>>Welcome back to The Cube's coverage of Supercomputing Conference 2022, otherwise known as SC 22 here in Dallas, Texas. This is day three of our coverage, the final day of coverage here on the exhibition floor. I'm Dave Nicholson, and I'm here with my co-host, tech journalist extraordinaire, Paul Gillum. How's it going, >>Paul? Hi, Dave. It's going good. >>And we have a wonderful guest with us this morning, Dr. Panda from the Ohio State University. Welcome Dr. Panda to the Cube. >>Thanks a lot. Thanks a lot to >>Paul. I know you're, you're chopping at >>The bit, you have incredible credentials, over 500 papers published. The, the impact that you've had on HPC is truly remarkable. But I wanted to talk to you specifically about a product project you've been working on for over 20 years now called mva, high Performance Computing platform that's used by more than 32 organ, 3,200 organizations across 90 countries. You've shepherded this from, its, its infancy. What is the vision for what MVA will be and and how is it a proof of concept that others can learn from? >>Yeah, Paul, that's a great question to start with. I mean, I, I started with this conference in 2001. That was the first time I came. It's very coincidental. If you remember the Finman Networking Technology, it was introduced in October of 2000. Okay. So in my group, we were working on NPI for Marinette Quadrics. Those are the old technology, if you can recollect when Finman was there, we were the very first one in the world to really jump in. Nobody knew how to use Infin van in an HPC system. So that's how the Happy Project was born. And in fact, in super computing 2002 on this exhibition floor in Baltimore, we had the first demonstration, the open source happy, actually is running on an eight node infinite van clusters, eight no zeros. And that was a big challenge. But now over the years, I means we have continuously worked with all infinite van vendors, MPI Forum. >>We are a member of the MPI Forum and also all other network interconnect. So we have steadily evolved this project over the last 21 years. I'm very proud of my team members working nonstop, continuously bringing not only performance, but scalability. If you see now INFIN event are being deployed in 8,000, 10,000 node clusters, and many of these clusters actually use our software, stack them rapid. So, so we have done a lot of, like our focuses, like we first do research because we are in academia. We come up with good designs, we publish, and in six to nine months, we actually bring it to the open source version and people can just download and then use it. And that's how currently it's been used by more than 3000 orange in 90 countries. And, but the interesting thing is happening, your second part of the question. Now, as you know, the field is moving into not just hvc, but ai, big data, and we have those support. This is where like we look at the vision for the next 20 years, we want to design this MPI library so that not only HPC but also all other workloads can take advantage of it. >>Oh, we have seen libraries that become a critical develop platform supporting ai, TensorFlow, and, and the pie torch and, and the emergence of, of, of some sort of default languages that are, that are driving the community. How, how important are these frameworks to the, the development of the progress making progress in the HPC world? >>Yeah, no, those are great. I mean, spite our stencil flow, I mean, those are the, the now the bread and butter of deep learning machine learning. Am I right? But the challenge is that people use these frameworks, but continuously models are becoming larger. You need very first turnaround time. So how do you train faster? How do you do influencing faster? So this is where HPC comes in and what exactly what we have done is actually we have linked floor fighters to our happy page because now you see the MPI library is running on a million core system. Now your fighters and tenor four clan also be scaled to to, to those number of, large number of course and gps. So we have actually done that kind of a tight coupling and that helps the research to really take advantage of hpc. >>So if, if a high school student is thinking in terms of interesting computer science, looking for a place, looking for a university, Ohio State University, bruns, world renowned, widely known, but talk about what that looks like from a day on a day to day basis in terms of the opportunity for undergrad and graduate students to participate in, in the kind of work that you do. What is, what does that look like? And is, and is that, and is that a good pitch to for, for people to consider the university? >>Yes. I mean, we continuously, from a university perspective, by the way, the Ohio State University is one of the largest single campus in, in us, one of the top three, top four. We have 65,000 students. Wow. It's one of the very largest campus. And especially within computer science where I am located, high performance computing is a very big focus. And we are one of the, again, the top schools all over the world for high performance computing. And we also have very strength in ai. So we always encourage, like the new students who like to really work on top of the art solutions, get exposed to the concepts, principles, and also practice. Okay. So, so we encourage those people that wish you can really bring you those kind of experience. And many of my past students, staff, they're all in top companies now, have become all big managers. >>How, how long, how long did you say you've been >>At 31 >>Years? 31 years. 31 years. So, so you, you've had people who weren't alive when you were already doing this stuff? That's correct. They then were born. Yes. They then grew up, yes. Went to university graduate school, and now they're on, >>Now they're in many top companies, national labs, all over the universities, all over the world. So they have been trained very well. Well, >>You've, you've touched a lot of lives, sir. >>Yes, thank you. Thank >>You. We've seen really a, a burgeoning of AI specific hardware emerge over the last five years or so. And, and architectures going beyond just CPUs and GPUs, but to Asics and f PGAs and, and accelerators, does this excite you? I mean, are there innovations that you're seeing in this area that you think have, have great promise? >>Yeah, there is a lot of promise. I think every time you see now supercomputing technology, you see there is sometime a big barrier comes barrier jump. Rather I'll say, new technology comes some disruptive technology, then you move to the next level. So that's what we are seeing now. A lot of these AI chips and AI systems are coming up, which takes you to the next level. But the bigger challenge is whether it is cost effective or not, can that be sustained longer? And this is where commodity technology comes in, which commodity technology tries to take you far longer. So we might see like all these likes, Gaudi, a lot of new chips are coming up, can they really bring down the cost? If that cost can be reduced, you will see a much more bigger push for AI solutions, which are cost effective. >>What, what about on the interconnect side of things, obvi, you, you, your, your start sort of coincided with the initial standards for Infin band, you know, Intel was very, very, was really big in that, in that architecture originally. Do you see interconnects like RDMA over converged ethernet playing a part in that sort of democratization or commoditization of things? Yes. Yes. What, what are your thoughts >>There for internet? No, this is a great thing. So, so we saw the infinite man coming. Of course, infinite Man is, commod is available. But then over the years people have been trying to see how those RDMA mechanisms can be used for ethernet. And then Rocky has been born. So Rocky has been also being deployed. But besides these, I mean now you talk about Slingshot, the gray slingshot, it is also an ethernet based systems. And a lot of those RMA principles are actually being used under the hood. Okay. So any modern networks you see, whether it is a Infin and Rocky Links art network, rock board network, you name any of these networks, they are using all the very latest principles. And of course everybody wants to make it commodity. And this is what you see on the, on the slow floor. Everybody's trying to compete against each other to give you the best performance with the lowest cost, and we'll see whoever wins over the years. >>Sort of a macroeconomic question, Japan, the US and China have been leapfrogging each other for a number of years in terms of the fastest supercomputer performance. How important do you think it is for the US to maintain leadership in this area? >>Big, big thing, significantly, right? We are saying that I think for the last five to seven years, I think we lost that lead. But now with the frontier being the number one, starting from the June ranking, I think we are getting that leadership back. And I think it is very critical not only for fundamental research, but for national security trying to really move the US to the leading edge. So I hope us will continue to lead the trend for the next few years until another new system comes out. >>And one of the gating factors, there is a shortage of people with data science skills. Obviously you're doing what you can at the university level. What do you think can change at the secondary school level to prepare students better to, for data science careers? >>Yeah, I mean that is also very important. I mean, we, we always call like a pipeline, you know, that means when PhD levels we are expecting like this even we want to students to get exposed to, to, to many of these concerts from the high school level. And, and things are actually changing. I mean, these days I see a lot of high school students, they, they know Python, how to program in Python, how to program in sea object oriented things. Even they're being exposed to AI at that level. So I think that is a very healthy sign. And in fact we, even from Ohio State side, we are always engaged with all this K to 12 in many different programs and then gradually trying to take them to the next level. And I think we need to accelerate also that in a very significant manner because we need those kind of a workforce. It is not just like a building a system number one, but how do we really utilize it? How do we utilize that science? How do we propagate that to the community? Then we need all these trained personal. So in fact in my group, we are also involved in a lot of cyber training activities for HPC professionals. So in fact, today there is a bar at 1 1 15 I, yeah, I think 1215 to one 15. We'll be talking more about that. >>About education. >>Yeah. Cyber training, how do we do for professionals? So we had a funding together with my co-pi, Dr. Karen Tom Cook from Ohio Super Center. We have a grant from NASA Science Foundation to really educate HPT professionals about cyber infrastructure and ai. Even though they work on some of these things, they don't have the complete knowledge. They don't get the time to, to learn. And the field is moving so fast. So this is how it has been. We got the initial funding, and in fact, the first time we advertised in 24 hours, we got 120 application, 24 hours. We couldn't even take all of them. So, so we are trying to offer that in multiple phases. So, so there is a big need for those kind of training sessions to take place. I also offer a lot of tutorials at all. Different conference. We had a high performance networking tutorial. Here we have a high performance deep learning tutorial, high performance, big data tutorial. So I've been offering tutorials at, even at this conference since 2001. Good. So, >>So in the last 31 years, the Ohio State University, as my friends remind me, it is properly >>Called, >>You've seen the world get a lot smaller. Yes. Because 31 years ago, Ohio, in this, you know, of roughly in the, in the middle of North America and the United States was not as connected as it was to everywhere else in the globe. So that's, that's pro that's, I i it kind of boggles the mind when you think of that progression over 31 years, but globally, and we talk about the world getting smaller, we're sort of in the thick of, of the celebratory seasons where, where many, many groups of people exchange gifts for varieties of reasons. If I were to offer you a holiday gift, that is the result of what AI can deliver the world. Yes. What would that be? What would, what would, what would the first thing be? This is, this is, this is like, it's, it's like the genie, but you only get one wish. >>I know, I know. >>So what would the first one be? >>Yeah, it's very hard to answer one way, but let me bring a little bit different context and I can answer this. I, I talked about the happy project and all, but recently last year actually we got awarded an S f I institute award. It's a 20 million award. I am the overall pi, but there are 14 universities involved. >>And who is that in that institute? >>What does that Oh, the I ici. C e. Okay. I cycle. You can just do I cycle.ai. Okay. And that lies with what exactly what you are trying to do, how to bring lot of AI for masses, democratizing ai. That's what is the overall goal of this, this institute, think of like a, we have three verticals we are working think of like one is digital agriculture. So I'll be, that will be my like the first ways. How do you take HPC and AI to agriculture the world as though we just crossed 8 billion people. Yeah, that's right. We need continuous food and food security. How do we grow food with the lowest cost and with the highest yield? >>Water >>Consumption. Water consumption. Can we minimize or minimize the water consumption or the fertilization? Don't do blindly. Technologies are out there. Like, let's say there is a weak field, A traditional farmer see that, yeah, there is some disease, they will just go and spray pesticides. It is not good for the environment. Now I can fly it drone, get images of the field in the real time, check it against the models, and then it'll tell that, okay, this part of the field has disease. One, this part of the field has disease. Two, I indicate to the, to the tractor or the sprayer saying, okay, spray only pesticide one, you have pesticide two here. That has a big impact. So this is what we are developing in that NSF A I institute I cycle ai. We also have, we have chosen two additional verticals. One is animal ecology, because that is very much related to wildlife conservation, climate change, how do you understand how the animals move? Can we learn from them? And then see how human beings need to act in future. And the third one is the food insecurity and logistics. Smart food distribution. So these are our three broad goals in that institute. How do we develop cyber infrastructure from below? Combining HP c AI security? We have, we have a large team, like as I said, there are 40 PIs there, 60 students. We are a hundred members team. We are working together. So, so that will be my wish. How do we really democratize ai? >>Fantastic. I think that's a great place to wrap the conversation here On day three at Supercomputing conference 2022 on the cube, it was an honor, Dr. Panda working tirelessly at the Ohio State University with his team for 31 years toiling in the field of computer science and the end result, improving the lives of everyone on Earth. That's not a stretch. If you're in high school thinking about a career in computer science, keep that in mind. It isn't just about the bits and the bobs and the speeds and the feeds. It's about serving humanity. Maybe, maybe a little, little, little too profound a statement, I would argue not even close. I'm Dave Nicholson with the Queue, with my cohost Paul Gillin. Thank you again, Dr. Panda. Stay tuned for more coverage from the Cube at Super Compute 2022 coming up shortly. >>Thanks a lot.

>>The cube presents HPE discover 2022 brought to you by HPE. >>Welcome back to the Cube's coverage. We're wrapping up day two, John furrier and Dave ante. We got some friends and colleagues, longtime friends, Crawford Del Pret is the president of IDC. Matt Eastwood is the senior vice president of infrastructure and cloud guys. Thanks for coming on spending time. Great to you guys. >>That's fun to do it. Awesome. >>Cravin I want to ask you, I, I think this correct me if I'm wrong, but this was your first physical directions as, as president. Is that true or did you do one in 2019? >>Uh, no, we did one in 20. We did, we did one in 20. I was president at the time and then, and then everything started, >>Well, how was directions this year? You must have been stoked to get back together. Yeah, >>It was great. I mean, it was actually pretty emotional, you know, it's, it's a community, right? I mean, we have a lot of customers that have been coming to that event for a long, long time and to stand up on the stage and look out and see people, you know, getting a little bit emotional and a lot of hugs and a lot of bringing people together. And this year in Boston, we were the first event really of any size that kind of came back. And when I kind of didn't see that coming in terms of how people, how ready people were to be together. Cause >>When did you did it April >>In Boston? Yeah, we did it March in March. Yeah, it was, it was, it was, it was a game day decision. I mean, we were, we had negotiated it, we were going back and forth and then I kind of made the call at the last minute, say, let's go and do it. And in Santa Clara, I felt like we were kind of opening up the crypt at the convention center. I mean, all the production people said, you know what? You guys were really the first event to be back. And attendance was really strong. You know, we, we, we got over a thousand. It was, it was really good. >>Good. It's always a fun when I was there. It was, it's a big deal. You guys prepare for it. Yeah. Some new faces up on the stage. Yeah. So, so Matt, um, you've been doing the circuit. I take it like, like all top analysts, super busy. Right. This is kind of end of the spring. I mean, I know it's summer, right. That's right. But, um, how do you look at, at discover relative some, some of the other events you've been at? >>So I think if you go back to what Crawford was just talking about our event in March, I mean, March was sort of the, the reopening and there was, I think people just felt so happy to be, to be back out there. You still get a little bit at, at these events. I mean, cuz for each, each company it's their first time back at it, but I think we're starting to get down what these events are gonna feel like going forward. Um, and it, I mean, there's good energy here. There's been a good attendance. I think the, the interest in getting back live and having face to face meetings is clearly strong. >>Yeah. I mean, this definitely shows that hybrids, the steady state, both events cloud. Yeah. Virtualization remotes. So what are you guys seeing with that hybrid mode? Just from a workforce, certainly people excited to get back together, but it's gonna continue. You're starting to see that digital piece. How is that impacting some of the, some of the customers you're tracking, who's winning and who's losing, coming out of the pandemic. What's the big picture look like? >>Yeah. I mean, if you, if you take a look at hybrid work, um, people are testing many, many, many different models. And I think as we move from a pandemic to an em, we're gonna have just waves and waves and waves of people needing that flexibility for a lot of different reasons, whether they have, uh, you know, preexisting conditions, whether they're just not comfortable, whether they have people who can't be vaccinated at home. So I think we're gonna be in this hybrid work for a long, long time. I do think though that we are gonna transition back into some kind of a normal, um, and I, and I think the big difference is that I think leaders back in the day, a long time ago, when people weren't coming into work, it was kind of like, oh, I know nothing's going on there. People aren't getting worked. And I think we're over that stage. Yeah. I think we're now into a stage where we know people can be productive. We know people can effectively work from home and now we're into the reason to be in the office. And the reason to be in the office is that collaboration, it's that mentoring it's that, you know, think about your 25 year old self. Do you wanna be staring at a windshield all day long and not kind of building those relationships? People want face to face, it's difficult. They want face >>To face and I would, and you guys had a great culture and it's a young culture. How are you handling it as an executive in terms of, is there a policy for hybrid or >>Yeah, so, so, so at IDC, what we did is we're in a pilot period and we've kind of said that the summertime is gonna be a pilot period and we've asked people, we're actually serving shocker, we're >>Serving, >>But we're, but we're, but, but we're actually asking people to work with their manager on what works for them. And then we'll come up with, you know, whether you are in, out of the office worker, which will be less than two days a hybrid worker, which will be three days or, uh, in, in the office, which is more than three days a week. And you know, we all know there's, there's, there's limitation, there's, there's, there's variability in that, but that's kind of what we're shooting for. And we'd like to be able to have that in place in the fall. >>Are you pretty much there? >>Yeah, I am. I, I am there three days a week. I I, Mondays and Fridays, unless, >>Because you got the CEO radius, right? Yeah. >><laugh>, <laugh> >>The same way I'm in the office, the smaller, smaller office. But so, uh, let's talk a little bit about the, the numbers we were chatting earlier, trying to squint through you guys are, you know, obviously the gold standard for what the market does, what happened in, you know, during the pandemic, what happened in 2021 and what do you expect to happen in, in 2022 in terms of it spending growth? >>Yeah. So this is, this is a crazy time, right? We've never seen this. You and I have a long history of, uh, of tracking this. So we saw in, in, in, in 2020, the market decelerated dramatically, um, the GDP went down to a negative like it always does in these cases, it was, you know, probably negative six in that, in that, in that kind of range for the first time, since I've been tracking it, which goes back over 30 years, tech didn't go negative tech went to about just under 3%. And then as we went to 2021, we saw, you know, everything kind of snap back, we saw tech go up to about 11% growth. And then of course we saw, you know, GDP come back to about a 4%, you know, ki kind of range growth. Now what's I think the story there is that companies and you saw this anecdotally everywhere companies leaned into tech, uh, company. >>You know, I think, you know, Matt, you have a great statistic that, you know, 80% of companies used COVID as their point to pivot into digital transformation, right. And to invest in a different way. And so what we saw now is that tech is now where I think companies need to focus. They need to invest in tech. They need to make people more productive with tech and it played out in the numbers now. So this year what's fascinating is we're looking at two Fastly different markets. We've got gasoline at $7 a gallon. We've got that affecting food prices. Uh, interesting fun fact recently it now costs over $1,000 to fill an 18 Wheeler. All right. Based on, I mean this just kind of can't continue. So you think about it, don't put the boat >>In the wall. Yeah. Yeah. >>Good, good, good, good luck. It's good. Yeah, exactly. <laugh> so a family has kind of this bag of money, right? And that bag of money goes up by maybe three, 4% every year, depending upon earnings. So that is sort of sloshing around. So if food and fuel and rent is taking up more gadgets and consumer tech are not, you know, you're gonna use that iPhone a little longer. You're gonna use that Android phone a little longer. You're gonna use that TV a little longer. So consumer tech is getting crushed, you know, really it's very, very, and you saw it immediately and ad spending, you've seen it in meta. You've seen it in Facebook. Consumer tech is doing very, very it's tough enterprise tech. We haven't been in the office for two and a half years. We haven't upgraded whether that be campus wifi, whether that be, uh, servers, whether that be, uh, commercial PCs, as much as we would have. So enterprise tech, we're seeing double digit order rates. We're seeing strong, strong demand. Um, we have combined that with a component shortage and you're seeing some enterprise companies with a quarter of backlog. I mean, that's, you know, really unheard at higher >>Prices, which >>Also, and therefore that drives that >>Drives. It shouldn't be that way. If there's a shortage of chips, it shouldn't be that way, >>But it is, but it is, but it is. And then you look at software and we saw this, you know, we've seen this in previous cycles, but we really saw it in the COVID downturn where, uh, in software, the stickiness of SaaS means that you just, you're not gonna take that stuff out. So the, the second half of last year we saw double digit rates in software surprise. We're seeing high single digit revenue growth in software now, so that we think is gonna sustain, which means that overall it demand. We expect to be between five and 6% this year. Okay, fine. We have a war going on. We have, you know, potentially, uh, a recession. We think if we do, it'll be with a lower case, R maybe you see a banded down to maybe 4% growth, but it's gonna grow this. >>Is it, is it both the structural change of the disruption of COVID plus the digital transformation yeah. Together? Or is it, >>I, I think you make a great point. Um, I, I, I think that we are entering a new era for tech. I think that, you know, Andrew's famous wall street journal oped 10 years ago, software is even world was absolutely correct. And now we're finding that software is, is eing into every nook and cranny people have to invest. They, they know disruptors are coming around every single corner. And if I'm not leaning into digital transformation, I'm dead. So >>The number of players in tech is, is growing, >>Cuz there's well, the number of players in tech number >>Industry's coming >>In. Yeah. The industry's coming in. So I think the interesting dynamic you're gonna see there is now we have high interest rates. Yeah. Which means that the price of funding these companies and buying them and putting data on is gonna get higher and higher, which means that I think you could, you could see another wave of consolidation. Mm-hmm <affirmative> because tech large install based tech companies are saying, oh, you know what? I like that now >>4 0 9 S are being reset too. That's another point. >>Yeah. I mean, so if you think about this, this transformation, right. So it's all about apps, absent data and differentiating and absent data. What the, the big winner the last couple years was cloud. And I would just say that if this is the first potential recession that we're talking about, where the cloud service providers. So I think a cloud as an operating model, not necessarily a destination, but for these cloud service providers, they've actually never experienced a slowdown. So how, and, and if you think about the numbers, 30% of, of the typical it budget is now quote, unquote cloud and 30% of all expenditures are it related. So there's a lot of exposure there. And I think you're gonna see a lot of, a lot of focus on how we can rationalize some of those investments. >>Well, that's a great point. I want to just double click on that. So yeah, the cloud did well during the pandemic. We saw that with SAS, have you guys tracked like the Tams of what got pulled forward? So the bit, a big discussion about something that pulled forward because of the pandemic, um, like zoom, for instance, obviously everyone's using zoom. Yeah, yeah, yeah. Was there fake Tams? There was one, uh, couple analysts who were pointing out that some companies were hot during the pandemic will go away that that Tam doesn't really exist, but there's some that got pulled forward early. That's where the growth is. So is there a, is there a line between the, I call fake Tam or pulled forward TA that was only for the pandemic situationally, um, devices might be like virtual event, virtual event. Software was one, I know Hoppin got laid a lot of layoffs. And so that was kind of gone coming, coming and going. And you got SAS which got pulled forward. Yep. And it's not going away, but it's >>Sustaining. Yeah. Yeah. But it's, but, but it's sustaining, um, you know, I definitely think there was a, there was a lot of spending that absolutely got pulled forward. And I think it's really about CEO's ability to control expectations and to kind of message what it, what it looks like. Um, you know, I think I look, I, I, I think virtual event platforms probably have a role. I think you can, you can definitely, you know, raise your margins in the event, business, significantly using those platforms. There's a role for them. But if you were out there thinking that this thing was gonna continue, then you know, that that was unrealistic, you know, Dave, to, to your point on devices, I'm not necessarily, you know. Sure. I think, I think we definitely got ahead of our expectations and things like consumer PCs, those things will go back to historical growth >>Rates. Yeah. I mean, you got the install base is pretty young right now, but I think the one way to look at it too, is there was some technical debt brought in because people didn't necessarily expect that we'd be moving to a permanent hybrid state two years ago. So now we have to actually invest on both. We have to make, create a little bit more permanency around the hybrid world. And then also like Crawford's talking about the permanency of, of having an office and having people work in, in multiple modes. Yeah. It actually requires investment in both the office. And >>Also, so you're saying operationally, you gotta run the company and do the digital transformation to level up the hybrid. >>Yeah. Yeah. Just the way people work. Right. So, so, you know, you basically have to, I mean, even for like us internally, Crawford was saying, we're experimenting with what works for us. My team before the pandemic was like one third virtual. Now it's two third virtual, which means that all of our internal meetings are gonna be on, on teams or zoom. Right. Yeah. They're not gonna necessarily be, Hey, just coming to the office today, cuz two thirds of people aren't in the Boston area. >>Right. Matt, you said if you see cloud as an operating model, not necessarily a place. I remember when you were out, I was in the, on the, on the, on the zoom when, when first met Adam Celski yeah. Um, he said, you were asking him about, you know, the, the on-prem guys and he's like, nah, it's not cloud. And he kind of was very dismissive of it. Yeah. Yeah. I wanna get your take on, you know, what we're seeing with as Azure service GreenLake, apex, Cisco's got their version. IBM. Fewer is doing it. Is that cloud. >>I think if it's, I, I don't think all of it is by default. I think it is. If I actually think what HPE is doing is cloud, because it's really about how you present the services and how you allow customers to engage with the platform. So they're actually creating a cloud model. I think a lot of people get lost in the transition from, you know, CapEx to OPEX and the financing element of this. But the reality is what HPE is doing and they're sort of setting the standard. I think for the industry here is actually setting up what I would consider a cloud model. >>Well, in the early days of, of GreenLake, for sure it was more of a financial, you >>Know, it was kind of bespoke, right. But now you've got 70 services. And so you can, you can build that out. But >>You know, we were talking to Keith Townsend right after the keynote and we were sort of UN unpacking it a little bit. And I, I asked the question, you know, if you, if you had to pin this in terms of AWS's maturity, where are we? And the consensus was 2014 console filling, is that fair or unfair? >>Oh, that's a good question. I mean, um, I think it's, well, clouds come a long way, right? So it'd be, I, I, I think 20, fourteen's probably a little bit too far back because >>You have more modern tools I Kubernetes is. Yeah. >>And, but you also have, I would say the market still getting to a point of, of, of readiness and in terms of buying this way. So if you think about the HP's kind of strategy around edge, the core platform as a, as a service, you know, we're all big believers in edge and the apps follow the data and the data's being created in new locations and you gotta put the infrastructure there. And for an end user, there's a lot of risk there because they don't know how to actually plan for capacity at the edge. So they're gonna look to offload that, but this is a long term play to actually, uh, build out and deploy at the edge. It's not gonna happen tomorrow. It's a five, 10 year play. >>Yeah. I mean, I like the operating model. I'd agree with you, Matt, that if it's, if it's cloud operations, DevSecOps and all that, all that jazz it's cloud it's cloud operating and, and, and public cloud is a public cloud hyperscaler on premise. And the storage folks were presented. That's a single pane of glass. That's old school concepts, but cloud based. Yep. Shipping hardwares, auto figures. Yeah. That's the kind of consumption they're going for now. I like it. Then I, then they got the partner led thing is the partner piece. How do you guys see that? Because if I'm a partner, there's two things, wait a minute, am I at bottleneck to the direct self-service? Or is that an enabler to get more cash, to make more money? If I'm a partner. Cause you see what Essentia's doing with what they do with Amazon and Deloitte and et C. Yeah. You know, it's interesting, right? Like they've a channel partner, I'm making more cash. >>Yeah. I mean, well, and those channel partners are all in transition too. They're trying to yeah. Right. Figure out. Right, right. Are they, you know, what are their managed services gonna look like? You know, what kind of applications are they gonna stand up? They're they're not gonna just be >>Reselling, bought a big house in a boat. The box is not selling. I wanna ask you guys about growth because you know, the big three cloud, big four growing pick a number, I dunno, 30, 35% revenue big. And like you said, it's 30% of the business now. I think Dell's growing double digits. I don't know how much of that is sustainable. A lot of that is PCs, but still strong growth. Yep. I think Cisco has promised 9% >>In, in that. Right, right. >>About that. Something like that. I think IBM Arvin is at 6%. Yep. And I think HPE has said, Hey, we're gonna do three to 4%. Right. Which is so really sort of lagging and which I think a lot of people in wall street is like, okay, well that's not necessarily so compelling. Right. What does HPE have to do to double that growth? Or even triple that growth. >>Yeah. So they're gonna need, so, so obviously you're right. I mean, being able to show growth is Tanem out to this company getting, you know, more attention, more heat from, from investors. I think that they're rightly pointing to the triple digit growth that they've seen on green lake. I think if you look at the trailing, you know, 12 month bookings, you got over, you know, 7 billion, which means that in a year, you're gonna have a significant portion of the company is as a service. And you're gonna see that revenue that's rat being, you know, recognized over a series of months. So I think that this is sort of the classic SAS trough that we've seen applied to an infrastructure company where you're basically have to kind of be in the desert for a long time. But if they can, I think the most important number for HPE right now is that GreenLake booking snow. >>And if you look at that number and you see that number, you know, rapidly come down, which it hasn't, I mean off a very large number, you're still in triple digits. They will ultimately start to show revenue growth, um, in the business. And I think the one thing people are missing about HPE is there aren't, there are a lot of companies that want to build a platform, but they're small and nobody cares. And nobody let's say they throw a party and nobody comes. HP has such a significant installed base that if they do build a platform, they can attract partners to that platform. What I mean by that is partners that deliver services on GreenLake that they're not delivering. They have the girth to really start to change an industry and change the way stuff is being built. And that's the be they're making. And frankly, they are showing progress in that direction. >>So I buy that. But the one thing that concerns me is they kind of hide the ball on services. Right. And I, and I worry about that is like, is this a services kind of just, you know, same wine, new bottle or, >>Or, yeah. So, so I, I, I would argue that it's not about hiding the ball. It's about eliminating confusion of the marketplace. This is the company that bought EDS only to spin it off <laugh>. Okay. And so you don't wanna have a situation where you're getting back into services. >>Yeah. They're the only one >>They're product, not the only ones who does, I mean, look at the way IBM used to count and still >>I get it. I get it. But I think it's, it's really about clarity of mission. Well, I point next they are in the Ts business, absolutely. Point of it. It's important prop >>Drive for them at the top. Right. The global 50 say there's still a lot of uniqueness in what they want to buy. So there's definitely a lot of bespoke kind of delivery. That's still happening there. The real promise here is when you get into the global 2000 and yeah. And can start them to getting them to consume very standardized offers. And then the margins are, are healthy >>And they got they're what? Below 30, 33, 30 3%. I think 34% last quarter gross margin. Yeah. That that's solid. Just compare that with Dell is, I don't know. They're happy with 20, 21% of correct. You get that, which is, you know, I I'll come back. Go ahead. I want, I wanna ask >>Guys. No, I wanna, I wanna just, he said one thing I like, which was, I think he nailed it. They have such, um, big install base. They have a great channel. They know how to use it. Right. That's a real asset. Yeah. And Microsoft, I remember when their stock was trading at 26 when Baltimore was CEO. Yep. What they did with no, they had office and windows, so a little bit different. Yep. But similar strategy, leverage our install base, bring something up to them. That's what you're kind of connecting the >>Absolutely. You have this velocity, uh, machine with a significant girth that you can now move to a new model. They move that to a new model. To Matt's point. They lead the industry, they change the way large swath the customers buy and you will see it in steady revenue growth over time. Okay. So I just in that, well, >>So your point is the focus and there the right it's the right focus. And I would agree what's >>What's the other move. What's their other move, >>The problem. Triple digit booking growth off a number that gets bigger >>Inspired. Okay. >>Whats what's the scoreboard. Okay. Now they're go at the growth. That's the scoreboard. What are the signals? Are you looking at on the scoreboard Crawford and Matt in terms of success? What are the benchmarks? Is it ecosystem growth, number of services, triple growth. Yeah. What's the, what are some of the metrics that you guys are gonna be watching and we should be watching? >>Yeah. I mean, I dunno if >>You wanna jump in, I mean, I think ecosystem's really critical. Yeah. You want to, you want to have well and, and you need to sell both ways like HPE needs to be selling their technology on other cloud providers and vice versa. You need to have the VMs of the world on, you know, offering services on your platform and, and kind of capturing some, some motion off that. I think that's pretty critical. The channel definitely. I mean, you have to help and what you're gonna see happen there is there will be channel partners that succeed in transforming and succeeding and there'll be a lot that go away and that some, some of that's, uh, generational there'll be people that just kind of age outta the system and, and just go home. >>Yeah. Yeah. So I would argue it's, it's, it's, it's gonna be, uh, bookings growth rate. It's gonna be retention rate of the, of, of, of the customers, uh, that they have. And then it's gonna be that, that, um, you know, ultimately you're gonna see revenue, um, growth, and which is that revenue growth is gonna have to be correlated to the booking's growth for green lake cross. >>What's the Achilles heel on, on HPE. If you had to do the SWAT, what's the, what's the w for HPE that they really need to pay >>Attention to. I mean, they, they need to continue their relentless focus on cost, particularly in the, in the core compute, you know, segment they need to be, they need to be able to be as cost effective as possible while the higher profit dollars associated with GreenLake and other services come in and then increase the overall operating margin and gross margin >>Picture for the, I mean, I think the biggest thing is they just have, they have to continue the motion that they've been on. Right. And they've been consistent about that. Mm-hmm, <affirmative> what you see where others have, have kind of slipped up is when you go to, to customers and you present the, the OPEX as a service and the traditional CapEx side by side, and the customers put in this position of trying to detangle what's in that OPEX service, you don't wanna do that obviously. And, and HP has not done that, but we've seen others kind of slip up. And, but >>A lot of companies still wanna buy CapEx. Right. Absolutely liquid. And, and I think, >>But you shouldn't do a, you shouldn't do that bake off by putting those two offers out. You should basically ascertain what they want to do. >>What's kind of what Dell does. Right. Hey, how, what do you want? We got this, we got >>This on one hand, we got this, the, we got that, right. Uh, the two hand sales rep, no, this CapEx. Thing's interesting. And if you're Amazon and Azure and, and GCP, what are they thinking right now? Cause remember what, four years ago outpost was launched, which essentially hardware. Yeah. This is cloud operating model. Yep. Yeah. They're essentially bringing outpost. This is what they got basically is Amazon and Azure, like, is this ABL on the radar for them? How would you, what, what are they thinking in your mind if we're on, if we're in their office, in their brain trust, are they laughing? Are they like saying, oh, they're scared. Is this real threat >>Opportunity? I, I, I mean, I wouldn't say they're laughing at all. I, I would say they're probably discounting a little bit and saying, okay, fine. You know, that's a strategy that a traditional hardware company is moving to. But I think if you look underneath the covers, you know, two years ago it was, you know, pretty basic stuff they were offering. But now when you start getting into some, you know, HPC is a service, you start getting into data fabric, you start getting into some of the more, um, sophisticated services that they're offering. And, and I think what's interesting about HP. What my, my take is that they're not gonna go after the 250 services the Amazon's offering, they're gonna basically have a portfolio of services that really focus on the core use cases of their infrastructure set. And, and I think one of the danger things, one, one of the, one of the red flags would be, if they start going way up the stack and wanting to offer the entire application stack, that would be like a big flashing warning sign, cuz it's not their sweet spot. It's not, not what they have. >>So machine learning, machine learning and quantum, okay. One you can argue might be up the stack machine learning quantum should be in their wheelhouse. >>I would argue machine learning is not up the stack because what they would focus on is inference. They'd focus on learning. If they came out and said, machine learning all the way up to the, you know, what a, what, what a drug discovery company needs to do. >>So they're bringing it down. >>Yeah. Yeah. Well, no, I think they're focusing on that middle layer, right? That, that, that data layer. And I think that helping companies manage their data make more sense outta their data structure, their data that's core to what they wanna do. >>I, I feel as though what they're doing now is table stakes. Honestly, I do. I do feel like, okay, Hey finally, you know, I say the same thing about apex, you >>Know, we finally got, >>It's like, okay guys, the >>Party. Great. Welcome to the, >>But the one thing I would just say about, about AWS and the other big clouds is whether they might be a little dismissive of what's truly gonna happen at the edge. I think the traditional OEMs that are transforming are really betting on that edge, being a huge play and a huge differentiator for them where the public cloud obviously have their own bets there. But I think they were pretty dismissive initially about how big that went. >>I don't, and I don't think anybody's really figured out the edge yet. >>Well, that's an, it's a battleground. That's what he's saying. I think you're >>Saying, but on the ecosystem, I wanna say up the stack, I think it's the ecosystem. That's gotta fill that out. You gotta see more governance tools and catalogs and AI tools and, and >>It immediately goes more, it goes more vertical when you go edge, you're gonna have different conversations and >>They're >>Lacking. Yeah. And they, but they're in there though. They're in the verticals. HP's in the, yeah, >>For sure. But they gotta build out an ego. Like you walk around here, the data, the number of data companies here. I mean, Starburst is here. I'm actually impressed that Starburst is here. Cause I think they're a forward thinking company. I wanna see that times a hundred. Right. I mean, that's >>You see HP's in all the verticals. That's I think the point here, >>So they should be able to attract that ecosystem and build that, that flywheel that's the, that's the hallmark of a cloud that marketplace. >>Yeah, it is. But I think there's a, again, I go back to, they really gotta stay focused on that infrastructure and data management. Yeah. >>But they'll be focused on that, but, but their ecosystem, >>Their ecosystem will then take it up from there. And I think that's the next stage >>And that ecosystem's gotta include OT players and communications technologies players as well. Right. Because that stuff gets kind of sucked up in that, in that edge play. Do >>You feel like HPE has a, has a leg up on that or like a little, a little bit of a lead or is it pretty much, you know, even raced right now? >>I think they've, I think the big infrastructure companies have all had OEM businesses and they've all played there. It's it's, it's also helping those OT players actually convert their own needs into more of a software play and, and not so much of >>Physical. You've been, you've been following and you guys both have been following HP and HPE for years. They've been on the edge for a long time. I've been focused on this edge. Yeah. Now they might not have the product traction that's right. Or they might not develop as fast, but industrial OT and IOT they've been talking about it, focused on it. I think Amazon was mostly like, okay, we gotta get to the edge and like the enterprise. And, and I think HP's got a leg up in my opinion on that. Well, I question is can they execute? >>Yeah. I mean, PTC was here years ago on stage talking >>About, but I mean, you think about, if you think about the edge, right. I mean, I would argue one of the best acquisitions this company ever did was Aruba. Right. I mean, it basically changed the whole conversation of the edge changed the whole conversation. >>If >>Became GreenLake, it was GreenLake. >>Well, it became a big department. They gave a big, but, but, but I mean, you know, I mean they, they, they went after going selling edge line servers and frankly it's very difficult to gain traction there. Yeah. Aruba, huge area. And I think the March announcement was when they brought Aruba management into. Yeah. Yeah. >>Totally. >>Last question. Love >>That. >>What are you guys saying about the, the Broadcom VMware acquisition? What's the, what are the implications for the ecosystem for companies like HPE and just generally for the it business? >>Yeah. So >>You start. Yeah, sure. I'll start, I'll start there. So look, you know, we've, you know, spent some time, uh, going through it spent some time, you know, speaking, uh, to the, to the, to the folks involved and, and, and I gotta tell you, I think this is a really interesting moment for Broadcom. This is Broadcom's opportunity to basically build a different kind of a conversation with developers to, uh, try to invest in. I mean, just for perspective, right? These numbers may not be exact. And I know a dollar is not a dollar, but in 2001, anybody, remember what HP paid for? Compact >>8,000,000,020, >>So 25 billion, 25 billion. Wow. VMware just got sold for 61 billion. Wow. Okay. Unbill dollars. Okay. That gives you a perspective. No, again, I know a dollar is not a dollar 2000. >>It's still big numbers, >>2022. So having said that, if you just did it to, to, to basically build your DCF model and say, okay, over this amount of time, I'll pay you this. And I'll take the money out of this period of time, which is what people have criticized them for. I think that's a little shortsighted. I, yeah, I think this is Broadcom's opportunity to invest in that product and really try to figure out how to get a seat at the table in software and pivot their company to enterprise software in a different way. They have to prove that they're willing to do that. And then frankly, that they can develop the skills to do that over time. But I do believe this is a, a different, this is a pivot point. This is not >>CA this is not CA >>It's not CA >>In my, in my mind, it can't be CA they would, they would destroy too much. Now you and I, Dave had some, had some conversations on Twitter. I, I don't think it's the step up to them sort of thinking differently about semiconductor, dying, doing some custom semi I, I don't think that's. Yeah. I agree with that. Yeah. I think I, I think this is really about, I got two aspiration for them pivoting the company. They could >>Justify the >>Price to the, getting a seat at the adults table in software is, >>Well, if, if Broadcom has been squeezing their supplies, we all hear the scutle butt. Yeah. If they're squeezing, they can use VMware to justify the prices. Yeah. Maybe use that hostage. And that installed base. That's kind of Mike conspiracy. >>I think they've told us what they're gonna do. >><laugh> I do. >>Maybe it's not like C what's your conspiracy theory like Symantec, but what >>Do you think? Well, I mean, there's still, I mean, so VMware there's really nobody that can do all the things that VMware does say. So really impossible for an enterprise to just rip 'em out. But obviously you can, you can sour people's taste and you can very much influence the direction they head in with the collection of, of providers. One thing, interesting thing here is, was the 37% of VMware's revenues sold through Dell. So there's, there's lots of dependencies. It's not, it's not as simple as I think John, you you're right. You can't just pull the CA playbook out and rerun it here. This is a lot more complex. Yeah. It's a lot more volume of, of, of distribution, but a fair amount of VMware's install >>Base Dell's influence is still there basically >>Is in the mid-market. It's not, it's not something that they're gonna touch directly. >>You think about what VMware did. I mean, they kept adding new businesses, buying new businesses. I mean, is security business gonna stay >>Networking security, I think are interesting. >>Same >>Customers >>Over and over. Haven't done anything. VMware has the same customers. What new >>Customers. So imagine simplifying VMware. Right, right. Becomes a different equation. It's really interesting. And to your point, yeah. I mean, I think Broadcom is, I mean, Tom Crouse knows how to run a business. >>Yeah. He knows how to run a business. He's gonna, I, I think it's gonna be, you know, it's gonna be an efficient business. It's gonna be a well run business, but I think it's a pivot point for >>Broadcom. It's amazing to me, Broadcom sells to HPE. They sell it to Dell and they've got a market cap. That's 10 X, you know? Yes. Yeah. All we gotta go guys. Awesome. Great conversation guys. >>A lot. Thanks for having us on. >>Okay. Listen, uh, day two is a, is a wrap. We'll be here tomorrow, all day. Dave ante, John furrier, Lisa Martin, Lisa. Hope you're feeling okay. We'll see you tomorrow. Thanks for watching the cube, your leader in enterprise tech, live coverage.

>>mhm. Here live in Washington D. C. For two days of wall to wall coverage. I'm john for your host of the cube. Got two great guests here, constant Thompson V. P. Of diversity equity inclusion program at a core american council of renewable energy and Blair Anderson, director of public policy industries at AWS. Thanks for coming on the cube. Thanks for having us. So first of all, big announcement on stage max Peterson, head of public sector announced some big news with a core. Tell us what it >>is. Well we are going to be partnered with amazon to do a supply chain study on how we can best diversify the renewable energy supply chain. So we're actually gonna have baseline data on where we should start to be able to create a program that's going to be a model for the renewable energy industry on how to develop and support the success of black women and bipac owned um firms. So >>this program that you're running accelerate accelerate your programs and membership tell more has it worked? And why the successes having, what is amazon's relationship with it Besides funding? Is there other things you can talk about? >>Yeah. So accelerate wouldn't have been possible if it wasn't for people like Shannon Kellogg with a W. S. Um who about a year ago after the George Floyd murders said, you know, what are we doing as a core? He sits on our board um in this area and we had to say nothing. So um Shannon. And a group of leaders got together and workshop this idea. Let's create a membership program for women and minority owned businesses so that they can be successful in renewable energy. Let's pick a cohort and let's do whether it takes to make them successful. Everything from introducing them to business connects, to mentoring them to even legal services for them. >>Well, yeah, this is like an interesting dynamic. Remember Andy Jassy was on stage when he was the ceo of a W S a year ago, I kind of was preaching, you hate that, I said that word, but preaching to the audience build, build, build, there's an entrepreneurship, public sector vibe going on right now, very entrepreneurial across every industry. I mean, this is a real thing that's going on. >>Yeah, so we're super excited about this opportunity, the work that core has done to lead on this program for the last year, especially with Constance coming in, becoming the leader has kind of been able to take this idea that she mentioned that AWS was kind of a founding member at the genesis of it about a year ago. She's taking this idea that many of these folks put on paper And been able to turn it into a really hard substantive efforts to move it forward. So we've been able to have great conversations with many of these 15 companies that have been brought into the program and start building a relationship with them. I think, as you have seen around a WS like we believe strongly in innovation and creativity. the renewable energy industry is very similarly there is a lot of kind of thinking big and innovative spirit that needs to take place in that space and having the diversity at all levels of these companies is kind of an important component to be able to move that entrepreneurship forward. >>You know, cost is one of the things that we've been reporting on until getting on the cube is right in the wheelhouse of what you're doing is a cultural change happening. And that cultural change with amazon and cloud computing is causing structural changes which are opportunities like radical structural changes. So that means old incumbent, the old guard as you guys call it, this can be replaced not because people hate them because they're inadequate. So you start to see this kind of mindset shift, entrepreneurial, impact oriented I can make a change but actually I can level up pretty quick because the people in charge don't know cloud, I mean I hate to put it bluntly like that, but if you're not on that edge, if you're not not on that wave, your driftwood. >>Yeah. You know it's funny you say that I like to call it, our members are making systemic disruptions to the system in a very equitable way, meaning our members are in communities like Chicago Jackson Tennessee there in the north end of texas, they are in um everywhere and they're in the communities, making these systemic disruptions to the way things happen, the way we talk about renewable energy to the way we deploy solar, they're making those kind of changes. So to your point they're doing it, we have to catch up to them because they're already out there, they're moving their entrepreneurial, >>it's like, it's like there's a class of entrepreneurship and evolving and it's like everyone's got the pedigree, this or that knowledge is knowledge and you can apply it in software, you could be shrink wrapped software you put on the shelves called shelf where no successful inventory, give it back cloud computing. If you're not successful. Like right now it's not working. So if you don't have results, no one bought it, it must not work. So it's easy to identify what's working. Yes, so that eliminates a lot of dogma, a lot of weird blocking. It's true, this is a democratization of >>absolutely, I think you're talking about transparency and transparency is one of the tenets of inclusion. If you're truly doing things to be inclusive, transparent and that's where you see the changes, that's exactly what you're talking >>about data driven. That's one thing I love about this data world data is now part of like how apps are built, it's not like a database, then you go fetch a file data is now transparently available. If you know what to look for it if it's available. So the whole old silo mentality, this is one of the amazon strength blair you guys are doing. So I have to ask how is this translating out in the public policy world because you know, when you can make this kind of change quicker, you're gonna have some wins under your belt. Yeah, you gotta double down on those. I >>think, I think there's a lot of transformation we're talking about in this conversation. You take kind of one of the missions we're talking about here, which is around clean energy and the expansion of clean energy, Aws and Amazon. We have procured 10 gigawatts of renewable power and making us the largest corporate procure globally, to kind of put that in maybe a little bit more approachable context, that's the equivalent of powering 2.5 million homes. Um and there's still farther to go to be able to meet that kind of think big that is happening in the industry right now, you have to have a broad, diverse industry to be able to reach all those communities to be, have kind of all types of different leaders in it, because we need everybody at the table both for the industry, but also for the communities that are being served. >>What does sustainability mean to you? Because this is a core focus, I know the energy things huge, but it's not obvious to some people, but it's getting better. What are the what's the core 10ets behind the sustainability strategy? >>Yeah, no, I think there's a lot of different ways you can take a stab at that for us. It's uh probably most uh out there in the public that people talk about is our climate pledge. This is kind of a um goal that we've set to be uh net zero carbon by 2040 which is 10, 10 years ahead of the paris Climate change within that. There are components of that that are related to electric vehicles, clean energy, renewable energy procurement, carbon offset programs around the world. I think throughout all of that is kind of coming back to, as you said, with sustainability and approaching climate change as a as an issue that needs a comprehensive holistic approach to talk >>about some of the stories and the members that you have because is the recruiting strategy climate change? Or is there another like how do you because renewable energy could be a no brainer, but how to get people excited? Like save the world. What's the what's the what's the, what are people aligning with then? What's their reaction? So, >>You know, it's very simply the way we see with our members, most of our members, 87% of them are in the solar area. Many of them when we talk about sustainability, how can people live their lives in a way where they save money on their energy bills? How can communities understand how they can harness their own renewable energy, make a little money from that, but also live their lives in a very peaceful, sustainable, peaceful, sustainable way. Right, so that's part of it as an example, a couple of examples is that we have um 548 capital is a member company. And keep in mind that these are early startup companies. 5 48 capital is in Chicago and their models started off with we want all homes in our communities and these are places in the hood, some of them um son text works with people, it works with spanish speaking customers solely in texas where they explain to them the benefits of renewable energy. They explain the benefits of a sustainability and what it is. I mean that's so that's kind of what we're looking >>at here is just kind of show up and just kind of telling the truth >>exactly and show them the benefits that they've kind of not been leading on. Actually. The other thing is that this is about economics. So this renewable energy movement that we're going through is about economics. It is a it's our next wave of being able to ensure americans are able to live lives in a in a way that's meaningful economic. >>Well you've got visibility on the unit economics event good energy. There's also a community angle. >>Yes, absolutely. >>About some of those stories around the community response to this idea, wow this actually is gettable. Yeah, we >>solar is one of our members and it's owned by the first female community solar own company out of. She's out of Baltimore but she has a solar farm here in D. C. And what she did was was engaged churches in how can you get involved in this renewable energy movement? How can you save money? How can you create a community around around this work? We sold as an example of that um son text, I have to mention them again. They speak with they work with only spanish speaking customers who had no clue about this and who are now making having their lives live better because of it, >>you know, affecting change is hard now you've got a tailwind with structural change in systemic opportunities there. What are the blockers? What are the blockers right now? Is an awareness, is it participation community? >>I'm sorry, it's your show and I've >>interrupted, you know, >>we talk about entrepreneurs in the space, particularly women and those from bipod communities. The first thing that you'll hear is they'll say we don't have access to capital people. The terms around getting capital to start up are tough and their barriers there's so that's one the second is awareness and that's awareness of introducing them to companies that might want to do business with them. So that's something that's a benefit for a core occurs. Members are all people who touch every renewable energy transaction from the finances to the developers to the to the buyers. So this is what makes it unique. So what we're doing with accelerate is breaking down the barriers of access to capital by introducing them to people who can potentially support their work but also introducing them to companies that can help them be a part of their supply chain, which is why the study that max announced is amazing because we're going to be able to have baseline data on what, what are the demographics of the supply chain in the renewable energy and what can we do about it? And we're gonna scale accelerate to be a model for the industry >>and that's the transparency angle. Get the baseline, understand this is classic Amazonian thinking, get the baseline, raise the bar, >>you can see why you get >>so OK, so a lot of great stories, how do people get involved? Obviously amazon is taking the lead leadership role here. What can people do to get involved? >>So if you want to support the program as amazon is a corn dot org accelerate or Thompson at a core dot org. That's my email address. If you'd like to become a member company and accelerate program will be opening up applications towards the latter part of this year november december again a core dot org slash accelerate >>renewable energy. What's the coolest thing you've seen so far in your programme around neutral energy um, could be story, it could be people story could be tech story. What's the coolest thing you've seen spot there? Yeah, you really did. You >>know, I think we have a company called clear look, that's a member there out of Jackson Tennessee and they're actually working with retailers are renewable energy credits to create, to create renewable energy farms in their area. And I, what I think is so cool is that she's disrupting the way that you go about using renewable energy credits. Clear loop dot org. Look them >>up in the new york times. Had a story. I'm just reading California other areas. We have a high density of electric vehicles, it's training the power grid. So this idea of coming in, come back is what it's not sure yet. It's not, this is kind of where it's going. So okay, what's the cool thing you've seen? >>No, for me, I've just enjoyed kind of, I've enjoyed the journey. I think the moment for me where I could see that this was real and this was going to be a impactful program constants organized. It's called a speed dating, a virtual speed dating for us with about eight different companies and it was fascinating to get on, spend some time being able to interact with eight different companies. Um, who we probably would not have ever had kind of introduction to before in the past either. They didn't know how to get in touch with us. We didn't know how to get in touch with them and it kind of opens your eyes to all the different ways. People are approaching this problem and starts the executives who I had in these colors. You can see their wheels spinning the ideas sparking of oh there's some cool ideas here. There's something new that we could do. We should explore further. Nothing I can announce at the moment but lots of lots of good uh I'm >>sure the baseline max got baseline studies. I'm sure there will be a lot of doubling down opportunities on success or not success because you want to have the data, you know what to work on. Its true cause a great mission. I'm really impressed. Congratulations. Thank you announcement and love the programme. Thank you. Take a minute to give a plug anyone or public >>thanks Shannon Kellogg. Shannon was really behind it. He's a member of our board represents a W. S. And was really behind, we gotta do something. It's got to be unique and it's got to be something intentional. And here we are today I want to give a >>great opportunity. Thanks for coming in, appreciate it. Thank you for having more cube coverage here from Washington D. C. Amazon web services, public Sector summit. An event in person where people are face to face. This is great stuff is the cube right back after this short break. Mhm. Mhm. Mhm

>> Announcer: From around the globe, it's theCUBE with digital coverage of AWS Public Sector Partner Awards Brought to you by Amazon Web Services. >> Hi and welcome to a special production of theCUBE. We're talking to the Amazon web services public sector, their partner awards program. I'm your host Stu Miniman, and we're digging in on education. It's one of the sectors, of course, public sector looks at nonprofits, it looks at the government sectors and the education, and of course, when we talk about remote learning is such a huge, important topic, especially right now in 2020 with the global pandemic. So happy to welcome to the program, we have two guests. First of all, representing the award winning-company, Mohammad Haque. He is the co-founder and senior vice president of architecture and engineering with eLumin. And joining is one of his customers, Damian Doyle, who is the associate vice president of enterprise infrastructure solutions at the University of Maryland Baltimore County, or UMBC, as it's known. Gentlemen, thanks so much for joining us. >> Thank you. Thanks for having us here. >> All right, first of all, Mohammad, congratulations. As I said in my intro, such an important topic. I have two children that are dealing with remote learning. I have lots of friends that work in higher education and new in the technology space. So your company is the 2020 AWS public sector award winner for best remote learning. I'm sure there is a space that has a lot of competition. And of course, leveraging public cloud is a great way to be able to ramp this sort of thing up rather fast. Give us a little bit, you know, you are the co=founder, so we'd love to hear a little bit of the origin story, your background, and tell us about what differentiates eLumin. >> Sure. eLumin, we provide managed products and services around end user compute with a focus on education for providing access to applications and other technology resources, course content, course applications in the public cloud, so that users are able to use whatever device they have wherever they are, and have access to those applications that are required for completing that course coursework. They can be in, at home, in their dorms, at a corner coffee shop, on the side of a mountain in the middle East, wherever they may be, but leveling that playing field so that they can access and have access to any of the demanding applications on any device is what we're, what our goal is, is to make sure that we're not having technology be a barrier to their learning. >> Fantastic. Damian, if we could turn to you, then. At UMBC, maybe if you could give our audience a thumbnail of the university, and I have some idea of the challenge that was put in front of you when you talk about e-learning, but maybe you could give us a little bit of the pre-COVID and what you were faced and what you were looking at when it came to dealing with the current situation. >> Sure. Be happy to. So we're, UMBC is a midsize public institution. We're sort of suburban, about 14,000 students, and we have undergrad, graduate, and doctoral programs, and we have a heavy focus on a lot of the STEM disciplines. And so pre-COVID, very based in collaborative environments, active learning, but hands-on, so a lot of our programs really do have a lot of that, and we leverage technology very heavily, even if it's in, whether it's in engineering, biology, any of those kinds of programs. As you said, the challenge became how do you very quickly pivot into an entirely online model when you sort of scattershot all of your students and you don't really have a great sense of what they're going to have access to and the abilities and connectivity they're going to have. So this kind of thing was really critical for us as we made that transition. >> Excellent. Mohammad, were you working with UMBC before the current move to go remote? Give us a little bit about the relationship and how that started. >> I believe actually that the pandemic was the impetus to kind of drive this forward. Damian and his team reached out to eLumin looking for a solution that would allow them to kind of have students access the applications that they normally would have access to in their physical computer labs, but with the change and not having access to those labs anymore, needed a remote learning solution, a remote access solution for being able to access those high compute, high graphics processing, memory-intensive applications through the cloud and taking into account the fact that students won't have the highest end computer laptop. They'll probably be working on a Chromebook or a lower-end machine, but need that compute power. And then we had to kind of provide a solution pretty quickly because it was, schools were shutting down, essentially, physically shutting down and needing to continue on with their coursework. >> Yeah, Damian, I'd like to understand from your side. Can you share with us a little bit the timeframes? How fast did you go from, oh my gosh, we need this, we need proposals, we need to roll this out, and we need to have students and teachers back up and running? >> Well, I think the one thing from our side, we had already known of eLumin and we had been looking at that pre-COVID. We knew we needed product that provided us this kind of agility and really gave the students some better access to the computing tools that they needed. So once we identified that, the thing that was amazing to me is we moved from our existing system over to production eLumin in, I think it was about two and a half weeks sort of start to finish, and to get all the images, to get all the technology running, tested, and everything up and running in two and a half weeks for a full solution for a campus is, was pretty amazing. And that was one of the real benefits we saw as going to the cloud. We also looked at this outside of COVID as something that really provided a major benefit to the students so that they could work from anywhere at any time, rather than be sort of tethered to that physical lab. >> Well, I'm glad you raised that. So if you could, Damian, a little bit help us understand how much were you using a cloud before? And it sounds like you believe that in the, I guess if we say post-COVID world, you will probably have some hybrid model. Would that be fair to say? >> Yeah, I think before we did have a different solution that was still cloud-based. It was part of our business continuity. So we still had some semblance of a virtual computing solution in the cloud, but it wasn't that extensive, and a lot of our individual programs, chemical engineering, geography, and others were using physical labs that the students would sort of schedule times and be able to work in as part of their coursework. Coming out of this, we fully expect if we're going an extended period of time where students are able to access these materials and these demanding software packages at any time from any kind of device coming out of COVID, they're not going to want to go back to that model where they're asking, they have to get permission and go in in limited hours into a physical lab and sit there. This is going to be the expectation going forward is that they have this kind of access and this kind of flexibility from now on. >> Yeah, this is, I mean, they've gotten a taste, essentially, and so they see how easy it is to complete their coursework without actually having to trek across campus into a lab and kind of fight with the population to find a seat. This basically will become an expectation of an offering. >> Yeah, Mohammad, what I'd love if you could drill in a little bit for us there. Architecturally speaking, of course, the cloud is built to be able to scale and move fast. So if you need capacity and need to scale up fast, that's great. If in the future, you still want to leverage this solution, but you can scale down, that should be possible. So maybe give us a little bit of a how AWS architecturally supports what you're doing, and just from a pricing solution standpoint, how you'll be able to support the customer in today's environment and however that path goes down the road, you'll be able to support that too. >> Right, I mean, so with AWS cloud, we're able to, as you said, scale up or down as demand is needed, but we've taken that even a little bit further where we're scaling based off of student scheduling. So if we've got a course that we know that is running from >> 10: 00 AM to 11:00 AM, prior to that course starting, we'll scale the environment up so that it's available for those students if it's more of a in course lab session and then spin things back down after the course is done so that we don't have those many, many machines sitting there running and burning the hours and running up the bill. Physical environment, once you've installed it, it's there. It's always running. You cannot do that. But with the power of the cloud, we're able to go up and down. We're able to take things, scale things down off hours. If we look at the patterns for student usage, off hours, overnight, take things down because you don't need those machines sitting there running all the time. >> And this is one of the biggest differentiators. So many times in higher ed, we struggle to have to explain to companies and vendors and providers what our needs are and how we're very different from corporations and other verticals. With the eLumin solution and the capabilities in AWS, we're really having this tailor to our students' schedules, to the class schedules, and that kind of flexibility makes the product economically viable for us, but it also means that we don't get nearly the kind of pushback from the academic side, because it is really tailored to meet their needs versus just something we're kind of shoehorning in. So that makes a huge difference in terms of adoption and the way it's perceived from a marketing and acceptance standpoint. >> Yeah, Damian, I'm curious, once you did that initial rollout, how much of an on ramp is there for both the education, the educator side, as well as the student side? And you talked about having some flexibility as to how and when students use things. That sounds great, but do you have to change office hours or the hours that the staff are leveraging that? I'm just trying to understand the ripple effect of what you're doing. >> No, it's a fair point. We have done fairly extensive training. The students picked it up very quickly. What we, with students, if there's a tool that they can use to do their work more effectively, they're going to use it, whether it's something we provide or something they find through other means. But what we've done is reached out to all of our faculty that we're training, that we're teaching in our physical labs and tried to work with them to understand what this solution is, how they can sort of rethink some of their classes. And a couple of our departments have actually taken an approach of rather than sit everybody in a virtual lab the same way they would sit people in a physical lab, they're moving some of this to more asynchronous so that the students can sort of work at their own pace and sort of rethink how they structure some of those classes because of the flexibility being provided. But it does take a lot of training from the instructional side and some rethinking of this, but the end solution is something that reaches the students where they are and the way they want to learn, which is a really powerful thing we're always trying to do. >> Excellent. Mohammad, I'm wondering just broadly learnings that you have from what's been happening. Obviously I'm sure you've been quite busy in responding to things. What's been the impact on your business? How has AWS been as a partner to be able to support the needs of what you're doing? >> Well, as you can imagine, things have just really blown up in terms of demand and being able to, again, through the power of the cloud, just being able to scale up and rapid deployment. As we spoke about earlier, this deployment was two and a half weeks from start to finish, being able to do that, being able to do that with AWS tools have been critical in moving things forward. >> Excellent. Damian, back to you on this. Obviously if you had had more time to be able to plan this out, there might be some things that you would do differently. But what have your learnings been with this? And if you've been talking to your peers, any advice that you would give as you've moved through this rapid acceleration of the move to remote? >> Certainly, I think we would've certainly done some things differently, but we had been talking about this move for three or four months ahead of COVID, so for us, it wasn't quite as rushed as the actual deployment wound up being. I think the big thing is having a vendor and having a partner where you can understand all the options. So the good and bad of the cloud is there's 100 different ways to do almost anything you want to accomplish, and taking the time to understand what the different features and the ramifications of how you deploy and how you think through that. For us, we deployed one way because we could do it very quickly, and then we took the rest of the semester and part of this summer to do some more thorough evaluations to really ask our constituents, do you like this method, or do you like some of the other possibilities, and see which user experience they liked more, and then we're able to work with eLumin, and they've been able to be very nimble in adjusting the services to meet what we've gotten our feedback on. So I think if I had to do it again, I would've done that testing ahead of time, but that's a very minor thing. These are really sort of small tweaks to just make life a little easier, not fundamental differences in what we're providing. >> Yeah, Damian, one last question, if I could. Sorry, Mohammad. Just, I'm curious from the financial standpoint how much you felt that you understood what costs would be and some of the levers as to what you were using and the impact there. We've seen great maturation over the last handful of years as to transparency and understanding how cloud actually is built. But just curious if you have any final comments on the financial piece of things, seeing that it probably wasn't something that was in your budget for the last quarter. >> It wasn't, that's very true, but we also knew that it was essential. So what we realized was we didn't know how often a lot of our physical labs and these classes were being used. So we knew there was going to be some unknowns. We'd move to this, we'd have to see what adoption was. But being able to get the reporting out and working with Mohammad and others to really start customizing in the cloud. That's the beauty of it is we recognize, we saw some really fascinating patterns where during the week people would use this sort of as you'd expect, but on the weekends, it was in the evenings. Nobody's logging on Saturday or Sunday morning, but boy, at eight p.m., there's a good bit of usage. So we could tailor and do some of that off-hours work and really slows things down. Having that visibility has made the economic piece much more viable, and really being able to tweak the computing power with two different needs of the different classes. So it's actually been fairly easy to understand, but it was a ramp up where we had to sort of guess at first and then understand our own processes. But that's more sort of the, if you don't have good data coming in, it's hard to get it out. >> Excellent. And Mohammad, I want to let you kind of give your lessons learned. Obviously it's a technology space you've been in and it's just been an acceleration of some of the things you're working on. So lessons learned, advice you would give to other companies, other universities and educational facilities out there. >> Right, and this is, again, speaking to the power of the cloud, right? Some of the, one of the biggest lessons learned here is you don't necessarily need to get it right the first time. As Damian was saying, we went back, kind of analyzed what we were seeing, and after the initial deployment, took a look at the actual usage and kind of adjusted based off of that, according to that, taking in feedback from faculty members on how they were using the system and tweaking the presentation or tweaking applications on the back end for accommodating those needs. That's the power of the cloud, being able to adjust on the fly. You're not, you don't have to be committed to every single bit there, and being able to change it on the fly is just something that is kind of natural in the cloud these days. >> Excellent. Well, thank you both so much for joining us, Damian, thank you for joining and moving forward, sharing your story, wish you the best of luck going forward. And Mohammad, big congratulations on winning. Super important category, especially here in 2020. Congratulations to you and the team. >> Thank you. >> Yeah, thank you. >> All right, stay tuned for more coverage here from the AWS public sector. It's their partner awards program. I'm Stu Miniman, and thank you for watching theCUBE. (bright music)

>>from the Cube Studios in Palo Alto and Boston, connecting with thought leaders >>all around the world. >>This is a cube conversation. Hi, and welcome to a special production of the Cube. We're talking to the Amazon Web services, public sector, their partner awards program. I'm your host stew minimum, and we're digging in on education is one of the sectors. Of course, public sector looks at non profits. It looks at the government sectors. Education, Of course, when we talk about remote learning is such a huge, important topic, especially right now in 2020 with a global pandemic so happy to welcome to the program. We have two guests. First of all, we're representing the award winning company Mohammad. He is the co founder and senior vice president of architecture and engineering with Lumen and joining his one of his customers, Damien Doyle, who is the associate vice president of Enterprise Infrastructure Solutions at the University of Maryland, Baltimore County, or UMBC. As it's known, gentlemen, thanks so much for joining us. >>Thank you. Thanks for having us. >>Alright. First of all, Mohammed, congratulations. As I said in my intro, you know, such an important topic and I have two Children that are, you know, dealing with remote learning have lots of friends that were in higher education and, you know, in the technology space. So your company is the 2020 AWS Public Sector Award winner for best remote learning. I'm sure there is a space that has a lot of competition on. Of course, leveraging public cloud is a great way to be able to ramp this sort of thing up rather fast. Give us a little bit. You know, you are the co founder. So would love to hear a little bit of the origin story, your background and Ellis about what differentiates the looming >>sure loom in we provide ah manage products and services around end user compute with a focus on education for providing access to applications and other technology. Resource is, of course, content course applications in the public cloud, so that users are able to use, you know, whatever device they have wherever they are, um so and have access to those applications that are required for completing that force work they could be in, you know, in at home, in their dorms, at a corner coffee shop on the side of a mountain in the Middle East wherever they may be. But leveling that playing fears playing field so that they could access, um, have access to any of the demanding applications on any device is what we're You know, What our goal is is to make sure that we're not having technology be a barrier to their learning. >>Fantastic. Damien, If if we could turn to you, then atyou NBC, maybe if you could give our audience Ah, thumbnail of you know, the university and I have some idea of the challenge that was put in front of you when you talk about the learning. But maybe you could give us a little bit of the pre cove it and, uh, you know what? What you were faced in and what you were looking at when it came to dealing with the current situation. >>Sure be happy to So where you? NBC is a mid sized public institution. We're sort of suburban, about 14,000 students, and we have undergrad, graduate and doctoral programs, and we have a heavy focus on a lot of the stem disciplines. And so pre cove, it very based in collaborative environments, active learning but but hands on. So a lot of our programs really do have a lot of that. We leverage technology very heavily, even if it's in whether it's an engineering biology, any of those kinds of programs. Uh huh. As you said that the challenge became how do you very quickly pivot into an entirely online model when you sort of scatter shot all of your students and you don't really have a great sense of what they're gonna have access to and, um, and the abilities and connectivity they're gonna have. So this this kind of thing was really critical for us as we made that transition. >>Excellent. Mohammed, Were you working with you, NBC before the current move toe Go, go remote. Give us a little bit about the relationship and how that started. >>I believe, actually that the pandemic was the impetus to kind of drive this forward. Damien and his team reached out to loom in looking for a solution that would allow them to kind of have students access the applications that they normally would have access to in their physical computer labs. But with ah the change and not having to access those labs anymore needed a remote learning solution. A remote access solution for being able to access those high compute high graphics processing or memory intensive applications through the cloud. Taking into account the fact that you know, students won't have you know, that the highest end computer laptop, you know, they probably be working on a chromebook or a lower and machine, but need that compute power on. And then we had to kind of provide a solution pretty quickly because it was, you know, schools were shutting down, essentially physically started shutting down and needing to continue on with their coursework. Coursework? >>Yeah, Dave and I like to understand from your side. Can you share with us a little bit that time frames, you know, how fast did you go from? Oh, my gosh, We need this. We need proposals. We need to roll this out, and we need to have students. Ah, in teachers back up and running. >>Well, you know, I think the one thing from our side we had already known of element and we've been looking at that pre cove it. We knew we needed a product that that provided us this kind of agility and really gave the students some better access to the computing tools that they need it. So once we identify that, the thing that was amazing to me is is we moved from our existing system over to production illumination. It was about 2.5 weeks sort of start to finish and, you know, to get all the images to get all the technology running tested and everything up and running in 2.5 weeks for a full solution for a campus is was pretty amazing. And that was one of the real benefits we saw was going to the cloud. We also looked at this outside of code as something that really provided a major benefit to the students so that they could work from anywhere at any time rather than be sort of tethered to that physical lab. >>Well, I'm glad you raised that. So if you could Damien a little bit, you know, help us understand. How much are you using A cloud before? And it sounds like you believe that, you know, in the you know, I guess if we say postcode world, you would probably have some hybrid model. Would that be fair to say, >>Yeah, I think before we did have a different solution that was still cloud based. It was part of our business continuity. So we still had some semblance of virtual computing solution in the cloud. But it wasn't that extensive. And a lot of our individual programs chemical engineering, geography and others were using physical labs that the students would sort of scheduled times and be able to work in as part of their coursework. Uh, coming out of this, we fully expect if, if we're going on extended period of time where students are able to access these materials and these demanding software packages at any time from any kind of device coming out of cove it they're not gonna want to go back to that model where they're asking, you know, they have to get permission and go in and limited hours into a physical lab and sit there. This is going to be the expectation going forward is that they have this kind of access and this kind of flexibility from now. >>Yeah, this is I mean, they've gotten a taste essentially, and so, you know, they they see how easy it is to complete their coursework without actually having to trek across campus into a lab and kind of fight with the population to find a seat. This basically will become an expectation of an offering. >>Mohammed, what I'd love if you could drill in a little bit for us there, Architecturally speaking, of course, the cloud is built to be able to scale and move fast. So if you need capacity and need to scale up fast, that's great if in the future you still want to leverage the solution. But you can scale down, that should be possible. So maybe give us a little bit of you know how aws arc. It actually supports what you're doing and, you know, just from a pricing solution standpoint, how you'll be able to support the customer in today's environment. And however that path goes down the road, you'll be able to support that, >>right? I mean, so, you know, with the AWS cloud, we're able to, as you said, scale up or down as demand is needed. But we we've taken that even a little bit further where we're scaling based off of, um, students scheduling. So if we've got, of course, that we know that is running from 10 AM to 11 AM Your prior to that core starting will scale the environment up so that it's available for those students. If it's not, you know, more of, ah, in course, lab session, um, and then spin things back down after the course is done so that we don't have that those many, many machines sitting there running and burning the hours and running up the bill. You know, physical environment. You know, once you've installed it, it's there. It's always running. You cannot do that. But with the power of the cloud, we're able to go up and down. We're able to take things. Uh, you know, scale things down off hours. If we look at the patterns for a student usage, you know, off hours overnight take things down because you don't need those machines sitting there running, running all the time. >>And this is one of the biggest differentiators so many times in higher ed. We struggle to have to explain to companies and vendors and providers what our needs are and how we're very. We're very different from corporations and other other verticals with the bloomin solution and the capabilities in AWS. But we're really having this Taylor to our students schedules to the class schedules, and that kind of flexibility makes the product economically viable for us. But it also means that we don't get nearly the kind of push back from the academic side because it is really Taylor to meet their needs versus just something we're kind of shoehorning in. So that makes a huge difference in terms of adoption and the way it's perceived from a marketing, marketing and acceptance standpoint. Yeah, >>Dave and I'm curious. Once you did that initial rollout, how much of an on ramp is there for both the education, the educators side as well as student side? And you talked about having some flexibility as to how and when students use thing. That sounds great, but do you have to change, you know, office hours or the hours that the staff are leveraging that I'm just trying to understand the you know, the ripple effect of what you're doing? >>No, it's It's a fair point. We have done fairly extensive training. The students picked it up very quickly. What we with students? If there is a tool that they can use to do their work more effectively. They're going to use it, whether it's something we provide or something they find through other means. But what we've done is is reached out to all of our faculty that were training, that we're teaching in our physical labs and try to work with them to understand what the solution is, how they can sort of rethink some of their classes. And a couple of our departments have actually taking a approach of rather than said everybody in a virtual lab the same way they would sit people in a physical lab. They're moving some of this team or a synchronous so that the students can serve, work at their own pace and rethink how they structure some of those classes because of the flexibility being provided. But it does take a lot of training from the instructional side and some rethinking off this. But it the end solution is something that reaches the students where they are and the way they want to learn, which is a really powerful thing. We're always trying to do >>excellent, Mohammed. I'm wondering just broadly learnings that you have from what what's been happening Obviously, I'm sure you've been quite busy and responding to things. You know, what's been the impact on your business, how as a ws been as a partner to support the needs of what you're doing. >>Well, as you can imagine, the other things that just really blown up, Um, in terms of demand and being able to again through the plant power of the cloud, just being able to scale up and rapid deployment, you know, as we talk about earlier this deployment was, you know, 2 2.5 weeks from start to finish. Being able to do that, being able to do that with AWS tools have been, um, critical and moving things forward. >>Excellent. Uh, Damien, it's a sit back to you on this. You know, obviously, if you had had, you know, more time be able to plan this out if there might be some things that you would do differently. But what have your learnings been with this? And if you've been talking to your peers, any advice that you would give, uh, you know, as you've moved through this this rapid acceleration of the move to remote >>you Certainly. I think we would have certainly done some things differently. But we have been talking about this move for three or four months ahead of Covitz. So for us it wasn't. It wasn't quite as rushed as the actual deployment wound up being. I think the big thing is having having a vendor and having a partner where you can understand all the options. So the good and bad of the cloud is there's 100 different ways to do almost anything you want to accomplish and taking the time to understand what the different features and the ramifications of how you how you deploy and how you think. Think through that for us. We deployed one way because we could do it very quickly. And then we took the rest of the semester and part of this summer to do some more thorough evaluations to really ask our constituents you like this method or do you like some of the other, possibly some of the other possibilities and see which user experience they liked more? And then we're able to work with illumination, and they've been ableto very nimble in adjusting the services to meet what we've gotten our feedback on. So I think if I had to do it again, I would have done that testing ahead of time. But that's a very minor thing. These air really sort of small tweaks to just make life a little easier. Not fundamental differences in the what we're providing. >>Yeah, I'm Damien. What? One last question if I could, um sorry. Sorry, Mohammed. Just I'm curious from the financial standpoint, you know how much you felt that you understood what costs would be in some of the levers as to what are you using in the impact there? We've seen, you know, great maturation over the last handful of years. As toe. Yeah, you know, transparency and understanding how cloud actually is build. But I'm just curious if you have any final comments on the financial piece things, seeing that, it probably wasn't something that was in your budget for the last quarter. Yeah, >>it wasn't. That's very true. But we also knew that it was essential so that what we realized was we didn't know how often a lot of our physical labs and these classes were being used. So we knew there was going to be some unknowns. We've moved to this would have to see what adoption was but be able to get the reporting out and working with Mohammed and others to really start customizing in the cloud. That's the beauty of it is we recognize we saw some really fascinating patterns where during the week people would use this sort of as you'd expect. But on the weekends it was in the evenings. Nobody, nobody is logging on Saturday or Sunday morning. But boy at eight PM there's a good bit of usage so we could tailor and do some of that off hours work and really slows things down. Having that visibility has made the economic piece much more viable and really being able to tweak the computing power with two different needs of the different classes. So it's actually been fairly easy to understand, but it was a ramp up where we have to sort of guess at first and then understand our own processes. But that's more sort of the If you don't have good data coming in, it's hard to get it. Get it out. Excellent. Mohammad, I >>want you to kind of give your lessons learned. Obviously, it's a technology space. You've been in. Ah, and it's just been an acceleration of some of the things you're working on. So lessons learned advice you would give Teoh, you know, other companies of the universities and education No facilities out there, >>Right? And, you know, this is again speaking to the power of the cloud, right? Some of that one of the biggest lessons learned here is you don't necessarily need to get it right the first time. It's name and saying was saying, You know, we went back kind of analyze what we were staying in after the initial deployment, took a look at the actual usage and kind of adjusted, based based off of that. According to that, taking and feedback from faculty members on how they were using a system in tweaking the presentation or tweaking applications on the back end for accommodating those needs. That's the power of the cloud being able to adjust on the fly. You're not. You don't have to be committed to every single bit there. Uh, and being able to change it on the fly is is just something that is kind of natural in the cloud these days. >>Excellent. Well, thank you both. So much for joining us, Damien. Thank you for joining and moving forward. Sharing your story. I wish you the best of luck going forward. And Mohammed Big. Congratulations on winning. You know, super important category. Especially here in 20. Funny congratulations to you and the team. >>Thank you. >>Yeah, Thank you. Alright, stay tuned for more coverage here from the AWS public sector is their partner awards program. I'm Stew men a man And thank you for watching the Cube. Yeah, yeah, yeah, yeah.

>> Announcer: From Las Vegas, it's theCUBE. Covering Qualys Security Conference 2019, brought to you by Qualys. >> Hey welcome back everybody, Jeff Frick here with theCUBE, we're in Las Vegas at the Bellagio, at the Qualys Security Conference, pretty amazing, it's been going on for 19 years, we heard in the keynote. It's our first time here, and we're excited to have our first guest, he was a keynote earlier this morning, the author of nine books, Richard Clarke, National Security and Cyber Risk expert, and author most recently of "The Fifth Domain." Dick, great to see you. >> Great to be with you. >> Absolutely. So you've been in this space for a very long time. >> I started doing cybersecurity in about 1996 or 1997. >> So early days. And preparing for this, I've watched some of your other stuff, and one of the things you said early on was before there was really nothing to buy. How ironic to think about that, that first there was a firewall, and basic kind of threat protection. Compare and contrast that to walking into RSA, which will be in a couple of months in Moscone, 50,000 people, more vendors than I can count on one hand, now there's too much stuff to buy. Do you look at this evolution? What's your take? And from a perspective of the CIO and the people responsible for protecting us, how should they work through this morass? >> Well, the CIO and the CFO, got used to thinking cyber security costs a little bit, 'cause you can only buy, this is 1997, you can only buy antivirus, firewall, and maybe, in 1997, you could buy an intrusion detection system. Didn't do anything, it just went "beep," but you could buy that too. So you had three things in 1997. And so that resulted in the IT budget having to take a tiny little bit of it, and put it aside for security, maybe 2%, 3% of the budget. Well, now, if you're only spending 2 or 3% of your IT budget on security, somebody owns your company, and it's not you (laughs). >> And that's 2 or 3% of the IT budget, that's not the whole budget. >> No, that's the IT budget. What we found in researching the book, is that secure companies, and there are some, there's companies that don't get hacked, or they get hacked, but the hack gets in, immediately contained, identified, quarantined. The damage is done, but it's easily repaired. Companies that are like that, the resilient companies, are spending 8%, 10%, we found companies at 12 and 17%, of their IT budget on security, and to your point, how many devices do you have to buy? You look at the floor at any of these RSA Conventions, Black Hat, or something, now there are 2000 companies at RSA, and they're all selling something, but their marketing message is all the same. So pity the poor CSO as she goes around trying to figure out, "Well, do I want to talk to that company? "What does it do?" We found that the big banks, and the big corporations, that are secure, have not three, anymore, but 75, 80, different, discreet cybersecurity products on their network, most of it software, some of it hardware. But if you've got 80 products, that's probably 60 vendors, and so you got to, for yourself, there's the big challenge, for a CSO, she's got to figure out, "What are the best products? "How do they integrate? "What are my priorities?" And, that's a tough task, I understand why a lot of the people want to outsource it, because it's daunting, especially for the small and medium-size business, you got to outsource it. >> Right, right. So the good news is, there's a silver lining. So traditionally, and you've talked about this, we talk about it all the time too, there's people that have been hacked and know it, and people that have been hacked and just don't know it yet, and the statistics are all over the map, anywhere you grab it, it used to be hundreds of days before intrusions were detected. Kind of the silver lining in your message is, with proper investments, with proper diligence and governance, you can be in that group, some they're trying to get in all the time, but you can actually stop it, you can actually contain it, you can actually minimize the damage. >> What we're saying is, used to be two kinds of companies, those that are hacked and knew it, and those that are hacked that don't, that didn't know it. Now there's a third kind of company. The company that's stopping the hack successfully, and the average, I think, is a 175 days to figure it out, now it's 175 minutes, or less. The attack gets in, there's all the five or six stages, of what's called "the attack killchain," and gets out very, very quickly. Human beings watching glass, looking at alerts, are not going to detect that and respond in time, it's got to be automated. Everybody says they got AI, but some people really do (laughs), and machine learning is absolutely necessary, to detect things out of the sea of data, 75 different kinds of devices giving you data, all of them alarming, and trying to figure out what's going on, and figure out in time, to stop that attack, quarantine it, you got to move very, very quickly, so you've got to trust machine learning and AI, you got to let them do some of the work. >> It's so funny 'cause people still are peeved when they get a false positive from their credit card company, and it's like (laughs), do you realize how many of those things are going through the system before one elevates to the level that you are actually getting an alert? >> So the problem has always been reducing the number of false positives, and identifying which are the real risks, and prioritizing, and humans can't do that anymore. >> Right, right, there's just too much data. So let's shift gears a little bit about in terms of how this has changed, and again, we hear about it over and over, right, the hacker used to be some malicious kid living in his mom's basement, being mischievous, maybe, actually doing some damage, or stealing a little money. Now it's government-funded, it's state attacks, for much more significant threats, and much more significant opportunities, targets of opportunity. You've made some interesting comments in some of your prior stuff, what's the role of the government? What's the role of the government helping businesses? What's the role of business? And then it also begs the question, all these multinational business, they don't even necessarily just exist in one place, but now, I've got to defend myself against a nation state, with, arguably, unlimited resources, that they can assign to this task. How should corporate CIOs be thinking about that, and what is the role, do you think, of the government? >> Let's say you're right. 20 years ago we actually used to see the number of cyber attacks go up on a Friday night and a Saturday night, because it was boys in their mother's basement who couldn't get a date, you know, and they were down there having fun with the computer. Now, it's not individuals who are doing the attacks. It is, as you say, nation states. It's the Russian Army, Russian Intelligence, Russian Military Intelligence, the GRU. The North Korean Army is funding its development of nuclear weapons by hacking companies and stealing money, all over the world, including central banks, in some cases. So, yeah, the threat has changed, and obviously, a nation state is going to be far more capable of attacking, military is going to be far more capable of attacking, so, CISOs say to me, "I'm being attacked by a foreign military, "isn't that the role of the Pentagon "to defend Americans, American companies?" And General Keith Alexander, who used to run Cyber Command, talks about, if a Russian bomber goes overhead, and drops a bomb on your plant, you expect the United States Air Force to intercept that Russian bomber, that's why you pay your taxes, assuming you pay taxes. What's the difference? General Alexander says, whether that's a Russian bomber attacking your plant, or a Russian cyber attack, attacking your plant, and he says, therefore, people should assume the Pentagon will protect them from foreign militaries. That sounds nice. There's a real ring of truth to that, right? But it doesn't work. I mean, how could the Pentagon defend your regional bank? How could the Pentagon defend the telephone company, or a retail store? It can't. It can barely defend itself, and they're not doing a great job of that either, defending the federal government. So, do you really want the Pentagon putting sensors on your network? Looking at your data? No, you don't. Moreover, they can't. They don't have enough people, they don't have enough skills. At the end of the day, whatever the analogy is about how the Defense Department should defend us from foreign military attack, they can't. And they shouldn't, by the way, in my view. The conclusion that that gets you to, is you got to defend yourself, and you can, right now, if you use the technology that exists. The government has a role, sure. It can provide you warnings, it can provide the community with intelligence, it can fund development and stuff, can train people, but it cannot defend your network, you have to defend your network. >> And you have municipalities, I think it's Atlanta, is the one that keeps getting hit, there's-- >> Well Louisiana, just the other night, the whole state of Louisiana government unplugged from the internet, because it was being hit by a ransomware attack. The whole city of Baltimore's been down, the whole city of Atlanta, as you said. There's a real problem here, because people, many of them are paying the ransom, and they pay the ransom, and they get their network back right away. People ask me, "Can I trust these criminals?" Well you can trust them to give you your network back, because they have a reputation to maintain. Think about that. This whole thing about ransomware depends on their reputation, the bad guys' reputation. If they get a reputation for not giving you your network back when you pay, no one's ever going to pay, so they do give it back, and sometimes that's a lot quicker, and a lot cheaper, than saying no and rebuilding your network. But if we give them the money, what are they doing with it? Yeah, they're buying Ferraris to drive round the streets of Moscow, but some of that money is going back into R&D, so they can develop more effective attacks. >> So it's an interesting take, right, so most people, I think, would say that the cybersecurity war is completely always going to be kind of cat and mouse, whack-a-mole, that the bad guys are always a little step ahead, and you're always trying to catch up, just the way the innovation cycle works. You specifically say no, that's not necessarily always true, that there are specific things you can do to, not necessarily have an impenetrable wall, but to really minimize the impact and neutralize these threats, like a super white blood cell, if you will. So what are those things that companies should be doing, to better increase their probability, their chance, of, I don't know, blocking-- >> Depends on the size of the company. >> Absorbing. >> Depends on the size of the company. But I think whether you're a small-to-medium business, or you're an enterprise, you begin in the same place. And I do this with all of my consulting contracts, I sit down with the leadership of the company individually, and I ask every one of them, "What are you worried about? "What could happen? "What could a bad guy do to you "that matters to your company?" 'Cause what matters to one company may not matter to another company. And you can't spend your entire budget defending the network, so let's figure out exactly what risk we're worried about, and what risk we're just kind of willing to tolerate. And then, we can design security around that, and sometimes that security will be outsourced, to a managed security provider. A lot of it means getting into the cloud, because if you're in Amazon or Microsoft's cloud, you've got some security automatically built in, they've got thousands of people doing the security of the cloud, and if your server's in your basement, good luck. (laughs) >> So, as you look forward, now you said you finished the book earlier in the year, it gets published, and it's out, and that's great, but as you said, it's a fast-moving train, and the spaces develops. 10 years from now, we don't want to look at 10 years from now, it's way too long. But as you look forward the next couple, two, three years, what are you keeping an eye on, that's going to be, again, another sea change of both challenge and opportunity in this space? >> The three technologies we talk about in the book, for the three-year time horizon, 'cause I can't get beyond three years, more machine learning on the defense, but also more machine learning on the offense, and where does that balance work out? To whose advantage? Secondly, quantum computing, which, we don't know how rapidly quantum computing will come onto the market, but we do know it's a risk for some people, in that it might break encryption, if the bad guys get their hands on the quantum computer, so that's a worry. But one I think most immediately, is 5G. What 5G allows people to do, is connect millions of things, at high speed, to the internet. And a lot of those things that will be connected are not defended right now, and are outside firewalls, and don't have end-point protection, and aren't really built into networks on a secure network. So I worry about 5G empowering the Internet of Things, and doing what we call expanding the attack surface, I worry about that. >> Right, Richard, well thank you for taking a few minutes, and congrats on the book, and I'm sure within a couple of years the gears will start turning and you'll put pen to paper and kick another one out for us. >> Number 10. >> All right. He's Richard, I'm Jeff, you're watching theCUBE, we're at the Qualys Security Conference at the Bellagio in Las Vegas, thanks for watching, we'll see you next time. (upbeat music)

>>From our studios in the heart of Silicon Valley, Palo Alto, California. This is a cute conversation. >>Hi and welcome to the cube studios in Palo Alto, California for another cube conversation where we go in depth with the tech leaders driving innovation across the technology industry. I'm your host, Peter Burris. Well, it's that time of quarter again. Every quarter we get together with Fortinet to discuss their threat landscape report, which is one of the industry's best and most comprehensive views into how the bad guys are utilizing bad software and bad access to compromise digital business and steal digital assets. Now, this quarter's report suggests that there's not as much new stuff going on. If you look at the numbers, they're relatively flat compared to previous quarters, but that doesn't tell the real story. Underneath those numbers, we see that there is a churn. There's an incredibly dynamic world of bad actors doing bad things with old and new bad stuff to try to compromise digital business, to learn more about this dynamism and what's really happening. Once again, we've got a great cube guest, Tony Gian. Medico is a senior security strategist and researcher and CTI lead at Fordanet. Tony, welcome back to the cube. >>Hey Peter, it's great to be here. >>So Tony, I started off by making this observation that the index suggests that we're in kind of a steady state, but that's not really what's happening. Is it? What's really going on? Where it's going on inside the numbers? >>Yeah, no, we start to see a little bit of a shift of tactics. Um, what has happened, I think, uh, not all the time, but sometimes with the adversaries like to do is penetrate an organization where maybe us as defenders aren't necessarily as focused in on, and a great example is this. For many years we were focused on and rightfully so. And we continue to be focused on this is being able to block a phishing email, right? We have our email security gateways to be able to not allow that email to come into the network. We also then for for whatever reason, if it happens to get into the network, we focus on user awareness training to educate our users to make sure that they can identify a malicious email. They're not clicking that link or clicking that attachment. Now with that said, we look at the actual data in our queue three threat last grade and what we're seeing is the adversaries are targeting vulnerabilities that if they were successfully exploited would give them remote code execution, meaning that they, they, they can compromise that box and then move further and further inside the network. >>Now granted that's been happening for many years, but we have actually seen an increase order. As a matter of fact, it was number one prevalence across all the actual regions. So with that said, I think it's worth making sure that you're looking at your edge devices or your edge services that are publicly exposed out there. Make sure that there's no vulnerabilities on them, make sure that they're not misconfigured and also make sure that you have some type of multifactor authentication. And I think like we've talked about many times that threat landscape or that, you know, threat attack surface continues really to expand, right? You've got, you've got cloud, you have IOT. So it's becoming more and more difficult to be able to secure all those edge services. Definitely. You know, something you should take a look at >>and you got more people using more mobile devices to do more things. So, so it sounds as though it's a combination of two things. It's really driving this dynamism, right, Tony? It's one, just the raw numbers of growth and devices and opportunities and the threat surface is getting larger and the possibility that something's misconfigured is going up and to that they're just trying to catch your organization's by surprise. One of those is just make sure you're doing things right, but the other one is don't keep, take your eye off the ball, isn't it? How are organizations doing as they try to, uh, expand their ability to address all of these different issues, including a bunch that are tried and true and mature, uh, that we may have stopped focusing on? >>Yeah. You know, it's really hard, right? I always say this and um, you know, I get some mixed kind of reaction sometimes, but you can't protect and monitor everything. I mean, depending on how large your network is, it's really difficult. So I mean, really focusing on what's important, what's critical in your organization is probably really the best approach, right? Really kind of focusing on that. Now with that said though, the reason why it becomes so, so difficult these days is the volumes of threats that we're seeing. I'm kind of come out of what I refer to the cybercrime ecosystem, right? Where anytime, do you know anybody who wants to get into a life of cyber crime, they really don't need to know much. They just need to understand, right? Where to get these particular services that they can sort of rent, right? You have malware as a service, right? You got kind of ransomware as a service. So that's an important to make sure we understand. Um,, Hey, anybody can get into a life of cyber crime and that volume is really sort of being driven by the cyber crime ecosystem. >>Well, the threat report noted, uh, specifically that the, uh, as you said, the life of crime is getting cheaper for folks to get into because just as we're moving from products to services in technology and in other parts of the industry, we're moving from products to services in, uh, the threat world. To talk a little bit about this, what you just said, this notion of, you know, bad guy as a service, what's happening. >>Yeah, I like that bad guy as a service. Um, what's really kind of popular these days is ransomware as a service. Um, then two, three we saw two more variants, uh, ramps and wears as a service, uh, you know, Soden and then also, um, I think I can pronounce it empty. I always have a hard time pronouncing all of these malware name. But anyway, these are new variants now that are coming up. Um, and of course anytime you get something new, the malware usually has more, you know, more a more advanced kind of capabilities. And you know, these malwares have, you know, ways to evade a Vieta taction you know, they're looking for different services that may be on the, the operating system, finding ways to be able to the war, the detection of their particular malware or if someone is analyzing that particular threat, making it longer for an analyst to be able to figure out what's going on. >>Mmm. And as well as trying to avoid different types of sandbox technologies. Now I think that's something bad to actually, you know, really worry about. But what really gets me, and I might've said this, um, in some of the previous conversations this year is that the tactics are also kind of changing a bit for ransomware as a service coming out of the cyber-crime ecosystem. It used to be more opportunistic. There was a spray and pray approach, let's hope something sticks. Right. Totally changed. They're becoming a lot more targeted. And one of the main reasons why it was because organizations are paying large amounts of money or the ransom depending large amounts of money to the group yo yo to have 'em the ability to decrypt their files after they get hit with ransomware. And you've seen this right now, the adversaries are targeting organizations or industries that may not have the most robust security posture. >>They're focused on municipalities. Yeah, they're focused on, okay. Cities also state local government. Um, well we saw it earlier on this year, the city of Baltimore, we had a bunch of cities in Florida, actually one city in Florida ended up having to pay $600,000 in a ransom to be able to have their files decrypted. And also in the state of Texas we saw, Mmm. A, uh, malware variant or ransomware variant hit about 22 municipalities throughout the state of Texas. And you know, the one other thing I think seems to be common amongst all of these victims is a lot of them have some type of insurance. So I think the bad guys are also doing some research or doing their homework to make sure, Hey, if I'm going to spend the money to target this individual or this organization, I want to make sure that they're going to be able to >>painting the ransom. They're refining their targets based on markers, which is how bad guys operate everywhere, right? You decide who your Mark is and what their attributes are. And because these are digital, there's also a lot more data flying around about who these marks are, how they work. Uh, as you said, the availability of insurance means that there is no process for payment in place because insurance demands it and it accelerates, uh, the, the, the time from hitting them to getting paid if I got that right. >>Yeah, that is 100% spot on, you know, efficiency, efficiency, officio. I mean, we all want to get paid as fast as possible, right? Yeah. >>Peter. Yeah, that's true. That's true. All right, so it's time for prescription time, Tony. It's a, uh, we've talked about this for probably six or eight quarters now and every time I ask you, and what do folks do differently in the next few months? Uh, what should they do differently in the next few months? >>You know, I like to talk a lot about how we, you know, you have to have that foundational, uh, it kind of infrastructure in place, having visibility and all that debt and that's 100% sort of true. Um, that doesn't change. But I think one thing that we can start doing, um, and this is wonderful. Um, I'm sort of project that had transpired over the last few years from the MITRE, uh, organization is the MITRE attack framework. Uh, what had happened was miter had gone out there and brought in, um, through all these open source outlets, different types of threat reports. Mmm. That the adversaries, um, you know, we're, di we're documented actually doing, they took all those tactics and corresponding techniques and documented all of them in one location. So now you have a common language for you to be able to determine and be able to learn what the actors are actually doing to come their cyber mission. >>And because now we have that there's a trend. Now organizations are starting to look at this data, understand it, and then operationalizing it into their environment. And what I mean by that is they're looking at the axle the, uh, tactic and the technique and not know, understanding what it is, looking at, what is the actual digital dust that it might leave behind, what's the action and making sure that they have the right protections and and they're grabbing the right logs at least to be able to determine when that particular threat actor, using that technique happens to be in there environment. >>But it also sounds as though you, you know, you noted the use of common language that it sounds as though, uh, you're suggesting that enterprises should be taking a look at these reports, studying them, uh, reaching agreement about, uh, what they mean, the language so that they are acculturating themselves to this more common way of doing things. Because it's the ability to not have to negotiate with each other when something happens and to practice how to respond. That really leads to a faster, more certain, uh, more protecting response if I got that right. Yeah. >>You know, 100%. And I'll also add though, um, as you start to operationalize this no miter attack framework and understanding what the adversaries are kind of doing, you get more visibility. Yeah. But then also what you're seeing is there's a trend of vendors starting to create what's referred to as threat actor playbooks, right? So there, as they discover these actual threads, they're mapping the actual tactics and techniques back to this common language. So now you have the ability to be able to say, Hey, I just seen a, you know, Fordanet just put this report out on this particular, you know, threat actor or this malware because we're leveraging a common language. They can more easily go back and see how they're actually defending against these particular, you know, TTPs. Well, and the latest one, you know, that we put out, uh, just this week was, um, uh, uh, a playbook on the malware that's a banking Trojan. >>Well, at least it started out as a banking Trojan. It's kind of morphed into something a little more now. You see it delivering a bunch of malware variants, um, you know, different malware families. It's almost like a botnet now. And, uh, we hadn't actually seen it, um, really for a little while. But in Q three we saw a bunch of different campaigns spawn. And like I always say, malware a hibernate for a little bit, but when it comes back, it comes back bigger, faster, stronger. There's always new tactics, there's only new capabilities. And then this case, that's no exception. What they did, Mmm. And I thought was very unique, uh, at being able to, again, crayon, Mmm. The humans to be able to make a mistake. So what they did is they as a victim, they would grab the email, thread from the emails, grab those threads, I put it in a spoofed email, and then email that to the next victim. And they'll actually, um, so know when the victim opens up that particular email, they see that thread that looks like, Hey, I've had this correspondence, you know, before this has to be a good email, I'm going to clip that attachment. And when they do, now they're compromised and that whole process happens over and over and over again. >>So there's, they're scraping the addressees and they are taking the email and creating a new AML and sending it onto new, uh, addressees hopefully before the actual real email gets there. Right. >>Uh, you know, yes. But also say that, um, they're actually, they're taking the context of the email, right? So the email sort of thread. So it makes it, it's an actual real thread. Well, they're just kind of adding it in there. So it's really it really looks like it's, hello. Hey, I've had that correspondence before. Um, I'm just going to click that link. >>So that's me. This notion of operationalizing through the minor and these new playbooks, uh, is a, a way ultimately that more people, presumably we're creating more of a sense of professionalism that will diffuse into new domains. So, for example, you mentioned early on, uh, municipalities and whatnot that may not have the same degree of sophistication through this playbook approach, through the utilizing these new resources and tools that Fortinet and others are providing. It means that you can raise to some degree, the level of responsiveness in shops that may not have the same degree of sophistication. Correct? >>Yeah, I didn't, you know, I definitely would have to agree. And it also, I think as you start to understand these techniques, you will never just have one technique as a standalone, right? These techniques are Holies chained together, right? You're going to have, once this technique is there, you're going to know that there's a few techniques are probably have a happen before and there's some, they're going to happen later. A great example of this, let's say, when you know, when an adversary is moving laterally inside the network, there's really three basic things that they have to be able to have. One is they have to have the authorization, the access, you know, to be able to move from system to system. Once they have that, you know, and there's a way a variety of ways that they can do that. Once they're there, now they have to somehow copy that malware from system to system. >>And you know, you can do that through, you know, ah, remote desktop protocol. You can do that through no P S exact. It's a variety of different ways you can do that. And then once the malware's there, then you have to execute it somehow. And there's ways to do that. Now if you have a common language for each one of those, now you start chaining these things together, you know, the digital dust or the actual behaviors and what's actually left behind with these actual tactics. And now as manually you can start better understanding how to, you know, thread hunt more efficiently and also start to actually let the technology do this kind of threat hunting for you. So I guarantee you we're going to see innovation and technology where they're going to be doing automatic through hunting for you based on these types of understandings in the future. >>Tony, what's growing? Once again, great cube conversation. Thanks again for being on the cube. Tony John, John de Medico is, I'm going to just completely shorten your title, uh, threat landscape expert Fort Tony. Thanks again. >>Yeah, it's great to be here. Peter. Thanks a lot, >>and thanks once again for joining us for another cube conversation on Peter Burris. See you next time..

>>Our studios. Silicon Valley, Palo Alto, California is a Q conversation. Hi and welcome to the cube studios in Palo Alto, California for another cube conversation where we go in depth with the tech leaders driving innovation across the technology industry. I'm your host Peter Burris. Well, it's that time of quarter again. Every quarter we get together with Fortinet to discuss their threat landscape report, which is one of the industry's best and most comprehensive views into how the bad guys are utilizing bad software and bad access to compromise digital business and steel digital assets. Now, this quarter's report suggests that there's not as much new stuff going on. If you look at the numbers, they're relatively flat compared to previous quarters, but that doesn't tell the real story. Underneath those numbers, we see that there is a churn. There's an incredibly dynamic world of bad actors doing bad things with old and new bad stuff to try to compromise digital business to learn more about this dynamism and what's really happening. Once again, we've got a great cube guest, Tony Gian. Medico is a senior security strategist and researcher and CTI lead at Fortinet. Tony, welcome back to the cube. >>Hey Peter, it's great to be here. >>So Tony, I started off by making this observation that the index suggests that we're in kind of a steady state, but that's not really what's happening. Is it? What's really going on? Where it's going on inside the numbers? >>Yeah, no, we start to see a little bit of a shift of tactics. Um, what has happened, I think, uh, not all the time, but sometimes with the adversaries like to do is penetrate an organization where maybe us as defenders aren't necessarily as focused in on, and a great example is this. For many years we were focused on at and rightfully so, and we continue to be focused on this is being able to block a phishing email, right? We have our email security gateways to be able to not allow that email to come into the network. We also then for for whatever reason, if it happens to get into the network, we focus on user awareness training to educate our users to make sure that they can identify a malicious email. They're not clicking that link are clicking that attachment. Now with that said, we look at the actual data in our Q three threat last grade report and what we're seeing is the adversaries are targeting vulnerabilities that if they were successfully exploited would give them remote code execution, meaning that they, they they can compromise that box further and further inside the network. >>Now granted that's been happening for many years but we have actually seen an increase order. As a matter of fact, it was number one prevalence across all the actual regions. So with that said, I think it's worth making sure that you're looking at your edge devices or your edge services that are publicly exposed out there. Make sure that there's no vulnerabilities on them, make sure that they're not misconfigured and also make sure that you have some type of multifactor authentication. And I think like we've talked about many times that threat landscape or that no threat attack surface continues really to expand, right? You got, you got cloud, you have IOT. So it's becoming more and more difficult to be able to secure all those edge services. But definitely you know, something you should take a look at >>and you got more people using more mobile devices to do more things. So, so it sounds as though it's a combination of two things. It's really driving this dynamism, right, Tony? It's one, just the raw numbers of growth and devices and opportunities and the threat surface is getting larger and the possibility that something's misconfigured is going up and to that they're just trying to catch organizations by surprise. One of those is just make sure you're doing things right, but the other one is don't keep, take your eye off the ball, isn't it? How are organizations doing as they try to, uh, expand their ability to address all of these different issues, including a bunch that are tried and true and mature, uh, that we may have stopped focusing on? >>Yeah. You know, it's really hard, right? I always say this and um, you know, I get some mixed kind of reacts in sometimes, but you can't protect and monitor everything. I mean, depending on how large your network is, it's really difficult. So, I mean really focusing on what's important, what's critical in your organization is probably really the best approach. I mean, really kind of focusing on that. Now with that said though, the reason why it becomes so, so difficult these days is the volumes of threats that we're seeing. Um, kind of come out of what I refer to the cybercrime ecosystem, right? Where anytime, do you know anybody who wants to get into a life of cyber crime, they really don't need to know much. They just need to understand, right, where to get these particular services that they can sort of rent, right? You have malware as a service, right? You got kind of ransomware as a service. So it's an important to make sure we understand, um, Hey, anybody can get into a life of cyber crime and that volume is really sort of being driven by the cyber crime ecosystem. >>Well, the threat report noted, uh, specifically that the, uh, as you said, the life of crime is getting cheaper for folks to get into because just as we're moving from products to services in technology and in other parts of the industry, we're moving from products to services in, uh, the threat world. To talk a little bit about this, what you just said, this notion of, you know, bad guy as a service, what's happening? >>Yeah, I actually that bad guy as a service. Um, what's really kind of popular these days is ransomware as a service. Um, as a matter of fact, uh, In Fortiguard labs, we were tracking for about two years or so, one of the most prolific ransomware-as-a-service GandCrab. Matter of fact, over the two year period, they gleaned off about over $2 billion  dollars worth of ransoms. Now, they said that they kind of shut down and as they started closing down operations in Q3, we saw two more variants of ransomware as a service. You know, Soden and, and also, uh, I think I can pronounce it ... "Nempty". I always have a hard time pronouncing all of these malware name. But anyway, these are new variants now that are coming up. And of course anytime you get something new, the malware usually has more, you know, more a more advanced kind of capabilities in, you know, these malwares have, you know, ways to evade detection, you know, they're looking for different services that may be on the, the operating system, finding ways to be able to thwart the detection of their particular malware, or if someone is analyzing that particular threat, making it longer for an analyst to be able to figure out what's going on. >>Um, and as well as trying to avoid different types of sandbox technologies. Now I think that's something bad that actually, you know, really worry about. But what really gets me, and I might have said this, um, in some of the previous conversations this year, is that the tactics are also kind of changing a bit for ransomware as a service coming out of the cyber-crime ecosystem. It used to be more opportunistic. There was a spray and pray approach, let's hope something sticks. Right? Totally changed. They're becoming a lot more targeted. And one of the main reasons why it is because organizations are paying large amounts of money or the ransom depending large amounts of money to the group. Yo yo to have 'em the ability to decrypt their files after they get hit with ransomware. And you've seen this right now, the adversaries are targeting organizations or industries that may not have the most robust security posture. >>They're focused on municipalities. No, they're focused on, you know, cities also state local government. Um, well we saw it earlier on this year, the city of Baltimore. We had a bunch of cities in Florida, actually one city in Florida ended up having to pay $600,000 in a ransom to be able to have their files decrypted. And also in the state of Texas we saw, um, a uh, malware variant or ransomware variant hit about 22 municipalities throughout the state of Texas. And you know, the one other thing I think seems to be common amongst all of these victims is a lot of them have some type of insurance. So I think the bad guys are also doing some research or doing their homework to sure, Hey, if I'm going to spend the money to target this individual or this organization, I want to make sure that they're going to be able to, yeah, pay me the ransom. >>They're refining their targets based on markers, which is how bad guys operate everywhere, right? You decide who your market is and what their attributes are. And because these are digital, there's also a lot more data flying around about who these marks are, how they work. Uh, as you said, the of the availability of insurance means that there's now a process for payment in place because insurance demands it and it accelerates, uh, the, the, the time from hitting them to getting paid. If I got that right. >>Yeah, that is 100% spot on, you know, efficiency, efficiency, officio. I mean, we all want to get paid as fast as possible. Right? Right. >>Peter? Yeah, that's true. That's true. Alright, so it's time for prescription time, Tony. It's a, a, we've talked about this for probably six or eight quarters now and every time I ask you and what do folks do differently in the next few months? Uh, what should they do differently and the next few months? >>Ah, you know, I like to talk a lot about how we, you know, you have to have that foundational, it kind of infrastructure in plays, having visibility and all that debt and that's 100% sort of true. Um, that doesn't change. But I think one thing that we can start doing, um, and this is wonderful. Um, I'm sort of project that had transpired over the last few years from the MITRE, uh, organization is the MITRE attack framework. Uh, what had happened was MITRE had gone out there and brought in, um, through all these open source outlets, different types of threat reports, um, that the adversaries, um, you know, we're di we're documented actually doing, they took all those tactics and corresponding techniques and documented all of them in one location. So now you have a common language for you to be able to determine and be able to learn what the actors are actually doing to come cyber mission. >>And because now we have that there's a trend. Now organizations are starting to look at this data, understand it and then operationalizing it into their environment. And what I mean by that is they're looking at the actual, the uh, tactic and the technique and you know, understanding what it is, looking at, what is the actual digital dust that it might leave behind, what's the action and making sure that they, I have the right protections and the Texans and they're grabbing the right logs at least to be able to determine when that particular threat actor, using that technique happens to be in there environment. >>But it also sounds as though you, you know, you noted the, uh, use of common language that it sounds as though, uh, you're suggesting that enterprises should be taking a look at these reports, studying them, uh, reaching agreement about what they mean, the language so that they are acculturating themselves to this more common way of doing things. Because it's the ability to not have to negotiate with each other when something happens and to practice how to respond. That really leads to a faster, more certain, more protecting response if I got that right. Yeah. >>You know, 100%. And I'll also add though, um, as you start to operationalize this no miter attack framework and understanding what the adversaries are kind of doing, you get more visibility. Yeah. But then also what you're seeing is it's a trend of vendors starting to create what's referred to as threat actor playbooks, right? So there, as they discover these actual threads, they're mapping the actual tactics and techniques back to this common language. So now you have the ability to be able to say, Hey, I just seen, uh, you know, Fordanet just put this report out on this particular, you know, threat actor or this malware because we're leveraging a common language. They can more easily go back and see how they're actually defending against these particular, you know, TTPs. Well, and the latest one, you know, that we put out, uh, just this week was, um, uh, Oh, a playbook on the malware it's a banking Trojan. >>Uh, well at least it started out as a banking Trojan. It's kinda morphed into something a little more now. You see it delivering a bunch of malware variants, um, you know, different malware families. It's almost like a botnet now. And, uh, we hadn't actually seen it, um, really for a little while. But in Q three we saw a bunch of different campaigns spawn. And like I always say, malware a hibernate for a little bit, but when it comes back, it comes back bigger, faster, stronger. There's always new tactics, there's always new capabilities. And then this case, that's no exception. What they did, um, and I thought was very unique, uh, at being able to, again, Ray on, um, the humans to be able to make a mistake. So what they did is they, as a victim, they would grab the email thread from the emails, grab those threads, I put it in a spoofed email, and then email that to the next victim. And they'll actually, um, so you know, when the victim opens up that particular email, they see that thread that looks like, Hey, I've had this correspondence, you know, before this has to be a good email, I'm going to click that attachment. And when they do, now they're compromised and that whole process happens over and over and over again. >>So there's, they're scraping the addressees and they are taking the email and creating a new AML and sending it onto new, uh, addressees hopefully before the actual real email gets there. Right? >>No, yes, but also say that, um, they're actually, they're taking the context of the email, right? So the email sort of thread, so it makes it, it's an actual real thread. Well, they're just kind of adding it in there. So it's really. It really looks like it's, hello. Hey, I've had that correspondence before. Um, I'm just going to click that link for attachments. >>This notion of operationalizing through the minor framework and these new playbooks, uh, is a, a way ultimately that more people, presumably we're creating more of a sense of professionalism that will diffuse into new domains. So, for example, you mentioned early on, uh, municipalities and whatnot that may not have the same degree of sophistication through this playbook approach, through the utilizing these new resources and tools that Fort Dannon and others are providing. It means that you can raise to some degree, the level of responsiveness in shops that may not have the same degree of sophistication. Correct? >>Yeah, I did. You know, I, I definitely would have to agree. And then also, I think as you start to understand these techniques, you will never just have one technique as a standalone, right? These techniques are Holies chained together, right? You're going to have, once this technique is there, you're going to know that there's a few techniques or probably have happened before and there's some, they're going to happen later. A great example of this, let's say, when you know, when an adversary is moving laterally inside the network, there's really three basic things that they have to be able to have. One is they have to have the authorization, the access, you know, to be able to move from system to system. Once they have that, you know, and there's a way a variety of ways that they can do that. Once they're there, now they have to somehow copy that malware from system to system. >>And you know, you can do that through, you know, ah, remote desktop protocol. You can do that through no P S exact. There's a variety of different ways you can do that. And then once the malware's there, then you have to execute it somehow. And there's ways to do that now if you have a common language for each one of those, now you start chaining these things together, you know, the digital dust or the actual behaviors and what's actually left behind with these actual tactics. And now as manually you can start better understanding how to, you know, threat hunt more efficiently and also start to actually let the technology do this kind of threat hunting for you. So I guarantee you we're going to see innovation and technology where they're going to be doing automatic through hunting for you based on these types of understandings in the future. >>Tony, what's growing? Once again, great cube conversation. Thanks again for being on the cube. Tony John, John de Medico is, I'm going to just completely shorten your title, uh, threat landscape expert Fort net. Tony, thanks again. >>Hey, it's great to be here, Peter. >>Thanks a lot, and thanks once again for joining us for another cube conversation on Peter Burris. See you next time..

>>live from Las Vegas. It's the Cube covering Splunk dot com. 19. Brought to you by spunk. >>Okay, welcome back. Everyone secures live coverage in Las Vegas response dot com. I'm John Ferrier, host of the Cube. We're here for three days is a spunk. Spunk dot com 10 anniversary of their end user conference way Got some great guests here. They talk about diversity, inclusion breaking the barrier. Women in tech We got some great guests. Jane Heights, I add Si io National government service is Thanks for joining us. Appreciate it. Carol Jones, CEO Sandy and National Labs from Albuquerque Think coming on to CEOs of excited Suzanne McGovern. Diversity and inclusion talent leader for Splunk Thanks for guys joining us. Really appreciate it. I want to get into a panel you guys discuss because this is the area of really important to the workforce. Global workforce is made up of men and women, but most of the software text built by mostly men. But we get that second. I want to get in, find out what you guys are doing in your rolls because you guys, the journey is breaking through the barrier. Start with you. What's your role. What do you do? Their CEO. >>So I am CEO for National Government Service Is we do Medicare claims processing for the federal government. We also have a number of I t contracts with CMS. And, um, I organ. I have an organization of 331 people. Very different organization, Data center, infrastructure security gambit of I t, if you will. A great group of people divers were in Baltimore. Where? In Indianapolis. We're out of the kingdom office. How >>long have you been in 19 >>My career. So yes. Yeah. The waves. Yes. I have seen the waves have Daryl >>Jones and I'm c i o same National Laboratories. It's a federally funded research and development center. So we do research and development from on behalf of the U. S. Government. I have about 500 employees and 400 contractors. So we provide the I T for Sadia, all gametes of it, including some classified environments. >>A lot of security, your role. What's wrong? >>I'm the chief diversity officer. It's Plus I get the pleasure to do that every day. A swell, a cz. It's everyone's job. Not just magically explode. But I'm very honored to do that. How to look after talent. >>I want to compliment you guys on your new branding. Thank not only is a cool and really picking orange, but also that position is very broad and everything is trade message. But the big posters have diversity. Not a bunch of men on the posters. So congratulations, it's anger. Representative is really important. Worth mentioning. Okay, let's start with the journey. The topic you guys just talked about on a panel here in Las Vegas is female leaders smashing the glass ceiling. So when you smash his last ceiling, did you get caught? Was her bleeding? What happened? Take us for your journey. What was big? Take away. What's the learnings? Share your stories. >>Well, a lot of it, as I shared today with Panel, is really learning and be having that Lerner mindset and learning from something that you do, which is part of your life. And I use the example of I'm married to an Indian Muslim, went to India, spent some time with his family, and they told me Let's be ready at 6 30 and I said, Okay, I'm ready. I'm ready. Dressed in 6 30 nobody else was ready. And everyone in the room said, Well, we're gonna have Chai first we're gonna have some tea And I was like, Well, you said 6 30 and I'm ready And, um, everyone said, Well, you know, we need to relax. We need to connect. We need to have some time So I took that back and said, You know what? We all need to make time for tea Way. All need to connect with our people and the individuals that work with us, And I've kind of taken that on through the last 20 years of being married, Tim. But connecting with individuals and your teams and your partner's is what's important and as what Lead Meeks. I've built those allies and that great group of people that >>being people centric, relationship driven, not so much chasing promotions or those kinds. >>That's what's worked for me. Yes, >>Carol, it's been your journey. Stories >>start a little bit of beginnings. I've been in Tech over 30 years. I got a bachelor's and marketing, and then I was looking to get my master's. So I got, um, I s degree, but I didn't know even to go into that field. So my professor said you needed to go into my s, so don't know that's too hard. You can't do that. You know, you could do it. So it's always been challenging myself and continuing learning. I worked at IBM then I was there in the time when they did great layoffs. So no, e he was 93 right to left. Only wonder he's gonna be left by the end of the year. >>You know, for the younger audience out there M I s stands from management information systems. Before that, there was data processing division which actually relevant today. Quite a journey. What a great spirit. What's the one thing that you could share? Folks, this is a lot of young women coming into the workforce, and a lot of people are looking at inspirational figures like yourselves that have been there and done that. There's a lot of mentoring going on is a lot of navigation for young women and understand minorities. And they just you guys, there's no real playbook. You guys have experiences. What's your advice, folks out watching >>my number one advice. And I gave this to people who are wanting to go into leadership. Trust yourself. Trust to you. Are you all got to this place because of the successful person you are and just continue to trust yourself to take advantage of those opportunities. Take a risk. I took a risk when my total focus was in Medicare. I was asked to do another job and I took another, you know, position. And it wasn't in Medicare. So you have to take those opportunities and risk and just trust that you're gonna get yourself. >>Carol. You're >>similar. It's to continue to grow and to be resilient, there'll be times in your career like a layoff where you don't know what you're gonna do. You bounce back and make it into uneven. Better job on. Take risks. I took a risk. I went into cybersecurity. Spent 10 years there, continuing learning and the Brazilian >>learnings key, right? I mean, one of the things about security mentioned 10 years. So much has changed, hasn't it? >>Well, it's bad. Guys still outnumber the good guys. That has changed faster. Exactly. Technologies change. >>Just talk about the diversity inclusion efforts. You guys have a Splunk Splunk cultures very open transparent on the technology solutions very enabling you actually enabling a lot of change on the solution side. Now we're seeing tech for good kind of stories because Texas Tech Tech for business. But also you're seeing speed and times value time to mission value, a new term way kicked around this morning. It's time to mission value. >>Yes. So I'm glad you mentioned data, right? We're data company, and we're very proud that we actually whole star diversity inclusion numbers, right? So way moved the needle 1.8% on gender last year, year on year pride, but not satisfied. We understand that there's much more to diversity inclusion than just gender, But our strategy is threefold for diversity. Inclusion. So it's work force, workplace marketplace farces around just where talk is improving our representation so that these women are no longer the only. These are in the minority that were much more represented, and we're lucky we have three women and our board. We have four women in our C suite, so we're making good good progress. But there's a lot more to do, and as I say, it's not just about gender. We want to do way, nor the innovation is fueled by diversity. So we want to try. You know, folks of different races, different ethnicity, military veterans, people with disability. We need everyone. It's belongs to be, since >>you guys are all three leaders in the industry, Thanks for coming on. Appreciate that. I want to ask you guys because culture seems to be a common thread. I mean, I do so money talks and interviews with leaders for all types, from digital transformation to Dev ops, the security and they always talk speeds in fees. But all the change comes from culture people on what I'm seeing is a pattern of success. Diversity inclusion works well if it's in the culture of the company, so one filter for anyone a woman or anyone is this is a company culturally aligned with it. So that's the question is what do you do when you have a culture that's aligned with it? And what do you do? There's a culture that's not allow, so you want to get out. But how do you unwind and how do you navigate and how do you see the size of signals? Because the date is there >>a way to certainly really harness and failed a culture of inclusion. And that's through employee resource groups in particular. So it's plunks. More than 50% of our spelunkers are actually members. Followers are allies on employee resource. So gives community. It gives that sense of inclusion so that everyone could bring their whole Selves to work. So, to your point, it really does build a different culture, different level of connection. And it's super different. >>Any thoughts on culture and signals look for good, bad, ugly, I mean, because you see a good ways taken right. Why not >>take a chance, right? Right. No, I think, you know, like you look at it and you decide, like some young women we were talking to, You know, Is this the right company for you? And if not, can you find an ally? You know, it's a feeling that the culture isn't there and helped educate him on help to get him to be Jack of what does he and his leaders, I think we have to always ask ourselves, Are we being inclusive for everyone >>and mine? I would spend it a little bit. Is that diversity and thoughts And how? When I joined this organization. Culture is a big factor that needs to change and some of the things that I'm working on, but to bring people to the table and hear those different thoughts and listen to them because they all do think differently. No matter color, race, gender, that sort of thing. So diversity and thought is really something that I try to focus in on >>carry. Palin was just on the Cuban CMO of Splunk and top of the logo's on the branding and, she said, was a great team effort. Love that because she's just really cool about that. And she said we had a lot of diversity and thought, which is a code word for debate. So when you have diversity, I want to get your thoughts on this because this is interesting. We live in a time where speed is a competitive advantage speed, creativity, productivity, relevance, scale. These air kind of the key kind of modern efforts. Diversity could slow things down, too, so but the benefit of diversity is more thought, more access to data. So the question is, what do you guys think about how companies or individuals could not lose the speed keep the game going on the speed and scale and get the benefits of the diversity because you don't want things to grind down. Toe halts way Slugs in the speed game get data more diverse. Data comes in. That's a technical issue. But with diversity, you >>want a challenge that, to be honest, because we're a data company in the details. Irrefutable. Right? So gender diverse Teams up inform homogeneous teams by about 15% if you take that to race and ethnicity was up to 33%. Companies like ourselves, of course, their numbers see an uptick in share price. It's a business imperative, right? We get that. It's the right thing to do. But this notion that it slows things down, you find a way right. You're really high performance. You find a way best time. So it doesn't always come fast, right? Sometimes it's about patients and leadership. So I'm on the side of data and the data is there. If you tickle, di bear seems just perform better, >>so if it is slowing down, your position would be that it's not working >>well. Yes, I know. I think you got to find a way to work together, you know? And that's a beautiful thing about places like spun were hyper cool, right? It's crazy. Tons of work to do different things were just talking about this in the break way have this unwritten rule that we don't hire. I'll see jerks for >>gender neutral data, saris, origin, gender neutral data. >>Yeah, absolutely no hiring folks are really gonna, you know, have a different cultural impact there. No cultural adds the organization way. Need everyone on bats. Beautiful thing. And that's what makes it special. >>I think you know, is you start to work and be more inclusive. You start to build trust. So it goes back to what Jane was talking about relationships. And so you gotta have that foundation and you can move fast and still be reversed. I >>think that's a very key point. Trust is critical because people are taking chances whether they're male or female. If the team works there like you see a Splunk, it shouldn't be an issue becomes an issue when it's issue. All right, so big Walk away and learnings over the years in your journey. What was some moments of greatness? Moments of struggle where you brought your whole self to bear around resolving in persevering what were some challenges in growth moments that really made a difference in your life breaking through that ceiling. >>Wow. Well, um, I'm a breast cancer survivor, and I, uh, used my job and my strength to pull me through that. And I was working during the time, and I had a great leader who took it upon herself to make sure that I could work if I wanted. Thio are not. And it really opened that up for me to be able to say, I can still bring my whole self, whatever that is today that I'm doing. And I look back at that time and that was a strength from inside that gave me that trust myself. You're going to get through it. And that was a challenging personal time, But yet had so many learnings in it, from a career perspective to >>story thanks for sharing Caroline stories and struggles and successes that made him big impact of you. Your >>life. It was my first level one manager job. I got into cybersecurity and I didn't know what I was doing. I came back. My boss of Carol. I don't know what you did this year, and so I really had to learn to communicate. But prior to that, you know that I would never have been on TV. Never would have done public speaking like we did today. So I had to hire a coach and learn hadn't forward on communications. Thanks for sharing stories, I think a >>pivotal moment for me. I was in management, consultants say, for the first half of my career, Dad's first child and I was on the highway with a local Klein seven in the morning. Closet Night started on a Sunday midday, so I didn't see her a week the first night. I know many women who do it just wasn't my personal choice. So I decided to take a roll internal and not find Jason and was told that my career would be over, that I would be on a track, that I wouldn't get partner anymore. And it really wasn't the case. I find my passions in the people agenda did leadership development. I didn't teach our role. I got into diversity, including which I absolutely love. So I think some of those pivotal moments you talked about resilient earlier in the panel is just to dig, dying to know what's important to you personally and for the family and really follow your to north and you know, it works out in the end, >>you guys air inspiration. Thank you for sharing that, I guess on a personal question for me, as a male, there's a lot of men who want to do good. They want to be inclusive as well. Some don't know what to do. Don't even are free to ask for directions, right? So what would you advise men? How could they help in today's culture to move the needle forward, to support beach there from trust and all these critical things that make a difference what you say to that? >>So the research says that women don't suffer from a lack of mentorship. The sucker suffer from a lack of advocacy. So I would say if you want to do something super easy and impactful, go advocate for women, go advocate for women. You know who is amazing I there and go help her forward >>in Korea. And you can do that. Whatever gender you are, you can advocate for others. Yeah, also echo the advocacy. I would agree. >>Trust relationships, yes, across the board >>way, said Thio. Some of the women and our allies today WAAS bring your whole self. And I would just encourage men to do that, to bring your whole self to work, because that's what speeds up the data exchange. That's what it speeds up. Results >>take a chance, >>Take a chance, bring your whole self >>get trust going right. He opened a communicated and look at the date on the photo booth. Datable driver. Thank you guys so much for sharing your stories in The Cube, you think. Uses the stories on the Cube segments. Cube coverage here in Las Vegas for the 10th stop. Compass Accused seventh year John Ferrier with Q. Thanks for watching.

>> Narrator: From Miami Beach, Florida, it's theCUBE, covering Acronis Global Cyber Summit 2019. Brought to you by Acronis. >> Okay, welcome back everyone. It's theCUBE's two day coverage of Acronis' Global Cyber Summit 2019, here in Miami Beach, at the Fontainebleau Hotel. I'm John Furrier, host of theCUBE. We're with Katya Fisher, Partner Chief and Chief Privacy Officer at Greenspoon Marder. Legal advice is right here on theCUBE, ask her anything. We're going to do a session here. Thanks for coming on, appreciate it. >> Thank you very much, I'm going to have to do the little disclaimer that all lawyers do, which is, nothing here is to be construed as advice. It's just opinions and information only. >> I didn't mean to set you up like that. All kidding aside, you closed for the panel here for Acronis' conference. Obviously, cyber protection's their gig. Data protection, cyber protection. Makes sense, I think that category is evolving from a niche, typical enterprise niche, to a much more holistic view as data becomes you know, critical in the security piece of it. What was on the, what were you guys talking about in the panel? >> Well, so, the first issue that you have to understand is that cyber protection is something that has now become critical for pretty much every individual on the planet, as well as governments. So something that we talked about on the panel today was how governments are actually dealing with incoming cyber threats. Because now, they have to take a look at it from the perspective of, first of all, how they themselves are going to become technologically savvy enough to protect themselves, and to protect their data, but also, in terms of regulation and how to protect citizens. So, that was what the panel discussion was about today. >> On the regulatory front, we've been covering on SiliconANGLE, our journalism site, the innovation balance, is regulatory action helpful or hurtful to innovation? Where is the balance? What is the education needed? What's your thoughts on this, where are we? I mean early stages, where's the progress? What needs to get done? What's your view on the current situation? >> So, I'm an attorney, so my views are perhaps a bit more conservative than some of the technologists you might speak with and some of my clients as well. I think that regulation is, as a general matter, it can be a good thing. And it can be quite necessary. The issues that we see right now, with regard to regulation, I think one of the hottest issues today is with respect to data laws and data privacy laws. And that's obviously something that I think everyone is familiar with. I mean take a look at, in the United States alone. We've seen the city of Baltimore dealing with breaches. We've seen other parts of the government, from the Federal level all the way down to municipalities, dealing with breaches in cyber attacks. We've seen data breaches from banks, Capital One, right? I believe Dunkin' Donuts suffered a breach. Equifax, and then at the same time we've also seen individuals up in arms over companies like 23andMe and Facebook, and how data is used and processed. So data seems to be a very very hot button issue today across the board. So something that we're really thinking about now is, first of all, with respect to the regulatory climate, how to deal with it, not only in the United States, but on a global level, because, when we talk about technology and the internet right, we're in an era of globalization. We're in an era where a lot of these things go across boarders and therefore we have to be mindful of the regulatory regimes in other places. So, I'll give you an example. You might be familiar with the GDPR. So the GDPR is in the European Union. It's been in effect now for the last year and a half, but it affects all my U.S. clients. We still have to take a look at the GDPR because at the end of the day my clients, my firm, might be dealing with foreign companies, foreign individuals, companies that have some sort of nexus in the European Union, et cetera. So because of that, even though the GDPR is a set of regulations specific to the European Union, it becomes extremely important in the context of the United States and globally. At the same time, the GDPR has certain issues that then end up conflicting often times with some of the regulations that we have here in the United States. So, for example, the right to be forgotten is perhaps the most famous clause or part of the GDPR and the right to be forgotten is this concept in the GDPR that an individual can have information erased about him or her in order to protect his or her privacy. The problem is that from a technical's perspective, first of all, it's an issue because it becomes very very difficult to figure out where data is stored, if you're using third-party processors, et cetera. But from a regulatory perspective, the conflict comes in when you take a look at certain U.S. laws. So take a look for example at banking regulations in the United States. Banks have to hold some types of data for seven years and other types of data they can never delete. Right? Lawyers. I am licensed by the New York State Bar Association. Lawyers have their own rules and regulations with regard to how they store data and how they store information. HIPAA, medical records. So, you see these conflicts and there are ways to deal with them appropriately, but it becomes some food for thought. >> So it's complicated. >> It's really complicated >> There's a lot of conflicts. >> Yeah. >> First of all, I talked to a storage guy. He's like data? I don't even know which drive that's on. Storage is not elevated up to the level of state-of-the-art, from a tracking standpoint. So, it's just on the business logic is complicated. I can't imagine that. So, I guess my question to you is that, are you finding that the jurisdictional issue, is it the biggest problem, in terms of crossport and the business side or is the technical underpinnings, that with GDPR's the problem or both? What's your-- >> I mean it's both, right? They're a lot of issues. You're right, it's very complicated. I mean, in the United States we don't have some sort of overarching federal law. There's no cyber protection law in the United States. There's no overarching data protection law. So, even in the U.S. alone, because of federalism, we have HIPAA and we have COPPA which protects children and we have other types of acts, but then we also have state regulations. So, in California you have the California Privacy Act. In New York you have certain regulations with regard to cyber security and you have to deal with this patchwork. So, that becomes something that adds a new layer of complexity and a new layer of issues, as we take a look, even within the U.S. alone, as to how to deal with all of this. And then we start looking at the GDPR and all of this. From a technical perspective. I'm not a technologist, but. >> Katya, let me ask you a question on the (mumbles) and business front. (mumbles) I think one of the things. I'm saying it might or may not be an issue, but I want to get your legal weigh-in on this. >> Katya: Sure. >> It used to be when you started a company, you go to Delaware, very friendly, domicile in Delaware, do some formation there, whether you're a C corp or whatever, that's where we tend to go, raise some money, get some preferred stock, you're in business. >> Is there a shift in where companies with domicile, their entity, or restructure their companies around this complexity? Because, there's two schools of thought. This brute force act, everything coming at you, or you restructure your corporate formation to handle some of the nuances, whether it's I have a Cayman or a Bermuda... whatever's going on in the regulatory regime, whether it's innovative or not. Are people thinking like that? Or, what's your take on it? What's some of the data you're seeing from the field around, restructuring around the problem? >> So, with respect to restructuring, specifically around data laws and data protection laws, I'm not seeing too much of that, simple because of the fact that regulations like the GDPR are just so all-encompassing. With respect to companies setting up in Delaware as opposed to other jurisdictions, those are usually based on two issues, right, two core ones, if I can condense it. One has to do with the court system and how favorable a court system is to the corporation, and the second is taxes. So, a lot of times when you see companies that are doing all of this restructuring, where they're setting up in offshore zones, or et cetera, it's usually because of some sort of a tax benefit. It might be because of the fact that, I don't know, for example, intellectual property. If you have a company that's been licensing IP to the United States, there's a 30% withholding tax when royalties are paid back overseas. So a lot of times when you're looking at an international structuring, you're trying to figure out a jurisdiction that might have a tax treaty with the United States, that will create some sort of an opportunity to get rid of that 30% withholding. So, that's where things usually come into play with regard to taxes and IP. I haven't seen yet, on the side of looking for courts that are more favorable to companies, with respect to data privacy and data protection. I just haven't seen that happen yet because I think that it's too soon. >> How do companies defend themselves against claims that come out of these new relations? I mean GDPR, I've called it the shitstorm when it came out. I never was a big fan of it. It just didn't. I mean, I get the concept, but I kind of understood the technical issues, but let's just say that you're a small growing business and you don't have the army of lawyers or if someone makes a claim on you, I have to defend it. How are companies defending themselves? Do they just shut down? Do they hire you guys? I mean, obviously lawyers need to be involved. But, at some point there's a line of where having a U.S. company and someone consumes my media in Germany and it says, hey I'm a German citizen. You American company, delete my records. How does that work? Do I have to be responsible for that? I mean, what's? >> So, it's really case-by-case basis. First of all, obviously, with regard to what I was talking about earlier, with respect to the fact that there are certain regulations in the U.S. that conflict with GDPR and the right to be forgotten. If you can actually assert a defense and sort of a good reason for why you have to maintain that information, that's step one. Step two is, if it's some complaint that you received, is to delete the person's information. There's an easier way to do it. >> Yeah, just do what they want. >> Just comply with what they want. If somebody wants to be off of a mailing list, take them off the mailing list. The third is, putting in best practices. So, I'm sure a lot of things that people see online, it's always great to go ahead and obtain legal counsel, even if you're consulting with a lawyer just for an hour or two, just to really understand your particular situation. But, take a look at privacy policies online. Take a look at the fact that cookies now have a pop-up whenever you go to a website. I'm sure you've noticed this, right? >> John: Yeah. So, there are little things like this. Think about the fact that there are, what is known as clickwrap agreements. So, usually you have to consent. You have to check a box or uncheck a box with respect to reading privacy policies, being approved for having your email address and contact information somewhere. So, use some common sense. >> So, basically don't ignore the prompt. >> Don't ignore the problem. >> Don't ignore it. Don't stick your head in the sand. It'll bite you. >> Correct. And the thing is, to be honest, for most people, for most small companies, it's not that difficult to comply. When we start talking about mid-size and large businesses, the next level, the next step, obviously beyond hiring attorneys and the like, is try to comply with standards and certifications. For example, there's what is known as ISO standards. Your company can go through the ISO 27001 certification process. I think it costs around approximately $20,000. But, it's an opportunity to go ahead, go through that process, understand how compliant you are, and because you have the certification, you're then able to go to your customers and say, hey, we've been through this, we're certified. >> Yeah. Well, I want to get, Katya, your thoughts, as we wrap up on this segment, around Crypto and Blockchain. Obviously, we're bullish on Blockchain. We think this is a supply chain. (mumbles) Blockchain can be a good force, although some think there's some work needs to be done on the whole energy side of it, which is, we would agree. But, still. I'm not going to make that be a wet blanket of excitement. But cryptocurrency has been fraudulent. It's been. The SCC's been cracking down in the U.S., in the news. Lieber's falling apart, although, I called that separately, but, (laughing) it had nothing to do with that Lieber. It was more of Facebook, but. Telegram. We were talking about that, others. People are getting handcuffed on this stuff. They're really kind of clamping down. But, overseas in Asia, it's still an unregulated, seems to be (mumbles) kind of market. Your advice to clients was to shy away, be careful? >> My advice to clients is as follows. First of all, Blockchain and cryptocurrency are not the same thing. Right? Cryptocurrency is a use case coming out of Blockchain technology. I think that in the United States, the best way to think about it is to understand that the term cryptocurrency, from a regulatory perspective, is actually a misnomer. It's not a currency. It's property. Right? It's an asset. It's digital assets. So, if you think about it the same way that we think of shares in a company, it's actually much easier to become compliant, because, then you can understand that it's going to be subject to U.S. securities laws, just like other securities. It's going to be taxed, just like securities are taxed, which means that it's going to be subject to long and short-term capitol gain, and it's also going to be subject to the other regulatory restrictions that are adherent to securities, both on the federal and state level. >> It's interesting that you mentioned security. The word security. If you look back at the ICO craze, internet coin offerings, crypto offerings, whatever you call it, The people who got whacked the most were the ones that went out as a utility tokens. Not to get nerdy on this, but utility and security are two types of tokens. The ones that went out and raised money as the utility token had no product, raised money using the utility that doesn't exist. That's essentially a security. And, so, no wonder why they're getting slapped. >> They're securities. Look, Bitcoin, different story, because Bitcoin is the closest to being I guess, what we could consider to be truly decentralized, right? And the regulatory climate around Bitcoin is a little bit different from what I'm talking about, with respects to securities laws. Although, from a tax perspective, it's the same. It's taxed as property. It's not taxed the way that foreign currency is taxed. But ultimately, yeah. You had a lot of cowboys who went out, and made a lot of money, and were just breaking the law, and now everyone is shocked when they see what's going on with this cease-and-desist order from the SCC against Telegram, and these other issues. But, none of it is particularly surprising because at the end of the day we have regulations in place, we have a regulatory regime, and most people just chose to ignore it. >> It's interesting how fast the SCC modernized their thinking around this. They really. From a speed standpoint, all government agencies tend to be glacier speed kind of movement. They were pretty fast. I mean, they kind of huddled on this for a couple months and came out with direction. They've been proactive. I got to say. I was usually skeptical of most government organization. I don't think they well inform. In this case, I think the SCC did a good job. >> So, I think that the issue is as follows. You know, Crypto is a very very very small portion of what the SCC deals with, so, they actually paid an inordinate amount of attention to this, and, I think that they did it for a couple of reasons. One is because, you asked me in the beginning of this interview about regulations versus innovation. And, I don't think anyone wants to stifle innovation in America. It's a very interesting technology. It's very interesting ideas, right? No one wants that to go away and no one wants people to stop experimenting and stop dreaming bigger. At the same time, the other issue that we've seen now, especially, not only with the SCC, but with the IRS now getting involved, is the fact that even though this is something very very small, they are very concerned about where the technology could go in the future. The IRS is extremely concerned about erosion of the tax space. So, because of that, it makes a lot of sense for them to pay attention to this very very early on, nip this in the bud, and help guide it back into the right direction. >> I think that's a good balance. Great point. Innovation doesn't want to be stifled at all, absolutely. What's new and exciting for you? Share some personal or business updates in your world. What's going on? What's getting you excited these days, in the field? >> What's getting me excited these days? Well, I have to tell you that one thing that actually has gotten me excited these days is the fact that the Blockchain and cryptocurrency industries have grown up, substantially. And, now we're able to take a look at those industries in tandem with the tech industry at large, because they seem to sort of be going off in a different direction, and now we're taking a look at it, and now you can really see sort of where the areas that things are going to get exciting. I look at my clients and I see the things that they're doing and I'm always excited for them, and I'm always interested to see what new things that they'll innovate, because, again, I'm not a technologist. So, for me, that's a lot of fun. And, in addition to that, I think that other areas are extremely exciting as well. I'm a big fan of Acronis. I'm a big fan of cyber protection issues, data protection, data regulation. I think something that's really interesting in the world of data regulation, that actually has come out of the Blockchain community, in a way, is the notion of data as a personal right, as personal property. So, one of the big things is the idea that now that we've seen these massive data breaches with Facebook and 23andME, and the way that big government, big companies, are using individuals' datas, the idea that if data were to be personal property, it would be used very very differently. And technologists who are using Blockchain technology say that Blockchain technology might actually be able to make that happen. Because if you could have a decentralized Facebook, let's say, people could own their own data and then use that data as they want to and be compensated for it. So, that's really interesting, right-- Yeah, but, if you're just going to use the product, they might as well own their data, right? >> Katya: Exactly. >> Katya, thanks for coming on theCUBE. Thanks for the insight. Great, compelling narrative. Thanks for sharing. >> Sure, thank you very much. >> Appreciate it. I'm John Furrier here on theCUBE, Miami Beach, at the Fontainebleau hotel for Acronis' Global Cyber Summit 2019. We'll be back with more coverage after this short break.

(upbeat music) >> From the SiliconANGLE media office, in Boston Massachusetts, it's theCUBE. (upbeat music) Now, here's your host, Dave Vellante. >> Hi everybody, welcome to this cube conversation. This is part of our CIO series and Jason Thomas is here, he's the CIO of Cole, Scott, and Kissane. CSK is Florida's largest civil defense law firm. Cube along Jason Thomas, great to see you again, thanks for coming on. >> Yeah, thanks for having me. >> So, let's talk a little bit about, the firm. largest firm in Florida, the focus is on Civil Defense, so you got lawyers, you got paralegals running around, you got demanding clients. What's the business like that's driving your technology strategy? >> so when I I'm new to legal, so this, I've been here about almost four years now, so I started January. a whole different world. I came from, from Startup Biotech, that line of business and a completely different animal. it's some of what you imagine, very always on the go, very busy, lot of business, we open dozens of cases a day, new cases, so a lot of things going on. >> Really event driven? >> Yeah very, very busy, so and you know technology's, you know the firm has taken stance that, technology is very important, to the firm and, we want to use the best technology possible, to make us as efficient as possible, so that's the chief driver, for tech at the law firm. >> So tech, you know, 15 years ago, whatever it was like, take an email to SaaS, right? So, but I would imagine you're focusing a lot on just attorney and employee productivity, maybe collaboration, document management, compliance. Are those some of the hot topics? And how are you applying technology to deal with those? >> Yep, so that is a big drive, efficiency, using technology to be efficient, and to make our folks productive. What we don't want to see, and that you see sometimes, you throw a whole bunch of technology at folks thinking that it's going to make them efficient and productive, and actually, it could be the greatest technology in the world for one place, and apply it, and you put it in another firm, and it makes us unproductive, so that's kind of the magic there. Kind of a trick to figuring out, what is it that actually is going to make us productive? >> Are there pretty clear swim lanes in your firm? Or is there a lot of shadow IT going on? Because I would imagine a lot of the frustration of, you know, IT folks is, you get the shadow IT, they bring in a point product, and that IT goes, "CIO's calling clean up this crime scene," and is that a problem in your firm specifically? Or even your industry? Or is it pretty much hey, let the tech folks figure out what the right tool for the job is? >> so in my mind the trick here is, it's not going to be any one person, or any practice group that's going to define what's the best option, what's the best tech. I mean thankfully for me, I do try and drive most of the tech out the firm, but the key is, you have to understand how the business runs. Just because it's cool tech, or it's working at one firm, doesn't mean it's going to apply or work in others. So, I spent a lot of time, in conversations with, a lot of the partners and associates. I try to make myself available as much, just to chat, see what they're doing. see what could make them more efficient. Sometimes if you don't ask, they don't even tell you, but if you ask the question, you can learn a lot in 20 minutes from somebody. And that kind of helps me decide, okay, what is going to make sense, or what's the next thing I should be looking at, to help folks out. >> So basically, Columbo questions, for those of you who remember Columbo, kind of ask your basic questions? What about work flow, how do you spend your time? What kinds of questions would you ask attorneys? >> honestly they could be calling about something completely unrelated to what, you know, what I'm thinking. It just could be as simple as, "Hey I'm this thing with this program where I'm trying to do X and this is the way we're doing now. Is there a better way to do it?" Or, it could be as simple as, we just kind of fall into the conversation based on other things. You know. They just want to talk to somebody sometimes. But they're not necessarily going to bring it up, or just don't have the time, they don't have the time. >> So a lot of times in theCUBE we get caught up, We love the tech, we talk about data science, and machine learning, and block chains and everything else, but then there's this basic blocking and tackling, that the CIO has to worry about. I wondered if you could share your perspectives based on your experience, just in terms of, some of the advice you might give to, organizations that are maybe growing, maybe haven't had the experience of a CIO that's been around the block, maybe in different industries? But some of the basic blocking and tackling that you see, that maybe doesn't happen in organizations, that really needs to happen. >> the expectation, or when you're thinking about, thinking about what the next thing is for the firm, or for your company, you also want to kind of think, you want to think long term as well. You want to think three to five years out. So, if we do this now and based on our current, growth projections, will this work for us in three years? Will this work for us in five years? Or what's our game plan? Maybe we start small, and, expand from there, but you don't want to just plan for the immediate you want to plan for the future. That's kind of, I think that's what CIO should be doing. It's not just about the tech, or is it going to work in our environment, but is it going to work for us down the road. Because we don't want, nobody, CFOs don't want to hear, and CEOs don't want to hear that, hey, yeah we just bought this thing last year, but, yeah we're going to have to buy something new now because it doesn't work anymore. >> But it does happen sometimes? >> It happens all the time, you know. >> Right, I remember, it goes a ways back now, but the federal rules of civil procedure, I think it was 2006, and everybody was rushing to plug holes because the courts ruled that electronic material was evidentiary, for whatever, seven years or something. So everybody was like okay, we need to have a system that allows us to comply. So, they went out and bought email archiving systems, which they knew they were going to have to throw away in three or four year. So how do you deal with it? Do you face that? Especially in a compliance oriented world, and you just try to sort of balance the cost and the throw away nature of that initiative with something more strategic? How do you deal with that? And how do you communicate that to the powers that be? >> Number one, no one likes to be held at gunpoint, number one, and especially my boss, so. I mean he gets it right, I mean there's regulations. But I will say, nothing happens as fast as everyone says it's going to happen. so there's always that idea. There's always this panic, oh we've got to put this in, and honestly I feel like tech folks use an excuse, and of course I do too. Say like, oh you all this is awesome. You know, we get to put something new in and, you know no one's going to say no and, it's not always the best approach, and again you kind of have to look at it long term, holistically for the business. You know, what is really going to happen in a few years? Is this technology going to even be a thing in a few years? Or is it just like, just to satisfy an immediate solution? Because again, I don't want, the last thing I hate doing is putting something in and telling my boss that it has to be replaced. He hates hearing that, and I don't want to tell him that either, quite frankly it's embarrassing. >> I don't blame your boss. >> Yeah it's embarrassing, it's just, let's do it right the first time. >> How do you do planning? I mean obviously there's a technology component, of planning, but I'm inferring from what you say that the end of technology is kind of the, the last thing you should be worrying about. You should be worried about the direction of the firm, the business, the growth plan, how do you do, as CIO, planning and how do you align that with the business? >> conversations, so lots of conversations. Lots of conversations with the attorneys. continued conversations with my boss, the CEO, and sometimes I'm not really great about it sometimes. And, you know, weeks will go by, you know, and I won't even have a conversation with him, about what's going on, and he wants to know what's going on. He doesn't understand all of it, but in those, you know, 15, 20 minute conversations, you'll be surprised what you'll learn. What's going on in the business that you didn't, or I didn't know about, and from there I can make decisions about, you know, six months from now, or next year, or during budgeting season, what it is that we need because, budgeting season is not really the time that you need to try and figure out what you want to do for next year. You want to have a plan months before that. You know, You already want to have kind of an idea of what you want to do, I mean, I've been talking to my CFO since, the beginning of summer about things we want to do for 2020. you know, six months, nine months, ahead of time, so. >> So, do you do basically annual planning? Do you try to look out further? Do you formally document that stuff? >> Every quarter, so we have, we kind of have most of the conversations with our, with my CFO and COO. every quarter we have kind of a list of projects/ what is it we want to do for the next couple quarters. We just kind of, track that and based on what we're seeing and how we do, then we, basically we plan each quarter, is how it comes down to. And we have a, we'll call it a white board, a virtual white board of what we're doing and what we want to do. >> But relatively near the midterm planning, you know doing like five year plannings though right? >> No. >> Waste of time to try to do that, or? At least in your business, maybe in pharmaceuticals? >> At least for us it was really, it's hard for us, to do that because of how quickly we grew over the last, again I've only been here almost four years, but even when I started, in 2015, I think we had somewhere around 300 plus attorneys. Now we're somewhere in the 475 range, I'm not saying no one saw that happening, but I don't think we expected that. I mean business has been great and we're happy, and we're fortunate to have it, but you can only plan so much. but do the best you can with the data you have. >> And for organization structure, you report to the CFO, is that correct? >> CEO. >> CEO? Okay so the, so you're a peer essentially of the CFO, is that right? >> Yeah. >> So you talk to the CFO about budgeting? >> Yeah. >> So you've got the CEO's >> More of the nitty gritty you know the details and numbers. >> What's that conversation like? Is it obviously you've got to justify, show a business case, or is it more sort of hate space? >> So here's the good news. I got lucky again. the CFO is very technology forward and so he understands that it drives a lot of efficiencies within the firm. So he gets it but he's been in the history long enough to get it and knows that we can, again he's efficiency a lot, but there's just a lot of efficiencies, and a lot of inefficiencies seen in a lot of what folks do in law firms that no one takes the time to sit down and say okay why do you do it like this? there's got to be a better way. Well this is the way I just do it, and so, we've been able to kind of adjust a lot of those work flows, or change those work flows to make it more cost effective for the business. Like even things simple as, just manage print service, you know, do we store 100 toners in the back somewhere and then wait for someone to, say that they're out of toners? That's not very efficient. and it's very expensive actually, so you put in a much more efficient process in place for toners. Because we're a paperless firm, but you know, I mean we still have to print, so. >> So, the joke about the paperless office was something like paperless bathroom. So, the other way around, I want to ask you about security. Are you the defacto Chief Information Security Officer, or do you have a CISO, or? >> I do not have a CISO that is me, so that'll be me. >> So, that is you. Alright so let's talk security. So, what is the state of security and as you see it? it's constantly evolving. Security practitioners tell us that they got so many tools, they got, they might have a SEC ops team, you may or may not, it may be something embedded in your team, but they've got to respond, they've got to respond, sometimes it's hard to figure out what they should respond to, prioritization, the data, keeping up with the bad guys, all that stuff. What's your state of security? >> so I think these days, it's not really, it's not really about having the best firewall, or the best, outside protection, so I think a lot of the attacks that are happening now, not that they don't happen form the outside, but a lot of it is a lot of social engineering, and a lot of everything. They're taking advantage of the the ignorance of the users, for lack of a better way to say it, so a lot of it's coming in through email, malicious links, and they're taking advantage of the inside, and bad practices, and bad policies, and/or lack of So, I think based on what we see in the news now, and what you read about, it seems like there's a breech every week somewhere. And when it comes down to it you find out that X company didn't, didn't use a strong hashing. For assaulting, on the hashes for their passwords. Like simple simple, just basic basic stuff. It's not like some massive operation like you see in a movie where you know, they're making this big plan to break in a building and it pans out and they're sneaking in you know, from the ceiling and all that kind of stuff. They're just basic stuff, they're just passwords. How can passwords, reused passwords, just databases of passwords everywhere, out in the dark where you can just buy, and they're just utilizing simple stuff like that. It's not even complicated anymore, it's just, it's a lot of social engineering. >> Often times I say that bad user behavior trumps good security every time, I wanted to ask you about the state of the self security in the industry. So you are reinforced, we were there, and Steven Schmidt stood up and he said, "Look at this narrative from the vendor community that says security is broken, isn't productive. It hurts the industry at the same time." I was at VM world recently a couple months ago, last month actually, Pat Kelsinger basically stood up and said security is broken and we're here to fix it, they bought, you know made a big acquisition of carbon black a local company, so you have these two different, you know, polarizing opinions, I don't necessarily feel like the state of security is great. I look back every year I say do I feel more secure or not, you know remember art cove yellow, every year RSA would write his letter. but what are your thoughts on that? Are you basically saying hey, it's, a lot of times it's user behavior, it's things that maybe, you know it's education, is security a do over? I guess is my question. >> A do over in the sense that I think it just comes out to basic education. I have, you'd be, we're in tech and we understand security and we have all these grand ideas and technologies and vendors and software that we use to do different things on all these fancy dashboards. But, if you ask the basic person off the street about, I think I saw a skit on Twitter the other day and you know there was this guy going around asking them, asking people, you know, what's your Facebook password, or you know how complex is it and they'll just give them their passwords and stuff you know, and I mean there's just a lack of basic education, so all us security buffs walk around, and they don't understand what we're talking about, but they don't need to understand what we're talking about. We just need to be able to look, to just have a basic security awareness and training with folks. I have a friend who works in industry, or in a nonprofit that does, that helps folks who've been you know kind of, harassed or abused online. And she's saying, she's telling me, she's like, "Look you guys are great you're really smart, but these folks, they don't know the basic stuff like hey you know someone keeps logging into my internet, and I keep seeing someone, you know, these weird things in my yard, like cameras in my yard and, can I do this with my phone, and oh well I can't use, like, my dogs name for my Facebook password? Like this is just basic stuff that nobody knows. It's not because they're stupid it's just, they just don't know." And so, like we're up here, and your average everyday person is just on this level. >> How about ransom ware? Obviously a hot topic in the business. what should people be, what should they know and what should they be doing? >> at a basic level security ware is training, it's very simple to do, there's a lot of, no that I'm, pushing products there's plenty of products out there. Secure great ones that kind of help your user, or teach them what not to do, or what to look for. we run a fishing campaign in our firm every once in a while and at this point no one clicks on anything without asking. I mean I get direct emails and I say hey, how's this look? Does it look like I should click it or, you know, does it look legit, I mean it's great. They ask now, they know not to do it. Whereas, I mean that's how they get you. That's how they get most of these places. Especially from we get a lot of, we constantly hear about small firms or smaller clients/companies getting hacked, we constantly get emails from them all the time. They'll get hacked and then we'll get the the emails with the links or whatever. that's one on the user side. On the IT side, we just really need to take it back to the basics, let's make sure we have, backups, and a backup policy, and a data protection policy, and an instant response plan. Let's have a plan here, let's not react when something happens, let's just have a plan. Honestly at our firm, we do have backups, we have layered strategy, but there's just some basic things that we don't do, like you know, IT folks, we don't, we don't keep things on our desktop. Let's start with us, you know we're supposed to be the leadership, in this regard, so let's not keep stuff on our desk let's keep stuff on the network. Let's keep it protected. Make sure it's part of the backup schedule. things like that, I think you just start there, because I was you know, I was just reading about, there's an article that came out yesterday, I think it was Washington Post, and it was talking about the ransomer incident in Baltimore a few months ago. They're just now finding out that the, even the IT folks had stuff on their local computers that couldn't be recovered, important documentation. So, this is just data protection 101. You know, we've got to take it back to the basics, take it back. >> Last question, is just kind of your career, so you mentioned before, you were in, I think you said health care, or? >> Yeah so I worked with MSP, so I worked with a lot of start ups. >> So, how'd you get here how'd you become a CIO? People out there may be, you know people in tech, they aspire perhaps to stay in tech, but they want maybe more of a management role. What was your path, and what kind of advice would you give them? >> what I would say is, so it worked out where, I was I was a lead at the company I was at here in Mass at the time, and so long story short my wife had an opportunity in Orlando, we moved, and I said I would never work for a law firm, ever. because I was, when my current boss found out I was coming we have a, a long relationship. When I was in, grew up in Florida and so part of that yeah, okay so I was in the right place at the right time and I knew somebody, that's why it's important to stay on top of networking. Always be networking, not for any other reason, just get to know people, you know. the tough thing that I had growing in the industry, I didn't get involved early on, which I should've. I should've gone to events, things like that. Get to know folks because if the people don't know you, why are they going to hire you? It's easier to get in somewhere, or get an opportunity, if they at least know you, or know your name, or know somebody that knows you. That's number one, so I'm big on that. as soon as I moved back here I've already started, I have quarterly lunches with some of the CIOs at different firms, I just put myself put there. Just hey I'm here, want to get together for lunch? It's that simple. number two make sure this is what you want to do, it's a lot of it, and you hear this all the time, a lot of it has to do with personalities and people. You're managing personalities and people half the time. You are not just doing the tech. If you think you're just going to be doing tech, or you're just going to be doing cool stuff, not the case. So, make sure you can, you know, make sure you know what you're getting into because it's, it's very challenging. >> Now that's great, great advice, so network, it's not, I like to say it's not who you know it's who knows you, so get out there. And then, Love it because, a lot of times I would imagine it's thankless. Right, you hear, >> Yep. >> You hear a lot of the chatter when something goes wrong, >> It's like a defense of a football team, you know, it's fine until, >> Until somebody scores. >> And someone gets sacked you know what I mean, otherwise no one cares. >> Alright Jason well thanks for the update, really appreciate you coming on theCUBE again. >> Thank you. >> Alright you're welcome, alright keep it right there buddy. We will be back with our next segment, right after this short break. (mood music)

>> Narrator: Live, from Washington DC, it's theCUBE. Covering AWS Public Sector Summit. Brought to you by Amazon Web Services. >> Welcome back everyone to theCUBE's live coverage of the AWS Public Sector Summit here in our nation's capital. I'm your host, Rebecca Knight. Co-hosting along side John Furrier. We are joined by Jamil Jaffer, he is the VP Strategy and Partnerships at IronNet. Thanks so much for coming on theCUBE. >> Thanks for having me Rebecca. >> Rebecca: I know you've been watching us for a long time so here you are, soon to be a CUBE alumn. >> I've always wanted to be in theCUBE, it's like being in the octagon but for computer journalists. (laughing) I'm pumped about it. >> I love it. Okay, why don't you start by telling our viewers a little bit about IronNet and about what you do there. >> Sure, so IronNet was started about 4 1/2 years ago, 5 years ago, by General Kieth Alexander, the former director of the NSA and founding commander of US Cyber command. And essentially what we do is, we do network traffic analytics and collective defense. Now I think a lot of people know what network traffic analytics are, you're looking for behavioral anomalies and network traffic, trying to identify the bad from the good. Getting past all the false positives, all the big data. What's really cool about what we do is collective defense. It's this idea that one company standing alone can't defend itself, it's got to work with multiple companies, it's got to work across industry sectors. Potentially even with the governments, and potentially across allied governments, really defending one another. And the way that works, the way we think about that, is we share all the anomalies we see across multiple companies to identify threat trends and correlations amongst that data, so you can find things before they happen to you. And so the really cool idea here is, that something may not happen to you, but it may happen to your colleague, you find about it, you're defended against it. And it takes a real commitment by our partners, our companies that we work with, to do this, but increasingly they're realizing the threat is so large, they have no choice but to work together, and we provide that platform that allows that to happen. >> And the premise is that sharing the data gives more observational space to have insights into that offense, correct? >> That's exactly right. It's as though, it's almost like you think about an air traffic control picture, or a radar picture, right? The idea being that if you want to know what's happening in the air space, you got to see all of it in real time at machine speed, and that allows you to get ahead of the threats rather than being reactive and talking about instant response, we're talking about getting ahead of the problems before they happen so you can stop them and prevent the damage ahead of time. >> So you're an expert, they're lucky to have you. Talk about what you've been doing before this. Obviously a lot of experience in security. Talk about some about some of the things you've done in the past. >> So I have to admit to being a recovering lawyer, but you have to forgive me because I did grow up with computers. I had a Tandy TRS-80 Color computer when I first started. 4K of all more RAM, we upgraded to 16K, it was the talk of the rainbow computer club, what are you doing, 16K of RAM? (laughing) I mean, it was-- >> Basic programming language, >> That's right. (laughing) Stored on cassette tapes. I remember when you used to have to punch a hole in the other side of a 5 1/4 floppy disc to make it double sided. >> Right, right. >> John: Glory days. >> Yeah, yeah. I paid my way through college running a network cable, but I'm a recovering lawyer, and so my job in the government, I worked at the House Intelligence Committee, the Senate Foreign Relations Committee and then the Bush administration on the Comprehensive National Cybersecurity Initiative, both the Justice Department and the White House. >> You've seen the arc, you've seen the trajectory, the progress we're making now seems to me slower than it should be, obviously a lot of inertia as Amy Chasity said today about these public sector government agencies, what not. But a real focus has been on it, we've been seeing activity. Where are we with the state of the union around the modernization of cyber and awareness to what's happening? How critical are people taking this threat seriously? >> Well I think I variety of things to say on that front. First, the government itself needs modernize its systems, right? We've seen that talked about in the Obama administration, we've seen President Trump put out an executive order on modernization of federal infrastructure. The need to move to the cloud, the need to move to shared services, make them more defensible, more resilient long-term. That's the right move. We've seen efforts at the Department of Defense and elsewhere. They aren't going as fast as the need to, more needs to happen on that front. IT modernization can really be accelerated by shifting to the cloud, and that's part of why that one of the things that IronNet's done really aggressively is make a move into the cloud space, putting all of our back end in the cloud and AWS. And also, ability, capability to do surveillance and monitoring. When I say surveillance I mean network threat detection not surveillance of the old kind. But network threat detection in the cloud, and in cloud-enabled instances too. So both are important, right? Classic data centers, but also in modern cloud infrastructure. >> Yeah, one of the things people want to know about is what your enemy looks like, and now with the democratization with open source, and democratization of tools, the enemies could be hiding through obscure groups. The states, the bad actors and the state actors can actually run covert activities through other groups, so this is kind of a dynamic that creates confusion. >> No, in fact, it's their actual mode of operating, right? It's exactly what they do, they use proxies, right? So you'll see the Russians operating, looking like a criminal hacker group operating out of the eastern Europe. In part because a lot of those Russian criminal rings, in actuality. You see a lot of patriotic hackers, right? I would tell most people, if you see a patriotic hacker there's probably a government behind that whole operation. And so the question becomes, how do you confront that threat, right? A lot of people say deterrence doesn't work in cyberspace. I don't believe that. I think deterrence can and does work in cyberspace, we just don't practice it. We don't talk about our capabilities, we don't talk our red lines, we don't talk about what'll happen if you cross our red lines, and when we do establish red lines and they're crossed, we don't really enforce them. So it's no surprise that our enemies, or advisories, are hitting us in cyberspace, are testing our boundaries. It's cause we haven't really give them a sense of where those lines are and what we're going to do if they cross them. >> Are we making an progress on doing anything here? What's the state of the market there? >> Well the government appears to have gotten more aggressive, right? We've seen efforts in congress to give the Department of Defense and the US Intelligence Committee more authorities. You can see the stand up of US Cyber Command. And we've seen more of a public discussion of these issues, right? So that's happening. Now, is it working? That's a harder question to know. But the real hard question is, what do you do on private sector defense? Because our tradition has been, in this country, that if it's a nation-state threat, the government defends you against it. We don't expect Target or Walmart or Amazon to have service to air missiles on the roof of your buildings to defend against Russian Bear bombers. We expect the government to do that. But in cyberspace, the idea's flipped on its head. We expect Amazon and every company in America, from a mom and pop shop, all the way up to the big players, to defend themselves against script kiddies, criminal hacker gangs, and nation-states. >> John: And randomware's been taking down cities, Baltimore, recent example, >> Exactly. >> John: multiple times. Hit that well many times. >> That's right, that's right. >> Talk about where the US compares. I mean, here as you said, the US, we are starting to have these conversations, there's more of an awareness of these cyber threats. But modernization has been slow, it does not quite have the momentum. How do we rate with other countries? >> Well I think in a lot of ways we have the best capabilities when it comes to identifying threats, identifying the adversary, the enemy, and taking action to respond, right? If we're not the top one, we're in the top two or three, right? And the question, though, becomes one of, how do you work with industry to help industry become that good? Now our industry is at the top of that game also, but when you're talking about a nation-state, which has virtually unlimited resources, virtually unlimited man-power to throw at a problem, it's not realistic to expect a single company to defend itself, and at the same time, we as a nation are prepared to say, "Oh, the Department of Defense should be sitting on "the boundaries of the US internet." As if you could identify them even, right? And we don't want that. So the question becomes, how does the government empower the private sector to do better defense for itself? What can the government do working with industry, and how can industry work with one another, to defend each other? We really got to do collective defense, not because it makes sense, which it does, but because there is no other option if you're going to confront nation-state or nation-state enabled actors. And that's another threat, we've seen the leakage of nation-state capabilities out to a lot broader of an audience now. That's a problem, even though that may be 2013 called and wants it's hack back, those things still work, right? What we saw in Baltimore was stuff that has been known for a long time. Microsoft has released patches long ago for that, and yet, still vulnerable. >> And the evolution of just cyber essential command, and Cyber Command, seems to be going slow, at least from my frame. Maybe I'm not in the know, but what is the imperative? I mean, there's a lot of problems to solve. How does the public sector, how does the government, solve these problems? Is cloud the answer? What are some of the things that people of this, the top minds, discussing? >> Well and I think cloud is clearly one part of the solution, right? There's no question that when you move to a cloud infrastructure, you have sort of a more bounded perimeter, right? And that provides that ability to also rapidly update, you could update systems in real time, and in mass. There's not going around and bringing your floppy disc and loading software, and it sounds like that's sort of a joke about an older era, but you look at what happened with NotPetya and you read this great Wired article about what happened with NotPetya, and you look at Maersk. And the way that Maersk brought its systems back up, was they had domain controller in Africa that had gone down due to a power surge, where they were able to recover the physical hard drive and re-image all their world-wide domain controls off of that one hard drive. You think about a major company that runs a huge percentage of the world's ports, right? And this is how they recovered, right? So we really are in that, take your disc and go to computers. In a cloud infrastructure you think about how you can do that in real time, or rapidly refresh, rapidly install patches, so there's a lot of that, that's like a huge part of it. It's not a complete solution, but it's an important part. >> Yeah, one of the things we talk about, a lot of tech guys, is that this debate's around complexity, versus simplicity. So if you store your data in one spot, it's easy to audit and better for governing compliance, but yet easier for hackers to penetrate. From an IQ standpoint, the more complex it is, distributed, harder. >> Yeah I think that's right. >> John: But what's the trade off there? How are people thinking about that kind of direction? >> No that's a great question, right? There's a lot of benefits to diversity of systems, there's a lot of benefit to spreading out your crown jewels, the heart of your enterprise. At the same time, there's real resilience in putting it in one place, having it well defended. Particularly when it's a shared responsibility and you have partial responsibility for the defense, but the provider to, I mean, Amazon, and all the other cloud providers, Microsoft and Google, all have it in their own self interest to really defend their cloud really well. Because whether or not you call it shared responsibility, it's your stock price that matters if you get hit, right? And so, instead of you, Amazon, and all the other cloud players have an incentive to do the right thing and do it really well. And so this shared responsibility can work to both side's benefits. That being said, there's an ongoing debate. A lot of folks want to do there stuff on-prem in a lot of ways. You know, a lot of us are old school, right? When you touch it, you feel it, you know it's there. And we're working through that conversation with folks, and I think that at the end of the day, the real efficiency gains and the power of having super computing power at your fingertips for analytics, for consumer purposes and the like. I really think there's no way to avoid moving to a cloud infrastructure in the long run. >> I know you said you were a recovering lawyer, but you are the founding director of the National Security Institute at the Antonin Scalia School of Law. How are you thinking about educating the next generation of lawyers who could indeed become policy makers or at least work on these committees, to think about these threats that we don't even know about yet? >> That's a great question. So one of the things we're doing, is we're working through the process with the state commission on establishing a new LLM and cyber intelligence national security law. That'll be a great opportunity for lawyers to actually get an advanced degree in these issues. But we're also training non-lawyers. One of the interesting things is, you know, One of the challenges DC has, is we make a lot of tech policy, a lot of it not great, because it's not informed by technologists, so we've got a great partnership with the Hewlett Foundation where we're bringing technologists from around the country, mid-career folks, anywhere from the age of 24 to 38. We're bringing them to DC and we're educating them on how to talk to policy makers. These are technologists, these are coders, data scientists, all the like, and it's a real opportunity for them to be able to be influential in the process of making laws, and know how to involve themselves and talk that speak. Cause, DC speak is a certain thing, right? (laughing) And it's not typically consistent with tech speak, so we're trying to bridge that gap and the Hewlett Foundation's been a great partner in that effort. >> On that point about this collaboration, Silicon Valley's been taking a lot of heat lately, obviously Zuckerberg and Facebook in the news again today, more issues around irresponsibility, but they were growing a rocket ship, I mean, company's only 15 years old roughly. So the impact's been significant, but tech has moved so fast. Tech companies usually hire policy folks in DC to speak the language, educate, a little bit different playbook. But now it's a forcing function between two worlds colliding. You got Washington DC, the Silicon Valley cultures have to blend now. What are some of the top minds thinking about this? What are some of the discussions happening? What's the topic of conversations? >> Well look, I mean, you've see it in the press, it's no surprise you're hearing this talk about breaking up big tech companies. I mean, it's astounding. We used to live in world in which being successful was the American way, right? And now, it seems like at least, without any evidence of anti-trust concerns, that we're talking about breaking up companies that have otherwise hugely successful, wildly innovative. It's sort of interesting to hear that conversation, it's not just one party, you're hearing this in a bipartisan fashion. And so it's a concern, and I think what it reveals to tech companies is, man, we haven't be paying a lot of attention to these guys in DC and they can cause real trouble. We need to get over there and starting talking to these folks and educating them on what we do. >> And the imperative for them is to do the right thing, because, I mean, the United States interest, breaking up, say, Facebook, and Google, and Apple, and Amazon, might look good on paper but China's not breaking up Alibaba anytime soon. >> To the contrary. They're giving them low-interest loans and helping them all to excel. It's crazy. >> Yeah, and they have no R&D by the way, so that's been- >> Jamil: Right, because they stole all of our IP. >> So the US invests in R&D that is easily moving out through theft, that's one issue. You have digital troops on our shores from foreign nations, some will argue, I would say yes. >> Jamil: Inside the border. >> Inside the border, inside the interior, with access to the power grids, our critical infrastructure, this is happening now. So is the government now aware of the bigger picture around what we have as capabilities and criticalities that were needed now for digital military? What is that conversation like? >> Well I think they're having this conversation, right? I think the government knows it's a problem, they know that actually in a lot of ways a partnership with tech is better than an adversary relationship. That doesn't change the fact that, for some reason, in the last three, four years, we really have seen what some people are calling a "techlash", right? A backlash against technology. It kind of strikes me as odd, because of course, the modern economy that we've so benefited from is literally built on the back of the innovations coming out of the Silicon Valley, out of the west coast, and out of the DC metro area, where a lot these tech companies are developing some of the most innovative new ideas. Now they're, frankly, helping government innovate. So Amazon's a key part of that effort, right? Here in the public sector. And so I'm hoping that education will help, I know that the arrival of tech companies here to really have that conversation in an open and sensible way, I hope will sort of waft back some of this. But I worry that for too long the tech and the policies have ignored on another. And now they're starting to intersect as you say, and it has the possibility of going wrong fast, and I'm hoping that doesn't happen. >> You know, one of the things that Rebecca and I were talking about was this talent gap between public sector and private sector. These agencies aren't going to go public anytime soon, so maybe they should get equity deals and get a financial incentive. (laughing) You know what I mean? Shrink down the cost, increase the value. But as you get the collaboration between the two parties, the cloud is attracting smart people, because it gives you an accelerant of value. So people can see some entry points to land, some value out of the gate, verus giving up and abandoning it through red tape, or in other processes. So you starting to see smart people get attracted to cloud as a tool for making change. How is that working? And how is that going to work? Cause this could be coming to the partnership side of it. People might not want to work for the government, but could work with the government. This is a dynamic that we see as real. What's your thoughts? >> I think that's exactly right. Having these cloud infrastructures gives the ability to one, leverage huge amounts of computing power, but also to leverage insights and knowledge from the private sector in ways that you never could have imagined. So I really do think the cloud is an opportunity to bring real benefits from private sector innovation into the public sector very rapidly, right? So, broad-clouded option. And that's part of why John Alexander, my boss, and I have been talking a lot about the need for broad-clouded option. It's not just innovative in technology, it's benefits to the war fighter, Right? I mean, these are real, tangible benefits pushing data in real time, the war fighter, You know John Alexander had one of the biggest innovations in modern war fighting, where he's able to take civil intelligence down from weeks and months, down to minutes and seconds, that the naval and our war fighters in Iraq and Afghanistan to really take the fight to the enemy. The cloud brings that power scaled up to a huge degree, right? By orders of magnitude. And so the government recognizes this and yet today we don't see them yet moving rapidly in that direction. So I think the EO was a good move, a good first step in that direction, now we got to see it implemented by the various agencies down below. >> Well we'll kep in touch, great to have you on. I know we're wrapping up the day here, they're breaking down, we're going to pull the plug literally. (laughing) We'll keep in touch and we'll keep progress on you. >> Thank you so much, I appreciate it. >> Rebecca: Jamil, you are now a CUBE alumn, >> I love it, thank you. >> Rebecca: So congrats, you've joined the club. >> I love it. >> I'm Rebecca Knight for John Furrier you have been watching theCUBE's live coverage of the AWS Public Sector Summit. (electronic music)

(light techno music) >> Announcer: Live from Boston, Massachusetts, it's The Cube. Covering ZertoCon 2018. Brought to you by Zerto. >> This is The Cube. We're at ZeratoCon 2018, Hines Convention Center in Boston. My name's Paul Gillin. My guest is John White, the VP of Product Strategy at Expedient. Why don't you start off by giving us just the elevator pitch on what Expedient is all about. >> Sure, Expedient is a cloud-service provider as well as managed service provider, and we also have data centers that we operate here mainly on the east coast. We have seven cities and 11 data centers. Those are in Boston here, locally as well as Baltimore, Maryland, Pittsburgh, Pennsylvania, Cleveland, Columbus, Indianapolis, and Memphis, Tennessee. And then we actually, we'll put our private cloud services really anywhere. So we actually will put 'em on the customer's premises to meet that need as well as in partner data centers anywhere over the world, if they have to deal with compliance, security, whatever it might be, we'll go and tackle those problems for them. So our goal is to be an infrastructure as a service provider for, you know, really all the enterprise. >> So, when would a company do business with you verses a Microsoft or an Amazon? >> Yeah, so, if you kind of look at really three ways to kind of go cloud, right? You can still do it yourself. You can build some cloud-based services. And that's, again, you're in it on your own. You can go all the way to the extreme, which is the AWS or the Azures, and that's more, again, you're kind of in a do-it-yourself type of mentality. And your support structure there is a little bit different. It's maybe a little bit more mechanical, a little bit more robotical. If you need help in transitioning and figuring out where your workload should sit, and maybe creating more of a hybrid cloud so it's maybe on your premises, it's inside one of our data centers, and then maybe it's even in one of those AWS or Azures. You're going to work with a company like Expedient to go and help you figure out where you should put your workloads, first off. And then how to create that long-term strategy so you get the best of all worlds that are out there, not just one prescriptive cloud. >> So, you're kind of a high-touch cloud provider then. >> Very, very high touch, yeah. Our whole product service is actually a la carte menus. So you pick and choose what you want. We can manage servers, we can provide virtual infrastructure, we can do things like DR as a service, backups as a service, all those pieces. So you build, basically, your perfect IT strategy with us. And then direct connects into AWS and Azure and some other cool products coming soon to kind of make your life a little bit easier, consuming and running your work loads in public clouds. >> Well we hear a lot these days about multi-cloud, about customers wanting to shift their work load seamlessly around between multiple back-end cloud providers. Certainly vendors talk about that a lot. Do you hear customers talking about it? >> Yeah, we have some customers starting to talk about it. And, you know, in the beginning, they just wanted to see, okay, I'm running workloads in AWS, I'm running workloads in Expedient, I'm multi-cloud. And then they start to understand. well, our management's really hard. And the network's really hard, and the security's really hard. And we're doing backups another way than we've done it traditionally. And we're helping customers bridge that gap and saying, we can take some of the security policies that we've been running internally in our data center, and maybe you've been doing inside your data center, and take those out into the public cloud. Simplifying things with networking. We're a pretty big VM or NXS shop. So doing something where you can create tagging and policies local inside the Expedient data center, and then being able to translate those up into AWS and Azure, to make it, basically, one seamless network, is really, really big and key for our customers. It's something that I think is still new. We have a handful of customers that we're working on a lot of cool research projects on. But I think it's going to be something that's going to be the dominant force here in the next few years. >> You mention disaster recovery as a service. Now is that where Zerto fits into your plan? >> Correct, yeah. We've been working with Zerto for quite some time now really since they were just comin' to Boston. And we worked and spent a ton of time with them getting them to understand the needs of service providers, 'cause they were traditionally enterprise focused. And that partnership that we've built over the years has done tremendous value for not only our customers but our businesses. And we've actually had two year-over-year growth for the last three years with them. And actually, we just won the Service Partner Growth Partner of the Year Award with them. So we're creating some pretty cool solutions around DR as a service, and taking some of our network background and actually simplifying DR for our customers that way. So, we use Zerto as well as VM Ware, and some of our own product connectivity, NSX, to actually simplify the package of DR to get the recovery time objective down into 10, 15 minutes, instead of four hours or eight hours or multiple days that really most people are experiencing right now. >> So when you look at the landscape, there are a lot of disaster recovery solution providers you could've worked with. What does Zerto do that's really different? >> The part, well, on a technology wise, watching them take a look at the change block that's occurring that's out of the VM1 environment, making an agnostic from a storage layer, that was really big for us in the beginning on the technical tip-in. And then the partnership, as of late, really since the beginning, was the big value differentiator that we just couldn't find in other companies that're out there. We locked arms with their product management team and their product strategy team right away. We gave them literally two sheets of paper and said these are the things we need to be successful as a service provider using your software. They went down, checked 'em all off. We started goin' at it, and we started then growing that year-over-year for the last three years. So, it's been an amazing partnership. They have a strategic team that understands where the marketing industry's going. And we're going to use them, and leverage them, as much as we possibly can to help out our customers, give 'em the best outcomes they can possibly get. >> When your customers talk to you about backup, where do you see them going? Where is that market headed? >> So backup, traditional backup is something we've been doin' for quite some time. We do petabytes of backups every year for customers. Still using tape, believe it or not, as well. We have a lot of discs-- >> Tape will never die. >> Tape is still out there. I actually have a bumper sticker that I think EMC made when they bought Avamar saying Tape is Dead. And I don't think it's going to die anytime soon. >> Mainframe was dead, too. >> Yeah, right, mainframe has been dead and we still roll new ones into our data centers on a regular basis and then put cloud beside it. But on the backup side of it, if you look at some of the new disasters, right? Look at Atlanta. Their disaster was different. It wasn't a natural disaster, it was a-- >> Radsomeware attack. >> Ransomeware attack. Right, that's a new disaster. We're going to find new disasters, and you can't go and restore back from 24 hours ago and think that that's good. We don't live in that world anymore. It needs to be from five minutes, seven minutes, 30 minutes, whatever it might be. So, we use their journaling today to actually get those quick recoveries. And if they can extend that out, I think it's going to be pretty powerful for customers to say, okay, I want to go back to two years, three days, and six hours from now. And say, gimme that point in time, snap. That's the way I want to actually restore that data. Succeeding in that vision I think will definitely change the game for how we actually look at doing backup and restores in the future. >> A lot of talk at this conference about resilience. >> John: Um hmm. >> Is that a concept that you think customers, your customers, have really internalized? They understand what that means? >> They're getting it, yeah, definitely. I mean, DR even was something that we had to kind of walk them into. But now, if they have an outage, it's not just money that they're losing. It's the reputation. And as we all know now, reputation is key. And you look at Twitter. When somebody has an outage, or has a problem, I mean, their users essentially just blow 'em up and there's memes and all kinds of other stuff. There's a lot of funny ones for the airlines, from Delta and Southwest havin' those challenges. And so, our customers today are realizing that yeah, we can't go a day or two without having service to our customers. We can maybe go a minute or two, but that's about it. We need to make sure we're being resilient with our data. We need to make sure we're protecting it, we'll be able to create ways to quickly roll it back to make sure our customers are up on line. Because they just can't go down anymore. >> How important is security as a driver of resilience and spending on disaster recovery now? >> Yeah, security is definitely, with being able to quickly restore from like a ransomware, it's startin' to bring that infrastructure that has been, security's been a little different there, and where network security's been a little bit different, kind of bringing them together to create, say, we need to have a full package. We not only need to figure out how we're blocking it at the edge and blocking it internally east west, but we need to figure out, if we're going to get breached, 'cause we're going to get breached, how can we quickly restore from that? How can we make sure we're not being held ransom for Bitcoin or whatever the next currency's going to be that they're going to be held ransom for that they just can't pay because maybe it would knock them out of business. >> So, John, Expedient, being a small, specialized cloud service provider, you're kind of dancing with elephants when you're out there with Amazon and Microsoft. What's the secret? What keeps you guys successful and how do you keep viable? >> There's a lot of different things. I think the way we focus on technologies is a little bit unique. I mean, we're there to design the best technical solution for that customer. And not maybe fit them into a one-size-fits-all outfit. The other side of it is, a lot of our customers like the local touch and feel. Majority of our customers are at and around our data centers. That way they can get to learn the facility, they can, even if they're running cloud services with us, they know where it lives. That maybe eases their minds from a compliance standpoint, security standpoint. Or just in a trust, saying, I'm going to take my data that's been living inside of my data center, that's key to my business, and I'm going to give it to somebody, I at least want a face and a name so I can know who to call and who to talk to if there is ever a problem. >> Face to face still matters. >> It does, and I think it's always going to matter. And I think we're always going to have some sort of high interaction with every enterprise out there. And that's what they're going to need. 'Cause this stuff can never commoditize all the way. Creating the solution is still hard. Maybe the bits and pieces underneath it are a little bit easier, but the whole packages is going to always be unique and really hard to define in a one-size-fits-all for a lot of those enterprises. >> John White, thanks so much for joining us. >> Thanks for having me. >> We'll be back from Zertocon 2018 here in Boston. I'm Paul Gillin, this is The Cube. (light techno music)