>>All we're back. We're wrapping up day two at Falcon 22 from the area in Las Vegas, CrowdStrike CrowdStrike. The action is crazy. Second day, a keynotes. Sean Henry is back. He's the chief security officer at CrowdStrike. He did a keynote today. Sean. Good to see you. Thanks for coming >>Back. Good. See you, Dave. Thanks for having me. >>So, unfortunately, I wasn't able to see your keynote cuz I had to come do cube interviews. You interviewed Kimbo Walden from, from, you know, white house, right? >>National cyber security >>Director. We're gonna talk about that. We're gonna talk about Overwatch, your threat hunting report. I want to share the results with our audience, but start with your, well actually start with the event. We're now in day two, you've had a good chance to talk to customers and partners. What are, what are your observations? Yeah, >>It's first of all, it's been an amazing event over 2200 attendees here. It's really taking top three floors at the area hotel and we've got partners and customers, employees, and to see the excitement and the level of collaboration here is absolutely phenomenal. All these different organizations that are each have a piece of cyber security to see them coming together, all in support of how do you stop breaches? How do you work together to do it? It's really been absolutely phenomenal. You're >>Gonna love the collaboration. We kind of talked about this on our earlier segment is the industry has to do a better job and has been doing a better job. You know, I think you and Kevin laid that out pretty well. So tell me about the interview with the fireside chat with Kimba. What was that like? What topics came up? >>Yeah. Kimba is the principal, deputy national cyber security advisor. She's been there for just four months. She spent over 10 years at DHS, but she most recently came from the private sector in cybersecurity. So she's got that the experience as a private sector expert, as well as a public sector expert and to see her come together in that position. It was great. We talked a lot about some of the strategies the white house is looking to put forth in their new cybersecurity strategy. There was recently an executive order, right? That the, the president put forth that talks about a lot of the things that we're doing here. So for example, the executive order talks about a lot of the legacy type of capabilities being put to pasture and about the government embracing cloud, embracing threat, hunting, embracing EDR, embracing zero trust and identity protection. Those are all the things that the private sector has been moving towards over the last year or two. That's what this is all about here. But to see the white house put that out, that all government agencies will now be embracing that I think it puts them on a much shorter footing and it allows the government to be able to identify vulnerabilities before they get exploited. It allows them to much more quickly identify, have visibility and respond to, to threats. So the government in infrastructure will be safer. And it was really nice to hear her talk about that and about how the private sector can work with the government. >>So you know how this works, you know, having been in the bureau. But so it's the, these executive orders. A lot of times people think, oh, it's just symbolic. And there are a couple of aspects of it. One is president Biden really impressed upon the private sector to, you know, amp it up to, to really focus and do a better job. But also as you pointed out that executive order can adjudicate what government agencies must do must prioritize. So it's more than symbolic. It's actually taking action. Isn't >>It? Yeah. I, I, I think it, I think it's both. I think it's important for the government to lead in this area because while a, a large portion of infrastructure, major companies, they understand this, there is still a whole section of private sector organizations that don't understand this and to see the white house, roll it out. I think that's good leadership and that is symbolic. But then to your second point to mandate that government agencies do this, it really pushes those. That might be a bit reluctant. It pushes them forward. And I think this is the, the, the type of action that as it starts to roll out and people become more comfortable and they start to see the successes. They understand that they're becoming safer, that they're reducing risk. It really is kind of a self-fulfilling prophecy and we see things become much safer. Did, >>Did you guys talk about Ukraine? Was that, was that off limits or did that come up at all? >>It wasn't, it wasn't off limits, but we didn't talk about it because there are so many other things we were discussing. We were talking about this, the cyber security workforce, for example, and the huge gap in the number of people who have the expertise, the capability and the, and the opportunities to them to come into cyber security technology broadly, but then cyber security as a sub sub component of that. And some of the programs, they just had a big cyber workforce strategy. They invited a lot of people from the private sector to have this conversation about how do you focus on stem? How do you get younger people? How do you get women involved? So getting maybe perhaps to the untapped individuals that would step forward and be an important stop gap and an important component to this dearth of talent and it's absolutely needed. So that was, was one thing. There were a number of other things. Yeah. >>So I mean, pre pandemic, I thought the number was 350,000 open cybersecurity jobs. I heard a number yesterday just in the us. And you might have even told me this 7, 7 50. So it's doubled in just free to post isolation economy. I don't know what the stats are, but too big. Well, as a, as a CSO, how much can automation do to, to close that gap? You know, we were talking earlier on the cube about, you gotta keep the humans in the loop, you, you, the, the, the, the Nirvana of the machines will just take care of everything is just probably not gonna happen anytime in the near term, even midterm or long term, but, but, but how can automation play and help close that gap? So >>The, the automation piece is, is what allows this to scale. You know, if we had one company with a hundred endpoints and we had a couple of folks there, you could do it with humans. A lot of it when you're talking about hundreds of millions of endpoints spread around the globe, you're talking about literally trillions of events every week that are being identified, evaluated and determined whether they're malicious or not. You have to have automation and to have using the cloud, using AI, using machine learning, to sort through, and really look for the malicious needle in a stack of needle. So you've gotta get that fidelity, that fine tune review. And you can only do that with automation. What you gotta remember, Dave, is that there's a human being at the end of every one of these attacks. So we've got the bad guys, have humans there, they're using the technology to scale. We're using the technology to scale to detect them. But then when you get down to the really malicious activity, having human beings involved is gonna take it to another level and allow you to eradicate the adversaries from the environment. >>Okay. So they'll use machines to knock on the door when that door gets opened and they're in, and they're saying, okay, where do we go from here? And they're directing strategy. Absolutely. I, I spent, I think gave me a sta I, I wonder if I wrote it down correctly, 2 trillion events per day. Yeah. That you guys see is that I write that down. Right? >>You did. It changes just like the number of jobs. It changes when I started talking about this just a, a year and a half ago, it was a billion a day. And when you look at how it's multiplied exponentially, and that will continue because of the number of applications, because of the number of devices as that gets bigger, the number of events gets bigger. And that's one of the problems that we have here is the spread of the network. The vulnerability, the environment is getting bigger and bigger and bigger as it gets bigger, more opportunities for bad guys to exploit vulnerabilities. >>Yeah. And we, we were talking earlier about IOT and extending, you know, that, that threats surface as well, talk about the Overwatch threat hunting report. What is that? How, how often have you run it? And I'd love to get into some of the results. Yeah. >>So Overwatch is a service that we offer where we have 24 by seven threat hunters that are operating in our customer environments. They're hunting, looking for, looking for malicious activity, malicious behavior. And to the point you just made earlier, where we use automation to sort out and filter what is clearly bad. When an adversary does get what we call fingers on the keyboard. So they're in the box and now a human being, they get a hit on their automated attack. They get a hit that, Hey, we're in, it's kind of the equivalent of looking at the Bober while you're fishing. Yeah. When you see the barber move, then the fisherman jumps up from his nap and starts to reel it in similar. They jump on the keyboard fingers on the keyboard. Our Overwatch team is detecting them very, very quickly. So we found 77,000 potential intrusions this past year in 2021, up to the end of June one, one every seven minutes from those detections. >>When we saw these detections, we were able to identify unusual adversary behavior that we'd not necessar necessarily seen before we call it indicators of attack. What does that mean? It means we're seeing an adversary, taking a new action, using a new tactic. Our Overwatch team can take that from watching it to human beings. They take it, they give it to our, our engineering team and they can write detections, which now become automated, right? So you have, you have all the automation that filters out all the bad stuff. One gets through a bad guy, jumps up, he's on the keyboard. And now he's starting to execute commands on the system. Our team sees that pulls those commands out. They're unusual. We've not seen 'em before we give it to our engineering team. They write detections that now all become automated. So because of that, we stopped over with the 77,000 attacks that we identified. We stopped over a million new attacks that would've come in and exploited a network. So it really is kind of a big circle where you've got human beings and intelligence and technology, all working together to make the system smarter, to make the people smarter and make the customers safer. And you're >>Seeing new IAS pop up all the time, and you're able to identify those and, and codify 'em. Now you've announced at reinforced, I, I, in July in Boston, you announced the threat hunting service, which is also, I think, part of your you're the president as well of that services division, right? So how's that going? What >>What's happening there? What we announced. So we've the Overwatch team has been involved working in customer environments and working on the back end in our cloud for many years. What we've announced is this cloud hunting, where, because of the adoption of the cloud and the movement to the cloud of so many organizations, they're pushing data to the cloud, but we're seeing adversaries really ramp up their attacks against the cloud. So we're hunting in Google cloud in Microsoft Azure cloud in AWS, looking for anomalous behavior, very similar to what we do in customer environments, looking for anomalous behavior, looking for credential exploitation, looking for lateral movement. And we are having a great success there because as that target space increases, there's a much greater need for customers to ensure that it's protected. So >>The cloud obviously is very secure. You got some of the best experts in the planet inside of hyperscale companies. So, and whether it's physical security or logical security, they're obviously, you know, doing a good job is the weakness, the seams between where the cloud provider leaves off and the customer has to take over that shared responsibility model, you know, misconfiguring and S3 bucket is the, you know, the common one, but I'm so there like a zillion others, where's that weakness. Yeah. >>That, that's exactly right. We see, we see oftentimes the it piece enabling the cloud piece and there's a connectivity there, and there is a seam there. Sometimes we also see misconfiguration, and these are some of the things that our, our cloud hunters will find. They'll identify again, the equivalent of, of walking down the hallway and seeing a door that's unlocked, making sure it's locked before it gets exploited. So they may see active exploitation, which they're negating, but they also are able to help identify vulnerabilities prior to them getting exploited. And, you know, the ability for organizations to successfully manage their infrastructure is a really critical part of this. It's not always malicious actors. It's identifying where the infrastructure can be shored up, make it more resilient so that you can prevent some of these attacks from happening. I >>Heard, heard this week earlier, something I hadn't heard before, but it makes a lot of sense, you know, patch Tuesday means hack Wednesday. And, and so I, I presume that the, the companies releasing patches is like a signal to the bad guys that Hey, you know, free for all go because people aren't necessarily gonna patch. And then the solar winds customers are now circumspect about patches. The very patches that are supposed to protect us with the solar winds hack were the cause of the malware getting in and, you know, reforming, et cetera. So that's a complicated equation. Yeah. >>It, it certainly is a couple, couple parts there to unwind. First, when you, you think about patch Tuesday, there are adversaries often, not always that are already exploiting some of those vulnerabilities in the wild. So it's a zero day. It's not yet been patched in some cases hasn't yet been identified. So you've got people who are actively exploiting. It we've found zero days in the course of our threat hunting. We report them in a, in a, in a responsible way. We've gone to Microsoft. We've told them a couple times in the last few months that we found a zero day and give them an opportunity to patch that before anybody goes public with it, because absolutely right when it does go public, those that didn't know about it before recognize that there will be millions of devices depending on the, the vulnerability that are out there and exploitable. And they will absolutely, it will tell everybody that you can now go to this particular place. And there's an opportunity to gain access, to exploit privileges, depending on the criticality of the patch. >>I, I don't, I, I don't, I'm sorry to generalize, but I wanna ask you about the hacker mindset. Let's say that what you just described a narrow set of hackers knows that there's an unpatched, you know, vulnerability, and they're making money off of that. Will they keep that to themselves? Will they share that with other folks in the net? Will they sell that information? Or is it, is it one of those? It depends. It, >>I was just gonna say, it depends you, you beat me to it. It absolutely depends. All of, all of the above would be the answer. We certainly see organ now a nation state for example, would absolutely keep that to themselves. Yeah. Right. Their goal is very different from an organized crime group, which might sell access. And we see them all the time in the underground selling access. That's how they make money nation states. They want to keep a zero day to themselves. It's something they're able to exploit in some cases for months or years, that that, that vulnerability goes undetected. But a nation state is aware of it and exploiting it. It's a, it's a dangerous game. And it just, I think, exemplifies the importance of ensuring that you're doing everything you can to patch in a timely matter. Well, >>Sean, we appreciate the work that you've done in your previous role and continuing to advance education, knowledge and protection in our industry. Thank you for coming on >>You. Thank you for having me. This is a fantastic event. Really appreciate you being here and helping to educate folks. Yeah. >>You guys do do a great job. Awesome. Set that you built and look forward to future events with you guys. My >>Friends. Thanks so much, Dave. Yeah. Thank >>You. Bye now. All right. Appreciate it. All right, keep it right there. We're gonna wrap up in a moment. Live from Falcon 22. You're watching the cube.

>>Welcome back to the cubes coverage of ADA reinvent 2021 here, the cube coverage. I'm Judd for a, your host we're on the ground with two sets on the floor, real event. Of course, it's hybrid. It's online as well. You can check it out there. All the on-demand replays are there. We're here with Sandy Carter, worldwide vice president, public sector partners and programs. And we've got Fred Swanick, her founder, and chief curator of the room. We're talking about getting the best talent programming and in the cloud, doing great things, innovation all happening, Sandy. Great to see you. Thanks for coming on the cube, but appreciate it. Thanks for halfway to see. Okay. So tell us about the room. What is the room what's going on? >>Um, well, I mentioned in the room is to help the world's most extraordinary do us to fulfill their potential. So, um, it's a community of exceptional talent that we are building throughout the world, um, and connecting this talent to each other and connecting them to the organizations that are looking for people who can really move the needle for those organizations. >>So what kind of results are you guys seeing right now? Give us some stats. >>Well, it's a, it's a relatively new concept. So we're about 5,000 members so far, um, from 77 different countries. Um, and this is, you know, we're talking about sort of the top two to 3% of talent in different fields. Um, and, um, as we go forward, you know, we're really looking, seeing this as an opportunity to curate, um, exceptional talent. Um, and it feels like software engineering, data science, UX, UI design, cloud computing, um, and, uh, it really helped to, um, identify diverse talent as well from pockets that have typically been untapped for technology. Okay. >>I want to ask you kind of, what's the, how you read the tea leaves. How do I spot the talent, but first talk about the relationship with Amazon. What's the program together? How you guys working together? It's a great mission. I mean, we need more people anyway, coding everywhere, globally. What's the AWS connection. >>So Fred and I met and, uh, he had this, I mean the brilliant concept of the room. And so, uh, obviously you need to run that on the cloud. And so he's got organizations he's working at connecting them through the room and kind of that piece that he was needing was the technology. So we stepped in to help him with the technology piece because he's got all the subject matter expertise to train 3 million Africans, um, coming up on tech, we also were able to provide him some of the classwork as well for the cloud computing models. So some of those certs and things that we want to get out into the marketplace as well, we're also helping Fred with that as well. So >>I mean, want to, just to add onto that, you know, one of the things that's unique about the room is that we're trying to really build a long-term relationship with talent. So imagine joining the room as a 20 year old and being part of it until you're 60. So you're going to have a lot of that. You collect on someone as they progress through different stages of their career and the ability for us to leverage that data, um, and continuously learn about someone's, you know, skills and values and use, um, predictive algorithms to be able to match them to the right opportunities at the right time of their lives. And this is where the machine learning comes in and the, you know, the data lake that we're building to build to really store this massive data that we're going to be building on the top talent to the world. >>You know, that's a really good point. It's a list that's like big trend in tech where it's, it's still it's over the life's life of the horizon of the person. And it's also blends community, exactly nurturing, identifying, and assisting. But at the same day, not just giving people the answer, they got to grow on their own, but some people grow differently. So again, progressions are nonlinear sometimes and creativity can come out of nowhere. Got it. Uh, which brings me up to my number one question, because this always was on my mind is how do you spot talent? What's the secret sauce? >>Well, there is no real secret source because every person is unique. So what we look for are people who have an extra dose of five things, courage, passion, resilience, imagination, and good values, right? And this is what we're looking for. And you will someone who is unusually driven to achieve great things. Um, so of course, you know, you look at it from a combination of their, their training, you know, what they, what they've learned, but also what they've actually done in the workplace and feedback that you get from previous employers and data that we collect through our own interactions with this person. Um, and so we screened them through, you know, with the town that we had, didn't fly, we take them through really rigorous selection process. So, um, it takes, uh, for example, people go through an online assessments and then they go through an in-person interview and then we'll take them through a one to three month bootcamp to really identify, you know, people who are exceptional and of course get data from different sources about the person as well. >>Sandy, how do you see this collaboration helping, uh, your other clients? I mean, obviously talent, cross pollinates, um, learnings, what's your, you see this level of >>It has, uh, you know, AWS grows, obviously we're going to need more talent, especially in Africa because we're growing so rapidly there and there's going to be so much talent available in Africa here in just a few short years. Most of the tech talent will be in Africa. I think that that's really essential, but also as looking after my partners, I had Fred today on the keynote explaining to all my partners around the world, 55,000 streaming folks, how they can also leverage the room to fill some of their roles as well. Because if you think about it, you know, we heard from Presidio there's 3 million open cyber security roles. Um, you know, we're training 20 of mine million cloud folks because we have a gap. We see a gap around the world. And part of my responsibility with partners is making sure that they can get access to the right skills. And we're counting on the room and what Fred has produced to produce some of those great skills. You have AI, AML and dev ops. Tell us some of the areas you haven't. >>You know, we're looking at, uh, business intelligence, data science, um, full-stack software engineering, cybersecurity, um, you know, IOT talent. So fields that, um, the world needs a lot more talented. And I think today, a lot of technology, um, talent is moving from one place to another and what we need is new supply. And so what the room is doing is not only a community of top 10, but we're actually producing and training a lot more new talent. And that was going to hopefully, uh, remove a key bottleneck that a lot of companies are facing today as they try to undergo the digital trends. >>Well, maybe you can add some hosts on there. We need some cube hosts, come on, always looking for more talent on the set. You could be there. >>Yeah. The other interesting thing, John, Fred and I on stage today, he was talking about how easy to the first narrative written for easy to was written by a gentleman out of South Africa. So think about that right. ECE to talent. And he was talking about Ian Musk is based, you know, south African, right? So think about all the great talent that exists. There. There you go. There you go. So how do you get access to that talent? And that's why we're so excited to partner with Fred. Not only is he wicked impressive when a time's most influential people, but his mission, his life purpose has really been to develop this great talent. And for us, that gets us really excited because we, yeah, >>I think there's plenty of opportunities to around new business models in the U S for instance, um, my friends started upstart, which they were betting on people almost like a stock market. You know, almost like currency will fund you and you pay us back. And there's all kinds of gamification techniques that you can start to weave into the system. Exactly. As you get the flywheel going, exactly, you can look at it holistically and say, Hey, how do we get more people in and harvest the value of knowledge? >>That's exactly. I mean, one of the elements of the technology platform that we developed to the Amazon with AWS is the room intelligence platform. And in there is something called legacy points. So every time you, as a member of the room, give someone else an opportunity. You invest in their venture, you hire them, you mentor them, you get points and you can leverage those points for some really cool experiences, right? So you want to game-ify um, this community that is, uh, you know, essentially crowdsourcing opportunities. And you're not only getting things from the room, but you're also giving to others to enable everyone to grow. >>Yeah, what's the coolest thing you've seen. And this is a great initiative. First of all, it's a great model. I think it's, this is the future. Cause I'm a big believer that communities groups, as we get into this hybrid world is going to open up the virtualization. What the virtual world has shown us is virtualization, which is a cloud technology when Amazon started with Zen, which is virtualization technology, but virtualization, conceptually is replicating things. So if you think hybrid world, you can blend the connect people together. So now you have this social construct, this connective tissue between relationships, and it's always evolving, you know, this and you've been involved in community from, from, from the early days when you have that social evolution, it's not software as a mechanism. It's a human thing. Exactly. It's organism, it evolves. And so if you can get the software to think like that and the group to drive the behavior, it's not community software. >>Exactly. I mean, we say that the room is not an online community. It's really an offline community powered by technology. So our vision is to actually have physical rooms in different cities around the world, whether it's talent gathers, but imagine showing up at a, at a room space and we've got the technology to know what your interests are. We know that you're working on a new venture and there's this, there's a venture capitalists in that area, investing that venture, we can connect you right then that space powered by the, >>And then you can have watch parties. For instance, there's an event going on in us. You can do some watch parties and time shifted and then re replicated online and create a localization, but yet have that connection in >>Present. Exactly, exactly. Exactly. So what are the >>Learnings, what's your big learning share with the audience? What you've learned, because this is really kind of on the front edge of the new kind of innovation we're seeing, being enabled with software. >>I mean, one thing we're learning is that, uh, talent is truly, uh, evenly distribute around the world, but what is not as opportunity. And so, um, there's some truly exceptional talent that is hidden and on tap today. And if we can, you know, and, and today with the COVID pandemic companies or around the world, a lot more open to hiring more talent. So there's a huge opportunity to access new talent from, from sources that haven't been tapped before. Well, but also learnings the power of blending, the online and offline world. So, um, you know, the room is, as I mentioned, brings people together, normally in line, but also offline. And so when you're able to meet talent and actually see someone's personality and get a sense of the culture fit the 360 degree for your foot, some of that, you can't just get on a LinkedIn. Yes. That I built it to make a decision, to hire someone who is much better. And finally, we're also learning about the importance of long-term relationships. One of my motives in the room is relationships not transactions where, um, you actually get to meet someone in an environment where they're not pretending in an interview and you get to really see who they are and build relationships with them before you need to hide them. And these are some really unique ways that we think we can redefine how talent finds opportunity in the 21st. So >>You can put a cube in every room, we pick >>You up because, >>And the cube, what we do here is that when people collaborate, whether they're doing an interview together, riffing and sharing content is creating knowledge, but that shared experience creates a bonding. So when you have that kind of mindset and this room concept where it's not just resume, get a job, see you later, it's learning, having peers and colleagues and people around you, and then seeing them in a journey, multiple laps around the track of humans >>And going through a career, not just a job. >>Yes, exactly. And then, and then celebrating the ups and downs in learning. It's not always roses, as you know, it's always pain before you accelerate. >>Exactly. And you never quite arrive at your destination. You're always growing, and this is where technology can really play. >>Okay. So super exciting. Where's this go next, Sandy. And next couple of minutes left in. >>So, um, one of the things that we've envisioned, so this is not done yet, but, um, Fred and I imagined like, what if you could have an Alexa set up and you could say, Hey, you know, Alexa, what should be my next job? Or how should I go train? Or I'm really interested in being on a Ted talk. What could I do having an Alexa skill might be a really cool thing to do. And with the great funding that Fred Scott and you should talk about the $400 million to that, he's already raised $400 million. I mean, there, I think the sky's the limit on platforms. Like >>That's a nice chunk of change. There it is. We've got some fat financing as they say, >>But, well, it's a big mission. So to request significant resources, >>Who's backing you guys. What's the, who's the, where's the money coming from? >>It's coming from, um, the MasterCard foundation. They, our biggest funder, um, as well as, um, some philanthropists, um, and essentially these are people who truly see the potential, uh, to unlock, um, opportunity for millions of people global >>For Glen, a global scale. The vision has global >>Executive starting in Africa, but truly global. Our vision is eventually to have a community of about 10 to 20 million of the most extraordinary doers in the world, in this community, and to connect them to opportunity >>Angela and diverse John. I mean, this is the other thing that gets me excited because innovation comes from diversity of thought and given the community, we'll have so many diverse individuals in it that are going to get trained and mentored to create something that is amazing for their career as well. That really gets me excited too, as well as Amazon website, >>Smart people, and yet identifying the fresh voices and the fresh minds that come with it, all that that comes together, >>The social capital that they need to really accelerate their impact. >>Then you read the room and then you get wherever you need. Thanks so much. Congratulations on your great mission. Love the room. Um, you need to be the in Cuban, every room, you gotta get those fresh voices out there. See any graduates on a great project, super exciting. And SageMaker, AI's all part of, it's all kind of, it's a cool wave. It's fun. Can I join? Can I play? I tell you I need a room. >>I think he's top talent. >>Thanks so much for coming. I really appreciate your insight. Great stuff here, bringing you all the action and knowledge and insight here at re-invent with the cube two sets on the floor. It's a hybrid event. We're in person in Las Vegas for a real event. I'm John ferry with the cube, the leader in global tech coverage. Thanks for watching.