>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020. Special coverage sponsored by AWS Worldwide Public sector Welcome to the cubes Coverage of AWS 2020. This is specialized programming for the worldwide public sector. I'm Lisa Martin, and I'm joined by Mick Boccaccio, the security advisor at Splunk Met. Welcome to the Q Virtual Oh, >>thank you for having me. It's great to be here. >>So you have a really interesting background that I wanted to share with our audience. You were the first see so in the history of U. S presidential campaigns with Mayor Pete, you were also branch shape of Threat intelligence at the executive office of the President. Tell us something about about your background is so interesting. >>Uh, yeah, those and I'm a gonna Def con and I teach lock picking for funds. Ease working for Mayor Pete A. C. So the campaign was really, really unique opportunity and I'm glad I did it. I'm hoping that, you know, on both sides of the aisle, no matter what your political preference, people realize that security and campaigns can only be married together. That was an incredible experience and worked with Mayor P. And I learned so much about how campaigns work and just the overall political process. And then previous to that being at the White House and a threat intelligence, role of branch chief they're working over the last election, the 2016 election. I think I learned probably more than any one person wants Thio about elections over that time. So, you know, I'm just a security nerd. That kind of fell into those things. And and and here I am and really, really, really just fortunate to have had those experiences. >>Your phone and your email must have been blowing up the last couple of weeks in the wake of the US presidential election, where the word fraud has brought up many times everyday. But election security. When I saw that you were the first, see so for Pete Buddha Judge, that was so recent, I thought, Really, Why? Why are they just now getting folks like yourself? And you are a self described a cybersecurity nerd? Why are they Why were they just recently starting to catch on to this? >>I think it's, uh like security on the campaign and security anywhere else on credit to the Buddha Judge campaign. There is no federal or mandate or anything like that that says your campaign has toe have a security person at the head of it or any standards to implement those security. So you know that the Buddha Judge campaign kind of leaned into it. We wanna be secure. We saw everything that happened in 2016. We don't want that to be us. And I think Mawr campaigns are getting on that plane. Definitely. You know, you saw recently, uh, Trump's campaign, Biden's campaign. They all had a lot of security folks in, and I think it's the normal. Now people realize how important security is. Uh, not only a political campaign, but I guess the political process overall, >>absolutely. We've seen the rise of cyber attacks and threats and threat vectors this year alone, Ransomware occurring. Everyone attack every 11 seconds or so I was reading recently. So give me an other view of what the biggest threats are right now. >>Two elections and I think the election process in general. You know, like I said, I'm just a security nerd. I've just got a weird background and done some really unique things. Eso I always attack the problems like I'm a security nerd and it comes down to, you know that that triumvirate, the people process and technology people need had to have faith in the process. Faith in the technology. You need to have a a clear source to get their information from the process. To me, I think this year, more than previous elections highlighted the lack of a federal uniforms standard for federal elections. State the state. We have different, different standards, and that kind of leads to confusion with people because, hey, my friend in Washington did it this way. But I'm in Texas and we do it this way. And I think that that standard would help a lot in the faith in the system. And then the last part of that. The technology, uh, you know, voting machines campaigns like I mentioned about campaigns. There's nothing that says a campaign has toe have a security person or a security program, and I think those are the kind of standards for, you know, just voting machines. Um, that needs to be a standard across the board. That's uniforms, so people will will have more faith because It's not different from state to state, and it's a uniformed process. >>E think whole country could have benefited from or uniformed processes in 2020. But one of the things that I like I did my first male and fellow this year always loved going and having that in person voting experience and putting on my sticker. And this year I thought in California we got all of our But there was this massive rise in mainland ballots. I mean, think about that and security in terms of getting the public's confidence. What are some of the things that you saw that you think needs to be uniforms going forward >>again? I think it goes back to when When you look at, you know, you voted by mail and I voted absentee and your ballot was due by this date. Um, you know where I live? Voting absentee. It's Dubai. This state needs we received by the state. Andi, I think this year really highlighted the differences between the states, and I'm hoping that election security and again everyone has done a super fantastic job. Um, sister has done incredible. If you're all their efforts for the working with election officials, secretaries of states on both sides of the aisle. It's an incredible work, and I hope it continues. I think the big problem election security is you know, the election is over, so we don't care again until 2022 or 2024. And I think putting something like a federalized standard, whether it be technology or process putting that in place now so that we're not talking about this in two or four years. I'm hoping that moment, um, continues, >>what would your recommendation be from building security programs to culture and awareness? How would you advise that they start? >>So, uh, one of the things that when I was on the Buddha Judge campaign, you know, like I said, we was the first person to do security for a campaign. And a lot of the staffers didn't quite have the background of professional background of work with security person. No, you know why? What I was doing there Eso my hallmark was You know, I'm trying to build a culture heavy on the cult. Um, you got to get people to buy in. I think this year when you look at what What Krebs and siesta and where the team over there have done is really find a way to tell us. Security story and every facet of the election, whether it be the machines themselves, the transporting the votes, counting the votes, how that information gets out to people websites I started like rumor control, which were were amazing amazing efforts. The public private partnerships that were there I had a chance to work with, uh, MJ and Tanya from from AWS some election project. I think everyone has skin in the game. Everyone wants to make it better. And I hope that moment, um, continues. But I think, you know, embracing that there needs to be a centralized, uniformed place, uh, for every state. And I think that would get rid of a lot of confusion >>when you talk about culture and you mentioned specifically called Do you think that people and agencies and politicians are ready to embrace the culture? Is there enough data to support that? This is really serious. We need to embrace this. We need to buy in a You said, um >>I hope right. I don't know what it could take. I'm hoping so after seeing everything you know, being at the White House from that aperture in 2016. Seeing all of that, I would, you know, think right away. Oh, my gosh. 2018, The midterms, We're gonna be on the ball. And that really didn't happen like we thought it would. 2020. We saw a different kind of technical or I guess, not as technical, uh, security problem. And I think I'm kind of shifting from that to the future. People realize. And I think, uh, both sides of the aisle are working towards security programs and security posture. I think there's a lot of people that have bought into the idea. Um, but I think it kind of starts from the top, and I'm hoping it becomes a standard, so there's not really an option. You will do this just for the security and safety of the campaigns and the electoral process. But I do see a lot more people leaning into it, and a lot more resource is available for those people that are >>talk to me about kind of the status of awareness of security. Needing to combat these issues, be able to remediate them, be able to defend against them where our folks in that awareness cycle, >>I think it ebbs and flows like any other process. Any other you know, incident, event. That happens. And from my experience in the info SEC world, normally there's a compromise. There's an incident, a bunch of money gets thrown at it and then we forget about it a year or two later. Um, I think that culture, that awareness comes in when you have folks that would sustain that effort. And again, you know, on the campaign, um, even at the White House, we try to make everyone apart of security. Security is and all the time thing that everyone has a stake in. Um, you know, I can lock down your email at work. I can make sure this system is super super secure, but it's your personal threat model. You know, your personal email account, your personal social media, putting more security on those and being aware of those, I think that's that awareness is growing. And I Seymour folks in the security community just kind of preaching that awareness more and more and something I'm really, really excited about. >>Yeah, the biggest thing I always think when we talk about security is people that were the biggest threat vector and what happened 89 months ago when so many businesses, um, in any, you know, public sector and private went from on site almost maybe 100% on site to 100% remote people suddenly going, I've got to get connected through my home network. Maybe I'm on my own personal device and didn't really have the time of so many distractions to recognize a phishing email just could come in and propagate. So it's that the people challenge e always seems to me like that might be the biggest challenge. Besides, the technology in the process is what do you think >>I again it goes back. I think it's all part of it. I think. People, um, I've >>looked at it >>slightly. Ah, friend of mine made a really good point. Once he was like, Hey, people gonna click on the link in the email. It's just I think 30% of people dio it's just it's just the nature of people after 20 some odd years and info sec, 20 some odd years and security. I think we should have maybe done a better job of making that link safer, to click on, to click on to make it not militias. But again it goes back, Thio being aware, being vigilant and to your point. Since earlier this year, we've seen a tax increase exponentially specifically on remote desktop protocols from Cove. It related themes and scams and, you know, ransomware targeting healthcare systems. I think it's just the world's getting smaller and we're getting more connected digitally. That vigilance is something you kind of have to building your threat model and build into the ecosystem. When we're doing everything, it's just something you know. I quit a lot, too. You've got junk email, your open your mailbox. You got some junk mail in there. You just throw it out. Your email inbox is no different, and just kind of being aware of that a little more than we are now might go a long way. But again, I think security folks want to do a better job of kind of making these things safer because malicious actors aren't going away. >>No, they're definitely not going away that we're seeing the threat surfaces expanding. I think it was Facebook and TIC Tac and Instagram that were hacked in September. And I think it was unsecured cloud database that was the vehicle. But talking about communication because we talk about culture and awareness communication from the top down Thio every level is imperative. How how do we embrace that and actually make it a standard as possible? >>Uh, in my experience, you know, from an analyst to a C So being able to communicate and communicate effectively, it's gonna save your butt, right? It's if you're a security person, you're You're that cyber guy in the back end, something just got hacked or something just got compromised. I need to be able to communicate that effectively to my leadership, who is gonna be non technical people, and then that leadership has to communicate it out to all the folks that need to hear it. I do think this year just going back to our elections, you saw ah lot of rapid communication, whether it was from DHS, whether it was from, you know, public partners, whether was from the team over Facebook or Twitter, you know, it was ah, lot of activity that they detected and put out as soon as they found it on it was communicated clearly, and I thought the messaging was done beautifully. When you look at all the work that you know Microsoft did on the block post that came out, that information is put out as widely as possible on. But I think it just goes back to making sure that the people have access to it whenever they need it, and they know where to get it from. Um, I think a lot of times you have compromised and that information is slow to get out. And you know that DeLay just creates a confusion, so it clearly concisely and find a place for people, could get it >>absolutely. And how do you see some of these challenges spilling over into your role as the security advisor for Splunk? What are some of the things that you're talking with customers about about right now that are really pressing issues? >>I think my Rolex Plunkett's super super weird, because I started earlier in the year, I actually started in February of this year and a month later, like, Hey, I'm hanging out at home, Um, but I do get a chance to talk to ah, lot of organizations about her security posture about what they're doing. Onda about what they're seeing and you know everything. Everybody has their own. Everybody's a special snowflakes so much more special than others. Um, credit to Billy, but people are kind of seeing the same thing. You know, everybody's at home. You're seeing an increase in the attack surface through remote desktop. You're seeing a lot more fishing. You're singing just a lot. People just under computer all the time. Um, Zoom WebEx I've got like, I don't know, a dozen different chat clients on my computer to talk to people. And you're seeing a lot of exploits kind of coming through that because of that, people are more vigilant. People are adopting new technologies and new processes and kind of finding a way to move into a new working model. I see zero trust architecture becoming a big thing because we're all at home. We're not gonna go anywhere. And we're online more than we're not. I think my circadian rhythm went out the window back in July, so all I do is sit on my computer more often than not. And that caused authentication, just, you know, make sure those assets are secure that we're accessing from our our work resource is I think that gets worse and worse or it doesn't. Not worse, rather. But that doesn't go away, no matter what. Your model is >>right. And I agree with you on that circadian rhythm challenge. Uh, last question for you. As we look at one thing, we know this uncertainty that we're living in is going to continue for some time. And there's gonna be some elements of this that air gonna be permanent. We here execs in many industries saying that maybe we're going to keep 30 to 50% of our folks remote forever. And tech companies that air saying Okay, maybe 50% come back in July 2021. As we look at moving into what we all hope will be a glorious 2021 how can businesses prepare now, knowing some amount of this is going to remain permanent? >>It's a really interesting question, and I'll beyond, I think e no, the team here. It's Plunkett's constantly discussions that start having are constantly evaluating, constantly changing. Um, you know, friends in the industry, it's I think businesses and those executives have to be ready to embrace change as it changes. The same thing that the plans we would have made in July are different than the plans we would have made in November and so on. Andi, I think, is having a rough outline of how we want to go. The most important thing, I think, is being realistic with yourself. And, um, what, you need to be effective as an organization. I think, you know, 50% folks going back to the office works in your model. It doesn't, But we might not be able to do that. And I think that constant ability Thio, adjust. Ah, lot of company has kind of been thrown into the fire. I know my backgrounds mostly public sector and the federal. The federal Space has done a tremendous shift like I never well, rarely got to work, uh, vert remotely in my federal career because I did secret squirrel stuff, but like now, the federal space just leaning into it just they don't have an option. And I think once you have that, I don't I don't think you put Pandora back in that box. I think it's just we work. We work remote now. and it's just a new. It's just a way of working. >>Yep. And then that couldn't be more important to embrace, change and and change over and over again. Make. It's been great chatting with you. I'd love to get dig into some of that secret squirrel stuff. I know you probably have to shoot me, so we will go into that. But it's been great having you on the Cube. Thank you for sharing your thoughts on election security. People processes technology, communication. We appreciate it. >>All right. Thanks so much for having me again. >>My pleasure for McClatchy. Oh, I'm Lisa Martin. You're watching the Cube virtual.

from the cube studios in palo alto in boston bringing you data driven insights from the cube and etr this is breaking analysis with dave vellante as we watch an historic election unfold before our eyes we look back at the early days of the millennium with the memorable presidential race of 2000 that decade of course was defined by 911 which permanently reshaped our thinking and we exited that decade at the tail end of a massive financial crisis only to enter the 2010s with the hope and the momentum of fiscal stimulus a flat globe job growth and very importantly the ascendancy of the cloud cloud computing unquestionably powered the innovation engine over the last 10 years and the pandemic marks a new era where adoption of cloud data and ai have been accelerated by at least two to three years and that's what's going to shape the future of the technology industry and frankly all businesses and organizations hello everyone and welcome to this week's episode of thecube insights powered by etr in this breaking analysis we're going to update you on our latest cloud market share and dig in to some fresh october survey data from our partners over at etr let me start just with a brief summary of the latest action that's going on in cloud now quite interestingly each of the big three cloud players they showed nearly identical year-on-year growth rates in q3 as they did in q2 now we're going to dig into that in a moment but our data suggests that these three companies combined will account for more than 75 billion dollars in infrastructure as a service and platform as a service revenue in 2020 and they're potentially on track to hit 100 billion in 2021. customer survey data indicates that cio's top two infrastructure priorities remain security and cloud migration now that said as we previously reported the cloud it's not immune to the pandemic the remote worker pivot well it's a positive for cloud hasn't completely eradicated certain headwinds now what i mean here is that because the cloud vendors are now so large they're somewhat exposed to the softness in the overall i.t spending climate and also industries that have been hit hardest by the pandemic now would the cloud growth have been better if the pandemic didn't hit we'll never know for sure but our data suggests no covet has definitely been a benefactor to cloud in our view cloud will remain at the center of technological innovation for the foreseeable future the economics of cloud are becoming so compelling that we think the power of the big cloud companies will only increase this decade now importantly we're talking about the costs of running hyper-distributed systems we're not commenting here on what they charge customers that's a different story we believe the cost structure for the hyperscalers is superior to alternative approaches and we believe this advantage will only accelerate over the next several years we also believe that competition is going to continue to drive competitive pricing and innovation all right let's look at our latest market share numbers for the big three this chart shows our estimates of aws azure and the google cloud platform now viewers of this program know that these are is and pass figures and you also know that aws is the only company that provides clean numbers on that sector whereas azure and gcp are estimates that we make based on tidbits of guidance that the companies give us and survey data that we capture and other modeling that we do now as we've said we'll end this year it's about 75 billion in revenue or maybe even a little bit more note that for these three note that we've we've slightly restated some of our earlier estimates for azure to reconcile some differences that we had between constant currency and actual growth we try to keep things in constant currency where possible sorry for that but sometimes that happens azure according to our estimates as we reported last week is now 18 of microsoft's overall revenue number we had it at 19 that last week but when i dug in we made some adjustments so we toned it down a bit aws represents a much smaller percentage of course of amazon's revenues at about 12 percent but it represents 56 percent of amazon's profits gcp on the other hand accounts for less than five percent of google's overall revenue which as we've stated a few weeks ago needs more attention from google but look at the growth rates for these three platforms and the respective size of their is and pass businesses hear all this talk about repatriation i.e that what i mean by that is people go to the cloud but they're unhappy or the bill is too high it's too expensive so then they come back on prem well you just don't see that in the numbers so you gotta be careful when vendor a vendor tries to sell you on that trend i don't buy it except for selective situations now let's bring in some of the etr data and compare the spending momentum for each of the big three you've seen these wheel graphs before they show the breakdown of net score for aws microsoft and google now one note these figures represent these three companies overall within the etr technology taxonomy so for example they don't include amazon's retail business of course but they do include for example microsoft's entire tech portfolio not just the cloud the green portion of the wheel represents increases in spending via new adoptions and increased spending whereas the red sections show decreases via lower spending and defections net score which i've highlighted in the orange is calculated by subtracting the two reds from the two true greens in other words adoptions and increase minus decrease and replacements the takeaway here is these are all pretty strong with aws leading the pack microsoft is exceptionally strong as we pointed out last last week because they're so huge and they still have net scores comparable to aws which is a pure play gcp is a laggard and is showing softness in the data despite a sanguine outlook that we had back in 2019 based on survey data i don't know perhaps google's smaller presence muted their customers ability to take advantage of the platform the thinking there is the customers maybe needed to pivot to the cloud so quickly and aws and azure were the incumbents and that was maybe the most expedient path hence the higher increases in the spend more category but you do see gcp um they had 13 new adoptions which is pretty good so we'll keep looking at that regardless again these are not pure play cloud comparisons but they give a good indication of spending momentum i'd also note that all three show very low defections well each is showing solid increases in new adoptions especially google as i mentioned so that's kind of interesting to see but again google much much smaller you would expect that now i want to turn our attention to one of the hottest areas in cloud which is serverless and this is a pure play comparison so serverless let me start there it's a strange term because it's not really accurate but it's stuck serverless computing is a model where the cloud platform dynamically delivers services as the application requires so so you don't have to configure the compute and the containers for example rather when an application needs resources it goes and gets them and you only pay for when the services are actually invoked and in use so it's really good for workloads that spin up and spin down very frequently it kind of reminds me in concept anyway of the component tree that we saw in the days of soa if you remember that services oriented architecture but now this is cloud it's cloud native it's a whole new world and it's increasingly a popular model and as we'll show in a moment there's a lot of spending momentum in this area but before we do that i want to share some comments made by andy jassy a while back about serverless take a listen it's a good question and you know i really the comment i made was really about um directionally what amazon would do you know in this in the very earliest days of aws jeff used to say a lot if i were starting amazon today i'd have built it on top of aws we didn't have all the capability and all the functionality at that very moment but he knew what was coming and he saw what people were still able to accomplish even with where the services were at that point i think the same thing is true here with lambda which is i think if amazon were starting today it's a given they would build it on the cloud and i think with a lot of the applications that comprise amazon's consumer business we would build those on on our serverless capabilities now now lambda of course jesse referring to lambda that's amazon's serverless offering and if you think about amazon's retail business and take for example the frequent spin up and spin down of resources for something like black monday serverless would be a much more cost effective approach same for a managed data warehouse service for example where you know you don't want to pay for the compute if it's idle the app just calls for the compute when it's needed so it's a very popular model and it's got increased momentum today and you see that in this slide it shows the net score breakdown for serverless for azure aws is lambda which is again is their serverless offering and google cloud functions again you're shipping functions to the application that's why it's called functions look at the net scores azure functions nearly 70 aws at 65 google again lagging and that's a bit of a concern because this is a really really hot space all right let's move on and look at the competitive landscape as we like to do often and update you on that this xy graph is one of our favorites and it shows net score or spending momentum on the vertical axis and market share on the horizontal market share is a measure of pervasiveness in the data set in the upper right you also see a table that ranks each vendor my net score and it includes the shared n in other words the number of mentions in this sector for each vendor now you can you can see up top in the middle i've selected on the cloud computing category so this represents only the cloud businesses for each of these players there's a little bit of nuance here and that we've selected on microsoft azure there's a category in the etr taxonomy for that and we're comparing that with aws overall so there's there are things in the aws overall number that fit into the other parts of the taxonomy like maybe ai collaboration etc whereas azures and gcp are just the cloud segments so i i know it's a bit strange because aws is all cloud but don't get caught up in the taxonomical nuance the point is it's good to be azure in aws it's shown there when you look at the upper right of the chart here they stand out and they stand alone in cloud leadership google cloud is they have nice elevated levels but they're much much smaller they don't have the presence in the market now look at that hybrid cloud zone emerging we've talked about this sometimes in the past and and i want to call it vmware cloud on aws red hat open shift and vmware cloud itself like vmware cloud foundation and their other cloud services all of these appear to be gaining traction and you can see in the number of occurrences in the upper right that shared end that i talked about we're starting to see real numbers that are meaningful in this space vmware cloud on aws for example has a net score of 53 percent with 116 accounts within that total respondent sample that you see there in the middle left of 1438 that's how many cios and technology buyers responded to the etr survey in october you look at open shift at 45 net score and that's with 82 accounts now openshift is in beta with what looked to be some really strong offerings on aws and you can see for context i've added dell emc's cloud offerings hpe's cloud offerings and the oracle cloud and ibm cloud and also rackspace dell actually pretty strong with a net score of 20 and 185 shared accounts much much higher than dell overall which is kind of in the red zone oracle ibm you see those rackspace you know organizing not killing it rackspace is kind of in the big negative so that's a concern but anyway we'd like for these guys we'd like to see the data match the marketing rhetoric for the the guys that are in the red and look alibaba is starting to to show up in the server there's only 26 shared ends but we thought we'd we'd put it in there those three key points again aws and microsoft keep on trucking google needs to do better hybrid is becoming real and that bodes well for multi-cloud and the legacy on-prem guys they got a lot of work to do they're under a lot of pressure the pivot to cloud has not been easy for them uh and it's still a case where they're i've talked about this a lot they're they're declines in their on-premises offerings they're not being offset by the new stuff the cloud momentum all right i want to close out by sharing some of the conversations and thoughts that we've had in the community around sas and its impact on cloud we really have been focusing on ias and pass of the sas layer obviously up the stack so let me first share that there's a lot of talk around and has been for years about aws they're slowing growth rates and whether or not they'll have to enter the sas market to expand their total available market and i've said consistently while i never say never about aws i don't think so at least not yet this chart plots the big three cloud players note aws is a bigger piece of this pie now that i've turned off the cloud computing filter and i know more nuances but the data wonks will will find you know see this and they'll ask me about it this is all of aws portfolio and again it's only the microsoft azure portfolio so you see it aws now overtakes azure on the x-axis i.e market share now we've plotted some of the major sas vendors and you can see servicenow and salesforce both very large and they have really strong spending momentum and servicenow's you know pushing 100 billion dollars in market value they've surpassed workday quite some time ago workday's got less presence but they've got really really solid net score and i got to say i'm impressed with sap despite some of the earnings challenges that they've been having they're right up there with splunk and tableau splunk has softened in recent surveys and i've i've also plotted in there netsuite and oracle fusion which are just okay and that is i think for now anyway aws is going to position as the best place and the most friendly and highest quality cloud in which to run your sas for example workday runs on aws aws is salesforce's preferred infrastructure platform so my premise here is just like retail companies might want not want to run on aws a number of sas companies that compete with microsoft they might think twice about running on azure so aws would be better off for now trying to attract those sas players and drive their services and sticking to infrastructure and the pass layer snowflake is actually kind of interesting and i've added them for context because their netscore is always kind of a bellwether it's really off the charts and they're an isv running on the cloud they're different from some of the other sas players and the snowflake is a database okay and most of snowflake's business runs on aws and aws competes with snowflake with redshift but aws has the best cloud and drives a lot of business for snowflake and vice versa so it's kind of interesting snow snowflake to redshift and a much smaller example is kind of like netflix to amazon prime video to compete they both thrive so i think aws is going to continue to grow by attracting sas players as the preferred platform and they'll also attract developers and try to disrupt sas players like servicenow which runs on its own cloud i remember years ago david floyer and i said that servicenow was it was awesome but at some point its infrastructure cost structure its infrastructure cost structure is going to be less competitive than those companies that are running on hyperscale clouds certainly the hyperscale clouds themselves and servicenow they have this multi-instance architecture which just can't easily port over to the cloud but it can charge a lot which it does now at some point some sharp developers are going to look at all this and say whoa see that service now i can build this for less and they'll attack servicenow and their seat base license model maybe with the consumption pricing model and a platform that's perhaps or a set of services that are perhaps less expensive you're seeing this to a you know a certain degree with like elastic inside the application performance management space so there's some some things to watch there but there are those who firmly believe that aws will and must enter the sas space directly we talked last week about how beneficial microsoft's application business is for azure and what a flywheel that is but for me i think we're not there yet let's give it some time i think maybe four to five years before aws may even start to think about filling some of the space up the stack now maybe they'll find some unique opportunities to do that for instance at the edge but i think that's way off okay so bottom line it's good to be in tech these days it's even better to be in the cloud and it's best if you're aws and microsoft and i don't see that changing for a while now remember these episodes are all available as podcasts wherever you listen i publish each week on wikibon.com and siliconangle.com you can get in touch with me through email it's david at siliconangle.com feel free to dm me on twitter at d vallante i post on linkedin love your comments there thank you and don't forget to check out etr plus for all the survey action thanks for watching this episode of thecube insights powered by etr this is dave vellante stay safe stay sane and we'll see you next time you

(upbeat music) >> Narrator: From around the globe, it's theCUBE with digital coverage of Ansible Fest 2020 brought to you by Red Hat. >> Welcome back to theCUBE's coverage, Cube virtual's coverage of Ansible Fest 2020 virtual. We're not face to face this year. I'm your host John Furrier with theCube. We're virtual, this theCube virtual and we're doing our part, getting the remote interviews with all the best thought leaders experts and of course the Red Hat experts. We've got Walter Bentley, Senior Manager of Automation practice with Red Hat and Jason Smith, Vice President of North American services, back on theCube. We were in Atlanta last year in person. Guys, thanks for coming on virtually. Good morning to you. Thanks for coming on. >> Good morning John. Good morning, good morning. >> So since Ansible Fest last year a lot's happened where she's living in seems to be an unbelievable 2020. Depending on who you talk to it's been the craziest year of all time. Fires in California, crazy presidential election, COVID whole nine yards, but the scale of Cloud has just unbelievably moved some faster. I was commenting with some of your colleagues around the snowflake IBO it's built on Amazon, right? So value is changed, people are shifting, you starting to clear visibility on what these modern apps are looking like, it's Cloud native, it's legacy integrations, it's beyond lift and shift as we've been seeing in the business. So I'd love to get, Jason we'll start with you, your key points you would like people to know about Ansible Fest 2020 this year because there's a lot going on this year because there's a lot to build on and there's a tailwind for Cloud native and customers have to move fast. What's your thoughts? >> Yeah so, a lot has happened since last year and customers are looking to be a lot more selective around their automation technologies. So they're not just looking for another tool. They're really looking for an automation platform, a platform that they can leverage more of an enterprise strategy and really be able to make sure that they have something that's secure, scalable, and they can use across the enterprise to be able to bring teams together and really drive value and productivity out of their automation platform. >> What's the key points in the customers and our audience around the conversations around the learning, that's the new stuff happening in using Ansible this year? What are the key top things, Jason? Can you comment on what you're seeing the big takeaway for our audience watching? >> Yeah, so a lots change like you said, since last year. We worked with a lot of customers around the world to implement Ansible and automation at scale. So we're using our automation journeys as we talked about last year and really helping customers lay out a more prescriptive approach on how they're going to deliver automation across their enterprise. So customers are really working with us because we're working with the largest customers in the world to implement their strategies. And when we work with new customers we can bring those learnings and that experience to them. So they're not having to learn that for the first time and figure it out on their own, but they're really able to learn and leverage the experience we have through hundreds of customers and at enterprise scale and can take the value that we can bring in and help them through those types of projects much more quickly than they could on their own. >> It's interesting. We were looking at the research numbers and look at the adoption of what Ansible's doing and you guys are with Red Hat it's pretty strong. Could you share on the services side because there's a lot of services going on here? Not just network services and software services, just traditional services. What are the one or two reasons why customer engaged with Red Hat services? What would that be? >> Yeah so, like I said, I mean, we bring that experience. So customers that typically might have to spend weeks troubleshooting and making decisions on how they're going to deliver their implementations, they can work with us and we can bring those best practices in and allow them to make those decisions and implement those best practices within hours instead of weeks, and really be able to accelerate their projects. Another thing is we're a services company as part of a product company. So we're not there just to deliver services. We're really focused on the success of the customer, leveraging our technologies. So we're there to really train and mentor them through the process so that they're really getting up to speed quickly. They're taking advantage of all of the expertise that we have to be able to build their own experience and expertise. So they can really take over once we're gone and be able to support and advance that technology on their own. So they're really looking to us to not only implement those technologies for them, but really with them and be able to train and mentor them. Like I said, and take advantage of those learnings. We also help them. We don't just focus on the technologies but really look at the people in process side of things. So we're bringing in a lot of principles from DevOps and Agile on open practices and helping customers really transform and be able to do things in a new way, to be much more efficient, a lot more agile, be able to drive a lot more value out of our technology. >> Walter, I got to ask you, last year we were chatting about this, but I want to get the update. And I'd like you to just give us a quick refresh definition about the automation adoption journey because this is a real big deal. I mean, we're looking at the trends. Everyone realizes automation is super important at scale, as you think about whether it's software data, anything's about automation it's super important, but it's hard. I mean, the marketplace we were looking at the numbers. I was talking to IDC for you guys at this festival and of Ansible Fest, and they said about five to 10% of enterprises are containerized, which means this huge wave coming of containerization. This is about the automation adoption journey because you start containerizing, (laughs) right? You start looking at the workflows on the pipelinig and how the codes being released and everything. This is important stuff. Give us the update on the automation adoption journey and where it is in the portfolio. >> Well, yeah, just as you called it out, last year on main stage and Ansible fest, almost every customer expressed the need and desire to have to have a strategy as to how they drive their adoption of automation inside their enterprise. And as we've gone over the past few months of splitting this in place with many customers, what we've learned is that many customers have matured into a place where they are now looking at the end to end workflow. Instead of just looking at the tactical thing that they want to automate, they are actually looking at the full ribbon, the full workflow and determining are there changes that need to be made and adjusted to be more efficient when it comes to dealing with automation. And then the other piece as we alluded to already is the contagious nature of that adoption. We're finding that there are organizations that are picking up the automation adoption journey, and because of the momentum it creates inside of that organization we're finding other municipalities that are associated with them are now also looking to be able to take on the journey because of that contagious nature. So we can see that how it's spreading in a positive way. And we're really looking forward to being able to do more of it as the next quarter and the next year comes up. >> Yeah, and that whole sharing thing is a big part of the content theme and the community thing. So great reference on that, good thing is word of mouth and community and collaboration is a good call out there. A quick question for you, you guys recently had a big win with NTT DoCoMo and their engagement with you guys on the automation, adoption journey. Walter, what were some of the key takeaways? Jason you can chime in too I'd like to get some specifics around where it's been successful >> To me, that customer experience was one that really was really exciting, primarily because we learned very early on that they were completely embodying that open source culture and they were very excited to jump right in and even went about creating their own community of practice. We call them communities of practice. You may know them as centers of excellence. They wanted to create that very early in increment, way before we were even ready to introduce it. And that's primarily because they saw how being able to have that community of practice in place created an environment of inclusion across the organization. They had legacy tools in place already, actually, there was a home grown legacy tool in place. And they very quickly realized that it didn't need to remove that tool, they just needed to figure out a way of being able to how to optimize and streamline how they leverage it and also be able to integrate it into the Ansible automation platform. Another thing I wanted to very quickly note is that they very quickly jumped onto the idea of being able to take those large workflows that they had and breaking them up into smaller chunks. And as you already know, from last year when we spoke about it, that's a pivotal part of what the automation adoption journey brings to our organization. So to sum it all up, they were all in, automation first mindset is what that was driving them. And all of those personas, all of those personal and cultural behaviors are what really helped drive that engagement to be very successful. >> Jason, we'll get your thoughts on this because again, Walter brought up last year's reference to breaking things up into modules. We look at this year's key news it's all about collections. You're seeing content is a big focus, content being not like a blog post or a media asset. Like this is content, but code is content. It's sharing. If it's being consumed by other people, there's now community. You're seeing the steam of enabling. I mean, you're looking at successes, like you guys are having with NTT DoCoMo and others. Once people realize there's a better way and success is contagious, as Walter was saying, you are now enabling new ways to do things faster at scale and all that good stuff has been go check out the keynotes. You guys talk about it all day long with the execs. But I want to learn, right? So when you enable success, people want to be a part of it. And I could imagine there's a thirst and demand for training and the playbooks and all the business models, innovations that's going on. What are you seeing for people that want to learn? Is there training? Is there certifications? Because once you get the magic formula as Walter pointed out, and we all know once people see what success looks like, they're going to want to duplicate it. So as this wave comes, it's like having the new surfboard. I want to surf that wave. So what's the update on Ansible's training, the tools, how do I learn, it's a certification of all. Just take a minute to explain what's going on. >> Yeah, so it's been a crazy world as we've talked about over the last six, seven months here, and we've really had to adapt ourselves and our training and consulting offerings to be able to support our remote delivery models. So we very, very quickly back in the March timeframe, we're able to move our consultants to a remote work force and really implement the tools and technologies to be able to still provide the same value to customers remotely as we have in person historically. And so it's actually been really great. We've been able to make a really seamless transition and actually our C-SAT net promoter scores have actually gone up over the last six months or so. So I think we've done a great job being able to still offer the same consulting capabilities remotely as we have onsite. And so that's obviously with a real personal touch working hand in hand with our customers to deliver these solutions. But from a training perspective, we've actually had to do the same thing because customers aren't onsite, they can't do in person training. We've been able to move our training offerings to completely virtual. So we're continuing to train our customers on Ansible and our other technologies through a virtual modality. And we've also been able to take all of our certifications and now offer those remotely. So as, whereas customers historically, would have had to gone into a center and get those certifications in person, they can now do those certifications remotely. So all of our training offerings and consulting offerings are now available remotely as well as they were in person in the past and will be hopefully soon enough, but it's really not-- >> You would adopt to virtual. >> Excuse me. >> You had to adopt to the virtual model quickly for trainings. >> Exactly. >> What about the community role? What's the role of the community? You guys have a very strong community. Walter pointed out the sharing aspect. Well, I pointed out he talked about the contagious people are talking. You guys have a very robust community. What's the role of community in all of this? >> Yeah, so as Walter said, we have our communities a practice that we use internally we work with customers to build communities of practice, which are very much like a centers of excellence, where people can really come together and share ideas and share best practices and be able to then leverage them more broadly. So, whereas in the past knowledge was really kept in silos, we're really helping customers to build those communities and leverage those communities to share ideas and be able to leverage the best practices that are being adopted more broadly. >> That's awesome. Yeah, break down those silos of course. Open up the data, good things will happen, a thousand flowers bloom, as we always say. Walter, I want to get your thoughts on this collection, what that enables back to learning and integrations. So if collections are going to be more pervasive and more common place the ability to integrate, we were covering for VMware world, there's a VMware module collection, I should say. What are customers doing when you integrate in cross technology parties because now obviously customers are going to have a lot of choice and options. If I'm an integration partner, it's all about Cloud native and the kinds of things we're talking about, you're going to have a lot of integration touch points. What's the most effective way for customers integrating other technology partners into Ansible? >> And this is one of the major benefits that came out of the announcement last year with the Ansible automation platform. The Anible automation platform really enables our customers to not just be able to do automation, but also be able to connect the dots or be able to connect other tools, such as other ITM SM tools or be able to connect into other parts of their workflows. And what we're finding in breaking down really quickly is two things. Collections obviously, is a huge aspect. And not just necessarily the collections but the automation service catalog is really where the value is because that's where we're placing all of these certified collections and certified content that's certified by Red Hat now that we create alongside with these vendors and they're unavailable to customers who are consuming the automation platform. And then the other component is the fact that we're now moved into a place where we now have something called the automation hub. which is very similar to galaxy, which is the online version of it. But the automation hub now is a focus area that's dedicated to a customer, where they can store their content and store those collections, not just the ones that they pull down that are certified by Red hat, but the ones that they create themselves. And the availability of this tool, not only just as a SaaS product, but now being able to have a local copy of it, which is brand new out of the press, out of the truck, feature is huge. That's something that customers have been asking for a very long time and I'm very happy that we're finally able to supply it. >> Okay, so backup for a second, rewind, fell off the truck. What does that mean? It's downloadable. You're saying that the automation hub is available locally. Is that what-- >> Yes, Sir. >> So what does that mean for the customer? What's the impact for them? >> So what that means is that previously, customers would have to connect into the internet. And the automation hub was a SaaS product, meaning it was available via the internet. You can go there, you can sync up and pull down content. And some customers prefer to have it in house. They prefer to have it inside of their firewall, within their control, not accessible through the internet. And that's just their preferences obviously for sometimes it's for compliance or business risk reasons. And now, because of that, we were able to meet that ask and be able to make a local version of it. Whereas you can actually have automation hub locally your environment, you can still sync up data that's out on the SaaS version of automation hub, but be able to bring it down locally and have it available with inside of your firewall, as well as be able to add your content and collections that you create internally to it as well. So it creates a centralized place for you to store all of your automation goodness. >> Jason, I know you got a hard stop and I want to get to you on the IBM question. Have you guys started any joint service engages with IBM? >> Yeah, so we've been delivering a lot of engagements jointly through IBM. We have a lot of joint customers and they're really looking for us to bring the best of both Red Hat services, Red Hat products, and IBM all together to deliver joint solutions. We've actually also worked with IBM global technology services to integrate Ansible into their service offerings. So they're now really leveraging the power of Ansible to drive lower cost and more innovation with our customers and our joint customers. >> I think that's going to be a nice lift for you guys. We'll get into the IBM machinery. I mean, you guys got a great offering, you always had great reviews, great community. I mean, IBM's is just going to be moving this pretty quickly through the system, I can imagine. What's some of the the feedback so far? >> Yeah, it's been great. I mean, we have so many, a large joint customers and they're helping us to get to a lot of customers that we were never able to reach before with their scale around the world. So it's been great to be able to leverage the IBM scale with the great products and services that Red Hat offers to really be able to take that more broadly and continue to drive that across customers in an accelerated pace. >> Well, Jason, I know you've got to go. We're going to stay with Walter while you drop off, but I want to ask you one final question. For the folks watching or asynchronously coming in and out of Ansible Fest 2020 this year. What is the big takeaway that you'd like to share? What is the most important thing people should pay attention to? Well, a couple things it don't have to be one thing, do top three things. what should people be paying attention to this year? And what's the most important stories that you should highlight? >> Yeah, I think there's a lot going on, this technology is moving very quickly. So I think there's a lot of great stories. I definitely take advantage of the customer use cases and hearing how other customers are leveraging Ansible for automation. And again really looking to not use it just as a tool, but really in an enterprise strategy that can really change their business and really drive cost down and increase revenues by leveraging the innovation that Ansible and automation provides. >> Jason, thank you for taking the time. Great insight. Really appreciate the commentary and hopefully we'll see you next year in person Walter. (all talking simultaneously) Walter, let's get back to you. I want to get into this use case and some of the customer feedback, love the stories. And we look, we'd love to get the new data, we'd love to hear about the new products, but again, success is contagious, you mentioned that I want to hear the use cases. So a lot of people have their ear to the ground, they look up the virtual environments, they're learning through new ways, they're looking for signals of success. So I got to ask you what are the things that you're hearing over and over again, as you guys are spinning up engagements? What are some of the patterns that are emerging that are becoming a trend in terms of what customers are consistently doing to overcome some of their challenges around automation? >> Okay, absolutely. So what we're finding is that over time that customers are raising the bar on us. And what I mean by that is that their expectations out of being able to take on tools now has completely changed and specifically when we're talking around automation. Our customers are now leading with the questions of trying to find out, well, how do we reduce our operational costs with this automation tool? Are we able to increase revenue? Are we able to really truly drive productivity and efficiency within our organization by leveraging it? And then they dovetail into, "Well, are we able to mitigate business risk, "even associated with leveraging this automation tool?" So as I mentioned, customers are up leveling what their expectations are out of the automation tools. And what I feel very confident about is that with the launch of the Ansible automation platform we're really able to be able to deliver and show our customers how they're able to get a return on their investment, how by taking part and looking at re-working their workflows how we're able to bring productivity, drive that efficiency. And by leveraging it to be able to mitigate risks you do get the benefits that they're looking for. And so that's something that I'm very happy that we were able to rise to the occasion and so far so good. >> Last year I was very motivated and very inspired by the Ansible vision and content product progress. Just the overall vibe was good, community of the product it's always been solid, but one of the things that's happening I want to get your commentary and reaction to this is that, and we've been riffing on this on theCube and inside the community is certainly automation, no brainer, machine learning automation, I mean, you can't go wrong. Who doesn't want automation? That's like saying, "I want to watch more football "and have good food and good wifi. I mean, it's good things, right? Automation is a good thing. So get that. But the business model issues you brought up ROI from the top of the ivory tower and these companies, certainly with COVID, we need to make money and have modern apps. And if you try to make that sound simple, right? X as a service, SaaS everything is a service. That's easy to say, "Hey, Walter, make everything as a service." "Got it, boss." Well, what the hell do you do? I mean, how do you make that happen? You got Amazon, you got Multicloud, you got legacy apps. You're talking about going in and re-architecting the application development process. So you need automation for the business model of everything as a service. What's your reaction to that? Because it's very complicated. It's doable. People are getting there but the Nirvana is, everything is a service. This is a huge conversation. I mean, it's really big, but what's your reaction to that when I bring that up. >> Right. And you're right, it is a huge undertaking. And you would think that with the delivery of COVID into our worlds that many organizations would probably shy away from making changes. Actually, they're doing the opposite. Like you mentioned, they're running towards automation and trying to figure out how do they optimize and be able to scale, based on this new demand that they're having, specifically new virtual demand. I'm happy you mentioned that we actually added something to the automation adoption journey to be able to combat or be able to solve for that change. And being able to take on that large ask of everything as a service, so to speak. And increment zero at the very beginning of the automation adoption journey we added something called navigate. And what navigate is, is it's a framework where we would come in and not just evaluate what they want to automate and bring that into a new workflow, but we evaluate what they already have in place, what automation they have in place, as well as the manual tasks and we go through, and we try to figure out how do you take that very complex, large thing and stream it down into something that can be first off determined as a service and made available for your organization to consume, and as well as be able to drive the business risks or be able to drive your business objectives forward. And so that exercise that we're now stepping our customers through makes a huge difference and puts it all out in front of you so that you can make decisions and decide which way you want to go taking one step at a time. >> And you know it's interesting, great insight, great comment. I think this is really where the dots are going to connect over the next few years. Everything is as a service. You got to lay the foundation. But if you really want to get this done I got to ask you the question around Ansible's ability to integrate and implement with other products. So could you give an examples of how Ansible has integrated and implemented with other Red Hat products or other types of technology vendors products? >> Right. So one example that always pops to the top of my head and I have to give a lot of credit to one of my managing architects who was leading this effort. Was the simple fact that you when you think about a mainframe, right? So now IBM is our new family member. When you think about mainframes, you think about IBM and it just so happens that there's a huge ask and demand and push around being able to automate ZOS mainframe. And IBM had already embarked on the path of determining, well, can this be done with Ansible? And as I mentioned before, my managing architect partnered up with the folks on IBM's side, so the we're bringing in Red Hat consulting, and now we have IBM and we're working together to move that idea forward of saying, "Hey, you can automate things with the mainframe." So think about it. We're in 2020 now in the midst of a new normal. And now we're thinking about and talking about automating mainframes. So that just shows how things have evolved in such a great way. And I think that that story is a very interesting one. >> It's so funny the evolution. I'm old enough to remember. I came out of college in the 80s and I would look at the old mainframe guys who were like "You guys are going to be dinosaurs." They're still around. I mean, some of the banking apps, I mean some of them are not multi threaded and all the good stuff, but they are powering, they are managing a workload, but this is the beautiful thing about Cloud. And some of the Cloud activities is that you can essentially integrate, you don't have to replace the old to bring in the new. This has been a common pattern. This is where containers, microservices, and Cloud has been a dream state because you can essentially re layer and glue it together. This is a big deal. What's your reaction to that? >> No, it's a huge deal. And the reality is, is that we need all of it. We need the legacy behaviors around infrastructure. So we need the mainframe still because they has a distinct purpose. And like you mentioned, a lot of our FSI customers that is the core of where a lot of their data and performance comes out of. And so it's not definitely not a pull out and replace. It's more of how they integrate and how can you streamline them working together to create your end to end workflow. And as you mentioned, making it available to your organizations to consume as a service. So definitely a fan of being able to integrate and add to and everything has a purpose. Is what we're coming to learn. >> Agility, the modern application, horizontal scalability, Cloud is the new data center. Walter great insights, always great to chat with you. You always got some good commentary. I want to ask you one final question. I asked Jason before he dropped off. Jason Smith, who was our guest here and hit a hard stop. What is the most important story that people should pay attention to this year at Ansible Fest? Remember it's virtual, so there's going to be a lot of content around there, people are busy, it's asynchronous consumption. What should they pay attention to from a content standpoint, maybe some community sizes or a discord group? I mean, what should people look at in this year? What should they walk away with as a key message? Take a minute to share your thoughts. >> Absolutely. Absolutely key messages is that, kind of similar to the message that we have when it comes down to the other circumstances going on in the world right now, is that we're all in this together. As an Ansible community, we need to work together, come together to be able to share what we're doing and break down those silos. So that's the overall theme. I believe we're doing that with the new. So definitely pay attention to the new features that are coming out with the Ansible automation platform. I alluded to the on-prem automation hub, that's huge. Definitely pay attention to the new content that is being released in the service catalog. There's tons of new content that focus on the ITSM and a tool. So being able to integrate and leverage those tools then the easier math model, there's a bunch of network automation advances that have been made, so definitely pay attention to that. And the last teaser, and I won't go into too much of it, 'cause I don't want to steal the thunder. But there is some distinct integrations that are going to go on with OpenShift around containers and the SQL automation platform that you definitely are going to want to pay attention to. If anyone is running OCP in their environment they definitely going to want to pay attention to this. Cause it's going to be huge. >> Private cloud is back, OpenStack is back, OCP. You got OpenShift has done really well. I mean, again, Cloud has been just a great enabler and bringing all this together for developers and certainly creating more glue, more abstractions, more automation, infrastructure is code is here. We're excited for it Walter, great insight. Great conversation. Thank you for sharing. >> No, it's my pleasure. And thank you for having me. >> I'm John Furrier with theCube, your host for theCube virtual's, part of Ansible Fest, virtual 2020 coverage. Thanks for watching. (gentle upbeat music)

>> From the SiliconANGLE Media office in Boston, Massachusetts, it's theCUBE. Now, here's your host, Dave Vellante. >> Hello, everyone, and welcome to this week's Cube Insights, powered by ETR. Today is November 8, 2019 and I'd like to address one of the most important topics in the minds of a lot of executives. I'm talking about CEOs, CIOs, Chief Information Security Officers, Boards of Directors, governments and virtually every business around the world. And that's the topic of cyber security. The state of cyber security has changed really dramatically over the last 10 years. I mean, as a cyber security observer I've always been obsessed with Stuxnet, which the broader community discovered the same year that theCUBE started in 2010. It was that milestone that opened my eyes. Think about this. It's estimated that Stuxnet cost a million dollars to create. That's it. Compare that to an F-35 fighter jet. It costs about $85-$100 million to build one. And that's on top of many billions of dollars in R&D. So Stuxnet, I mean, it hit me like a ton of bricks. That the future of war was all about cyber, not about tanks. And the barriers to entry were very, very low. Here's my point. We've gone from an era where thwarting hacktivists was our biggest cyber challenge to one where we're now fighting nation states and highly skilled organized criminals. And of course, cyber crime and monetary theft is the number one objective behind most of these security breaches that we see in the press everyday. It's estimated that by 2021 cyber crime is going to cost society $6 trillion in theft, lost productivity, recovery costs. I mean, that's just a staggeringly large number. It's even hard to fathom. Now, the other C-change is how organizations have had to respond to the bad guys. It used to be pretty simple. I got a castle and the queen is inside. We need to protect her, so what do we do? We built a mote, put it around the perimeter. Now, think of the queen as data. Well, what's happened? The queen has cloned herself a zillion times. She's left the castle. She's gone up to the sky with the clouds. She's gone to the edge of the kingdom and beyond. She's also making visits to machines and the factories and hanging out with the commoners. She's totally exposed. Listen, by 2020, there's going to be hundreds of billions of IP addresses. These are going to be endpoints and phones, TVs, cameras, tablets, automobiles, factory machines, and all these represent opportunities for the bad guys to infiltrate. This explosion of endpoints that I'm talking about is created massive exposures, and we're seeing it manifest itself in the form of phishing, malware, and of course the weaponization of social media. You know, if you think that 2016 was nuts, wait 'til you see how the 2020 presidential election plays out. And of course, there's always the threat of ransomware. It's on everybody's minds these days. So I want to try to put some of this in context and share with you some insights that we've learned from the experts on theCUBE. And then let's drill into some of the ETR data and assess the state of security, the spending patterns. We're going to try to identify some of those companies with momentum and maybe some of those that are a little bit exposed. Let me start with the macro and the challenged faced by organization and that's complexity. Here's Robert Herjavec on theCUBE. Now, you know him from the Shark Tank, but he's also a security industry executive. Herjavec told me in 2017 at the Splunk.com Conference that he thought the industry was overly complex. Let's take a look and listen. >> I think that the industry continues to be extremely complicated. There's a lot of vendors. There's a lot of products. The average Fortune 500 company has 72 security products. There's a stat that RSA this year, that there's 1500 new security start-ups every year. Every single year. How are they going to survive? And which ones do you have to buy because they're critical and provide valuable insights? And which ones are going to be around for a year or two and you're never going to hear about again? So it's a extremely challenging complex environment. >> So it's that complexity that had led people like Pat Gelsinger to say security is a do-over, and that cyber security is broken. He told me this years ago on theCUBE. And this past VM World we talked to Pat Gelsinger and remember, VMware bought Carbon Black, which is an endpoint security specialist, for $2.1 billion. And he said that he's basically creating a cloud security division to be run by Patrick Morley, who is the Carbon Black CEO. Now, many have sort of questioned and been skeptical about VMware's entrance into the space. But here's a clip that Pat Gelsinger shared with us on theCUBE this past VM World. Let's listen and we'll come back and talk about it. >> And this move in security, I am just passionate about this, and as I've said to my team, if this is the last I do in my career is I want to change security. We just not are satisfying our customers. They shouldn't put more stuff on our platforms. >> National defense issues, huge problems. >> It's just terrible. And I said, if it kills me, right, I'm going to get this done. And they says, "It might kill you, Pat." >> So this brings forth an interesting dynamic in the industry today. Specifically, Steven Smith, the CISO of AWS, at this year's Reinforce, which is their security conference, Amazon's big cloud security conference, said that this narrative that security is broken, it's just not true, he said. It's destructive and it's counterproductive. His and AWS's perspective is that the state of cloud security is actually strong. Kind of reminded me of a heavily messaged State of the Union address by the President of the United States. At the same time, in many ways, AWS is doing security over. It's coming at it from the standpoint of a clean slate called cloud and infrastructure as a surface. Here's my take. The state of security in this union is not good. Every year we spend more, we lose more, and we feel less safe. So why does AWS, the security czar, see if differently? Well, Amazon uses this notion of a shared responsibility security model. In other words, they secure the S3 buckets, maybe the EC2 infrastructure, not maybe, the EC2 infrastructure. But it's up to the customer to make sure that she is enforcing the policies and configuring systems that adhere to the EDIX of the corporation. So I think the shared security model is a bit misunderstood by a lot of people. What do I mean by that? I think sometimes people feel like well, my data's in the cloud, and AWS has better security than I do. Here I go, I'm good. Well, AWS probably does have better security than you do. Here's the problem with that. You still have all these endpoints and databases and file servers that you're managing, and that you have to make sure comply with your security policies. Even if you're all on the cloud, ultimately, you are responsible for securing your data. Let's take a listen to Katie Jenkins, the CISO of Liberty Mutual, on this topic and we'll come back. >> Yeah, so the shared responsibility model is, I think that's an important speaking point to this whole ecosystem. At the end of the day, Liberty Mutual, our duty is to protect policyholder data. It doesn't matter if it's in the cloud, if it's in our data centers, we have that duty to protect. >> It's on you. >> All right, so there you have it from a leading security practitioner. The cloud is not a silver bullet. Bad user behavior is going to trump good security every time. So unfortunately the battle goes on. And here's where it gets tricky. Security practitioners are drowning in a sea of incidents. They have to prioritize and respond to, and as you heard Robert Herjavec say, the average large company has 75 security products installed. Now, we recently talked to another CISO, Brian Lozada, and asked him what's the number one challenge for security pros. Here's what he said. >> Lack of talent. I mean, we're starving for talent. Cyber security's the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have. And in that lack of talent CISOs are starving. We're looking for the right things or tools to actually patch these holes and we just don't have it. Again, we have to force the industry to patch all of those resource gaps with innovation and automation. I think CISOs really need to start asking for more automation and innovation within their programs. >> So bottom line is we can't keep throwing humans at the problem. Can't keep throwing tools at the problem. Automation is the only way in which we're going to be able to keep up. All right, so let's pivot and dig in to some of the ETR data. First, I want to share with you what ETR is saying overall, what their narrative looks like around spending. So in the overall security space, it's pretty interesting what ETR says, and it dovetails into some of the macro trends that I've just shared with you. Let's talk about CIOs and CISOs. ETR is right on when they tell me that these executives no longer have a blank check to spend on security. They realize they can't keep throwing tools and people at the problem. They don't have the bodies, and as we heard from Brian Lozada. And so what you're seeing is a slowdown in the growth, somewhat of a slowdown, in security spending. It's still a priority. But there's less redundancy. In other words, less experimentation with new vendors and less running systems in parallel with legacy products. So there's a slowdown adoption of new tools and more replacement of legacy stuff is what we're seeing. As a result, ETR has identified this bifurcation between those vendors that are very well positioned and those that are losing wallet share. Let me just mention a few that have the momentum, and we're going to dig into this data in more detail. Palo Alto Networks, CrowdStrike, Okta, which does identity management, Cisco, who's coming at the problem from its networking strength. Microsoft, which recently announced Sentinel for Azure. These are the players, and some of them that are best positioned, I'll mention some others, from the standpoint spending momentum in the ETR dataset. Now, here's a few of those that are losing momentum. Checkpoint, SonicWall, ArcSight, Dell EMC, which is RSA, is kind of mixed. We'll talk about that a little bit. IBM, Symantec, even FireEye is seeing somewhat higher citations of decreased spending in the ETR surveys and dataset. So there's a little bit of a cause for concern. Now, let's remember the methodology here. Every quarter ETR asks are you green, meaning adopting this vendor as new or spending more? Are you neutral, which is gray, are you spending the same? Or are you red, meaning that you're spending less or retiring? You subtract the red from the green and you get what's called a net score. The higher the net score, the better. So here's a chart that shows a ranking of security players and their net scores. The bars show survey data from October '18, July '19, and October '19. In here, you see strength from CrowdStrike, Okta, Twistlock, which was acquired by Palo Alto Networks. You see Elastic, Microsoft, Illumio, the core, Palo Alto Classic, Splunk looking strong, Cisco, Fortinet, Zscaler is starting to show somewhat slowing net score momentum. Look at Carbon Black. Carbon Black is showing a meaningful drop in net score. So VMware has some work to do. But generally, the companies to the left are showing spending momentum in the ETR dataset. And I'll show another view on net score in a moment. But I want to show a chart here that shows replacement spending and decreased spending citations. Notice the yellow. That's the ETR October '19 survey of spending intentions. And the bigger the yellow bar, the more negative. So Sagar, the director of research at ETR, pointed this out to me, that, look at this. There are about a dozen companies where 20%, a fifth of the customer base is decreasing spend or ripping them out heading into the year end. So you can see SonicWall, CA, ArcSight, Symantec, Carbon Black, again, a big negative jump. IBM, same thing. Dell EMC, which is RSA, slight uptick. That's a bit of a concern. So you can see this bifurcation that ETR has been talking about for awhile. Now, here's a really interesting kind of net score. What I'm showing here is the ETR data sorted by net score, again, higher is better, and shared N, which is the number of shared accounts in the survey, essentially the number of mentions in that October survey with 1,336 IT buyers responded. So how many of that 1,300 identified these companies? So essentially it's a proxy for the size of the install base. So showing up on both charts is really good. So look, CrowdStrike has a 62% net score with a 133 shared account. So a fairly sizable install base and a very high net score. Okta, similar. Palo Alto Networks and Splunk, both large, continue to show strength. They got net scores of 44% and 313 shared N. Fortinet shows up in both. Proofpoint. Look at Microsoft and Cisco. With 521 and 385 respectively on the right hand side. So big install bases with very solid net scores. Now look at the flip side. Go down to the bottom right to IBM. 132 shared accounts with a 14.4% net score. That's very low. Check Point similarly. Same with Symantec. Again, bifurcation that ETR has been citing. Really stark in this chart. All right, so I want to wrap. In some respects from a practitioner perspective, the sky erectus is falling. You got increased attack surface. You've got exploding number of IP addresses. You got data distributed all over the place, tool creep. You got sloppy user behavior, overwork security op staff, and a scarcity of skills. And oh, by the way, we're all turning into a digital business, which is all about data. So it's a very, very dangerous time for companies. And it's somewhat chaotic. Now, chaos, of course, can mean cash for cyber security companies and investors. This is still a very vibrant space. So just by the way of comparison and looking at some of the ETR data, check this out. What I'm showing is companies in two sectors, security and storage, which I've said in previous episodes of breaking analysis, storage, and especially traditional storage disk arrays are on the back burner spending wise for many, many shops. This chart shows the number of companies in the ETR dataset with a net score greater than a specific target. So look, security has seven companies with a 49% net score or higher. Storage has one. Security has 18 above 39%. Storage has five. Security has 31 companies in the ETR dataset with a net score higher than 30%. Storage only has nine. And I like to think of 30% as kind of that the point at which you want to be above that 30%. So as you can see, relatively speaking, security is an extremely vibrant space. But in many ways it is broken. Pat Gelsinger called it a do-over and is affecting a strategy to fix it. Personally, I don't think one company can solve this problem. Certainly not VMware, or even AWS, or even Microsoft. It's too complicated, it's moving too fast. It's so lucrative for the bad guys with very low barriers to entry, as I mentioned, and as the saying goes, the good guys have to win every single day. The bad guys, they only have to win once. And those are just impossible odds. So in my view, Brian Lozada, the CISO that we interviewed, nailed it. The focus really has to be on automation. You know, we can't just keep using brute force and throwing tools at the problem. Machine intelligence and analytics are definitely going to be part of the answer. But the reality is AI is still really complicated too. How do you operationalize AI? Talk to companies trying to do that. It's very, very tricky. Talk about lack of skills, that's one area that is a real challenge. So I predict the more things change the more you're going to see this industry remain a game of perpetual whack a mole. There's certainly going to be continued consolidation, and unquestionably M&A is going to be robust in this space. So I would expect to see continued storage in the trade press of breaches. And you're going to hear scare tactics by the vendor community that want to take advantage of the train wrecks. Now, I wish I had better news for practitioners. But frankly, this is great news for investors if they can follow the trends and find the right opportunities. This is Dave Vellante for Cube Insights powered by ETR. Connect with me at David.Vellante@siliconangle.com, or @dvellante on Twitter, or please comment on what you're seeing in the marketplace in my LinkedIn post. Thanks for watching. Thank you for watching this breaking analysis. We'll see you next time. (energetic music)

>> Live, from Washington, D.C. It's theCUBE, covering the AWS Public Sector Summit 2018. Brought to you by Amazon Web Services, and its ecosystem partners. (futuristic music) >> Hey, welcome back everyone. We're live in Washington, D.C. for Amazon Web Services Public Sector Summit. This is their big show for the public sector. It's like a mini reinvent for specifically the public sector. I'm John Furrier, your host, with Stu Miniman, my co-host this segment, and Stewart Mclaurin, president of the White House Historic Association, is our guest. I heard him speak last night at a private dinner with Teresa Carlson and their top customers. Great story here, Amazon success story, but I think something more we can all relate to. Stewart, thank you for joining us and taking the time, appreciate it. >> Thanks John, it's just great to be with you. >> Okay, so let's jump into it; what's your story? You work for the White House Historical Association, which means you preserve stuff? Or, you provide access? Tell the story. >> Well, we have a great and largely untold story, and a part of our partnership with Amazon Web Services is to blow that open so more people know who we are and what we do, and have access to the White House, because it's the people's house. It doesn't belong to any one particular president; it's your house. We were founded in 1961 by First Lady Jacqueline Kennedy, who realized that the White House needed a nonprofit, nonpartisan partner. We have no government funding whatsoever, completely private. So we fund the acquisition of art, furnishings, decorative arts for the White House, if a new rug is needed, or new draperies are needed on the State Floor, or a frame needs to be regilded. We also acquire the china, the presidential and first lady portraits that are done; we fund those. But more importantly, in my view, is our education mission that Mrs. Kennedy also started, to teach and tell the stories of White House history going back to 1792, when George Washington selected that plot of land and the architect to build that house that we know today. So we unpack those stories through publications, programs, lectures, symposia, and now this new multifaceted partnership with AWS. >> Let's talk about, first of all, a great mission. This is the people's house; I love that. But it's always the secret cloak and dagger, kind of what's going on in there? The tours are not always, they're probably packed when people go through there, but the average person on the street doesn't have access. >> Sure, well, your cable news channels handle the politics and the policy of the place. We handle the building and the history, and all that's taken place there, including innovation and technology. If you think of Thomas Edison and Alexander Graham Bell, and others that evolved their early technologies through the White House, about 500,000 people get a chance to go through the White House every year. And when you think about in that small space, the president and his family lives, the president and his staff work, it's the ceremonial stage upon which our most important visitors are received, and then about 500,000 people schlep through, so you imagine 500,000 people that are going through your house, and all of that takes place. But it's very important to us for people to be able to see up close and personal, and walk through these spaces where Lincoln walked, and Roosevelt worked. >> Is that what the book you have, and share the book 'cause it's really historic, and the app that you have with Amazon, I think this is a great-- >> Sure, this is a real prize from our office. Mrs. Kennedy wanted us to teach and tell the stories of White House history, and so the first thing she wanted was a guide book, because the White House never had one. So in 1962, she published this guide book with us, and this is her actual copy. Her hands held this book. This was her copy of the book. Now, we continue to update this. It's now in its 24th edition, and each new edition has the latest renovations and updates that the latest president has added. But it's now 2018. So books are great, but we want to be able to impart this information and experience to people not only around Washington, who are going through the White House, but across the country and around the world. So this app that we've developed, you get through WHExperience at the App Store, you have three different tours. If you're walking through the White House, tours are self-guided, so unless you know what you're looking at, you don't know what you're looking at. So you can hold up an image, you can see, it brings to life for you everything that you're looking at in every room. Two other types of tours; if you're outside the White House in President's Park, it will unpack and open the doors of these rooms for you virtually, so you can see the Oval Office, and the Cabinet Room, and the Blue Room, and the Green Room. If you're around the world, there's a third tour experience, but the best part of it is, empowered by Amazon recognition technology, and it allows people to take a selfie, and it analyzes that selfie against all presidential portraits and first lady portraits, and the spatial features of your face, and it will tell you you're 47% Ronald Reagan, or 27% Jackie Kennedy, and people have a lot of fun with that part of the app. >> (laughs) That's awesome. >> Stewart, fascinating stuff. You know, when I go to a museum a lot of times, it's like, oh, the book was something you get on the way home, because maybe you couldn't take photos, or the book has beautiful photos. Can you speak a little bit about how the technology's making the tours a little bit more interactive? >> Sure, well we love books, and we'll publish six hardbound books this year on the history of the White House, and those are all available at our website, whitehousehistory.org. But the three facets of technology that we're adapting with Amazon, it's the app that I've spoken about, and that has the fun gamification element of portrait analysis, but it also takes you in a deeper depth in each room, even more so than the book does. And we can update it for seasons, like we'll update it for the Fall Garden Tour, we'll update it for the Christmas decorations, we'll update it for the Easter Egg Roll. But another part of the partnership is our digital library. We have tens of thousands of images of the White House that have literally been in a domestic freezer, frozen for decades, and with AWS, we're unpacking those and digitizing them, and it's like bringing history to life for the first time. We're seeing photographs of Kennedy, Johnson, other presidents, that haven't been seen by anybody in decades, and those are becoming available through our digital library. And then third, we're launching here a chatbot, so that through a Lex and Polly technology, AWS technology, you'll be able to go to Alexa and ask questions about White House history and the spaces in the White House, or keyboard to our website and ask those questions as well. >> It's going to open up a lot of windows to the young folks in education too. >> It is. >> It's like you're one command away; Hey, Alexa! >> It takes a one-dimensional picture off of a page, or off of a website, and it gives the user an experience of touring the White House. >> Talk about your vision around modernization. We just had a conversation with the CEO of Tellus, when we're talking about government has a modernization approach, and I think Obama really put the stake in the ground on that; former President Obama. And that means something to a lot of people, for you guys it's extending it forward. But your digital strategy is about bringing the experience digitally online from historical documents, and then going forward. So is there plans in the future, for virtual reality and augmented reality, where I can pop in and-- >> That's right. We're looking to evolve the app, and to do other things that are AR and VR focused, and keep it cool and fun, but we're here in a space that's all about the future. I was talking at this wonderful talk last night, about hundreds of thousands of people living and working on Mars, and that's really great. But we all need to remember our history and our roots. History applies to no matter what field you're in, medicine, law, technology; knowing your history, knowing the history of this house, and what it means to our country. There are billions of people around the world that know what this symbol means, this White House. And those are billions of people who will never come to our country, and certainly never visit the White House. Most of them won't even meet an American, but through this app, they'll be able to go into the doors of the White House and understand it more fully. >> Build a community around it too; is there any online social component? You guys looking around that at all? >> All of this is just launched, and so we do want to build some interactive, because it's important for us to know who these people are. One simple thing we're doing with that now, is we're asking people to socially post and tag us on these comparative pictures they take with presidents and first ladies. So there's been some fun from that. >> So Stewart, one of the things I've found interesting is your association, about 50 people, and what you were telling me off-camera, there's not a single really IT person inside there, so walk us through a little bit about how this partnership began, who helps you through all of these technical decisions, and how you do some pretty fun tech on your space. >> Unfortunately, a lot of historical organizations are a little dusty, or at least perceived to be that way. And so we want to be a first mover in this space, and an influencer of our peer institutions. Later this summer, we're convening 200 presidential sites from around the country, libraries, birthplaces, childhood homes, and we're going to share with them the experience that we've had with AWS. We'll partner or collaborate with them like we're already doing with some, like the Lincoln Library in Illinois, where we have a digitization partnership with them. So with us, it's about collaboration and partnership. We are content rich, but we are reach-challenged, and a way to extend our reach and influence is through wonderful partnerships like AWS, and so that's what we're doing. Now another thing we get with AWS is we're not just hiring an IT vendor of some type. They know our mission, they appreciate our mission, and they support our mission. Teresa Carlson was at the White House with us last Friday, and she had the app, and she was going through and looking at things, and it came to life for her in a new real and fresh way, and she'd been to the White House many times on business. >> That's great; great story. And the thing is, it's very inspirational on getting these other historic sites online. It's interesting. It's a digital library, it's a digital version. So, super good. Content rich, reach-challenged; I love that line. What else is going on? Who funds you guys? How do you make it all work? Who pays the bills? Do you guys do donations, is it philanthropy, is it-- >> We do traditional philanthropy, and we'd love for anybody to engage us in that. During the Reagan Administration in 1981, someone had the brilliant idea, now if I'd been in the room when this happened, I probably would have said, "Okay, fine, do that." But thank goodness we did, because it has funded our organization all these years. And that's the creation of the annual, official White House Christmas ornament, and we feature a different president each year sequentially so we don't have to make a political decision. This year, it's Harry Truman, and that ornament comes with a booklet, and it has elements of that ornament that talk about those years in the White House. So with Truman, it depicts the south balcony, the Truman Balcony on the south portico. The Truman seal that eventually evolved into being the Presidential Seal. On the reverse is the Truman Blue Room of the White House. So these are teaching tools, and we sell a lot of those ornaments. People collect them; once you start, you can't stop. A very traditional thing, but it's an important thing, and that's been a lifeblood. Actually, Teresa Carlson chairs our National Council on White House History. John Wood, that you just had on before me, is on our National Council on White House History. These are some of our strong financial supporters who believe in our mission, and who are collaborating it with us on innovative ways, and it's great to have them involved with us because it brings life in new ways, rather than just paper books. >> Stewart, I had a non-technical question for you. According to your mission, you also obtained pieces. I'm curious; what's the mission these days? What sort of things are you pulling in? >> Well, there's a curator in the White House. It's a government employee that actually manages the White House collection. Before President and Mrs. Kennedy came into the White House, a new president could come in and get rid of anything they wanted to, and they did. That's how they funded the new, by selling the old. That's not the case anymore. With the Kennedys, there's a White House collection, like a museum, and so we'll work with the White House and take their requests. For example, a recent acquisition was an Alma Thomas painting. Alma Thomas is the first African American female artist to have a work in the White House collection; a very important addition. And to have a work in the White House collection, the artist should be deceased and the work over 25 years old, so we're getting more of the 21st century. The great artists of the American 20th century are becoming eligible to have their works in the collection. >> Stewart, thanks so much for coming on theCUBE and sharing your story. It's good to see you speak, and thanks for the ornament we got last night. >> Sure. Well, you've teased this ornament. Everybody's going to want and need one now, so go to whitehousehistory.org. >> John, come on, you have to tell the audience who you got face matched recognition with on the app. >> So who did you get face matched with? >> I think I'm 20% James Buchanan, but you got the Gipper. >> I'm Ronald Reagan. Supply-side economics, trickle-down, what do they call it? Voodoo economics, was his famous thing? >> That's right. >> He had good hair, John. >> Well, you know, our job is to be story tellers, and thank you for letting us share a little bit of our story here today. We love to make good friends through our social channels, and I hope everyone will download this app and enjoy visiting the White House. >> We will help with the reach side and promote your mission. Love the mission, love history, love the digital convergence while preserving and maintaining the great history of the United States. And a great, good tool. It's going to open up-- >> Amazon gave us these stickers for everybody who had downloaded the app, so I'm officially giving you your downloaded app sticker to wear. Stu, this is yours. >> Thank you so much. >> Thanks guys, really appreciate it. >> Thank so much, great mission. Check out the White House-- >> Historical Association. >> Historicalassociation.org, and get the White House app, which is WHExperience on the App Store. >> That's right. >> Okay, thanks so much. Be back with more, stay with us. Live coverage here at AWS, Amazon Web Services Public Sector Summit. We'll be right back. (futuristic music)

>> Live from San Francisco, it's theCUBE. Covering DockerCon '18. Brought to you by Docker and its ecosystem partners. >> Welcome back to theCUBE. We are live in San Francisco at DockerCon 2018. I'm Lisa Martin with John Troyer on a stunning day here in San Francisco. This event draws between 5,000 and 6,000 people in only its fifth year. They did a very good job during the general session this morning, John, of having some great female leaders on stage and we're very pleased to welcome another female leader to theCUBE for the first time. Alex Qin, you are the Director of Technology at Gakko. Welcome to theCUBE. >> Thank you, thank you. It's great to be here. >> So, you're speaking here at DockerCon 2018, I want to get to that in a second, but tell us a little bit about Gakko. What do you guys do? >> Um, yeah. So we're a global education design studio based in Tokyo and New York and what we do is we put on experimental education programs and build experimental education technology that aim to reclaim the magic of learning. So, we put on summer camps, we have coding classes, music classes and we build software for early learners. >> And by early learners what age group are you talking about? >> So ages three to five. What we build is beautiful story and art driven apps for kids ages three to five to be able to spend time more thoughtfully on tablets 'cause nowadays kids are always on tablets no matter what we do and so what we want to do is create a world that they can be in, in which parents feel like, this is a good place for my child to spend time. They're learning, it's artful, it's thoughtfully built. >> Great, well Alex you are also the founder of The Code Collective. >> The Code Cooperative, yes. >> The Code Cooperative, I'm sorry. How did you get started with that and can you tell us a little bit about that as well? >> Yes, so The Code Cooperative is my passion project and I started it in 2016, the day after the presidential elections actually, and it's an organization that teaches formerly incarcerated individuals computer literacy and coding, so that they can build websites and technical solutions to the problems they've identified in the criminal justice system. >> Some examples of that might be? >> A story I love to tell is from the pilot class. I had one student who was a 65 year old man and he'd been in prison for over 20 years and so at 65, he took our class and he learned HTML, CSS and JavaScript and built a website that aims to educate visitors about the legacy of slavery and Jim Crow in the criminal justice system today. Just like an interactive quiz. Yeah, that was really cool. It was called The Criminal Injustice System. >> Nice, nice. >> What were some of the drivers that really led you to go, you know what? We've got a huge opportunity here to take some of these people who have had made some different choices and really, sort of, rehabilitate them in a way that's gonna enable tech for good. What were some of those things that you just went, we've got to do this? >> That's a good question. Well, I read the book, The New Jim Crow, which you may have heard of. It's an incredible book that really details a lot of the problems that exist today within the U.S. criminal justice system and I thought to myself, I want to learn more about the justice system and contribute positively to justice system reform, but I don't know anything about it. So what I should do is work with people who have been through the system, learn from them and empower them to highlight the issues that they see within the justice system and that's something that I think is really important. When it comes to building technology, right now the gatekeepers of tech are kind of a homogenous group and we tend to build tech solutions for the entire world, but actually the people who are best equipped to solve problems are those who have experienced them and so that's why I decided to start The Code Cooperative. >> Nice. Alex, you're talking here, you've got an interesting titled session, I'll make sure I get it right, Shaving My Head Made Me a Better Programmer. If I can connect that to the rest of the DockerCon, maybe, I mean, Docker has been very good at their whole history about developer experience, making things easier for people and I think sometimes people don't realize not only when you make things easier, you actually can bring in new audiences. Kids, prisoners, right, are able to use today's technology where 30, 40 years ago they wouldn't have had access to it because it's easier, it's more powerful, it's more ubiquitous. But sometimes we get stuck in old tropes and so I'd love for you to kind of talk a little about your talk and kind of, what you're going to be talking about here at the show. >> Sure, yes. So, my talk is called Shaving My Head Made Me a Better Programmer and it's a little bit of a misleading title, but basically it's the story of my journey though the tech industry as a minority woman. So I studied computer science and I've been a software engineer for my entire career and yet, I've encountered a lot of challenges because of my gender, because of how I present to the world and when I shaved my head, a lot of those challenges kind of disappeared because I wasn't perceived as feminine anymore and so when I realized that tech isn't the meritocracy that I thought it was, I kind of started on this new quest to make tech as diverse and inclusive as possible so that people from all backgrounds, all genders can learn to code and write code happily and safely and it's just the story of how that happened and the lessons I've learned and some tips on how to make organizations more inclusive because that's the bulk of my work now. >> So you were a C.S. major in New York? >> Yes. >> So were you always interested in STEM as a kid or was it something that you got into when you were in college? What was that sort of age that you found it really exciting and said, no matter what, even if there's very few women here, I love this, I want to do this? >> That's a great question. So I am originally from France, actually. And when I was growing up there was really little computer science education in schools, but I really wanted to be an astronaut when I got to college so I joined the engineering program at my school and I'd never coded at that point, but one of the requirements was an intro to programming class in Python. So I took it and I fell in love with it immediately and I was like, I'm majoring in computer science, this is so cool, this is the coolest thing I've ever done and as I entered the computer science world I realized, oh, there's not that many women here and actually, I'm treated very differently. So, I fell in love with it and then because I love it so much I just kind of powered through. >> Your passion is very palpable, so at any point did you feel, sort of, out of place? Going, I'm one of the only females here, or did you say, I don't care, I like this. >> Yeah, it's both. I mean, you feel out of place when there's very few people who look like you in the room. Even if you don't want to feel out of place, even if you try to pretend that's not the case, you can't help but feel that and when I was starting out and throughout my career, people didn't necessarily want to work with me, didn't believe I was a good programmer, even though I was at the top of all my classes and so even though I tried to make the most out of my experience, I couldn't really escape the stigma attached to my gender in this field. >> Alex, we're at an interesting part of our culture now, I suppose, especially online. On one hand, social media has elevated a lot of folks' voices that would not have been heard otherwise because of gatekeepers. On the other hand, we have our current online discourse, which is kind of, not very pleasant sometimes. So I am interested both kind of how you're navigating that online and then maybe as a followup, then as you work with companies, how you're working with them and what you're telling them, but in terms of online, I love Twitter and yet it frustrates me. Facebook as well, et cetera. How do you navigate that online yourself? >> That's a great question. Honestly, I have been kind of retreating from social media. I haven't really experienced too many negative interactions on social media because I'm not really a big presence there. I did kind of have a really bad experience once during a Grace Hopper conference. I tweeted something during the Male Allied panel of like, 2015, or something and that got picked up by some GamerGate writers and then a lot of people started tweeting negative things at me, but that's kind of the extent of my negative experiences online. I do think that, as you say, social media has allowed for uplifting of voices that were previously unheard, has allowed for activism to organize. There's so many positive things that come from social media and also it has a really nefarious affect on people and I think that something needs to change in terms of how these companies build their software. It needs to be safer for all people and also needs to be built more ethically. Less trying to manipulate our psyches. >> That's, I think, super important. Luckily at least that's a conversation now, right Lisa? That at least Facebook, I think eventually as a society we'll, I hope, we'll get through this and figure this out, but I don't feel like we're particularly literate with social at this point. But I did want to ask about your work with companies. You said you do talk with some companies about diversity and things like that, is there any either signs that folks are getting it right or things that you start off with as you're working, if someone asks, how do we become a more diverse workforce? >> Yeah, that's a good question. I can't really point to any companies that, I say, are doing amazing. There are some companies where I know folks are very happy. Slack is one of them, thoughtbot is another one of them. I'll say Gakko, but a few tips I generally give organizations is that you need to work to understand the problem. Why is there a lack of diversity in tech? Why is your team not diverse? Then you need to measure your data. You can't make a positive change if you don't know how much you're changing, right? So gather diversity data on your team, not just in terms of who's there, but who's in a leadership role. Who gets promoted? Who gets fired? Who's a manager? And then you need to commit. That's, I think, the place where a lot of people struggle is there's a lot of candidates who fit this, kind of, homogenous image of what a programmer is and so it can be easy sometimes to be like, well we need to hire someone right now so let's just hire this person. But in order to actually make a change you need to commit and you need to say I'm not going to compromise on the goals that we've set. >> You're absolutely right, that commitment word is exactly what's needed to drive that accountability to hold organizations up to that. I was just at VMware a couple of weeks ago in Palo Alto at the Women Transforming Technology event and we had a whole day of all talking with females in tech, which I always loved to do and theCUBE is very passionate about supporting that. The cultural change is imperative. We talk about digital transformation at every event and there's the CIO that says, hey we have to change the culture here to transform digitally, but also to start moving those numbers from, what, less than 25% of tech roles are held by women. The culture has to change. It seems like you're in a position, potentially, to actually influence the culture at these companies that you talk to about opening their eyes to commit. Does that excite you from within? >> Yes, I do talk to a lot of organizations about this, but I think the work that I do that might actually tip the scale is, basically, the education programs that I run in New York. All of my classrooms reflect the diversity of New York, both in terms of student and teacher bodies. So all of my students learn in an environment that is extremely diverse. They learn from teachers who look like them and I wish I learned to code in that way. Another important thing we teach our students is how to code as an ethical endeavor. So we teach our students to measure the ethical ramifications of their decisions when they build software so that hopefully the technologists of tomorrow, the CTO's of tomorrow they build code in a way that is best for humanity. They build code with empathy. >> Goin' back to your day job. You're working with kids. We talked about getting through social media, cultural change. Its going to depend on the next generation. So Alex, are the kids alright? Are they gonna save us? >> The kids are pretty alright. I mean, so my classroom is basically coding meets social entrepreneurship so all of our kids build an app that solves a problem they've identified in their communities and these kids are just coming up with the most beautiful solutions, like, more brilliant than any adult that I've met. I feel good about the future. >> Well, it's key to get those different perspectives and when you were saying, they're having the opportunity to code and create apps that are relevant to them that's where you can really ignite that passion. >> Exactly, that's so important >> It is important because when you're passionate about something, and we saw that on stage today with a lot of the Docker folks and Microsoft and McKesson, when you're passionate about something and really making a change, you can feel it. So it's good to hear that we're going in the right direction. Also, we're in this age, you talked about ethics, where it's essential. Because technology, we see a lot of examples where tech is not used for good and there's world leaders getting some of the leaders of tech companies together saying, I'm challenging you, make tech for good because we're seeing too much of the negative right now. How does that influence, whether it's the breaches at Equifax, or, there was a breach recently at MyHeritage, the DNA testing companies, to Cambridge Analytica. How do you see the kids, the young kids respond to that, going, that's a really poor use of tech. Are they aware of that? >> I think some kids are and in our classroom we spend some time talking about, we have discussions about, ethics of software. So that's something that's very important to us. But largely, most classrooms in the United States, no, I mean computer science education is not a standard in most classrooms in the US. In New York state, only 1% of high schoolers actually have access to any kind of computer science education and so most kids, they might hear tid bits from the T.V. or social media or something, but they're not necessarily informed enough to make one, good decisions as consumers and two, good decisions as potential technologists. So that's something that we are trying to spread and I hope other folks are also trying to work on. >> Another thing that I think is shocking is when we were at the Women Transforming Technology event just a few weeks ago at VMware in Palo Alto, they just announced with Stanford, Stanford is investing 15 million dollars into their gender research. VMware and Stanford wanting to look at what are the barriers for women in tech and minorities in tech and starting to dissolve some of those barriers. One of the things they actually had in their press release announcing this big 15 million dollar investment from VMware and Stanford is a Mckinsey report that said 20%, sorry, enterprise organizations that have females in management positions, probably executive management positions, didn't specify positions, are 20% more profitable. You just think, the numbers are saying when you have more thought diversity, you're actually going to be a more profitable organization, but I think to your point earlier, Alex, there has to be a commitment and there has to be a group within an organization that stands accountable. >> Absolutely. >> So we are thankful for you. (Alex laughs) for donating some of your time today to tell us what you're doing, it's good to hear the next generation, John, I think they got our backs. >> Alright, that's good. >> And Alex, have a great time with your very provocative session this afternoon. >> Thank you. >> We thank you so much for your time and it's really cool to hear how you're using your passion for tech for good. >> Thank you so much, it was great to be here. >> We want to thank you for watching theCUBE. I'm Lisa Martin with John Troyer. From San Francisco at DockerCon 2018. Stick around, John and I will be right back with out next guest. (upbeat music)

(instrumental electronic music) (crowd) >> Hey welcome back everybody, Jeff Frick, here with The Cube. We are live in Moscone Center, with 40,000 security experts at the RSA Conference, the biggest conference of its size, and one of the biggest tech conferences in the industry, second maybe only to Salesforce and Oracle's. So, there's a lot people here, a lot of action-- >> Absolutely. >> We're excited to be joined by the president of RSA, Rohit Ghai. Welcome. >> Thank you. Thank you. >> So first thing, kind of impressions of the show, we were here briefly last year, this thing was 34,000. This year, they're saying it's 40. >> Forty thousand, yeah. Look, RSA has the great burden and privilege of bringing the cyber security community together, and it's a true testimonial to the caliber of the people that this year we are able to attract 40,000 people. We have almost 500 plus, 550-something, I believe vendors and exhibitors. And the level of the conversation, in terms of the CEOs from different countries, the CEOs from all the mega corporations, public sector participants, the entire gamut of cyber security stakeholders are here today. >> That's an interesting kind of take because on one hand, you think there's so many people, but as a few people had mentioned earlier, really they're all here so, and on the grand scheme of things, it's not that many people. It's really this group of people-- >> Exactly. >> And they all know each other. People are all giving each other hugs, as they're walking up and down the booth, so this really is it. >> This is a community, and it's a tight-knit community. It's all the good guys and some linked together (laughing), and figured out what to do about the bad guys (laughing). >> I know, I just hope they all don't go to the bad side at the same time, we'd be in trouble. >> Absolutely. >> One of the things that comes up over and over at tech conferences specifically, and at here, too, is the ecosystem. >> Rohit: Yeah. >> Right? Nobody can do it alone-- >> Rohit: Yep. >> You've got to have an ecosystem-- >> Rohit: Yep. >> And there's a lot of conversations about sharing information-- >> Yep. >> More broadly-- >> Yep. Yep. >> More automated, faster-- >> Rohit: Yep. >> Really an important part of the strategy to fight the bad guys. >> Absolutely. In fact, that was a recurring theme from all the keynote speakers this morning, the notion of working together. The only shot we have of beating the bad guys is if we collaborate and share the information that we have, and go at it together. So, the ecosystem is super important to your point. >> Yep. So, what are some that are accounted for the people that aren't here-- >> Rohit: Yep. Kind of the key themes, some of the big announcement that RSA's make-- >> Rohit: Yeah. >> And I know the press release feed is full (laughing) this morning-- >> Rohit: Yeah. >> But what are you guys excited about for this year? >> Look, what I'm most excited about is a new approach. And here's the way I tee it up, the bad guys are getting really good, right? Every company is going digital, and digital companies are really juicy targets. We don't have enough good guys to fight on our behalf, enough trained good guys, which means we ought to bring technology to assist use, all the things like advanced, artificial intelligence, machine learning, data science, all those things have great capabilities, but the reality is we have to realize the bad guys have all the same technology that we do. So, it's not a technology problem anymore-- >> Right, right. >> We have to play to our strengths, play to our advantage, so this new approach, we call it business-driven security, which means take the security incidents and apply business context to it, enabling customers to take command of their cyber risk, and secure and protect what matters most. >> Right, right. >> So, it's a sense of prioritization, and if we do that successfully, then we are able to keep the bad guys, they're only inside the door, but we can curtail the damage and we can detect the breaches, and respond in a much more expedient manner. >> Right, always the problems within arm's race, right? Both people have the same amount of weapons, so it's how to use those weapons-- >> Rohit: It's how to use the weapons. >> More effectively. >> Absolutely. And therein the context is super important if you're going to apply business context to the way you apply that information-- >> Right. >> With those tools, that's how you win. >> Now, another theme that keeps coming up is kind of state-sponsored threats-- >> Rohit: Yep, yep. >> Which are different than, maybe, kind of commercially, or just-- >> Rohit: Yep, Yep. >> Kind of activists. >> Rohit: Yep. >> That's really changing the game because-- >> Rohit: It is. >> The resources behind those folks significantly bigger. >> Indeed. So, there's new kind of bad guys, like the nation state threat actors, and their objectives are totally different, right? Their objective is not just to steal data, but to tamper with data, and change the conversations as we saw in the case of the election-- >> Right, right. this year, the presidential elections. By tampering data you can actually shift conversations and influence outcomes, so it's a whole new ball game, in terms of the new types of threats and new types of threat actors like nation states, who are getting into the game. >> Yeah, I thought one of the interesting points that came up earlier in the keynote today-- >> Rohit: Yeah. >> I think they called it salting or spiking the algorithm-- >> Rohit: Yep. >> With intentional bad data to send the algorithm on a path, in which it really shouldn't go. >> Exactly, exactly. And the way you respond to that is, again, to back to my point around business-driven security. If you have data, and if you understand the business context around how that data ought to be used, then you're able to protect it and secure it, and make sure it doesn't get weaponized, or used against you. >> Right, right. And another theme that came up at another session I attended is kind of the unique role that companies are in versus-- >> Rohit: Yep. >> The government-- >> Rohit: Yep. >> Because even if there is state-sponsored-- >> Rohit: Yep. >> Issues going on-- >> Rohit: Yep. >> Because many of the companies, RSA included-- >> Rohit: Yeah. >> Operate globally across the number of geos. >> Yep. >> They potentially have even more data, different data, to fight the threat than any one government does on its own. >> Indeed, and this is where sharing of information is vital, and along those lines, RSA is excited to announce this year that we've joined the Cyber Threat Alliance, which is a consortium of private companies who have decided that it's not the threat intel data, it's how you use it that's going to be the differentiating factor. >> Right. >> So, in the spirit and vein of working together, we are sharing threat data with each other, so that we can respond to the bad guys. >> Right. So, give you the last word-- >> Rohit: Yeah. >> It's February 14th, Happy Valentine's Day. Start of the new year, what are some of your priorities as you look down the other road, what are we going to be talking about a year from now? >> Yeah. >> What's things that are on your plate that you're really thinking about? >> Yeah, yeah. Look, so, in the vein of Valentine's Day, I totally love cyber security (laughing). Let me say that, and in terms of what we're looking forward to. Look, RSA is in the game to innovate and set the table, and set the agenda for the cyber security market. We play the role of bringing the cyber security community together, but it's our innovation along the axis of business-driven security. We want to take that conversation, drive that into the industry because we believe that without that, we don't have a shot of beating the bad guys. >> Right. Alright, well, we're all rooting for you (laughing)-- >> Thank you. I appreciate that. >> And everybody else in this building, alright. >> I appreciate that. Thanks. >> He's Rohit. I'm Jeff. You're watching The Cube, live from RSA 2017, in downtown San Francisco. Thanks for watching. >> Thank you. (instrumental electronic music) (upbeat instrumental music)