>> Announcer: Live from Las Vegas, it's theCUBE, covering Splunk .conf19 , brought to you by Splunk. >> Okay, welcome back, everyone. It's theCUBE's live coverage of, we're on day three of our three days of coverage of .conf from Splunk. This is their 10th anniversary, and theCUBE has been there along the way, riding the data wave with them, covering all the action. Our next guest is Jill Cagliostro, who's a product strategist at Anomali, who also has a sister in cyber. So she's got the cyber sisters going on. Jill, great to have you on. Looking forward to hearing about your story. >> Great, thanks. I'm glad to be here. I've been in the security industry for about seven years now. I started when I was 19, and my sister had started before me. She's a few years older than me, and she started out doing defense contracting on the cyber side. And she just kind of ended up in the internship looking for a summer job, and she fell in love. And as I got to kind of learn about what she was doing and how it all worked together, I started to pursue it at Georgia Tech. And I joined our on campus hacker's group club, Grey Hat. I was the first female executive. That was fun. I ended up getting an internship from there with ConocoPhillips and Bishop Fox, and moved on to the vendor side eventually with a brief stop in security operations. >> And so you have a computer science degree from Georgia Tech, is that right? >> I do, and I'm actually pursuing my master's in their online master's in cyber security program right now as well. >> Awesome. Georgia Tech, great school. One of the best computer science programs. Been following it for years. Amazing graduates come out of there. >> Yeah, we've got some pretty impressive graduates. >> So you just jumped right into cyber, okay. Male-dominated field. More women are coming in, more than ever now because there's a big surface area in security. What's your-- What attracted you to cyber? So, I love that it's evolving, and it allows you to think about problems in different ways, right. It's a new problem, there's new issues to solve, and I've been exposed to technology from a young age. I went to an all girls high school which had a really strong focus on STEM. So, I took my first computer science class at 15, and it was in an environment of all women that were incredibly supportive. I actually started a scholarship at our high school to get more women to look at technology longer term as career options, and I go back and speak and teach them that technology is more than coding. There's product management, there's, you know, customer success, there's sales engineering, there's marketing, there's so much more in the space than just coding. So, I really try to help the younger generation see that and explore their options. >> You know that's a great point, and, you know, when I was in the computer science back in the '80s, it was coding. And then it was--well, I got lucky it was systems also, a lot of operating systems, and Linux revolution was just begun coming on the scene. But it's more than that. There's data, data analytics. There's a whole creative side of it. There's a nerdy math side. >> The user experience. >> John: There's a huge area. >> Work flows and processes is something that is so needed in the security industry, right. It's how you do everything. It's how you retain knowledge. It's how you train your new staff. And even just building processes, is something that can be tedious, but it can be so powerful. And if that's something your used to doing, it can be a great field to build. >> Well, you're here. It's our third day at the .conf, our seventh year here. What's your take of Splunk, because you're coming in guns blaring in the industry. You've got your cyber sister; she's at AWS. You see Splunk now. They've got a lot of capabilities. What's the security conversations like? What are people talking about? What's the top story in your mind here at .comf for security and Splunk? >> Yeah, so I'm actually a Splunk certified architect as well. Splunk was one of the first security tools that I really got to play with, so it's near and dear to my heart. And I get to work with-- I'm over at Anomali, which is a threat intelligence company, and I get to work with our own art, Splunk integration. So, what we do is we enable you to bring your intelligence into Splunk to search against all of the logs that you're bringing there to help you find the known data in your environment. And so, that's if you're a Splunk Enterprise customer or Splunk Core. But if you're an Enterprise Security customer, they have the threat intel component of their product, which we integrate with seamlessly. So, the components are really easy to work with, and we help you manage your intelligence a little bit more effectively, so you can significantly reduce your false positive rate while working within the framework you're comfortable in. And one of the-- >> What's the problem-- What's the problems statement that you guys solve? Is there one specific thing? >> God, there's--Yes there's quite a few issues, right. I would say the biggest thing that we solve is enabling our customers to operationalize their intelligence. There's so much information out there about the known bad, and CCOs and CEOs are sending emails every day, "Are we impacted? "Are we safe?" And we enable you to answer those questions very easily and very effectively. One of the other big trends we see is there is an issue in knowledge gaps, right. The industry is evolving so quickly. There's so much to know. Data on everything, right. So, we have another way that we can work with Splunk that isn't a direct integration, and it's our product called Anomali Lens. And what it does is it uses natural language processing to interpret the page that you're on and bring the threat intelligence to you. So, if you're looking at a Splunk search page, you know, investigating an incident on brute force, and you have a seemingly random list of IPs in front of you, and you need to know what does everyone else know about these, to make your job easier, you can scan it with Lens, and it'll bring the information right there to you. You don't have to go anywhere else. You can stay in the Splunk UI that you love. >> What's some exciting things you're working on now that you think people should know about that if maybe covered in the press or in the media or in general? What is some exciting areas that are happening? >> Yeah, so Lens is pretty exciting for us. We just launched that last month. We're doing a lot. So, we also have a product called Anomali Match, which is purpose built for threat intel because often what we see is when a breach happens, the indicators that you need to know if they're in your environment, they don't come to light until six months to a year later. And then being able to go backwards in time to answer that question of were you impacted can be very difficult and very expensive, right. Anomali Match is purpose built to answer those questions. So, as the indicators become available, you know immediately was I impacted on the order of seconds. So, it just enables you to answer your CEOs a little faster, right, and get better visibility into your environment. >> So when you look at data to everything, how do you see it evolving as more volume comes in? There's more threat surface area out there. >> Right, and continues to increase it's bounds. >> How should people be thinking about it as they zoom out and think architecturally, "I got to lay out my enterprise strategy. "I bought a few tools that try to be platforms, "but I need a broader playbook. "I need something bigger to help me." >> You've got to take a step back and get a little altitude, right? >> John: Yeah, take a little step back, yeah. >> Yeah, so threat intelligence should really be driving your whole security practice. We already know, for the most part, who's attacking who and what they're trying to do. And so, threat intelligence shouldn't just be an integration into Splunk, although that is a critical component of it. It should be informing, you know, your security practices where you stand up offices. There may be locations that are higher risk for you as a particular type of entity. And all this information is available, but you have to just get access to it. You need one place to stop where you can google the threat intel, and that's what Anomali ThreatStream, our flagship product, aims to do. And Lens just makes it more accessible than ever. Rather than having to go look it up yourself, it brings it to you. And so, we're trying to augment the knowledge base without having to memorize everything. That's what we need to do is we need to find ways to bring this information and make it more accessible so you don't have to look in three tools to find it. >> So, I got to ask you and change topics. As the younger generation comes into the industry, one of the things that I'm seeing as a trend is more developers are coming in. And it's not just so much devops, whose clouds gray, we love devops, but ops, network ops and security ops, are also a big part of it. People are building applications now. So, like, you're seeing startups that have been tech for good startups coming out, where you're seeing a great examples of people literally standing up applications with data. What's the young generation-- because there's a hacker culture out there that can move fast, solve a problem, but they don't have to provision a lot of stuff. That's what cloud computing does. But now Splunk's the world. Data's becoming more accessible. Data's the raw materials to get that asset or that value. What are developers-- how do you see the developers programming with data? >> So, they're looking at their jobs and saying, "What am I bored doing "that I have to do over and over every day, "and how can I automate it?" So, there's a lot of store technology. Splunk also has Phantom, and that's enabling our developers, our younger generation who grew up around Python and coding, to quickly plug a few pieces together and automate half their jobs, which gives them the time to do the really interesting stuff, the stuff that requires human intervention and interpretation, and analysis that can't be coded. And it's just giving us more time and more resources to put-- >> What kind of things are they doing with that extra time? Creative things, pet projects, or critical problems? >> Oh, God, so many pet projects. God, what are you interested in? I've seen things being done to like mine bit coin on the side, right, to make a little extra cash. That's always fun. I've seen people automate their social media profile. I've seen threat researchers use scripting to help them find new information on the internet and reshare it to build their public brand. That's a really big component of the younger generation that I don't think was as big in previous generations, where your public brand matters more than ever. And so, we're bringing that into everything we do. It's not just a job, it's a lifestyle. >> Sharing's a big ethos, too, sharing data. How important is sharing data in the security culture? >> Oh, it's critical. So, I mean, sharing data's been happening for forever, right. Company A has always been calling up their friend at company B, "Hey, we see this thing. "You might want to take a look, "but you didn't hear it from me," right. But through intel platforms, not just ThreatStream but all of them, allow you to share information at a larger scale ever than ever before. But it also, it gives you the ability to remain anonymous. Everyone's really scared to put into writing, "Hey, we saw this at our company," 'cause there's the risk of attribution, there's legal requirements, right. But with automated sharing you can retain a little bit of-- you can be a little bit anonymous. So, you can help the others be protected without exposing yourself to additional risk. >> Jill, you're awesome to have on theCUBE. Love to get the perspective of the young, up and coming, computer science, cyber, cyber sister. >> Cyber sister. >> John: You can just, other--where does she work? Amazon? >> She's over at AWS now. She just moved over a couple of weeks ago. We actually used to work together at Anomali. She did presales, and I did post sales. It was a lot of fun. >> And she hooked you into security, didn't she? >> Oh, she did, for better or worse, although I hope she's not watching. >> She will. She'll get a clip of this, I'll make sure. Jill, final question. The Splunk this year .conf, what's your takeaway? What are you going to take back to the office with you or share with your friends if they say, "Hey, what was the big story happening at Splunk this year?" What's going on here this year? >> The big thing is the data. The data is more accessible than ever before, so we're being challenged by Splunk to find new ways to use it, to innovate new ways. And I think that's kind of been their messaging the whole time, "Hey, we're giving you the power to do what you want. "What are you going to do with it?" This is my third Splunk conference in a row, and every year it just gets more and more exciting. I can't wait to see what next year holds. >> They allow people to deal with data, messy data to good data. >> Clean it up. >> John: Clean it up >> Make it easy to search across multiple data sources from one command line. Their user experience is the most intuitive I've used in terms of the log management solutions. >> Jill, great to have you, great insights. Thanks for sharing the data >> Thanks so much, John. >> John: here on theCUBE. Sharing data on theCUBE, that's what we do. We bring the data, the guests, we try to create it for you. Of course, we're data-driven, we're a CUBE-driven. I'm John Furrier, here from .conf, the 10th anniversary. We've been here from the beginning, riding the data tsunami waves. Waves plural 'cause there's more waves coming. I'm John Furrier. Thanks for watching. (upbeat music)