>> Live from Boston, Massachusetts, it's the Cube. Covering AWS re:Inforce 2019. Brought to you by Amazon Web services and its ecosystem partners. >> Okay, welcome back everyone. It's the Cube's live coverage in Boston, Massachusetts for Amazon Webster's AWS re:Inforce: their first inaugural conference around security, cloud security. I'm John Furrier with my host Dave Vellante. If you're talking about security, you can not talk about cybersecurity, how it impacts government, society and commercial. We've got two great guests here from Telos, leader in cyber out of D.C. AJ Turcot, business development, and Tom Ryder, VP of commercial sales at Telos. Great to see you guys. Welcome to the Cube. >> Thank you, John- (A.J. talks over) >> Thanks, John, great to be here. >> I've been intrigued by Telos over the years. One, great company you guys, so congratulations. John Wood is phenomenal CEO. He's been hanging around for a long, long time. He's seen many cyber waves in security. You guys have a lot of experience. Now, we're talking about modernization of government. A week and a half ago we were at AWS Public Sector Summit which is this show in DC with Theresa Carlson's team. That's all about modernizing government, public sector, procurement, modernization in technology cloud. Here, the security conference feels the same kind of vibe for security. Not so much modernization but kind of level up, get faster, get better, get stronger. You know, everything's great, now lets go do it. So, similar kind of experience. You guys are in the middle of both those worlds. >> Yes. >> What's your impression? Are these coming together? Are they two separate? What's your impression of the show? >> Uh. It's, security is job zero. People have been saying that for a long time. The rubber's meeting the road now. You can see, this is, this wouldn't have been this big years ago. So, we're happy to be here and be part of this. Our company has been focused on cybersecurity since the word 'go'. And we're definitely seeing you can't do modernization without baking security in. Everybody gets it. It's not a bow tie any more. Wouldn't you say? >> Absolutely and it goes from the software development of the life cycle all the way up the stack. Little anecdote, John has been around for a long time. He's actually in the, and he'll hate me for saying this, but he's the longest standing CEO of a company in Virginia right now at 25 years. (laughter) We've been around for a long time. We understand cyber security and we've seen it morph as the various platforms have evolved. But, definitely a great show. A lot of vendors: some new, some old. We meet some friends that were with one that are now with another. And asking them why they changed and they say, "Well, the old school and the new school, different methodologies, different ways to approach it." But the problem fundamentally stays the same. >> Everyone else uses the old guard, uses the term 'old guard, new guard.' That's Jazzy and Theresa's word. But it really is about the transformation of that all companies are becoming security companies. They say that about media. All companies are becoming media companies. You inherently have in this horizontal impact of security. It used to be that this firms does security. You hire them and they come in, they do the job. But now, to where you got to bake it in, you start to see the brands: Microsoft, all these brands that were once software companies in general purpose areas really getting deeper into security. And then companies themselves like Capital One, Liberty Mutual, they're building out. >> Right. >> And potentially now turning it from a cost center to a revenue center. So, the model's upside down right now in a good way. What's that doing to the industry? And do you believe that it's happening then too? What do you see happening? >> The challenge in front of us right now is security has to keep up the pace and the scale of the cloud and the modern world. I know that we've had to change our tunes in our product suite to be able to, you know, test and demonstrate compliance at pace and at scale. Otherwise, you're just slowing down development. I mean, the real beauty of the cloud is, uh, the speed at which you can fail, recover, get the feedback loop, move forward and security's now at that pace and I think you'll see around here the companies that are offering that, not just a new coat of paint on a traditional offering are going to excel in this space. >> Well, this is why I like what you guys do because you talk to practitioners. They say their number one challenge is how to keep up with that pace. I mean, you could talk to one person at Amazon and no one person knows all the services or they think 'Oh, Amazon doesn't have that or oh, yes they do have that." So, having a partner like you guys to help navigate that pace of change is critical. So, how have you made that, you know, a tailwind for you guys. And what are customers telling you that they need help with? >> Uh, what we, our end of it, the piece of the elephant we touch, >> Yeah. is, um, the customers are allowed to use the cloud. They're encouraged to use the cloud. They're going to school to get trained and certified. But you can't go at this pace unless you are authorized. Right? You need permission. Nobody's allowed to put in the plug without their permission. And that's where our end of it is. And we've had to really retool to go at this cloud pace. I've been at Telos for over nineteen years and it's exciting now. And when we had the opportunity to go into the commercial side of things, I really lept at that because we're now building, you know, as I said, tooling out to keep at this pace of 'how do I test? Don't be a detractor. Don't be a slower-downer.' and, you know, it's the way we got to be. >> Take a minute to explain your product offerings for the commercial sector. What are you guys offering? What's the value proposition? >> Sure, um, our product suite is called Exacta. It's a mature product in the fed space. It's been around for nineteen years. And it's in very wide use in the fed space to operationalize their assessment and authorization: the NIST risk management framework. We're now seeing NIST cybersecurity standards are getting a lot of traction in spaces outside the fed. If you're a software company like we see around here, you want to business in the fed, you got to get a fed ramp authorization. Exacta's tooled to do that now. We're seeing state and local government embracing NIST cybersecurity standards. The defense industrial base has NIST 800-171. It's built into the defense acquisition regulations. You need to corporately meet these security controls. So, you know, it's not just for an agency on its own anymore. Everyone's getting in the game. >> So those standards are moving to commercial? >> Yes. >> You guys were baked out, bulletproof hardened product you're bringing that into commercial? >> And I would say if you take spreadsheets off the table, Exacta is the number one NIST cybersecurity automation and management platform. >> Yes. >> Spreadsheets will always be number one. It's like- >> Spread sheets are dead sheets >> Other than the pie chart. (mumbling) >> Right, right. >> So, you know, it used to be, and I'm wondering if it still is, the public sector would look to the commercial for sort of best practice, they might be a little slower to adopt things, and there's certainly examples of that today. You see Theresa at public sector announces something that maybe Amazon announced a year ago and now it's available public sector. But the cloud feels a little bit different. You've had cloud first mandates, things like Jedi. Is that trend changing? You just sort of gave us an example where certification's bringing that up to commercial, Is there still a wide gap between commercial adoption and public sector adoption? >> Well, I think one thing that we see is a lot of commercial or government entities built data centers because they had to. Right? Now, you see entities that have, you know, big robust data center infrastructure, they like what they do in there but not necessarily keeping up that data center. So, they're looking, they're all going to the cloud in varying degrees of speed. But nobody wants to be in the data center business like they used to. >> Charles Phillips from Infor says, 'friends don't let friends build data centers." >> Data centers, right. (laughter) >> That's right. AJ, how about some customer use cases and examples where you guys are helping them? What's their challenge? Give us some real-world experiences. >> Sure, sure. So, one of the industries that's highly regulated is financial industry. And, you know, we talk about healthcare with HIPAA, and different regulations. But in financials, they're really hit from regulatory bodies throughout the country. And they can change from state to state and a lot of times it just piles on top. So, one of the main issues that these companies face is audit fatigue. Internal audit teams to make sure they're compliant, external audit requests that come in, and they're really looking for a way to reduce this audit fatigue. One of the ways of doing it is to operationalize as we do with out tool, the systems internally to make sure that you can be compliant and, I'll throw out a phrase here, we believe strongly that you apply good cybersecurity hygiene, a byproduct of that will be compliance. So if foundationally things are good and you're taken care of cybersecurity from the get go, you know, you might have to tweak a few things to demonstrate compliance but you will be able to comply to many different regulatory products. >> So being built in from the beginning. >> Being baked in, right. So, what this particular organization, they've been around for a hundred years, they're in the financial sector, they've got a lot of regulations and state to state, as I mentioned, are different, they were really looking, and they use all the tools, they've got them all. They have data centers. They have one of the largest networks outside of the defense in the country. So they're quite big. And they were really feeling this audit fatigue. Eight hundred auditors working day in and day out to get, to meet these requirements are thrown at them. We're able to help them take the process from months to weeks. So, just there, there's an economy of time as well. So, the resources can really go off and do what their mission is without having to, you know, daily deal with the grind of going through spreadsheets, for example. >> Yeah. >> And the different systems. >> Do you, do you discern any patterns in terms of can you get more specific on what they're doing with that freed up budget or the digital transformation. Are they developing apps? Are they retraining people? How, how are they dealing with that? >> Sure. In this particular case, a lot of training internally. And it's like moving a cruise ship, you know? >> Yeah. >> It doesn't turn on a dime so you have direction on the top. They take primary focus might change and they have study groups. Interesting about them is they don't make, they make group decisions. So, they do, they're very big on data analytics. They're all actuaries I guess and they're used to that. And they want to look at the value. And I think that's something that we see. That's a tendency we see throughout all the different industries we work with. The demonstration of value. So, it might be neat. It might be fun. It might be more secure, less secure. Do we accept the risk? What value does that bring to the organization? And what they've done through training, through trying to change the old guard, you know, it's also reorganizing their systems internally and how they do things. Not just tools. >> So you guys got to love the fact that Amazon decided to have a security focused show. I mean, every show Amazon does is security focused but dedicated. (mumbles) You were mentioning the other day that, you know, a lot of partners here, a lot of vendors, but actually it's very attendee heavy event. >> Yes. >> Yeah. >> This is now like a huge COMDEX show floor. A lot of practitioners, sec ops guys, >> Yes. >> You know, developers. What are your thoughts on why Amazon did this? And your reaction to this. >> Well, Amazon has, you know, like we said, security is job zero for everyone at Amazon. They put their money where their mouth is. This was not an experiment. This was an eventuality. And, you know, there's zero doubt they're going continue to do this year on, year round. It's going to get bigger. >> Houston next year. >> Houston. >> Kind of an interesting choice: Houston. >> Yeah. >> It's going to be hot in June. >> Stay in the air conditioning. (lauging) >> I wish they'd stay in Boston. >> Yeah. >> I like Boston. >> I like Boston, too. >> Better than Houston. >> Yes. >> But the show is to your point, some dev ops and sec ops. So, again, there's bus dev folks here. >> Yep. >> You got geeks here. Not a lot of CEOs of big companies because it's not a glam converse. There's no big fanfare announcements. The announcements are pretty meaty: VPC traffic mirroring huge announcement, security you have general ability, not a surprise, but just smaller announcements. >> A lot of CSOs obviously. >> A lot of CSOs. >> Yeah, I'd say CSO in that vertical down. >> Yeah. >> The CSO, this is CSOs cloud security show. A lot of things getting invested in. Seems to be heavy activity. >> So, going into this when it was announced, you know, AJ and I had our hands up right away saing, "Let's do this." And then we get here and we're like 'okay, is this going to be a direct hit for us?' and I wouldn't say that everyone we talk to's a direct hit, but everyone that comes by the booth has some understanding of what we do. And there's been no wasted time. We're having a lot of good conversations. >> They're right where you guys are. They know what you do, the value to them. >> Right. >> All right, so here's a question for you on the show, given that you guys have this perspective so many years at Telos and cyber, shipping a great product, now commercial's changing cloud scale, cloud security, what do you think the most important stories are that should be told? That the media should be telling? Or maybe they are telling and need to be amplified. Or isn't being told that should be told. What are the top stories coming out of this event and this industry right now that should be told? >> I think that the two trends I'm seeing is that, like we said before, um, building and maintaining data centers is not, it's not cool anymore. And you see the trends of all these entities getting out from under that and they might be making a big commitment to the cloud or phasing out their data centers over time, but that is happening. And I want to read more about it because that helps us, you know, target who's going to be most receptive to our message. And then the other thing, like we said before, the security at scale and at pace. I know we've had to retool for it. The other companies here that are built for that are going to succeed. >> Yeah. >> There's an appetite for that. >> AJ, anything to add on that? >> Good point. No, very good point. At scale and to be able to pivot quickly and someone mentioned before to be able to fail, retool, start again. >> Yep. >> But to have, it's really essential to have security baked in. That confidentiality, integrity, availability of data, you know, the basics. >> You guys have partnered well with Amazon in the public sector now you're in commercial. Not a lot has changed. Amazon is still Amazon. Question for you is what are you guys think about what the opportunity is to differentiate is? You guys have your solution: speed and scale. Totally agree? (agreement) Size, speed, scale. You guys take the benefits of that by partnering with Amazon. But as it gets bigger and bigger, you guys still have to differentiate help customers. >> Yeah. >> How, how, what is the formula for success? You don't just do things, do a relationship saying "we're done" now collect the business. They're moving so fast that if you don't iterate on top of it you die seems to be the playbook. What do you guys think the value for ecosystem partners, the formula to be successful, what does that, what does that formula for, with an eighth of this cloud scale? >> Well, you know, everyone would just love to hitch your partner wagon to a, you know, something that's rising and not do a lot of work. But, that's not the way we roll. I think we get in a great partnership with Amazon because we have a lot of similarities, especially the customer obsession. You know, we want the customer to be successful and we ride along on that train. That's how we're successful. >> Great. Well, guys, congratulations, great to see you here. >> Likewise. >> It'll be a good journey. Cube's kicking off their security coverage at this event. Obviously cloud security changing the game. >> Yep. >> And it's got to level up with dev ops, agility. You guys have been doing. Thanks for sharing your insights. Appreciate it. >> Thank you. Thanks for having us. >> It was terrific. >> Cube coverage continues here in Boston for AWS: reInforce. I'm John Furrier with Dave Vellante. Stay tuned for more coverage after this short break. (digital music)