, I mean, you bring up a good point and it's certainly as you get more scale with Red Hat and then the customer base, not only in dealing with the threat detection around containers and cloud native applications, you got to kind of build into the life cycle and you've got to figure out, okay, it's not just Kubernetes anymore, it's something else. And you've got advanced cluster security with Red Hat they got OpenShift cloud platform, you're going to have managed services so this means you're going to have scale, right? So, how do you view that? Because now you're going to have, you guys at the center of the advanced cluster security paradigm for Red Hat. That's a big deal for them and they've got a lot of R and D and a lot of, I wouldn't say R and D, but they got emerging technologies developing around that. We covered that in depth. So when you start to get into advanced cluster, it's compliance too, it's not just threat detection. You got insights telemetry, data acquisition, so you have to kind of be part of that now. How do you guys feel about that? Are you up for the task? >> Yeah, I hope so it's early days but we feel pretty confident about it, we have a very good team. So as part of the advanced cluster security we work also very closely with the advanced cluster management team in Red Hat because it's not just about security, it's about, how do you operationalize it, how do you manage it and maintain it and to your point sort of run it longterm at scale. The compliance part of it is a very important part. I still feel like that's in its infancy and these are a lot of conversations we're having internally at Red Hat, which is, we all feel that compliance is going to sort of more from the standard benchmarks you have from CIS or particular compliance requirements like the power, of PCI or Nest into how do you create more flexible and composable policies through a unified language that allows you to be able to create more custom or more useful things specific to your business? So this is actually, an area we're doing a lot of collaboration with the advanced cluster management team which is in that, how do you sort of bring to light a really easy way for customers to be able to describe and sort of abstract policies and then at the same time be able to actually and enforce them. So we think that's really the next key point of what we have to accomplish to be able to sort of not only gain scale, but to be able to take this notion of, not only detection in response but be able to actually build in what we call declarative security into your infrastructure. And what that means is, is to be able to really dictate how you want your applications, your services, your infrastructure to be configured and run and then anything that is sort of conflicting with that is auto responded to and I think that's really the larger vision that with Red Hat, we're trying to accomplish. >> And that's a nice posture to have you build it in, get it built in, you have the declarative models then you kind of go from there and then let the automation kick in. You got insights coming in from Red Hat. So all these things are kind of evolving. It's still early days and I think it was a nice move by Red Hat, so congratulations. Final question for you is, as you prepare to go to the next generation KubeCon is also seeing a lot more end user participation, people, you know, cloud native is going mainstream, when I say mainstream, seeing beyond the hyperscalers in the early adopters, Kubernetes and other infrastructure control planes are coming in you start to see the platforms emerge. Nobody wants another security tool, they want platforms that enable applications handle tools. As it gets more complicated, what's going to be the easy button in security cloud native? What's the approach? What's your vision on what's next? >> Yeah so, I don't know if there is an easy button in security and I think part of it is that there's just such a fragmentation and use cases and sort of designs and infrastructure that doesn't exist, especially if you're dealing with such a complex stack. And not only just a complex stack but a potentially use cases that not only span runtime but they deal with you deployment annual development life cycle. So the way we think about it is more sort of this notion that has been around for a long time which is the shared responsibility model. Security is not security's job anymore. Especially, because security teams probably cannot really keep up with the learning curve. Like they have to understand containers then they have to understand Kubernetes and Istio and Envoy and cloud platforms and APIs. and there's just too much happening. So the way we think about it is if you deal with security a in a declarative version and if you can state things in a way where how infrastructure is ran is properly configured. So it's more about safety than security. Then what you can do is push a lot of these best practices back as part of your gift process. Involve developers, engineers, the right product security team that are responsible for day-to-day managing and maintaining this. And the example we think about is, is like CVEs. There are plenty of, for example, vulnerability tools but the CVEs are still an unsolved problem because, where are they, what is the impact? Are they actually running? Are they being exploited in the wild? And all these things have different ramifications as you span it across the life cycle. So for us, it's understanding context, understanding assets ensuring how the infrastructure has to handle that asset and then ensuring that the route for that response is sent to the right team, so they can address it properly. And I think that's really our larger vision is how can you automate this entire life cycle? So, the information is routed to the right teams, the right teams are appending it to the application and in the future, our goal is not to just pardon the workload or the compute environment, but use this information to action pardon application themselves and that creates that additional agility and scalability. >> Yeah it's in the lifecycle of that built in right from the beginning, more productivity, more security and then, letting everything take over on the automation side. Ali congratulations on the acquisition deal with Red Hat, buyout that was great for them and for you guys. Take a minute to just quickly answer final final question for the folks watching here. The big news is you're open-sourcing StackRox, so that's a big news here at KubeCon. What can people do to get involved? Well, just share a quick quick commercial for what people can do to get involved? What are you guys looking for? Take a pledge to the community? >> Yeah, I mean, what we're looking for is more involvement in direct feedback from our community, from our users, from our customers. So there's a number, obviously the StackRox platform itself being open-source, we have other open-source tools like the KubeLinter. What we're looking for is feedback from users as to what are the pain points that they're trying to solve for. And then give us feedback as to how we're not addressing those or how can we better design our systems? I mean, this is the sort of feedback we're looking for and naturally with more resources, we can be a lot faster in response. So send us feedback good or bad. We would love to hear it from our users and our customers and get a better sense of what they're looking for. >> Innovation out in the open love it, got to love open-source going next gen, Ali Golshan Senior Director of Global Software Engineering the new title at Red Hat former CTO and founder of StackRox which spread had acquired in January, 2021. Ali thanks for coming on congratulations. >> Thanks for having, >> Okay, so keeps coverage of Kube Con cloud native Con 2021. I'm John Furrie, your host. Thanks for watching. (soft music)

>> Announcer: From around the Globe, it's theCUBE with coverage of Kube Con and Cloud Native Con Europe 2021 virtual brought to you by Red Hat, the cloud native computing foundation and ecosystem partners. >> Hello, and welcome back to theCUBE's coverage of Kube Con and Cloud Native Con 2021 virtual. I'm John Furrier, host of theCUBE, here with a great guest, I'm excited to talk to. His company, that he was part of founding CTO, was bought by Red Hat. Ali Golshan, Senior Director of Global Software Engineer at Red Hat, formerly CTO of StackRox. Ali thanks for coming on, I appreciate it. Thanks for joining us. >> Thanks for having me excited to be here. >> So big acquisition in January, where we covered it on SiliconANGLE, You guys, security company, venture backed amplify Sequoya and on and on. Big part of Red Hat story in their security as developers want to shift left as they say and as more and more modern applications are being developed. So congratulations. So real quick, just quick highlight of what you guys do as a company and inside Red Hat. >> Sure, so the company's premise was built around how do you bring security the entire application life cycle. So StackRox focuses on sort of three big areas that we talk about. One is, how do you secure the supply chain? The second part of it is, how do you secure infrastructure and foster management and then the third part is now, how do you protect the workload that run on top of that infrastructure. So this is the part that aligned really well with Red Hat which is, Red Hat had wanted to take a lot of what we do around infrastructure, foster management configuration management and developer tools integrated into a lot of the things they do and obviously the workload protection part was a very seamless part of integrating us into the OpeShift part because we were built around cloud native constructs and obviously Red Hat having some of the foremost experts around cloud native sort of created a really great asset. >> Yeah, you guys got a great story. Obviously cloud native applications are rocking and rolling. You guys were in early serverless emerges, Kubernetes and then security in what I call the real time developer workflow. Ones that are building really fast, pushing code. Now it's called day two operations. So cloud native did two operations kind of encapsulates this new environment. You guys were right in the sweet spot of that. So this became quite the big deal, Red Hat saw an opportunity to bring you in. What was the motivation when you guys did the deal Was it like, "wow" this is a good fit. How did you react? What was the vibe at the StackRox when this was all going down? >> Yeah, so I think there's really three areas you look for, anytime a company comes up and sort of starts knocking on your door. One is really, is the team going to be the right fit? Is the culture going to be the right environment for the people? For us, that was a big part of what we were taking into consideration. We found Red Hat's general culture, how they approach people and sort of the overall approach the community was very much aligned with what we were trying to do. The second part of it was really the product fit. So we had from very early on started to focus purely on the Kubernetes components and doing everything we could, we call it sort of our product approach built in versus built it on and this is sort of a philosophy that Red Hat had adopted for a long time and it's a part of a lot of their developer tools, part of their shift left story as well as part of OpenShift. And then the third part of it was really the larger strategy of how do you go to market. So we were hitting that point where we were in triple digit customers and we were thinking about scalability and how to scale the company. And that was the part that also fit really well which was obviously, RedHat more and more hearing from their customers about the importance and the criticality of security. So that last part happened to be one part. We ended up spending a lot of time on it, ended up being sort of the outer three matches that made this acquisition happen. >> Well congratulations, always great to see startups in the right position. Good hustle, great product, great market. You guys did a great job, congratulations. >> Thank you. >> Now, the big news here at KubeCon as Linux foundation open-source, you guys are announcing that you're open-sourcing at StackRox, this is huge news, obviously, you now work for an open-source company and so that was probably a part of it. Take us through the news, this is the top story here for this segment tickets through open-source. Take us through the news. >> Yeah, so traditionally StackRox was a proprietary tool. We do have open-source tooling but the entire platform in itself was a proprietary tool. This has been a number of discussions that we've had with the Red Hat team from the very beginning. And it sort of aligns around a couple of core philosophies. One is obviously Red Hat at its core being an open-source company and being very much plugged into the community and working with users and developers and engineers to be able to sort of get feedback and build better products. But I think the other part of it is that, I think a lot of us from a historic standpoint have viewed security to be a proprietary thing as we've always viewed the sort of magic algorithms or black boxes or some magic under the hood that really moved the needle. And that happens not to be the case anymore also because StackRox's philosophy was really built around Kubernetes and Built-in, we feel like one of the really great messages around wide open-source of security product is to build that trust with the community being able to expose, here's how the product works, here's how it integrates here are the actions it takes here's the ramifications or repercussions of some of the decisions you may make in the product. Those all I feel make for very good stories of how you build connection, trust and communication with the community and actually get feedback on it. And obviously at its core, the company being very much focused on Kubernetes developer tools, service manage, these are all open-source toolings obviously. So, for us it was very important to sort of talk the talk and walk the walk and this is sort of an easy decision at the end of the day for us to take the platform open-source. And we're excited about it because I think most still want a productized supported commercial product. So while it's great to have some of the tip of the spear customers look at it and adopt the open-source and be able to drive it themselves. We're still hearing from a lot of the customers that what they do want is really that support and that continuous management, maintenance and improvement around the product. So we're actually pretty excited. We think it's only going to increase our velocity and momentum into the community. >> Well, I got some questions on how it's going to work but I do want to get your comment because I think this is a pretty big deal. I had a conversation about 10 years ago with Doug Cutting, who was the founder of Hadoop, And he was telling me a story about a company he worked for, you know all this coding, they went under and the IP was gone, the software was gone and it was a story to highlight that proprietary software sometimes can never see the light of day and it doesn't continue. Here, you guys are going to continue the story, continue the code. How does that feel? What's your expectations? How's that going to work? I'm assuming that's what you're going to open it up which means that anyone can download the code. Is that right? Take us through how to first of all, do you agree with that this is going to stay alive and how's it going to work? >> Yeah, I mean, I think as a founder one of the most fulfilling things to have is something you build that becomes sustainable and stands the test of time. And I think, especially in today's world open-source is a tool that is in demand and only in a market that's growing is really a great way to do that. Especially if you have a sort of an established user base and the customer base. And then to sort of back that on top of thousands of customers and users that come with Red Hat in itself, gives us a lot of confidence that that's going to continue and only grow further. So the decision wasn't a difficult one, although transparently, I feel like even if we had pushed back I think Red Hat was pretty determined about open-source and we get anyway, but it's to say that we actually were in agreement to be able to go down that path. I do think that there's a lot of details to be worked out because obviously there's sort of a lot of the nuances in how you build product and manage it and maintain it and then, how do you introduce community feedback and community collaboration as part of open-source projects is another big part of it. I think the part we're really excited about is, is that it's very important to have really good community engagement, maintenance and response. And for us, even though we actually discussed this particular strategy during StackRox, one of the hindering aspects of that was really the resources required to be able to manage and maintain such a massive open-source project. So having Red Hat behind us and having a lot of this experience was very relevant. I think, as a, as a startup to start proprietary and suddenly open it and try to change your entire business model or go to market strategy commercialization, changed the entire culture of the company can sometimes create a lot of headwind. And as a startup, like sort of I feel like every year just trying not to die until you create that escape velocity. So those were I think some of the risk items that Red Hat was able to remove for us and as a result made the decision that much easier. >> Yeah, and you got the mothership with Red Hat they've done it before, they've been doing it for generations. You guys, you're in the startup, things are going crazy. It's like whitewater rafting, it's like everything's happening so fast. And now you got the community behind you cause you're going to have the CNC if you get Kubecon. I mean, it's a pretty great community, the support is amazing. I think the only thing the engineers might want to worry about is go back into the code base and clean things up a bit, as you start to see the code I'm like, wait a minute, their names are on it. So, it's always always a fun time and all serious now this is a big story on the DevSecOps. And I want to get your thoughts on this because kubernetes is still emerging, and DevOps is awesome, we've been covering that in for all of the life of theCUBE for the 11 years now and the greatness of DevOps but now DevSecOps is critical and Kubernetes native security is what people are looking at. When you look at that trend only continuing, what's your focus? What do you see? Now that you're in Red Hat as the CTO, former CTO of StackRox and now part of the Red Hat it's going to get bigger and stronger Kubernetes native and shifting left-hand or DevSecOps. What's your focus? >> Yeah, so I would say our focus is really around two big buckets. One is, Kubernetes native, sort of a different way to think about it as we think about our roadmap planning and go-to-market strategy is it's mutually exclusive with being in infrastructure native, that's how we think about it and as a startup we really have to focus on an area and Kubernetes was a great place for us to focus on because it was becoming the dominant orchestration engine. Now that we have the resources and the power of Red Hat behind us, the way we're thinking about this is infrastructure native. So, thinking about cloud native infrastructure where you're using composable, reusable, constructs and objects, how do you build potential offerings or features or security components that don't rely on third party tools or components anymore? How do you leverage the existing infrastructure itself to be able to conduct some of these traditional use cases? And one example we use for this particular scenario is networking. Networking, the way firewalling in segmentation was typically done was, people would tweak IP tables or they would install, for example, a proxy or a container that would terminate MTLS or become inline and it would create all sorts of sort of operational and risk overhead for users and for customers. And one of the things we're really proud of as sort of the company that pioneered this notion of cloud native security is if you just leverage network policies in Kubernetes, you don't have to be inline you don't have to have additional privileges, you don't have to create additional risks or operational overhead for users. So we're taking those sort of core philosophies and extending them. The same way we did to Kubernetes all the way through service manager, we're doing the same sorts of things Istio being able to do a lot of the things people are traditionally doing through for example, proxies through layer six and seven, we want to do through Istio. And then the same way for example, we introduced a product called GoDBledger which was an open-source tool, which would basically look at a yaml on helm charts and give you best practices responses. And it's something you we want for example to your get repositories. We want to take those sort of principles, enabling developers, giving them feedback, allowing them not to break their existing workflows and leveraging components in existing infrastructure to be able to sort of push security into cloud native. And really the two pillars we look at are ensuring we can get users and customers up and running as quickly as possible and reduce as much as possible operational overhead for them over time. So we feel these two are really at the core of open-sourcing in building into the infrastructure, which has sort of given us momentum over the last six years and we feel pretty confident with Red Hat's help we can even expand that further. >> Yeah, I mean, you bring up a good point and it's certainly as you get more scale with Red Hat and then the customer base, not only in dealing with the threat detection around containers and cloud native applications, you got to kind of build into the life cycle and you've got to figure out, okay, it's not just Kubernetes anymore, it's something else. And you've got advanced cluster security with Red Hat they got OpenShift cloud platform, you're going to have managed services so this means you're going to have scale, right? So, how do you view that? Because now you're going to have, you guys at the center of the advanced cluster security paradigm for Red Hat. That's a big deal for them and they've got a lot of R and D and a lot of, I wouldn't say R and D, but they got emerging technologies developing around that. We covered that in depth. So when you start to get into advanced cluster, it's compliance too, it's not just threat detection. You got insights telemetry, data acquisition, so you have to kind of be part of that now. How do you guys feel about that? Are you up for the task? >> Yeah, I hope so it's early days but we feel pretty confident about it, we have a very good team. So as part of the advanced cluster security we work also very closely with the advanced cluster management team in Red Hat because it's not just about security, it's about, how do you operationalize it, how do you manage it and maintain it and to your point sort of run it longterm at scale. The compliance part of it is a very important part. I still feel like that's in its infancy and these are a lot of conversations we're having internally at Red Hat, which is, we all feel that compliance is going to sort of more from the standard benchmarks you have from CIS or particular compliance requirements like the power, of PCI or Nest into how do you create more flexible and composable policies through a unified language that allows you to be able to create more custom or more useful things specific to your business? So this is actually, an area we're doing a lot of collaboration with the advanced cluster management team which is in that, how do you sort of bring to light a really easy way for customers to be able to describe and sort of abstract policies and then at the same time be able to actually and enforce them. So we think that's really the next key point of what we have to accomplish to be able to sort of not only gain scale, but to be able to take this notion of, not only detection in response but be able to actually build in what we call declarative security into your infrastructure. And what that means is, is to be able to really dictate how you want your applications, your services, your infrastructure to be configured and run and then anything that is sort of conflicting with that is auto responded to and I think that's really the larger vision that with Red Hat, we're trying to accomplish. >> And that's a nice posture to have you build it in, get it built in, you have the declarative models then you kind of go from there and then let the automation kick in. You got insights coming in from Red Hat. So all these things are kind of evolving. It's still early days and I think it was a nice move by Red Hat, so congratulations. Final question for you is, as you prepare to go to the next generation KubeCon is also seeing a lot more end user participation, people, you know, cloud native is going mainstream, when I say mainstream, seeing beyond the hyperscalers in the early adopters, Kubernetes and other infrastructure control planes are coming in you start to see the platforms emerge. Nobody wants another security tool, they want platforms that enable applications handle tools. As it gets more complicated, what's going to be the easy button in security cloud native? What's the approach? What's your vision on what's next? >> Yeah so, I don't know if there is an easy button in security and I think part of it is that there's just such a fragmentation and use cases and sort of designs and infrastructure that doesn't exist, especially if you're dealing with such a complex stack. And not only just a complex stack but a potentially use cases that not only span runtime but they deal with you deployment annual development life cycle. So the way we think about it is more sort of this notion that has been around for a long time which is the shared responsibility model. Security is not security's job anymore. Especially, because security teams probably cannot really keep up with the learning curve. Like they have to understand containers then they have to understand Kubernetes and Istio and Envoy and cloud platforms and APIs. and there's just too much happening. So the way we think about it is if you deal with security a in a declarative version and if you can state things in a way where how infrastructure is ran is properly configured. So it's more about safety than security. Then what you can do is push a lot of these best practices back as part of your gift process. Involve developers, engineers, the right product security team that are responsible for day-to-day managing and maintaining this. And the example we think about is, is like CVEs. There are plenty of, for example, vulnerability tools but the CVEs are still an unsolved problem because, where are they, what is the impact? Are they actually running? Are they being exploited in the wild? And all these things have different ramifications as you span it across the life cycle. So for us, it's understanding context, understanding assets ensuring how the infrastructure has to handle that asset and then ensuring that the route for that response is sent to the right team, so they can address it properly. And I think that's really our larger vision is how can you automate this entire life cycle? So, the information is routed to the right teams, the right teams are appending it to the application and in the future, our goal is not to just pardon the workload or the compute environment, but use this information to action pardon application themselves and that creates that additional agility and scalability. >> Yeah it's in the lifecycle of that built in right from the beginning, more productivity, more security and then, letting everything take over on the automation side. Ali congratulations on the acquisition deal with Red Hat, buyout that was great for them and for you guys. Take a minute to just quickly answer final final question for the folks watching here. The big news is you're open-sourcing StackRox, so that's a big news here at KubeCon. What can people do to get involved? Well, just share a quick quick commercial for what people can do to get involved? What are you guys looking for? Take a pledge to the community? >> Yeah, I mean, what we're looking for is more involvement in direct feedback from our community, from our users, from our customers. So there's a number, obviously the StackRox platform itself being open-source, we have other open-source tools like the KubeLinter. What we're looking for is feedback from users as to what are the pain points that they're trying to solve for. And then give us feedback as to how we're not addressing those or how can we better design our systems? I mean, this is the sort of feedback we're looking for and naturally with more resources, we can be a lot faster in response. So send us feedback good or bad. We would love to hear it from our users and our customers and get a better sense of what they're looking for. >> Innovation out in the open love it, got to love open-source going next gen, Ali Golshan Senior Director of Global Software Engineering the new title at Red Hat former CTO and founder of StackRox which spread had acquired in January, 2021. Ali thanks for coming on congratulations. >> Thanks for having, >> Okay, so keeps coverage of Kube Con cloud native Con 2021. I'm John Furrie, your host. Thanks for watching. (soft music)

>> Announcer: From the Cube's studios in Palo Alto in Boston, bringing you data-driven insights from The Cube and ETR. This is "Breaking Analysis" with Dave Vellante. >> Exactly one week after Pat Gelsinger's announcement of his plans to reinvent Intel. Arm announced version nine of its architecture and laid out its vision for the next decade. We believe this vision is extremely strong as it combines an end-to-end capability from Edge to Cloud, to the data center, to the home and everything in between. Arms aspirations are ambitious and powerful. Leveraging its business model, ecosystem and software compatibility with previous generations. Hello every one and welcome to this week's Wikibon Cube Insights powered by ETR. And this breaking analysis will explain why we think this announcement is so important and what it means for Intel and the broader technology landscape. We'll also share with you some feedback that we received from the Cube Community on last week's episode and a little inside baseball on how Intel, IBM, Samsung, TSMC and the U.S. government might be thinking about the shifting landscape of semiconductor technology. Now, there were two notable announcements this week that were directly related to Intel's announcement of March 23rd. The Armv9 news and TSMC's plans to invest a $100 billion in chip manufacturing and development over the next three years. That is a big number. It appears to tramp Intel's plan $20 billion investment to launch two new fabs in the U.S. starting in 2024. You may remember back in 2019, Samsung pledged to invest a $116 billion to diversify its production beyond memory trip, memory chips. Why are all these companies getting so aggressive? And won't this cause a glut in chips? Well, first, China looms large and aims to dominate its local markets, which in turn is going to confer advantages globally. The second, there's a huge chip shortage right now. And the belief is that it's going to continue through the decade and possibly beyond. We are seeing a new inflection point in the demand as we discussed last week. Stemming from digital, IOT, cloud, autos in new use cases in the home as so well presented by Sarjeet Johal in our community. As to the glut, these manufacturers believe that demand will outstrip supply indefinitely. And I understand that a lack of manufacturing capacity is actually more deadly than an oversupply. Look, if there's a glut, manufacturers can cut production and take the financial hit. Whereas capacity constraints mean you can miss entire cycles of growth and really miss out on the demand and the cost reductions. So, all these manufacturers are going for it. Now let's talk about Arm, its approach and the announcements that it made this week. Now last week, we talked about how Pat Gelsinger his vision of a system on package was an attempt to leapfrog system on chip SOC, while Arm is taking a similar system approach. But in our view, it's even broader than the vision laid out by Pat at Intel. Arm is targeting a wide variety of use cases that are shown here. Arm's fundamental philosophy is that the future will require highly specialized chips and Intel as you recall from Pat's announcement, would agree. But Arm historically takes an ecosystem approach that is different from Intel's model. Arm is all about enabling the production of specialized chips to really fit a specific application. For example, think about the amount of AI going on iPhones. They move if I remember from fingerprint to face recognition. This requires specialized neural processing units, NPUs that are designed by Apple for that particular use case. Arm is facilitating the creation of these specialized chips to be designed and produced by the ecosystem. Intel on the other hand has historically taken a one size fits all approach. Built around the x86. The Intel's design has always been about improving the processor. For example, in terms of speed, density, adding vector processing to accommodate AI, et cetera. And Intel does all the design and the manufacturing in any specialization for the ecosystem is done by Intel. Much of the value, that's added from the ecosystem is frankly been bending metal or adding displays or other features at the margin. But, the advantage is that the x86 architecture is well understood. It's consistent, reliable, and let's face it. Most enterprise software runs on x86. So, but very, very different models historically, which we heard from Gelsinger last week they're going to change with a new trusted foundry strategy. Now let's go through an example that might help explain the power of Arm's model. Let's say, your AWS and you're doing graviton. Designing graviton and graviton2. Or Apple, designing the M1 chip, or Tesla designing its own chip, or any other company in in any one of these use cases that are shown here. Tesla is a really good example. In order to optimize for video processing, Tesla needed to add specialized code firmware in the NPU for it's specific use case within autos. It was happy to take off the shelf CPU or GPU or whatever, and leverage Arm's standards there. And then it added its own value in the NPU. So the advantage of this model is Tesla could go from tape out in less or, or, or or in less than a year versus get the tape out in less than a year versus what would normally take many years. Arm is, think of Arm is like customize a Lego blocks that enable unique value add by the ecosystem with a much faster time to market. So like I say, the Tesla goes from logical tape out if you will, to Samsung and then says, okay run this against your manufacturing process. And it should all work as advertised by Arm. Tesla, interestingly, just as an aside chose the 14 nanometer process to keep its costs down. It didn't need the latest and greatest density. Okay, so you can see big difference in philosophies historically between Arm and Intel. And you can see Intel vectoring toward the Arm model based on what Gelsinger said last week for its foundry business. Essentially it has to. Now, Arm announced a new Arm architecture, Armv9. v9 is backwards compatible with previous generations. Perhaps Arm learned from Intel's failed, Itanium effort for those remember that word. Had no backward compatibility and it really floundered. As well, Arm adds some additional capabilities. And today we're going to focus on the two areas that have highlighted, machine learning piece and security. I'll take note of the call out, 300 billion chips. That's Arm's vision. That's a lot. And we've said, before, Arm's way for volumes are 10X those of x86. Volume, we sound like a broken record. Volume equals cost reduction. We'll come back to that a little bit later. Now let's have a word on AI and machine learning. Arm is betting on AI and ML. Big as are many others. And this chart really shows why, it's a graphic that shows ETR data and spending momentum and pervasiveness in the dataset across all the different sectors that ETR tracks within its taxonomy. Note that ML/AI gets the top spot on the vertical axis, which represents net score. That's a measure of spending momentum or spending velocity. The horizontal axis is market share presence in the dataset. And we give this sector four stars to signify it's consistent lead in the data. So pretty reasonable bet by Arm. But the other area that we're going to talk about is security. And its vision day, Arm talked about confidential compute architecture and these things called realms. Note in the left-hand side, showing data traveling all over the different use cases and around the world and the call-out from the CISO below, it's a large public airline CISO that spoke at an ETR Venn round table. And this individual noted that the shifting end points increase the threat vectors. We all know that. Arm said something that really resonated. Specifically, they said today, there's far too much trust on the OS and the hypervisor that are running these applications. And their broad access to data is a weakness. Arm's concept of realms as shown in the right-hand side, underscores the company strategy to remove the assumption that privileged software. Like the hypervisor needs to be able to see the data. So by creating realms, in a virtualized multi-tenant environment, data can be more protected from memory leaks which of course is a major opportunity for hackers that they exploit. So it's a nice concept in a way for the system to isolate attendance data from other users. Okay, we want, we want to share some feedback that we got last week from the community on our analysis of Intel. A tech exec from city pointed out that, Intel really didn't miss a mobile, as we said, it really missed smartphones. In fact, whell, this is a kind of a minor distinction, it's important to recognize we think. Because Intel facilitated WIFI with Centrino, under the direction of Paul Alini. Who by the way, was not an engineer. I think he was the first non-engineer to be the CEO of Intel. He was a marketing person by background. Ironically, Intel's work in wifi connectivity enabled, actually enabled the smartphone revolution. And maybe that makes the smartphone missed by Intel all that more egregious, I don't know. Now the other piece of feedback we received related to our IBM scenario and our three-way joint venture prediction bringing together Intel, IBM, and Samsung in a triumvirate where Intel brings the foundry and it's process manufacturing. IBM brings its dis-aggregated memory technology and Samsung brings its its volume and its knowledge of of volume down the learning curve. Let's start with IBM. Remember we said that IBM with power 10 has the best technology in terms of this notion of dis-aggregating compute from memory and sharing memory in a pool across different processor types. So a few things in this regard, IBM when it restructured its micro electronics business under Ginni Rometty, catalyzed the partnership with global foundries and you know, this picture in the upper right it shows the global foundries facility outside of Albany, New York in Malta. And the partnership included AMD and Samsung. But we believe that global foundries is backed away from some of its contractual commitments with IBM causing a bit of a rift between the companies and leaving a hole in your original strategy. And evidently AMD hasn't really leaned in to move the needle in any way and so the New York foundry, is it a bit of a state of limbo with respect to its original vision. Now, well, Arvind Krishna was the face of the Intel announcement. It clearly has deep knowledge of IBM semiconductor strategy. Dario Gill, we think is a key player in the mix. He's the senior vice president director of IBM research. And it is in a position to affect some knowledge sharing and maybe even knowledge transfer with Intel possibly as it relates to disaggregated architecture. His questions remain as to how open IBM will be. And how protected it will be with its IP. It's got, as we said, last week, it's got to have an incentive to do so. Now why would IBM do that? Well, it wants to compete more effectively with VMware who has done a great job leveraging x86 and that's the biggest competitor in threat to open shift. So Arvind needs Intel chips to really execute on IBM's cloud strategy. Because almost all of IBM's customers are running apps on x86. So IBM's cloud and hybrid cloud. Strategy really need to leverage that Intel partnership. Now Intel for its part has great FinFET technology. FinFET is a tactic goes beyond CMOs. You all mainframes might remember when IBM burned the boat on ECL, Emitter-coupled Logic. And then moved to CMOs for its mainframes. Well, this is the next gen beyond, and it could give Intel a leg up on AMD's chiplet intellectual properties. Especially as it relates to latency. And there could be some benefits there for IBM. So maybe there's a quid pro quo going on. Now, where it really gets interesting is New York Senator, Chuck Schumer, is keen on building up an alternative to Silicon Valley in New York now it is Silicon Alley. So it's possible that Intel, who by the way has really good process technology. This is an aside, it really allowed TSMC to run the table with the whole seven nanometers versus 10 minute nanometer narrative. TSMC was at seven nanometer. Intel was at 10 nanometer. And really, we've said in the past that Intel's 10 nanometer tech is pretty close to TSMC seven. So Intel's ahead in that regard, even though in terms of, you know, the intervener thickness density, it's it's not, you know. These are sort of games that the semiconductor companies play, but you know it's possible that Intel with the U.S. government and IBM and Samsung could make a play for that New York foundry as part of Intel's trusted foundry strategy and kind of reshuffle that deck in Albany. Sounds like a "Game of Thrones," doesn't it? By the way, TSMC has been so consumed servicing Apple for five nanometer and eventually four nanometer that it's dropped the ball on some of its other's customers, namely Nvidia. And remember, a long-term competitiveness and cost reductions, they all come down to volume. And we think that Intel can't get to volume without an Arm strategy. Okay, so maybe the JV, the Joint Venture that we talked about, maybe we're out on a limb there and that's a stretch. And perhaps Samsung's not willing to play ball, given it's made huge investments in fabs and infrastructure and other resources, locally, but we think it's still viable scenario because we think Samsung definitely would covet a presence in the United States. No good to do that directly but maybe a partnership makes more sense in terms of gaining ground on TSMC. But anyway, let's say Intel can become a trusted foundry with the help of IBM and the U.S. government. Maybe then it could compete on volume. Well, how would that work? Well, let's say Nvidia, let's say they're not too happy with TSMC. Maybe with entertain Intel as a second source. Would that do it? In and of itself, no. But what about AWS and Google and Facebook? Maybe this is a way to placate the U.S. government and call off the antitrust dogs. Hey, we'll give Intel Foundry our business to secure America's semiconductor leadership and future and pay U.S. government. Why don't you chill out, back off a little bit. Microsoft even though, you know, it's not getting as much scrutiny from the U.S. government, it's anti trustee is maybe perhaps are behind it, who knows. But I think Microsoft would be happy to play ball as well. Now, would this give Intel a competitive volume posture? Yes, we think it would, for sure. If it can gain the trust of these companies and the volume we think would be there. But as we've said, currently, this is a very, very long shot because of the, the, the new strategy, the distance the difference in the Foundry business all those challenges that we laid out last week, it's going to take years to play out. But the dots are starting to connect in this scenario and the stakes are exceedingly high hence the importance of the U.S. government. Okay, that's it for now. Thanks to the community for your comments and insights. And thanks again to David Floyer whose analysis around Arm and semiconductors. And this work that he's done for the past decade is of tremendous help. Remember I publish each week on wikibon.com and siliconangle.com. And these episodes are all available as podcasts, just search for braking analysis podcast and you can always connect on Twitter. You can hit the chat right here or this live event or email me at david.vellante@siliconangle.com. Look, I always appreciate the comments on LinkedIn and Clubhouse. You can follow me so you're notified when we start a room and riff on these topics as well as others. And don't forget to check out etr.plus where all the survey data. This is Dave Vellante for the Cube Insights powered by ETR. Be well, and we'll see you next time. (cheerful music) (cheerful music)

>> From the Cube's studios in Palo Alto in Boston, bringing you data-driven insights from The Cube and ETR. This is "Breaking Analysis" with Dave Vellante. >> Exactly one week after Pat Gelsinger's announcement of his plans to reinvent Intel. Arm announced version nine of its architecture and laid out its vision for the next decade. We believe this vision is extremely strong as it combines an end-to-end capability from Edge to Cloud, to the data center, to the home and everything in between. Arms aspirations are ambitious and powerful. Leveraging its business model, ecosystem and software compatibility with previous generations. Hello every one and welcome to this week's Wikibon Cube Insights powered by ETR. And this breaking analysis will explain why we think this announcement is so important and what it means for Intel and the broader technology landscape. We'll also share with you some feedback that we received from the Cube Community on last week's episode and a little inside baseball on how Intel, IBM, Samsung, TSMC and the U.S. government might be thinking about the shifting landscape of semiconductor technology. Now, there were two notable announcements this week that were directly related to Intel's announcement of March 23rd. The Armv9 news and TSMC's plans to invest a $100 billion in chip manufacturing and development over the next three years. That is a big number. It appears to tramp Intel's plan $20 billion investment to launch two new fabs in the U.S. starting in 2024. You may remember back in 2019, Samsung pledged to invest a $116 billion to diversify its production beyond memory trip, memory chips. Why are all these companies getting so aggressive? And won't this cause a glut in chips? Well, first, China looms large and aims to dominate its local markets, which in turn is going to confer advantages globally. The second, there's a huge chip shortage right now. And the belief is that it's going to continue through the decade and possibly beyond. We are seeing a new inflection point in the demand as we discussed last week. Stemming from digital, IOT, cloud, autos in new use cases in the home as so well presented by Sarjeet Johal in our community. As to the glut, these manufacturers believe that demand will outstrip supply indefinitely. And I understand that a lack of manufacturing capacity is actually more deadly than an oversupply. Look, if there's a glut, manufacturers can cut production and take the financial hit. Whereas capacity constraints mean you can miss entire cycles of growth and really miss out on the demand and the cost reductions. So, all these manufacturers are going for it. Now let's talk about Arm, its approach and the announcements that it made this week. Now last week, we talked about how Pat Gelsinger his vision of a system on package was an attempt to leapfrog system on chip SOC, while Arm is taking a similar system approach. But in our view, it's even broader than the vision laid out by Pat at Intel. Arm is targeting a wide variety of use cases that are shown here. Arm's fundamental philosophy is that the future will require highly specialized chips and Intel as you recall from Pat's announcement, would agree. But Arm historically takes an ecosystem approach that is different from Intel's model. Arm is all about enabling the production of specialized chips to really fit a specific application. For example, think about the amount of AI going on iPhones. They move if I remember from fingerprint to face recognition. This requires specialized neural processing units, NPUs that are designed by Apple for that particular use case. Arm is facilitating the creation of these specialized chips to be designed and produced by the ecosystem. Intel on the other hand has historically taken a one size fits all approach. Built around the x86. The Intel's design has always been about improving the processor. For example, in terms of speed, density, adding vector processing to accommodate AI, et cetera. And Intel does all the design and the manufacturing in any specialization for the ecosystem is done by Intel. Much of the value, that's added from the ecosystem is frankly been bending metal or adding displays or other features at the margin. But, the advantage is that the x86 architecture is well understood. It's consistent, reliable, and let's face it. Most enterprise software runs on x86. So, but very, very different models historically, which we heard from Gelsinger last week they're going to change with a new trusted foundry strategy. Now let's go through an example that might help explain the power of Arm's model. Let's say, your AWS and you're doing graviton. Designing graviton and graviton2. Or Apple, designing the M1 chip, or Tesla designing its own chip, or any other company in in any one of these use cases that are shown here. Tesla is a really good example. In order to optimize for video processing, Tesla needed to add specialized code firmware in the NPU for it's specific use case within autos. It was happy to take off the shelf CPU or GPU or whatever, and leverage Arm's standards there. And then it added its own value in the NPU. So the advantage of this model is Tesla could go from tape out in less or, or, or or in less than a year versus get the tape out in less than a year versus what would normally take many years. Arm is, think of Arm is like customize a Lego blocks that enable unique value add by the ecosystem with a much faster time to market. So like I say, the Tesla goes from logical tape out if you will, to Samsung and then says, okay run this against your manufacturing process. And it should all work as advertised by Arm. Tesla, interestingly, just as an aside chose the 14 nanometer process to keep its costs down. It didn't need the latest and greatest density. Okay, so you can see big difference in philosophies historically between Arm and Intel. And you can see Intel vectoring toward the Arm model based on what Gelsinger said last week for its foundry business. Essentially it has to. Now, Arm announced a new Arm architecture, Armv9. v9 is backwards compatible with previous generations. Perhaps Arm learned from Intel's failed, Itanium effort for those remember that word. Had no backward compatibility and it really floundered. As well, Arm adds some additional capabilities. And today we're going to focus on the two areas that have highlighted, machine learning piece and security. I'll take note of the call out, 300 billion chips. That's Arm's vision. That's a lot. And we've said, before, Arm's way for volumes are 10X those of x86. Volume, we sound like a broken record. Volume equals cost reduction. We'll come back to that a little bit later. Now let's have a word on AI and machine learning. Arm is betting on AI and ML. Big as are many others. And this chart really shows why, it's a graphic that shows ETR data and spending momentum and pervasiveness in the dataset across all the different sectors that ETR tracks within its taxonomy. Note that ML/AI gets the top spot on the vertical axis, which represents net score. That's a measure of spending momentum or spending velocity. The horizontal axis is market share presence in the dataset. And we give this sector four stars to signify it's consistent lead in the data. So pretty reasonable bet by Arm. But the other area that we're going to talk about is security. And its vision day, Arm talked about confidential compute architecture and these things called realms. Note in the left-hand side, showing data traveling all over the different use cases and around the world and the call-out from the CISO below, it's a large public airline CISO that spoke at an ETR Venn round table. And this individual noted that the shifting end points increase the threat vectors. We all know that. Arm said something that really resonated. Specifically, they said today, there's far too much trust on the OS and the hypervisor that are running these applications. And their broad access to data is a weakness. Arm's concept of realms as shown in the right-hand side, underscores the company strategy to remove the assumption that privileged software. Like the hypervisor needs to be able to see the data. So by creating realms, in a virtualized multi-tenant environment, data can be more protected from memory leaks which of course is a major opportunity for hackers that they exploit. So it's a nice concept in a way for the system to isolate attendance data from other users. Okay, we want, we want to share some feedback that we got last week from the community on our analysis of Intel. A tech exec from city pointed out that, Intel really didn't miss a mobile, as we said, it really missed smartphones. In fact, whell, this is a kind of a minor distinction, it's important to recognize we think. Because Intel facilitated WIFI with Centrino, under the direction of Paul Alini. Who by the way, was not an engineer. I think he was the first non-engineer to be the CEO of Intel. He was a marketing person by background. Ironically, Intel's work in wifi connectivity enabled, actually enabled the smartphone revolution. And maybe that makes the smartphone missed by Intel all that more egregious, I don't know. Now the other piece of feedback we received related to our IBM scenario and our three-way joint venture prediction bringing together Intel, IBM, and Samsung in a triumvirate where Intel brings the foundry and it's process manufacturing. IBM brings its dis-aggregated memory technology and Samsung brings its its volume and its knowledge of of volume down the learning curve. Let's start with IBM. Remember we said that IBM with power 10 has the best technology in terms of this notion of dis-aggregating compute from memory and sharing memory in a pool across different processor types. So a few things in this regard, IBM when it restructured its micro electronics business under Ginni Rometty, catalyzed the partnership with global foundries and you know, this picture in the upper right it shows the global foundries facility outside of Albany, New York in Malta. And the partnership included AMD and Samsung. But we believe that global foundries is backed away from some of its contractual commitments with IBM causing a bit of a rift between the companies and leaving a hole in your original strategy. And evidently AMD hasn't really leaned in to move the needle in any way and so the New York foundry, is it a bit of a state of limbo with respect to its original vision. Now, well, Arvind Krishna was the face of the Intel announcement. It clearly has deep knowledge of IBM semiconductor strategy. Dario Gill, we think is a key player in the mix. He's the senior vice president director of IBM research. And it is in a position to affect some knowledge sharing and maybe even knowledge transfer with Intel possibly as it relates to disaggregated architecture. His questions remain as to how open IBM will be. And how protected it will be with its IP. It's got, as we said, last week, it's got to have an incentive to do so. Now why would IBM do that? Well, it wants to compete more effectively with VMware who has done a great job leveraging x86 and that's the biggest competitor in threat to open shift. So Arvind needs Intel chips to really execute on IBM's cloud strategy. Because almost all of IBM's customers are running apps on x86. So IBM's cloud and hybrid cloud. Strategy really need to leverage that Intel partnership. Now Intel for its part has great FinFET technology. FinFET is a tactic goes beyond CMOs. You all mainframes might remember when IBM burned the boat on ECL, Emitter-coupled Logic. And then moved to CMOs for its mainframes. Well, this is the next gen beyond, and it could give Intel a leg up on AMD's chiplet intellectual properties. Especially as it relates to latency. And there could be some benefits there for IBM. So maybe there's a quid pro quo going on. Now, where it really gets interesting is New York Senator, Chuck Schumer, is keen on building up an alternative to Silicon Valley in New York now it is Silicon Alley. So it's possible that Intel, who by the way has really good process technology. This is an aside, it really allowed TSMC to run the table with the whole seven nanometers versus 10 minute nanometer narrative. TSMC was at seven nanometer. Intel was at 10 nanometer. And really, we've said in the past that Intel's 10 nanometer tech is pretty close to TSMC seven. So Intel's ahead in that regard, even though in terms of, you know, the intervener thickness density, it's it's not, you know. These are sort of games that the semiconductor companies play, but you know it's possible that Intel with the U.S. government and IBM and Samsung could make a play for that New York foundry as part of Intel's trusted foundry strategy and kind of reshuffle that deck in Albany. Sounds like a "Game of Thrones," doesn't it? By the way, TSMC has been so consumed servicing Apple for five nanometer and eventually four nanometer that it's dropped the ball on some of its other's customers, namely Nvidia. And remember, a long-term competitiveness and cost reductions, they all come down to volume. And we think that Intel can't get to volume without an Arm strategy. Okay, so maybe the JV, the Joint Venture that we talked about, maybe we're out on a limb there and that's a stretch. And perhaps Samsung's not willing to play ball, given it's made huge investments in fabs and infrastructure and other resources, locally, but we think it's still viable scenario because we think Samsung definitely would covet a presence in the United States. No good to do that directly but maybe a partnership makes more sense in terms of gaining ground on TSMC. But anyway, let's say Intel can become a trusted foundry with the help of IBM and the U.S. government. Maybe then it could compete on volume. Well, how would that work? Well, let's say Nvidia, let's say they're not too happy with TSMC. Maybe with entertain Intel as a second source. Would that do it? In and of itself, no. But what about AWS and Google and Facebook? Maybe this is a way to placate the U.S. government and call off the antitrust dogs. Hey, we'll give Intel Foundry our business to secure America's semiconductor leadership and future and pay U.S. government. Why don't you chill out, back off a little bit. Microsoft even though, you know, it's not getting as much scrutiny from the U.S. government, it's anti trustee is maybe perhaps are behind it, who knows. But I think Microsoft would be happy to play ball as well. Now, would this give Intel a competitive volume posture? Yes, we think it would, for sure. If it can gain the trust of these companies and the volume we think would be there. But as we've said, currently, this is a very, very long shot because of the, the, the new strategy, the distance the difference in the Foundry business all those challenges that we laid out last week, it's going to take years to play out. But the dots are starting to connect in this scenario and the stakes are exceedingly high hence the importance of the U.S. government. Okay, that's it for now. Thanks to the community for your comments and insights. And thanks again to David Floyer whose analysis around Arm and semiconductors. And this work that he's done for the past decade is of tremendous help. Remember I publish each week on wikibon.com and siliconangle.com. And these episodes are all available as podcasts, just search for braking analysis podcast and you can always connect on Twitter. You can hit the chat right here or this live event or email me at david.vellante@siliconangle.com. Look, I always appreciate the comments on LinkedIn and Clubhouse. You can follow me so you're notified when we start a room and riff on these topics as well as others. And don't forget to check out etr.plus where all the survey data. This is Dave Vellante for the Cube Insights powered by ETR. Be well, and we'll see you next time. (cheerful music) (cheerful music)

>> Hi and welcome to Data Cloud catalyst Women in Tech Round Table Panel discussion. I am so excited to have three fantastic female executives with me today, who have been driving transformations through data throughout their entire career. With me today is Lisa Davis, SVP and CIO OF Blue shield of California. We also have Nishita Henry who is the Chief Innovation Officer at Deloitte and Teresa Briggs who is on a variety of board of directors including our very own Snowflake. Welcome ladies. >> Thank you. >> So I am just going to dive right in, you all have really amazing careers and resumes behind you, am really curious throughout your career, how have you seen the use of data evolve throughout your career and Lisa am going to start with you. >> Thank you, having been in technology my entire career, technology and data has really evolved from being the province of a few in an organization to frankly being critical to everyone's business outcomes. Now every business leader really needs to embrace data analytics and technology. We've been talking about digital transformation, probably the last five, seven years, we've all talked about, disrupt or be disrupted, At the core of that digital transformation is the use of data. Data and analytics that we derive insights from and actually improve our decision making by driving a differentiated experience and capability into market. So data has involved as being I would say almost tactical, in some sense over my technology career to really being a strategic asset of what we leverage personally in our own careers, but also what we must leverage as companies to drive a differentiated capability to experience and remain relative in the market today. >> Nishita curious your take on, how you have seen data evolve? >> Yeah, I agree with Lisa, it has definitely become a the lifeblood of every business, right? It used to be that there were a few companies in the business of technology, every business is now a technology business. Every business is a data business, it is the way that they go to market, shape the market and serve their clients. Whether you're in construction, whether you're in retail, whether you're in healthcare doesn't matter, right? Data is necessary for every business to survive and thrive. And I remember at the beginning of my career, data was always important, but it was about storing data, it was about giving people individual reports, it was about supplying that data to one person or one business unit in silos. And it then evolved right over the course of time into integrating data into saying, alright, how does one piece of data correlate to the other and how can I get insights out of that data? Now, its gone to the point of how do I use that data to predict the future? How do I use that data to automate the future? How do I use that data not just for humans to make decisions, but for other machines to make decisions, right? Which is a big leap and a big change in how we use data, how we analyze data and how we use it for insights and involving our businesses. >> Yeah its really changed so tremendously just in the past five years, its amazing. So Teresa we've talked a lot about the Data Cloud, where do you think we are heading with that and also how can future leaders really guide their careers in data especially in those jobs where we don't traditionally think of them in the data science space? Teresa your thoughts on that. >> Yeah, well since I'm on the Snowflake Board, I'll talk a little bit about the Snowflake Data Cloud, we're getting your company's data out of the silos that exist all over your organization. We're bringing third party data in to combine with your own data and we're wrapping a governance structure around it and feeding it out to your employees so they can get their jobs done, as simple as that. I think we've all seen the pandemic accelerate the digitization of our work. And if you ever doubted that the future of work is here, it is here and companies are scrambling to catch up by providing the right amount of data, collaboration tools, workflow tools for their workers to get their jobs done. Now, it used to be as prior people have mentioned that in order to work with data you had to be a data scientist, but I was an auditor back in the day we used to work on 16 column spreadsheets. And now if you're an accounting major coming out of college joining an auditing firm, you have to be tech and data savvy because you're going to be extracting, manipulating, analyzing and auditing data, that massive amounts of data that sit in your clients IT systems. I'm on the board of Warby Parker, and you might think that their most valuable asset is their amazing frame collection, but it's actually their data, their 360 degree view of the customer. And so if you're a merchant, or you're in strategy, or marketing or talent or the Co-CEO, you're using data every day in your work. And so I think it's going to become a ubiquitous skill that any anyone who's a knowledge worker has to be able to work with data. >> Yeah I think its just going to be organic to every role going forward in the industry. So, Lisa curious about your thoughts about Data Cloud, the future of it and how people can really leverage it in their jobs for future leaders. >> Yeah, absolutely most enterprises today are, I would say, hybrid multicloud enterprises. What does that mean? That means that we have data sitting on-prem, we have data sitting in public clouds through software as a service applications. We have a data everywhere. Most enterprises have data everywhere, certainly those that have owned infrastructure or weren't born on the web. One of the areas that I love that Data Cloud is addressing is area around data portability and mobility. Because I have data sitting in various locations through my enterprise, how do I aggregate that data to really drive meaningful insights out of that data to drive better business outcomes? And at Blue Shield of California, one of our key initiatives is what we call an Experienced Cube. What does that mean? That means how do I drive transparency of data between providers, members and payers? So that not only do I reduce overhead on providers and provide them a better experience, our hospital systems are doctors, but ultimately, how do we have the member have it their power of their fingertips the value of their data holistically, so that we're making better decisions about their health care. One of the things Teresa was talking about, was the use of this data and I would drive to data democratization. We got to put the power of data into the hands of everyone, not just data scientists, yes we need those data scientists to help us build AI models to really drive and tackle these tough old, tougher challenges and business problems that we may have in our environments. But everybody in the company both on the IT side, both on the business side, really need to understand of how do we become a data insights driven enterprise, put the power of the data into everyone's hands so that we can accelerate capabilities, right? And leverage that data to ultimately drive better business results. So as a leader, as a technology leader, part of our responsibility, our leadership is to help our companies do that. And that's really one of the exciting things that I'm doing in my role now at Blue Shield of California. >> Yeah its really, really exciting time. I want to shift gears a little bit and focus on women in Tech. So I think in the past five to ten years there has been a lot of headway in this space but the truth is women are still under represented in the tech space. So what can we do to attract more women into technology quite honestly. So Nishita curious what your thoughts are on that? >> Great question and I am so passionate about this for a lot of reasons, not the least of which is I have two daughters of my own and I know how important it is for women and young girls to actually start early in their love for technology and data and all things digital, right? So I think it's one very important to start early started early education, building confidence of young girls that they can do this, showing them role models. We at Deloitte just partnered with LV Engineer to actually make comic books centered around young girls and boys in the early elementary age to talk about how heroes in tech solve everyday problems. And so really helping to get people's minds around tech is not just in the back office coding on a computer, tech is about solving problems together that help us as citizens, as customers, right? And as humanity, so I think that's important. I also think we have to expand that definition of tech, as we just said it's not just about right, database design, It's not just about Java and Python coding, it's about design, it's about the human machine interfaces, it's about how do you use it to solve real problems and getting people to think in that kind of mindset makes it more attractive and exciting. And lastly, I'd say look we have a absolute imperative to get a diverse population of people, not just women, but minorities, those with other types of backgrounds, disabilities, et cetera involved because this data is being used to drive decision making in all involved, right, and how that data makes decisions, it can lead to unnatural biases that no one intended but can happen just 'cause we haven't involved a diverse enough group of people around it. >> Absolutely, lisa curious about your thoughts on this. >> I agree with everything Nishita said, I've been passionate about this area, I think it starts with first we need more role models, we need more role models as women in these leadership roles throughout various sectors. And it really is it starts with us and helping to pull other women forward. So I think certainly it's part of my responsibility, I think all of us as female executives that if you have a seat at the table to leverage that seat at the table to drive change, to bring more women forward more diversity forward into the boardroom and into our executive suites. I also want to touch on a point Nishita made about women we're the largest consumer group in the company yet we're consumers but we're not builders. This is why it's so important that we start changing that perception of what tech is and I agree that it starts with our young girls, we know the data shows that we lose our like young girls by middle school, very heavy peer pressure, it's not so cool to be smart, or do robotics, or be good at math and science, we start losing our girls in middle school. So they're not prepared when they go to high school, and they're not taking those classes in order to major in these STEM fields in college. So we have to start the pipeline early with our girls. And then I also think it's a measure of what your boards are doing, what is the executive leadership in your goals around diversity and inclusion? How do we invite more diverse population to the decision making table? So it's really a combination of efforts. One of the things that certainly is concerning to me is during this pandemic, I think we're losing one in four women in the workforce now because of all the demands that our families are having to navigate through this pandemic. The last statistic I saw in the last four months is we've lost 850,000 women in the workforce. This pipeline is critical to making that change in these leadership positions. >> Yeah its really a critical time and now we are coming to the end of this conversation I want to ask you Teresa what would be a call to action to everyone listening both men and women since its to be solved by everyone to address the gender gap in the industry? >> I'd encourage each of you to become an active sponsor. Research shows that women and minorities are less likely to be sponsored than white men. Sponsorship is a much more active form than mentorship. Sponsorship involves helping someone identify career opportunities and actively advocating for them and those roles opening your network, giving very candid feedback. And we need men to participate too, there are not enough women in tech to pull forward and sponsor the high potential women that are in our pipelines. And so we need you to be part of the solution. >> Nishita real quickly what would be your call to action to everyone? >> I'd say look around your teams, see who's on them and make deliberate decisions about diversifying those teams, as positions open up, make sure that you have a diverse set of candidates, make sure that there are women that are part to that team and make sure that you are actually hiring and putting people into positions based on potential not just experience. >> And real quickly Lisa, we'll close it out with you what would your call to action be? >> Wow, it's hard to what Nishita and what Tricia shared I think we're very powerful actions. I think it starts with us. Taking action at our own table, making sure you're driving diverse panels and hiring setting goals for the company, having your board engaged and holding us accountable and driving to those goals will help us all see a better outcome with more women at the executive table and diverse populations. >> Great advice and great action for all of us to take. Thank you all so much for spending time with me today and talking about this really important issue, I really appreciate it. Stay with us.

>> Hi, and welcome to Data Cloud Catalyst, Women in Tech Round Table Panel Discussion. I am so excited to have three fantastic female executives with me today who have been driving transformation through data throughout their entire career. With me today is Lisa Davis, SVP and CIO of Blue Shield of California. We also have Nishita Henry, who is the Chief Innovation Officer at Deloitte and Theresa Briggs, who is on a variety of board of directors, including our own very own Snowflake. Welcome, ladies. >> Thank you. >> Thank you. >> So I'm just going to dive right in. You all have really amazing careers and resumes behind you. I'm really curious, throughout your career, how have you seen the use of data evolve throughout your career? And, Lisa, I'm going to start with you. >> Thank you. Having been in technology my entire career, technology and data has really evolved from being the province of a few in an organization to frankly being critical to everyone's business outcomes. Now every business leader really needs to embrace data analytics and technology. We've been talking about digital transformation probably the last five, seven years, we've all talked about disrupt or be disrupted. At the core of that digital transformation is the use of data. Data and analytics that we derive insights from and actually improve our decision making by driving a differentiated experience and capability into market. So data has involved as being, I would say, almost tactical in some sense over my technology career, to really being a strategic asset of what we leverage personally in our own careers, but also what we must leverage as companies to drive a differentiated capability to experience and remain relative in the market today. >> Nishita, curious your take on how you've seen data evolve? >> Yeah, I agree with Lisa. It has definitely become the lifeblood of every business, right? It used to be that there were a few companies in the business of technology, every business is now a technology business. Every business is a data business. It is the way that they go to market, shape the market and serve their clients. Whether you're in construction, whether you're in retail, whether you're in healthcare it doesn't matter, right? Data is necessary for every business to survive and thrive. And I remember at the beginning of my career, data was always important but it was about storing data. It was about giving people individual reports, it was about supplying that data to one person or one business unit in silos. And it then evolved right over the course of time into integrating data and to saying, all right, how does one piece of data correlate to the other and how can I get insights out of that data? Now, let's go on to the point of how do I use that data to predict the future? How do I use that data to automate the future? How do I use that data not just for humans to make decisions, but for other machines to make decisions, right? Which is a big leap. And a big change in how we use data, how we analyze data and how we use it for insights in evolving our businesses. >> Yeah, it's really changed so tremendously just in the past five years. It's amazing. So Teresa, we've talked a lot about the Data Cloud, where do you think we're heading with that? And also, how can future leaders really guide their careers in data, especially in those jobs where we don't traditionally think of them in the data science space? Curious your thoughts on that? >> Yeah, well, since I'm on the Snowflake board, I'll talk a little bit about the Snowflake Data Cloud. Now we're getting your company's data out of the silos that exists all over your organization, we're bringing third party data in to combine with your own data, and we're wrapping a governance structure around it and feeding it out to your employees so that they can get their jobs done. And is as simple as that. I think we've all seen the pandemic accelerate the digitization of our work. And if you ever doubted the future of work is here, it is here. And companies are scrambling to catch up by providing the right amount of data, collaboration tools, workflow tools for their workers to get their jobs done. Now, it used to be as prior people have mentioned that in order to work with data you had to be a data scientist. But I was an auditor back in the day and we used to work on 16 columns spreadsheet. And now if you're an accounting major coming out of college joining an auditing firm, you have to be tech and data savvy because you're going to be extracting, manipulating, analyzing and auditing data, that massive amounts of data that sit in your client's IT systems. I'm on the board of Warby Parker, and you might think that their most valuable asset is their amazing frame collection, but it's actually their data, their 360 degree view of the customer. And so if you're a merchant or you're in strategy, or marketing or talent or the co-CEO, you're using data every day in your work. And so I think it's going to become a ubiquitous skill that anyone who's a knowledge worker has to be able to work with data. >> Yeah, I think it's just going to be organic to every role going forward in the industry. So Lisa, curious about your thoughts about Data Cloud, the future of it, and how people can really leverage it in their jobs from future leaders? >> Yeah, absolutely. Most enterprises today are, I would say, hybrid multi cloud enterprises. What does that mean? That means that we have data sitting on prem, we have data sitting in public clouds through software as a service applications, we have a data everywhere, most enterprises have data everywhere. Certainly those that have owned infrastructure or weren't born on the web. One of the areas that I love that Data Cloud is addressing is the area around data portability and mobility. Because I have data sitting in various locations through my enterprise, how do I aggregate that data to really drive meaningful insights out of that data to drive better business outcomes? And at Blue Shield of California, one of our key initiatives is what we call an experienced cube. What does that mean? It means how do I drive transparency of data between providers, members and payers? So that not only do I reduce overhead on providers and provide them a better experience, or hospital systems or doctors, but ultimately, how do we have the member have it their power of their fingertips the value of their data holistically, so that we're making better decisions about their health care? One of the things Teresa was talking about was the use of this data, and I would drive to data democratization. We got to put the power of data into the hands of everyone, not just data scientists. Yes, we need those data scientists to help us build AI models to really drive and tackle these tougher challenges and business problems that we may have in our environments. But everybody in the company, both on the IT side, both on the business side, really need to understand of how do we become a data insights driven enterprise. Put the power of the data into everyone's hands so that we can accelerate capabilities, right? And leverage that data to ultimately drive better business results. So as a leader, as a technology leader, part of our responsibility, our leadership is to help our companies do that. And that's really one of the exciting things that I'm doing in my role now at Blue Shield of California. >> Yeah, it's really, really exciting time. I want to shift gears a little bit and focus on women in tech. So I think in the past five to 10 years, there has been a lot of headway in this space. But the truth is women are still underrepresented in the tech space. So what can we do to attract more women into technology quite honestly. So Nishita, curious, what your thoughts are on that? >> Great question. And I am so passionate about this for a lot of reasons, not the least of which is I have two daughters of my own. And I know how important it is for women and young girls to actually start early in their love for technology, and data and all things digital, right? So I think it's one very important to start early, start an early education, building confidence of young girls that they can do this, showing them role models. We at Deloitte just partnered with Ella the Engineer to actually make comic books centered around young girls and boys in the early elementary age to talk about how heroes and tech solve everyday problems. And so really helping to get people's minds around tech is not just in the back office coding on a computer, tech is about solving problems together that help us as citizens, as customers, right? And as humanity. So I think that's important. I also think we have to expand that definition of tech, as we just said. It's not just about, right? Database design. It's not just about Java and Python coding, it's about design. It's about the human machine interfaces. It's about how do you use it to solve real problems and getting people to think in that kind of mindset makes it more attractive and exciting. And lastly, I'd say look, we have absolute imperative to get a diverse population of people, not just women, but minorities, those with other types of backgrounds, disabilities, etc involved. Because this data is being used to drive decision making, and if we are not all involved, right? In how that data makes decisions, it can lead to unnatural biases that no one intended but can happen just 'cause we haven't involved a diverse enough group of people around it. >> Absolutely. Lisa, curious about your thoughts on this. >> I agree with everything Nishita said. I've been passionate about this area, I think it starts with first we need more role models. We need more role models as women in these leadership roles throughout various sectors. And it really is it starts with us and helping to pull other women forward. So I think certainly, it's part of my responsibility, I think all of us as female executives that if you have a seat at the table to leverage that seat at the table to drive change, to bring more women forward, more diversity forward into the boardroom and into our executive suites. I also want to touch on a point Nishita made about women, we're the largest consumer group in the company yet we're consumers, but we're not builders. This is why it's so important that we start changing that perception of what tech is. And I agree that it starts with our young girls. We know the data shows that we lose our young girls by middle school. Very heavy peer pressure, it's not so cool to be smart, or do robotics, or be good at math and science. We start losing our girls in middle school. So they're not prepared when they go to high school and they're not taking those classes in order to major in the STEM fields in college. So we have to start the pipeline early with our girls. And then I also think it's a measure of what your boards are doing. What is the executive leadership and your goals around diversity and inclusion? How do we invite more diverse population to the decision making table? So it's really a combination of efforts. One of the things that certainly is concerning to me is during this pandemic, I think we're losing one in four women in the workforce now, because of all the demands that our families are having to navigate through this pandemic. The last statistic I saw in the last four months is we've lost 850,000 women in the workforce. This pipeline is critical to making that change in these leadership positions. >> Yeah, it's really a critical time. And now we're coming to the end of this conversation, I want to ask you Teresa, what would be a call to action to everyone listening, both men and women since its needs to be solved by everyone, to address the gender gap in the industry? >> I'd encourage each of you to become an active sponsor. Research shows that women and minorities are less likely to be sponsored than white men. Sponsorship is a much more active form than mentorship. Sponsorship involves helping someone identify career opportunities and actively advocating for them in those roles, opening your network, giving very candid feedback. And we need men to participate too. There are not enough women in tech to pull forward and sponsor the high potential women that are in our pipelines. And so we need you to be part of the solution. >> Nishita real quickly, what would be your call to action to everyone? >> I'd say look around your teams, see who's on them and make deliberate decisions about diversifying those teams. As positions open up, make sure that you have a diverse set of candidates, and make sure that there are women that are part of that team. And make sure that you are actually hiring and putting people into positions based on potential not just experience. >> And real quickly Lisa, will close it out with you, what would your call to action be? >> Well, it's hard to... What Nishita and what Teresa shared I think were very powerful actions. I think it starts with us. Taking action at our own table, making sure you're driving diverse panels and hiring, setting goals for the company. Having your board engaged and holding us accountable and driving to those goals, will help us all see a better outcome but with more women at the executive table and diverse populations. >> Great advice and great action for all of us to take. Thank you all so much for spending time with me today and talking about this really important issue. I really appreciate it. Stay with us.