>>Okay. Okay. We're back on the cube here in cloud city. I'm John Farah, David latte. Thanks Adam. And guys in the studio. Awesome stuff. Dave mobile world Congress is happening. It's basically a hybrid show. Mostly virtual. Actually the physical action is a lot of booths. Cloud city is tricked out, big time made for TV. The cubes, obviously here, we've got the main stage with Adam and crew, Chloe and team, and it's pretty, pretty cool. Cloud cities, thematic John, we're going to see the next decade be about the cloudification of telco and major, major portions of telco. We're going to move to the cloud. It's very clear. And especially the front end stuff, a lot of the business support systems, some of the operational systems are going to go. When you're seeing that, you're seeing that with Amazon, you're seeing Microsoft, you're seeing Google. They're all moving in that direction. >>So it's inevitable. And I just love the fact that events are back. That's a game changing statement. Mobile world. Congress is not going to go away. There's no way they're going to let this event slide by. Even though we're coming out of the pandemic, clearly Bon Jovi was here. He said, quote, we met him last night, face to face. He's like, go Patriots. Hope they have a good season. This year. He's a big Patriots fan. He said, it's going to be better. This could be better. But he also said he it's the first time he's performed in a year and a half in front of all excited. He wasn't calm, small little intimate crowd. Again, look behind this. You can see the cloud city. This is really built out extremely well. A lot of executives here, but the content has been awesome here, but also remote. We've been bringing people in live remotes and we also had some prerecorded assets that we have. And we've got one here from Booz Allen, who I had a conversation with earlier in the month and grab some time to talk about the impact of 5g telecom and how it relates to national security for cover mints and society. And so let's take a look at that video right now. >>Hi, welcome to the cube conversation here in the cube studios in Palo Alto, California, I'm John for a, your host had a great conversation with two great guests gonna explore the edge, what it means in terms of commercial, but also national security. And as the world goes digital, we're going to have the deep dive conversation around, um, how it's all transforming. We've got Kate Lee, vice president Booz Allen's digital business. Kate. Great to have you, uh, John Paisano principal at Booz Allen's digital cloud solutions. Gentlemen, thanks for coming on. So one of the most hottest topics, obviously besides cloud computing, having the most refactoring impact on business and government and public sector has been the next phase of cloud growth and cloud scale, and that's really modern applications, um, and consumer, and then here, uh, for national security and for governments here in the U S is in the military impact. >>And as digital transformation starts to go to the next level, you starting to see the architectures emerge, where the edge, the IOT edge, the industrial IOT edge, or any kind of edge concept 5g is exploding, making that much more of a dense, more throughput for connectivity with wireless. You've got Amazon with snowballs, snowmobile, all kinds of ways to deploy technology. That's it like and operational technologies it's causing quite a cloud operational opportunity and disruption. So I want to get into it. Let's key. Let's start with you. I mean, we're looking at an architecture, that's changing both commercial and public sector with the edge. What are the key considerations that you guys see as people have to really move fast and this new architecture of digital, >>Which I think is a great question. And, um, if I could just, uh, share our observation on why we even started investing in edge, um, you mentioned cloud, um, but as we've reflected upon kind of the history of it on you to take a look from mainframes to desktops, to servers, to a cloud, to mobile, and now I have a T what we observed was that, um, industry investing in infrastructure led to kind of an evolution of, uh, uh, of it, right? So as you mentioned with industry spending billions on IOT and edge, um, we've just feel that that's going to be the next evolution. Um, if you've take a look at, um, you mentioned 5g, I think 5g will be certainly, um, an accelerator to edge, um, because of the, the resilience, the lower latency and so forth, but, um, taking a look at what's happening in space, you mentioned space earlier as well, right. >>Um, and, uh, what, uh, Starlink is doing by putting satellites to actually provide transport into the space. Um, we're thinking that that actually is going to be the next ubiquitous thing. Once transport becomes ubiquitous, just like cloud allows stores to be ubiquitous. We think that, you know, the next generation internet will be space-based. Um, so when you think about it, um, connected, it won't be connected servers per se. It will be connected devices. Um, so, uh, that's kind of, you know, some of the observations and why we've been really focusing on investing in, in edge. >>Awesome. I'd love to sh to, uh, continue the conversation on space and the edge, um, and super great conversation to have you guys on and really appreciate it. I do want to ask you guys about the innovation and the opportunities, uh, this new shift that's happening is the next big thing is coming quickly and it's here on us and that's cloud. I call it cloud 2.0, the cloud scale, modern software development environment, uh, edge with 5g changing the game. I key, I completely agree with you. And I think this is where people are focusing their attention from startups to companies that are transforming and repivoting, or refactoring their, their, uh, existing assets to be positioned. And you're starting to see clear winners and losers as a pattern emerge, right? You gotta be in the cloud, you gotta be leveraging data. You gotta be, uh, horizontally scalable, but you've gotta have AI machine learning in there with modern software practices that are secure. >>That's the playbook. Some people are it, some people are not getting there. So I got to ask you guys, you know, as telcos become super important and the ability to be a telco. Now, we just mentioned standing up a tactical edge, for instance, uh, launching a satellite couple of hundred K you're going to launch a cube set. Um, that could be good and bad, right? So, so, you know, the telco business is changing radically cloud telco cloud is emerging as an edge phenomenon with 5g, certainly business commercial benefits, more than consumer. How do you guys see the innovation and disruption happening with telco? >>Um, you know, as we think through, um, cloud to edge, um, one thing that we realized, because our definition of edge, John was actually at the point of data collection, right on the sensor themselves, others definition of edge is we're a little bit further back when we call it the edge of the it enterprise. Um, but you know, as we look at this, we realize that you need, you needed this kind of multi echelon environment, right? From your cloud to your tactical clouds, right. Where you can do some processing and then at the edge themselves, really at the end of the day, it's all about, I think, data, right? I mean, everything we're talking about is still all about the data, right? The AI needs to Dane, the telco is transporting the data. Right. And so, um, I think if you think about it from a data perspective, in relationship to telcos, right, one edge will actually enable a very different paradigm in a distributed paradigm for data processing. Right. So instead of bringing the data to some central cloud, right. Um, which takes bandwidth off your telcos, push the products to the data, right. So mitigate, what's actually being sent over to those telco lines to increase the efficiencies of them. Right. Um, so I think, you know, at the end of the day, uh, the telcos are gonna have a pretty big, uh, component to this, um, even from space down to ground station, right. How that works. Um, so, um, the, the network of these telcos, I think, are just going to expand >>John, what's your perspective. I mean, startups are coming out. The scalability speed of innovation is a big factor. The old telco days had like, I mean, you know, months and years, new towers go up and now you've got backbone. You've got, you know, it's kind of a slow glacier pace. Now it's under siege with rapid innovation. >>Yeah. So, um, I definitely echo the sentiments that Q would have, but I would also, if we go back and think about the digital battle space and what we've talked about, um, faster speeds being available, you know, in places it's not been before is great. However, when you think about basing an adversary, that's a near peer threat. The first thing they're going to do is make it contested congested, and you have to be able to survive. I, while yes, the, the pace of innovation is absolutely pushing comms. The places we've not had it before. Um, we have to be mindful to not get complacent and over rely on it, assuming it will always be there because I know in my experience wearing the uniform and even if I'm up against it adversary, that's the first thing I'm gonna do is I'm going to do whatever I can to disrupt your ability to communicate. So how do you take it down to that lowest level and still make that squad, the platoon, whatever that structure is, you know, continued some survivable and lethal. And so that's something I think, as we look at the innovations, we need to be mindful of that so low. And I talk about how do you architect it? What services do you use? Those are all those things that you have to think about. What if I lose it at this echelon? How could, how do I continue to mission? >>Yeah. It's interesting. Mean if you look at how companies have been procuring and consuming technology key, it's been like siloed. Okay. We've got a workplace workforce project, uh, and we have the tactical edge and we have the, you know, siloed it solution when really work in play, whether it's work here. And John's example is the war fighter. And so his concern is safety is his life. Right. And, and protection, the department has to manage the coms. And so they have to have countermeasures and contingencies ready to go. Right. So all this is integrate integrated. Now it's not like one department it's like, it's it's together. >>Yeah. Do you, I mean, you're, you're, uh, I love what you just said. I mean, we have to get away from this siloed siloed banking. Um, not only within a single organization, but across the enterprise. Right. Um, you know, from a digital battlefield perspective, you know, I, you know, it's a joint fight, right. So even across these enterprise of enterprises, right. So I think you're spot on. We have to look horizontally, uh, we have to integrate, we have to inter-operate. Um, and, and by doing that, that's where the innovation is also going to be accelerated too. Right. Not reinventing the wheel. >>Yeah. You know, I think the infrastructure edge is so key. It's going to be very interesting to see how the existing incumbents can handle themselves. Obviously the towers are important. Five GLC has much more, more deployments, not as centralized in terms of the, of the spectrum. Uh, it's more dense. It's gonna create more connectivity options. Um, how do you guys see that impacting? Because certainly more gear, like, obviously not, not the centralized tower from a backhaul standpoint, but now the edge, the radios themselves, the wireless, uh, uh, uh, transit is key. Um, that's the real edge here. How does, how do you guys see that evolving? >>So, um, you know, we're seeing, uh, we're seeing a lot of, um, innovations actually through small companies. We're really focused on very specific niche problems. I think it's a great starting point, um, because what they're doing is showing the art of the possible, right. Um, because again, we're in a different environment now there's different rules, there's different capabilities now, but then we're also seeing, you mentioned earlier on, um, uh, some of the larger companies, Amazon and Microsoft also investing, um, as well. Right. So, um, I think the merge of the, you know, are the unconstrained are the possible right by these small companies that are, you know, just kind of driving, you know, uh, innovations, uh, supported by the, the, the maturity and the, the, the heft of these large companies who are building out kind of these, um, pardoned kind of, uh, capabilities. Um, they're going to converge at some point, right. Um, and, and that's where I think they want to get further innovation. >>Well, I really appreciate you guys taking the time. Final question for you guys, as people are watching this, a lot of smart executives and teams are coming together to kind of put the battle plans together for their companies, as they transition from old to this new way, which is clearly cloud-scale role of data. We've got them, we hit out all the key points. I think here, as they start to think about architecture and how they deploy their resources, this becomes now the new boardroom conversation that trickles down and includes everyone, including the developers. You know, the developers are now going to be on the front lines. Um, mid-level managers are going to be integrated in as well. It's a group conversation. What are some of the advice that you would give to folks who are in this mode of planning, architecture, trying to be positioned to come out of this pandemic with a massive growth opportunity and, and to be on the right side of history? What's your advice? >>Um, this is a quick question. Um, so I think, um, you, you touched upon it. Um, one is take the holistic approach. Uh, you mentioned orchestras a couple of times, and I think that's, that's critical understanding, um, how your edge architectures will let you connect with your cloud architecture. So they're, they're not disjointed, right? They're not siloed, right. They're interoperable, they integrate. So you're taking that enterprise approach. Um, I think the second thing is be patient. Uh, it took us some time to really kind of, and we've been looking at this for, uh, about three years now. Um, and we were very intentional in assessing the landscape, how people were, you know, um, discussing around edge, um, and kind of pulling that all together, but it took us some time to even figure it out, kind of, Hey, what are the use cases? How can we actually apply this and get some ROI and value, um, out for our clients? Right. So being a little bit patient, um, in thinking through kind of how you can leverage this and potentially be a disruptor, >>John, your thoughts on advice to people watching as they try to put the right plans together to be positioned and not foreclose any future value. >>Yeah, absolutely. So, in addition to the points, the key res I would, number one, amplified the fact of recognize that you're going to have a hybrid environment of legacy and modern capabilities. And in addition to thinking, you know, open architectures and whatnot, think about your culture, the people, your processes, your techniques, and whatnot, and your governance. How do you make decisions when it needs to be closed versus open? Where do you invest in the workforce? What decisions are you going to make in your architecture that drive that, that hybrid world that you're going to live in? All those recipes, you know, patients open all that, that I think we often overlook the cultural people aspect of, you know, upskilling it, this is a very different way of thinking on modern software delivery. Like, how do you go through this lifecycle? How's security embedded. So making sure that's part of that boardroom conversation >>Back day, this is a great interview. We just had with Kaley for Booz Allen reason, why I wanted to bring that into the cube programming this week was because you heard him saying ivory cloud. You heard him say public cloud innovation, edge, all elements of the architecture. And he says, we are learning and it takes patience. And the other thing that he was hyper focused on was the horizontal scalability, not silos. And this is an architectural shift. Who's Alan again, premier firm, and they're doing like killer work. Those guys are amazing. So this brings up the whole theme here, which is you got to nail the architecture. If you don't know what checkmate looks like, don't play chess. That's what I always say. Well, you don't know what the game is, don't play it. And I think the telco story that we hear from Dr is that these guys don't know the game. >>Now I would question that Amazon and others think they do because as they're all partnering with them, yeah, Amazon's got great partnerships. Google just announced a partnership with Ericsson goes on and on. I think anything that can move into the hybrid cloud, Ken should and will that'll happen, but there's some stuff that's going to take some time. Maybe we'll never move. You see that with mainframes. But what they'll do is they'll put an abstraction layer around it and it's got to communicate. And I think the big question is, okay, is it going to be the cloud stack coming on prem, which I think is going to happen, or is it going to be the reverse? And I would bet on the former, well, you know, we've been covering the cloud from day one. We've been part of that wave. We've had all the top conversations with Andy Jassy when, and he was just breaking through the growth. All the cloud players we've been there. We talked to all their customers. We have our finger on the pulse of cloud and we are in cloud city. Main street of cloud city is where all the action is. And the main stage is up there. Adam and team take it from here.

>> Live from San Francisco. It's the Cube covering artists. A conference twenty nineteen brought to you by for scout. >> Hey, Welcome back, everybody. Jefe Rick here with the Cube were in the force caboose that Arcee and Mosconi center forty thousand people walking around talking about security is by far the biggest security of it in the world. We're excited to be here. And welcome back a Cube. Alumni has been playing in the security space for a very long time. He's Bradman bury the GDP from Booz Allen >> Hamilton. Brad, great to see you. >> Hey, thanks for having me here today. Absolutely. Yeah. I've, uh I've already walked about seven miles today, and, uh, just glad to be here to have >> a conversation. Yeah, the fit bitten. The walking trackers love this place, right? You feel your circles in a very short period of time. >> I feel very fit fit after today. So thank >> you. But it's pretty interesting rights, >> and you're in it. You're in a position where you're >> advising companies, both government and and commercial companies, you know, to come into an environment like this and just be overwhelmed by so many options. Right? And you can't buy everything here, and you shouldn't buy everything here. So how do you help? How do you hope your client's kind of navigate this crazy landscape. >> It's interesting, so you mentioned forty thousand people. Aziz, you see on the show, should share room floor behind us, Thousands of product companies, and, frankly, our clients are confused. Um, you know, there's a lot of tools, lot technologies. There's no silver bullet, and our clients are asking a couple of fundamental problem. A couple of fundamental questions. One. How effective in mine and then once them effective, you know, how can I be more efficient with my cyber pretty spent? >> So it's funny, effective. So how are they measuring effective, Right? Because that's a that's a kind of a changing, amorphous thing to target as well. >> That's I mean, that's that's That's the that's the key question in cybersecurity is how effective my, you know, there's lots of tools and technologies. We do a lot of instant response, but commercially and federally and in general, when looking at past reaches, its not a problem. In most cases, everyone has the best of the best and tools and technologies. But either they're drowning in data on DH or the tools aren't configured properly, so you know we're spending a lot of time helping our client's baseline their current environment. Help them look at their tool configurations, help them look at their screw. The operation center helping them figure out Can they detect the most recent threats? And how quickly can we respond? >> Right? And then how did they prioritize? That's the thing that always amazes me, because then you can't do everything right. And and it's fascinating with, you know, the recent elections and, you know, kind of a state funded threats. Is that what the bad guys are going on going after? Excuse me? Isn't necessarily your personal identifying information or your bank account, but all kinds of things that you may not have thought were that valuable yesterday, >> right? I mean, you know, it's funny. We talk a lot about these black swan events, and so you look at not Petra and you know what? Not Pecchia. There was some companies that were really hit in a very significant way, and, you know, everyone, everyone is surprised, right and way. See it time after time, folks caught off guard by, you know, these unanticipated attack vectors. It's a big problem. But, you know, I think you know, our clients are getting better. They're starting to be more proactive. There start. They're starting to become more integrated communities where they're taking intelligence and using that to better tune and Taylor there screw the operation programs. And, you know, they're starting to also used take the tools and technologies in their environment, better tie them and integrate them with their operational processes and getting better. >> Right. So another big change in the landscape. You said you've been coming here for years. Society, right? And yeah. And it's just called Industrial. I owe to your Jean. Call it. Yeah. And other things. A lot more devices should or should not be connected. Well, are going to be connected. They were necessarily designed to be connected. And you also work on the military side as well. Right? And these have significant implications. These things do things, whether it's a turbine, whether it's something in the hospital, this monitoring that hard or whether it's, you know, something in a military scenarios. So >> how are you seeing >> the adoption of that? Obviously the benefits far out way you know, the potential downfalls. But you gotta protect for the downfall, >> you know? Yo, Tio, we've u o T is one of the most pressing cyber security challenges that our client's case today. And it's funny. When we first started engaging in the OT space, there was a big vocabulary mismatch. You had thesis, Oh, organizations that we're talking threat actors and attack vectors, and then you had head of manufacturing that we're talking up time, availability and reliability and they were talking past each other. I think now we're at an attorney point where both communities air coming together to recognize that this is a really an imminent threat to the survival of their organization and that they've got to protect they're ot environment. They're starting by making sure that they have segmentation in place. But that's not enough. And you know, it's interesting when we look into a lot of the OT environments, you know, I call it the Smithsonian of it. And so, you know, I was looking at one of our client environments and, you know, they had, Ah, lot of Windows and T devices like that's great. I'm a Windows NT expert. I was using that between nineteen ninety four in nineteen ninety six, and you know, I mean, it's everybody's favorite vulnerability. Right on Rodeo. I'm your guy. So, you know, one of the challenges that we're facing is how do you go into these legacy environments that have very mission critical operations and, you know, integrates cyber security to protect and ensure their mission. And so we're working with companies like for Scott, you know, that provide Asian agent lis capabilities, that that allow us to better no one understand what's in the environment and then be able to apply policies to be able to better protect and defend them. But certainly it's a major issue that everyone's facing. We spent a lot of time talking about issues in manufacturing, but but think about the utilities. Think about the power grid. Think about building control systems. H back. You know, I was talking to a client that has a very critical mission, and I asked them all like, what's your biggest challenge? You face today? And I was thinking for something. I was thinking they were going to be talking about their mission control system. Or, you know, some of some of the rial, you know, critical critical assets they have. But what he said, My biggest challenge is my, my age back, and I'm like, really, He's like my age back goes down, My operation's gonna be disrupted. I'm going out to Coop halfway across the country, and that could result in loss of life. It's a big issue. >> Yeah, it's wild. Triggered all kinds. I think Mike earlier today said that a lot of a lot of the devices you don't even know you're running in tea. Yeah, it's like a little tiny version of Inti that's running underneath this operating system that's running this device. You don't even know it. And it's funny. You talked about the HBC. There was a keynote earlier today where they talk about, you know, if a data center HBC goes down first. I think she said, sixty seconds stuff starts turning off, right? So, you know, depending on what that thing is powering, that's a pretty significant data point. >> Yeah, you know, I think where we are in the journey and the OT is, you know, we started by creating the burning platform, making sure that there was awareness around hate. There is a problem. There is a threat. I think we've moved beyond that. WeII then moved into, you know, segmenting the BOT environment, A lot of the major nation state attacks that we've seen started in the enterprise and move laterally into the OT environment. So we're starting to get better segmentation in place. Now we're getting to a point where we're moving into, you know, the shop floors, the manufacturing facilities, the utilities, and we're starting Teo understand what's on the network right in the world This has probably been struggling with for years and have started to overcome. But in the OT environment, it's still a problem. So understanding what's connected to the network and then building strategy for how we can really protecting defendant. And the difference is it's not just about protecting and defending, but it's insuring continuity of mission. It's about being resilient, >> right and being able to find if there's a problem down the problem. I mean, we're almost numb. Tow the data breach is right there in the paper every day. I mean, I think Michael is really the last big when everyone had a connection fit down. Okay, it's another another data breach. So it's a big It's a big issue. That's right. So >> one of the things you talked about last time we had >> John was continuous diagnostic and mitigation. I think it's a really interesting take that pretty clear in the wording that it's not. It's not by something, put it in and go on vacation. It was a constant, an ongoing process, and I have to really be committed to >> Yeah, you know, I think that, you know, our clients, the federally and commercially are moving beyond compliance. And if you rewind the clock many years ago, everyone was looking at these compliance scores and saying Good to go. And in reality, if you're if you're compliant, you're really looking in the rear view mirror. And it's really about, you know, putting in programs that's continually assessing risk, continuing to take a continues to look at your your environment so that you can better understand what are the risks, one of the threats and that you can prioritize activity in action. And I think the federal government is leading the way with some major programs. I got a VHS continuous diagnostic in mitigation where they're really looking Teo up armor dot gov and, you know, really take a more proactive approach. Teo, you know, securing critical infrastructure, right? Just >> curious because you you kind >> of split the fence between the federal clients and the commercial clients. Everybody's, you know, kind of points of view in packs away they see the world. >> What if you could share? >> Kind of, maybe what's more of a federal kind of centric view that wasn't necessarily shared on the commercial side of they prioritize. And what's kind of the one of the commercial side that the feds are missing? I assume you want to get him both kind of thinking about the same thing, but there's got to be a different set of priorities. >> Yeah, you know, I think after some of the major commercial breaches, Way saw the commercial entities go through a real focused effort. Teo, take the tools that they have in the infrastructure to make sure that they're better integrated. Because, you know, in this mass product landscape, there's lots of seems that the adversaries livin and then better tie the tooling in the infrastructure with security operations and on the security operation side, take more of an intelligence driven approach, meaning that you're looking at what's going on out in the wild, taking that information be able to enrich it and using that to be more proactive instead of waiting for an event to pop up on the screen hunt for adversaries in your network. Right now, we're seeing the commercial market really refining that approach. And now we're seeing our government clients start to adopt an embrace commercial. Best practices. >> Write some curious. I love that line. Adversaries live in the scene. Right? We're going to an all hybrid world, right? Public cloud is kicking tail. People have stuff in public, cloud their stuff in their own cloud. They have, you know, it's very kind of hybrid ecosystems that sounds like it's making a whole lot of scenes. >> Yeah, you know, it. You know, just went Just when we think we're getting getting there, you know, we're getting the enterprise under control. We've got asset management in place, You know. We're modernizing security operations. We're being Mohr Hunt driven. More proactive now the attacks services expanding. You know, earlier we talked about the OT environment that's introducing a much broader and new attack service. But now we're talking about cloud and it's not just a single cloud. There's multiple cloud providers, right? And now we're not. Now we're talking about software is a service and multiple software's of service providers. So you know, it's not just what's in your environment now. It's your extended enterprise that includes clouds. So far is the service. Excuse me, ot Io ti and the problem's getting much more complex. And so it's going to keep us busy for the next couple of years. I think job security's okay, I think where I think we're gonna be busy, all >> right, before I let you go, just kind of top trends that you're thinking about what you guys are looking at a za company as we had in twenty >> nineteen, you know, a couple of things. You know, Who's Alan being being deeply rooted in defense and intelligence were working, Teo, unlocking our tradecraft that we've gained through years of dealing with the adversary and working to figure out howto better apply that to cyber defense. Things like advanced threat hunting things like adversary red teaming things like being able to do base lining to assess the effectiveness of an organisation. And then last but not least, a i a. I is a big trend in the industry. It's probably become one of the most overused but buzzwords. But we're looking at specific use cases around artificial intelligence. How do you, you know better Accelerate. Tier one tier, two events triaging in a sock. How do you better detect, you know, adversary movement to enhance detection in your enterprise and, you know, eyes, you know, very, you know, a major major term that's being thrown out at this conference. But we're really looking at how to operationalize that over the next three to five years, >> right? Right. And the bad guys have it too, right? And never forget tomorrow's Law. One of my favorite, not quoted enough laws, right, tend to overestimate in the short term and underestimate in the long term, maybe today's buzzword. But three to five years A I's gonna be everywhere. Absolutely. Alright. Well, Brad, thanks for taking a few minutes of your day is done by. Good >> to see you again. All right, >> all right. He's Brad. I'm Jeff. You're watching. The Cube were in Arcee conference in downtown San Francisco. Thanks >> for watching. We'LL see you next time.

>> Live, from San Francisco, it's The Cube! Covering DockerCon '18. Brought to you by Docker and its ecosystem partners. >> Hey, welcome back to The Cube. We are live at DockerCon 2018 on a beautiful day in San Francisco. We're glad you're not playing hooky though if you're in the city because it's important to be here watching John Troyer and myself, Lisa Martin, talk to some awesome, inspiring guests. We're excited to welcome two Docker captains, that's right, to The Cube. We've got Nirmal Mehta, you are the chief technologist of Booz Allen. Welcome back to The Cube. And, we've got Bret Fisher, the author of Docker Mastery. Both of you, Docker captains. Can't wait to dig into that. But you're both speakers here at the fifth annual DockerCon. So Bret, let's talk, you just came off the stage basically. So, thank you for carving out some time for us. Talk to us about your session. What did you talk about? What was some of the interaction with the attendees? >> Well the focus is on Docker Swarm and I'm a assist admin at heart so I focus on ops more than developer but I spend my life helping developers get their stuff into production. And so, that talk centers around the challenges of going in and doing real work that's for a business with containers and how do you get what seems like an incredible amount of new stuff into production all at the same time on a container ecosystem. So, kind of helping them build the tools they need, and what we call a stack, a stack of tools, that ultimately create a full production solution. >> What were some of the commentary you heard from attendees in terms of... Were these mostly community members, were there users of container technology, what was sort of the dynamic like? >> Well you have, there's all sorts of dynamics, right? I mean you have startups, I think I took a survey in the room because it was packed and like 20% of the people in the room about were a solo DevOps admin. So they were the only person responsible for their infrastructure and their needs are way different than a team that has 20 or 30 people all serving that responsibility. So, the talk was a little bit about how do they handle their job and do this stuff. You know, all this latest technology without being overwhelmed and, then, how does it grow in complexity to a larger team and how do they sustain that. So, yeah. >> Bret, it's nice that the technology is mature enough now that people are in production, but what are some of the barriers that people hit when they try to go into production the first time? >> Yeah, great question. I think the biggest barrier is trying to do too much new at the same time. And, I don't know why we keep relearning this lesson in IT, right? We've had that problem for decades of projects being over cost, over budget, over timed, and I think with so much exciting new stuff in containers it's susceptible to that level of, we need all these new things, but you actually don't, right? You can actually get by with very small amounts of change, incrementally. So, we try to teach that pattern of growing over time, and, yeah. >> You mentioned like the one person team versus the multi-person team kind of DevOps organization. Does that same problem of boiling the ocean, do you see that in both groups? >> Yeah, I mean you have fundamentally the same needs, the same problem that you have to solve, but different levels of complexity is really all it has to do with and different levels of budget, obviously, right? So, usually the solo admin doesn't have the million dollar budget for all the tools and bells and whistles, so they might have to do more on their own, but, then, they also have less time so it's a tough row to hoe, you know, to deal with, because you've got those two different fundamental problems of time and money and people are using the most expensive thing. So, no matter what the tool is you're trying to buy, it's usually your time that's the most valuable thing. So how do we get more of our time back? And that's really what containers were all about originally was just getting more of our time back out of it and so we can put back into the business instead of focusing on the tech itself. >> Nirmal, your talk tomorrow is on empathy. >> Yes. >> Very provocative, dig into that for us. >> Sure, so it was actually inspired by a conversation I had with John a couple years ago on Geek Whisperers podcast and he asked the folks on that show, yourself included, asked if there was an event in my past that I kind of regret or taught me a lot. And it was about basically neglecting someone on my team and just kind of shoving them away. And, that moment was a big change in how I felt about the IT industry. And, what I had done was pushed someone who probably needed that help and built up a lot of courage to talk to me and I kind of just dismissed him too quickly. And, from there, I was thinking more and more about game theory and behavioral economics and seeing a lot of our clients and organizations struggle to go through a digital transformation, a DevOps transformation, a cultural transformation. So, to me, culture is kind of the core of what's happening in the industry. And so, the idea of my talk is a little bit of behavioral economics, a little bit of game theory, to kind of set the stage for where your IT organization is probably kind of is right now and how to use empathy to get your organization to that DevOps and to a more efficient place and resolve those conflicts that happen inherently. And, somehow tie that all together with Docker. So, that's kind of what my talk is all about. >> Nice, I mean what's interesting to me, Lisa, is that we do Cubes and there are many Cubes actually all across the country during conference season, right? And we talk to CEOs and VPs of very large companies and even today, at DockerCon, the word 'culture' and the talking about culture and process and people has come up every single interview. So, it's not just from the techies up that this conversation is going... this DevOps and empathy conversation is going on, it seems to be from the top down as well. Everyone seems to recognize that, if you really are going to get this productivity gain, it's not just about the tech, you gotta have culture. >> Absolutely, a successful transformation of an organization is both grassroots and top down. Can't have it without either. And, I think we inherently want to have a... Like, we want to take a pill to solve that problem and there's lots of pills: Docker or cloud or CICD or something. But, those tools are the foundational safety net for a cultural transformation, that's all that it is. So, if you're implementing Docker or Jenkins or some CICD pipeline or automation, that's a safety blanket for providing trust in an organization to allow that change in the culture to happen. But, you still need that cultural change. Just adopting Docker isn't going to make you automatically a more effective organization. Sorry, but it's just one piece and it's an important piece but you have to have that top down understanding of where you are now as an organization and where you want to be in the future. And understanding that this kind of legacy, siloed team mindset is no longer how you can achieve that. >> You talked about trust earlier from a thematic perspective as something that comes up. You know we were at SAP Sapphire last week and trust came up a lot as really paramount. And that was in the context of a vendor/customer relationship. But, to your point, it's imperative that it's actually coming from within organizations. We talk a lot about, well stuff today: multi-cloud--multi-cloud, silos-- but, there's also silos with people and without that cultural shift and probably that empathy, how successful, how big of an impact can a technology make? Are you talking with folks that are at the executive level as well as the developer level in terms of how they each have a stake and need to contribute to this empathy? >> Yeah, absolutely. So, the talk I'm doing is basically the ammunition a lower level person would need to go up to management and say, hey, you know this is where the organization is, this is what the IT department kind of looks like, these are the conflicts, and we have to change in order to succeed. And a lot of folks don't. They see the technology changes that they need. You know, adopting the new javascript framework or the new UX pattern. But, they might not have the ammunition to understand the business strategy, the organizational issues. But, they still need that evidence to actually convince a CTO or a CEO or a COO for the need to change. So, I've talked to both groups. From the C-level side, I think it comes from the inherent speed of the industry, the competitive landscape, those are all the pressures that they see and the disruptions that they are tackling. Maybe it's incumbent disruption or new startups that they may have to compete with in the future. The need for constant innovation is kind of the driver. And, IT is kind of where all that is, these days. >> That's great. Building on the concept of trust and this morning at the keynote, Matt Mckesson where they talked about trusting Docker, trusting Docker the company, trusting Docker the technology. Almost the very first words out of Steve Singh's mouth this morning were about community. And, I think community is one of the big reasons people do trust Docker and one of the things that brings them along. You guys are both Docker captains, part of a program of advocacy, community programs. I don't know, Bret, can you tell us a little bit about the program and what's involved in it? >> Yeah, sure. So, it's been around over two years now and it actually spawned out of Docker's pre-existing programs were focusing on speakers and bloggers and supporting them as well as community leaders that run meetups. And they kind of figured out that a key set of people were kind of doing two or three of those things all at once. And so, they were sort of deciding how do we make like super-groups of these people and they came up with the term Docker captain It really just means you know something about Docker, you share it constantly, something about a Docker toolset, something about the container tools. And that you're sort of... And you don't work for Docker. You're a community person that is, maybe you're working for someone that is a partner of Docker or maybe you're just a meetup volunteer that also blogs a lot about patterns and practices of Docker or new Docker features. And so, they kind of use the engineering teams at Docker to kind of pick through people on the internet and the people they see in the community that are sort of rising out of all the noise out there. And they ask them to be a part of the program and then, of course, we get nice jackets and lots of training. And, it's really just a great group of people, we're about 70 people now around the world. >> And yeah, this is global as well, right? >> Oh yeah, yep. It's one of my favorite aspects is the international aspect. I work for Booz Allen which is a more US government focused and I don't get to interact with the global community much. But, through the Docker captain program got friendships and connections almost on every continent and a lot of locations. I just saw a post of a Docker meetup in like, I think it was like Tunisia. Very, very out there kind of places. There was a Cuban one, recently, in Havana. The best connections to a global community that I've ever seen. I think one of the biggest drivers is the rapid adoption and kind of industry trend of containerization and the Docker brand and what it is basically gave rise to a ton of folks just beginners, just wanting to know what it's all about. And, we've been identified as folks that are approachable and have kind of a mandate to be people that can help answer those initial questions, help align folks that have questions with the right resources, and also just make it like a soft, warm, fuzzy kind of introduction to the community. And engage on all kinds of levels, advanced to beginner levels. >> It was interesting, again, this morning, I think about half the people raised their hands to the question, "is it their first year?" So, it still seems like the Docker, the inbound people interested in Docker is still growing and millions of developers all over the world, right? I don't know, Bret, you have a course, Docker Mastery, you also do meetups, and so I'm curious like what is the common pathway or drivers for new folks coming in, that you see and talk with? >> Yeah, what's the pathways? >> Yeah, the pathway, what's driving them? What are they trying to do? Again, are they these solo folks? >> Yeah, it's sort of a little bit of everything. We're very lucky in the course. We actually just crossed 55,000 students worldwide, 161 countries on a course that is only a year old. So, it kind of speaks to the volume of people around the world that really want to learn containers and all the tools around them. I think that the common theme there is I think we had the early adopters, right, and that was the first three or four years of Docker was people that were Silicon Valley, startups, people who were already on the bleeding edge of technology, whether it was hobbyist or enterprise. It was all people, but it was sort of the Linux people. Now, what we're getting is the true enterprise admins and developers, right. And that means, Microsoft, IBM mainframes, .Net, Java, you're getting all of these sort of traditional enterprise technologies but they all have the same passion, they're just coming in a few years later. So, what's funny is, you're meetups don't really change. They're just growing. Like what you see worldwide, the trend is we're still on the up-climb of all the groups, we have over 200 meetups worldwide now that meet once a month about Docker. It's just a crazy time right now. Everything's growing and it's like you wonder if it's ever going to stop, right How big are we gonna get, gonna take over the world with containers? >> Yeah, about 60% or more of all our meetups are completely new to Docker. And, it ranges from, you know, my boss told me about it so I gotta learn it or I found it and I want to convince other people in my organization to use it so I need to learn it more so I can make that case or, it's immediately solving a problem but I don't know how to take it to the next level, don't know where it's going, all that. It's a lot of new people. >> I get students a lot, college students that want to be more aggressive when they get in the marketplace and they hear the word 'DevOps' a lot and they think DevOps is a thing I need to learn in order to get a job. They don't really know what that is. And, of course, we don't even. At this point, it's so watered down, I don't know if anyone really knows what it is. But eventually, they search that and they come up with sort of key terms and I think one of those the come up right away is Docker. And they don't know what that is. But, I get asked the question a lot, If I go to this workshop or if I go the meetup or whatever, can I put that on my resume so I can get my first job out of school? They're always looking for something else beyond their schooling to make them a better first resume. So, it's cool to see even the people just stepping into the job market getting their feet wet with Docker even when they don't even know why they need it. >> It sounds like a symbiotic thought leadership community that you guys are part of and it sounds like the momentum we heard this morning in the general session is really carried out through the Docker captains and the communities. So, Nirmal, Bret, thanks so much for stopping by bringing your snazzy sweatshirts and sharing what you guys are doing as Docker captains. We appreciate your time. >> Thank you. >> Thank you. >> We want to thank you for watching The Cube. I'm Lisa Martin with John Troyer. We're live at DockerCon 2018. Stick around, John and I will be right back with our next guest.

>> Announcer: Live from Washington, DC it's theCube covering .conf 2017 brought to you by Splunk. >> Welcome back here on theCube the flagship broadcast for Silicon Angle TV, glad to have you here at .conf 2017 along with Dave Vellante, John Walls. We are live in Washington, DC and balmy Washington, DC. It's like 88 here today, really hot. >> It's cooler here than it is in Boston, I here. >> Yeah, right, but we're not used to it this time of year. Brad Medairy now joins us he's an SVP at Booz Allen Hamilton and Brad, thank you for being with us. >> Dave: And another Redskins fan I heard. >> Another Redskins fan. >> It was a big night wasn't it? Sunday night, I mean we haven't had many of those in the last decade or so. >> Yeah, yeah, I became a Redskins fan in 1998 and unfortunately a little late after the three or four superbowls. >> John: That's a long dry spell, yeah. >> Are you guys Nats fans? >> Oh, huge Nats fan, I don't know, how about Brad, I don't want to speak for you. >> I've got a soft spot in my heart for the Nats, what's the story with that team? >> Well, it's just been post-season disappointment, but this year. >> This is the year. >> This is the year, although-- >> Hey, if the Redsox and the Cubs can do it. >> I hate to go down the path, but Geos worry me a little bit, but we can talk about it offline. >> Brad: Yeah, let's not talk about DC Sports. >> Three out of five outings now have not been very good, but anyway let's take care of what we can. Cyber, let's talk a little cyber here. I guess that's your expertise, so pretty calm, nothing going on these days, right? >> It's a boring field, you know? Boring field, yeah. >> A piece of cake. So you've got clients private sector, public sector, what's kind of the cross-pollination there? I mean, what are there mutual concerns, and what do you see from them in terms of common threats? >> Yeah, so at Booz Allen we support both federal and commercial clients, and we have a long history in cyber security kind of with deep roots in the defense and the intelligence community, and have been in the space for years. What's interesting is I kind of straddle both sides of the fence from a commercial and a federal perspective, and the commercial side, some of the major breaches really force a lot of these organizations to quickly get religion, and early on everything was very compliance driven and now it's much more proactive and the need to be much more both efficient and effective. The federal space is, I think in many cases, catching up, and so I've done a lot of work across .mil and there's been a lot of investment across .mil, and very secure, .gov, you know, is still probably a fast follower, and one of the things that we're doing is bringing a lot of commercial best practices into the government space and the government's quickly moving from a compliance-based approach to cyber security to much more proactive, proactive defense. >> Can you get, it's almost like a glacier sometimes, right, I mean there's a legacy mindset, in a way, that government does it's business, but I would assume that events over the past year or two have really prompted them along a little bit more. >> I mean there's definitely been some highly publicized events around breaches across .gov, and I think there's a lot of really progressive programs out there that are working to quickly you know, remediate a lot of these issues. One of the programs we're involved in is something called CDM that's run out of DHS, Continuous Diagnostic and Mitigation, and it's a program really designed to up-armor .gov, you know to increase situational awareness and provide much more proactive reporting so that you can get real-time information around events and postures of the network, so I think there's a lot of exciting activities and I think DHS and partnership with the federal agencies is really kind of spearheading that. >> So if we can just sort of lay out the situation in the commercial world and see how it compares to what's going on in gov. Product creep, right, there's dozens and dozens and dozens of products that have been installed, security teams are just sort of overwhelmed, overworked, response is too slow, I've seen data from, whatever, 190 days to 350 days, to identify an infiltration, nevermind remediate it, and so, it's a challenge, so what's happening in your world and how can you guys help? >> Yeah, you know it's funny, I love going out to the RSA conference and, you know, I watch a lot of folks in the space, walking around with a shopping cart and they meet all these great vendors and they have all these shiny pebbles and they walk away with the silver bullet, right, and so if they implement this tool or technology, they're done, right? And I think we all know, that's not the case, and so over the years I think that we've seen a lot of, a lot of organizations, both federal and commercial, try to solve a lot of the problems through, you know, new technology solutions, whether it's the next best intrusion detection, or if it's endpoint, you know, the rage now is EDR, MDR, and so, but the problem is at the end of the day, the adversaries live in the seams, and in the world that I grew up in focused a lot around counter-terrorism. We took a data-centric approach to finding advanced adversaries, and one of the reasons that the Booz Allen has strategically partnered with Splunk is we believe that, you know, in a data-centric approach to cyber, and Splunk as a platform allows us to quickly integrate data, independent of the tools because the other thing with these tool ecosystems is all these tools work really well within their own ecosystem, but as soon as you start to mix and match best of breed tools and capabilities, they tend to not play well together. And so we use Splunk as that integration hub to bring together the data that allows us to bring our advanced trade-craft and tech-craft around hunting, understanding of the adversaries to be able to fuse that data and do advanced detection and help our clients be a lot more proactive. >> So cyber foresight is the service that you lead with? >> Yeah, you know, one of the things, having a company that's been, Booz Allen I think now is 103 years old, with obvious deep roots in the federal government, and so we have a pedigree in defense and intelligence, and we have a lot of amazing analysts, a lot of amazing, what we call, tech-craft, and what we did was, this was many many years ago, and we're probably one of the best kept secrets in threat intelligence, but after maybe five or six years ago when you started to see a lot of the public breaches in the financial services industry, a lot of the financial service clients came to us and said, "Hey, Booz Allen, you guys understand the threat, you understand actors, you understand TTPs, help educate us around what these adversaries are doing. Why are they doing it, how are they doing it, and how can we get out in front of it?" So the question has always been, you know, how can we be more proactive? And so we started a capability that we, or we developed a capability called cyber foresight where we provided some of our human intelligence analysts and applied them to open-source data and we were providing threat intelligence as a service. And what's funny is today you see a lot of the cyber threat intelligence landscape is fairly crowded, when I talk to clients they affectionately refer to people that provide threat intelligence as beltway book reporters, which I love. (laughter) But for us, you know, we've lived in that space for so many years we have the analysts, the scale, the tradecraft, the tools, the technologies, and we feel that we're really well positioned to be able to provide clients with the insights. You know, early on when we were working heavily in the financial services sector, the biggest challenge a lot of our clients had in threat intelligence was, what do I do with it? Okay, so you're going to send me, what we call a Spot Report, and so hey we know this nation-state actor with this advanced set of TTPs is targeting my organization, so what, right? I'm the CISO, I'm the CIO, should I resign? Should I jump out the window? (laughter) What do I do? I know these guys are coming after me, how do I actually operationalize that? And so what we've spent a lot of time thinking about and investing in is how to operationalize threat intelligence, and when we started, you kind of think of it as a pitcher and a catcher, right? You know, so the threat intelligence provider throws those insights, but the receiver needs to be able to catch that information, be able to put it in context, process it, and then operationalize it, implement it within their enterprise to be able to stop those advanced threats. And so one of the reasons that we gravitated toward Splunk, Splunk is a platform, Splunk is becoming really, in our mind, one of the defacto repositories for IT and cyber data across our client space, so when you take that, all those insights that Splunk has around the cyber posture and the infrastructure of an enterprise, and you overlay the threat intelligence with that, it gives us the ability to be able to quickly operationalize that intelligence, and so what does that mean? So, you know, when a security operator is sitting at a console, they're drowning in data, and, you know, analysts, we've investigated tons of commercial breaches and in most cases what we see is the analyst, at some point, had a blinking red light on their screen that was an indicator of that particular breach. The problem is, how do you filter through the noise? That's a problem that this whole industry, it's a signal to noise ratio issue. >> So you guys bring humans to that equation, human intelligence meets analytics and machine intelligence, and your adversary has evolved, and I wonder if you can talk about that, it's gone from sort of hacktivists to organized crime and nation-states, so they've become much more sophisticated. How have the humans sort of evolved as well that your bridge to bear? >> Yeah, I mean certainly the bear to entry is lower, and so now we're seeing ransomware as a service, we're seeing attacks on industrial control systems, on IOT devices, you know, financial services now is extremely concerned about building control systems because if you can compromise and build a control system you can get into potentially laterally move into the enterprise network. And so our analysts now not only are traditional intelligence analysts that understand adversaries and TTPs, but they also need to be technologists, they need to have reverse engineering experience, they need to be malware analysts, they need to be able to look at attack factors in TTPs to be able to put all the stuff in context, and again it goes back to being able to operationalize this intelligence to get value out of it quickly. >> They need to have imaginations, right? I mean thinking like the bad guys, I guess. >> Yeah, I mean we spend a lot of time, we've started up a new capability called Dark Labs and it's our way to be able to unlock some of those folks that think like bad guys and be able to unleash them to look at the world through a different lens, and be able to help provide clients insights into attack factors, new TTPs, and it's fascinating to watch those teams work. >> How does social media come into play here? Or is that a problem at all, or is that a consideration for you at all? >> Well, you know, when we look at a lot of attacks, what's kind of interesting with the space now is you look at nation-state and nation-state activists and they have sophisticated TTPs. In general they don't have to use them. Nation-states haven't even pulled out their quote "good stuff" yet because right now, for the most part they go with low-hanging fruit, low-hanging fruit being-- >> Just pushing the door open, right? >> Yeah, I mean, why try to crash through the wall when you can just, you know, the door's not locked? And so, you know, when you talk about things like social media whether it's phishing, whether it's malware injected in images, or on Facebook, or Twitter, you know, the majority of tacts are either driven through people, or driven through just unpatched systems. And so, you know, it's kind of cliche, but it really starts with policies, training of the people in your organization, but then also putting some more proactive monitoring in place to be able to kind of start to detect some of those more advanced signatures for some of the stuff that's happening in social media. >> It's like having the best security system in the world, but you left your front door unlocked. >> That's right, that's right. >> So I wonder if, Brad, I don't know how much you can say, but I wonder if you could comment just generally, like you said, we haven't seen their best pitch yet, we had Robert Gates on, and when I was interviewing him he said, "You know, we have great offensive posture and security, but we have to be super careful how we use it because when it comes to critical infrastructure we have the most to lose." And when you think about the sort of aftermath of Stuxnet, when basically the Iranians said hey we can do this too, what's the general sort of philosophy inside the beltway around offense versus defense? >> You know, I think from, that's a great question. From an offensive cyber perspective I think where the industry is going is how do you take offensive tradecraft and apply it to defensive? And so by that I mean, think about we take folks that have experience thinking like a bad guy, but unleash them in a security operation center to do things like advanced hunting, and so what they'll do is take large sets of data and start doing hypothesis driven analytics where they'll be able to kind of think like a bad guy and then they'll have developers or techies next to them building different types of analytics to try to take their mind and put it into an analytic that you can run over a set of data to see, hey, is there an actor on your network performing like that? And so I think we see in the space now a lot of focus around hunting and red teaming, and I think that's kind of the industry's way of trying to take some of that offensive mentality, but then apply it on the defensive side. >> Dave: It just acts like kind of Navy Seal operations in security. >> Right, right, yeah. I mean the challenge is there's a finite set of people in the world that really, truly have that level of tradecraft so the question is, how do you actually deliver that at any level of scale that can make a difference across this broader industry. >> So it's the quantity of those skill sets, and they always say that the amazing thing, again I come back to Stuxnet, was that the code was perfect. >> Brad: Yeah. >> The antivirus guy said, "We've never seen anything like that where the code is just perfect." And you're saying it's just a quantity of skills that enables that, that's how you know it's nation-state, obviously, something like that. >> Yeah, I mean the level of expertise, the skill set, the time it take to be able to mature that tradecraft is many many years, and so I think that when we can crack the bubble of how we can take that expertise, deliver it in a defensive way to provide unique insights that, and do that at scale because just taking one of those folks into an organization doesn't help the whole, right? How can you actually kind of operationalize that to be able to deliver that treadecraft through things like analytics as a service, through manage, detection, and response, at scale so that one person can influence many many organizations at one time. >> And, just before we go, so cyber foresight is available today, it's something you're going to market with. >> Yeah, we just partnered with Splunk, it's available as a part of Splunk ES, it's an add-on, and it provides our analysts the ability to provide insights and be able to operationalize that within Splunk, we're super excited about it and it's been a great partnership with Splunk and their ES team. >> Dave: So you guys are going to market together on this one. >> We are partnered, we're going to market together, and delivering the best of our tradecraft and our intelligence analysts with their platform and product. >> Dave: Alright, good luck with it. >> Hey, thank you, thank you very much, guys. >> Good pair, that's for sure, yeah. Thank you, Brad, for being with us here, and Monday night, let's see how it goes, right? >> Yeah, I'm optimistic. >> Very good, alright. Coach Brad Medairy joining us with his rundown on what's happening at Booz Allen. Back with more here on theCube, you're watching live .conf 2017.

>>okay. Getting data right is one of the top priorities for organizations to affect digital strategy. So right now we're going to dig into the challenges customers face when trying to deploy enterprise wide data strategies. And with me to unpack this topic is Kirk born principal data Scientists and executive advisor Booz Allen Hamilton. Kirk, great to see you. Thank you, sir, for coming on the program. >>Great to be here, Dave. >>So hey, enterprise scale data science and engineering initiatives there. Nontrivial. What do you see? Some of the challenges and scaling data science and data engineering ops. >>Well, one of the first challenge is just getting it out of the sandbox because so many organizations, they say, let's do cool things with data. But how do you take it out of that sort of play phase into an operational phase? And so being able to do that is one of the biggest challenges. And then being able to enable that for many different use cases then creates an enormous challenge. Because do you replicate the technology and the team for each individual use case, or can you unify teams and technologies to satisfy all possible use cases? And so those are really big challenges for companies, organizations everywhere to think about >>what about the idea of industrializing those those data operations? I mean, what does that? What does that mean to you? Is that a security connotation? A compliance? How do you think about it? >>It's actually all of those industrialized to me is sort of like How do you not make it a one off? But you make it sort of a reproducible, solid, risk compliant and so forth system that can be reproduced many different times and again using the same infrastructure and the same analytic tools and techniques, but for many different use cases, so we don't have to rebuild the will reinvent the wheel, reinvent the car, so to speak. Every time you need a different type of vehicle, you build a car or a truck or a race car. There's some fundamental principles that are common to all of those, and that's where that industrialization is, and it includes security, compliance with regulations and all those things. But it also means just being able to scale it out to to new opportunities beyond the ones that you dreamed of when you first invented the thing >>you know, data by its very nature. As you well know, it's distributed, but for you've been at this a while. For years, we've been trying to sort of shove everything into a monolithic architecture and and in hardening infrastructures around that and many organizations, it's It's become a block to actually getting stuff done. But so how? How are you seeing things like the edge emerged? How do you How do you think about the edge? How do you see that evolving? And how do you think customers should be dealing with with edge and edge data? >>Well, it's really kind of interesting. I had many years at NASA working on data systems, and back in those days, the the idea was you would just put all the data in a big data center, and then individual scientists would retrieve that data and do analytics on it, do their analysis on their local computer. And you might say that sort of like edge analytics, so to speak, because they're doing analytics at at their home computer. But that's not what edge means. It means actually doing the analytics, the insights, discovery at the point of data collection, and so that's that's really real time Business decision making. You don't bring the data back and then try to figure out sometime in the future what to do. And I think an autonomous vehicle is a good example of why you don't want to do that. Because if you collect data from all the cameras and radars and light ours that are on a self driving car and you move that data back to a data cloud while the car is driving down the street and let's say a child walks in front of the car, you send all the data back. It computes and does some object recognition and pattern detection, and 10 minutes later sent a message to the car. Hey, you need to put your brakes on. Well, it's a little kind of late at that point, and so you need to make those discoveries, insight, discoveries, those pattern discoveries and hence the proper decisions from the patterns in the data at the point of data collection. And so that's Data Analytics at the edge. And so, yes, you can bring the data back to a central cloud or distributed cloud. It almost doesn't even matter if if your data is distributed, so any use case in any data, scientists or any analytic team in the business can access it. Then what you really have is a data mesh or a data fabric that makes it accessible at the point that you need it, whether it's at the edge or in some static post, uh, event processing. For example, typical business quarter reporting takes a long look at your last three months of business. Well, that's fine in that use case, but you can't do that for a lot of other real time analytic decision making. Well, >>that's interesting. I mean, it sounds like you think the the edge not as a place, but as you know, where it makes sense to actually, you know, the first opportunity, if you will, to process the data at low latency, where it needs to be low latency. Is that a good way to think about it? >>Absolutely. It's a little late and see that really matters. Uh, sometimes we think we're gonna solve that with things like five G networks. We're gonna be able to send data really fast across the wire. But again, that self driving cars yet another example because what if you all of a sudden the network drops out, you still need to make the right decision with the network not even being there, >>that darn speed of light problem. Um, and so you use this term data mash or or data fabric? Double click on that. What do you mean by that? >>Well, for me, it's it's, uh, it's a sort of a unified way of thinking about all your data. And when I think of mesh, I think of like weaving on a loom, or you're you're creating a blanket or a cloth and you do weaving, and you do that. All that cross layering of the different threads and so different use cases in different applications and different techniques can make use of this one fabric, no matter where it is in the in the business. Or again if it's at the edge or or back at the office. One unified fabric, which has a global name space so anyone can access the data they need, sort of uniformly, no matter where they're using it. And so it's a way of this unifying all the data and use cases and sort of a virtual environment that that no longer you need to worry about. So what's what's the actual file name or what's the actual server of this thing is on? Uh, you can just do that for whatever use case you have. But I think it helps Enterprises now to reach a stage which I like to call the self driving enterprise. Okay, so it's modeled after the self driving car. So the self driving enterprise needs the business leaders in the business itself. You would say it needs to make decisions oftentimes in real time, all right. And so you need to do sort of predictive modeling and cognitive awareness of the context of what's going on. So all these different data sources enable you to do all those things with data. And so, for example, any kind of a decision in a business, any kind of decision in life, I would say, is a prediction, right? You say to yourself, If I do this such and such will happen If I do that, this other thing will happen. So a decision is always based upon a prediction about outcomes, and you want to optimize that outcome so both predictive and prescriptive analytics need to happen in this in this same stream of data and not statically afterwards, so that self driving enterprises enabled by having access to data wherever and whenever you need it. And that's what that fabric that data fabric and data mesh provides for you, at least in my opinion. >>Well, so like carrying that analogy like the self driving vehicle, your abstracting, that complexity away in this metadata layer that understands whether it's on prem or in the public cloud or across clouds or at the edge where the best places to process that data, what makes sense? Does it make sense to move it or not? Ideally, I don't have to. Is that how you're thinking about it? Is that why we need this notion of a data fabric >>right? It really abstracts away all the sort of complexity that the I T aspects of the job would require. But not every person in the business is going to have that familiarity with the servers and the access protocols and all kinds of it related things, and so abstracting that away. And that's in some sense what containers do. Basically, the containers abstract away that all the information about servers and connectivity protocols and all this kind of thing You just want to deliver some data to an analytic module that delivers me. And inside our prediction, I don't need to think about all those other things so that abstraction really makes it empowering for the entire organization. You like to talk a lot about data, democratization and analytics democratization. This really gives power to every person in the organization to do things without becoming an I t. Expert. >>So the last last question, we have time for years. So it sounds like Kirk the next 10 years of data not going to be like the last 10 years will be quite different. >>I think so. I think we're moving to this. Well, first of all, we're going to be focused way more on the why question. Why are we doing this stuff? The more data we collect, we need to know why we're doing it. And one of the phrases I've seen a lot in the past year, which I think is going to grow in importance in the next 10 years, is observe ability, so observe ability to me is not the same as monitoring. Some people say monitoring is what we do. But what I like to say is, yeah, that's what you do. But why you do it is observe ability. You have to have a strategy. Why what? Why am I collecting this data? Why am I collecting it here? Why am I collecting it at this time? Resolution? And so getting focused on those why questions create be able to create targeted analytic solutions for all kinds of different different business problems. And so it really focuses it on small data. So I think the latest Gartner data and Analytics trending reports said we're gonna see a lot more focused on small data in the near future. >>Kirk born your dot connector. Thanks so much >>for coming on. The Cuban >>being part of the program. >>My pleasure. Mm mm.

(soft music) >> Getting data right, is one of the top priorities for organizations to affect digital strategy. So, right now we're going to dig into the challenges customers face when trying to deploy enterprise wide data strategies and with me to unpack this topic is Kirk Borne, Principal-Data Scientist, and Executive Advisor Booz Allen Hamilton. Kirk, great to see you, thank you sir for coming on the program. >> Great to be here, Dave. >> So hey, enterprise scale, data science and engineering initiatives, they're non-trivial. What do you see as some of the challenges in scaling data science and data engineering ops? >> First challenge is just getting it out of the sandbox, because so many organizations, they say let's do cool things with data but how do you take it out of that sort of play phase into an operational phase? And so being able to do that is one of the biggest challenges and then being able to enable that for many different use cases then creates an enormous challenge, because do you replicate the technology and the team for each individual use case or can you unify teams and technologies to satisfy all possible use cases? And so those are really big challenges for companies, organizations everywhere to think about. >> Well, what about the idea of you know, industrializing those data operations? I mean, what does that mean to you, is that a security connotation, a compliance? How do you think about it? >> It's actually all of those. And industrialized to me is sort of like, how do you not make it a one-off but you make it a sort of a reproducible, solid risk compliant and so forth system that can be reproduced many different times. And again, using the same infrastructure and the same analytic tools and techniques but for many different use cases. So we don't have to rebuild the wheel, reinvent the wheel, reinvent the car so to speak every time you need a different type of vehicle. You can either build a car, or a truck, or a race car there's some fundamental principles that are common to all of those. And that's where that industrialization is. And it includes security, compliance with regulations and all those things but it also means just being able to scale it out to to new opportunities beyond the ones that you dreamed of when you first invented the thing. >> Yeah, data by its very nature as you well know, is it's distributive but for you you've been at this awhile, for years we've been trying to sort of shove everything into a monolithic architecture, and in hardening infrastructures around that. And in many organizations it's become, you know, a block to actually getting stuff done. But, so how are you seeing things like the Edge emerge you know, how do you think about the edge, how do you see that evolving and how do you think customers should be dealing with edge and edge data? >> Well, that's really kind of interesting. I had many years at NASA working on data systems, and back in those days the idea was you would just put all the data in a big data center and then individual scientists would retrieve that data and do analytics on it, do their analysis on their local computer. And you might say that's sort of like edge analytics so to speak because they're doing analytics at their home computer, but that's not what edge means. It means actually doing the analytics, the insights discovery at the point of data collection. And so that's really real time business decision-making. You don't bring the data back and then try to figure out sometime in the future what to do. And I think autonomous vehicles is a good example of why you don't want to do that because if you collect data from all the cameras and radars and lidars that are on a self-driving car, and you move that data back to a data cloud while the car is driving down the street and let's say a child walks in front of the car, you send all the data back it computes and does some object recognition and pattern detection. And 10 minutes later, it sends a message to the car, "Hey, you need to put your brakes on." Well, it's a little kind of late at that point (laughs) and so you need to make those discoveries those insight discoveries, those pattern discoveries and hence the proper decisions from the patterns in the data at the point of data collection. And so that's data analytics at the edge. And so yes, you can bring the data back to a central cloud or distributed cloud. It almost doesn't even matter. If your data is distributed at sort of any use case in any data scientist or any analytic team and the business can access it then what you really have is a data mesh or a data fabric that makes it accessible at the point that you need it, whether it's at the edge or in some static post event processing, for example, typical business quarter reporting takes a long look at your last three months of business. Well, that's fine in that use case, but you can't do that for a lot of other real time analytic decision-making >> Well that's interesting. I mean, it sounds like you think of the edge not as a place, but as you know where it makes sense to actually, you know the first opportunity, if you will, to process the data at low latency where it needs to be low latency, is that a good way to think about it? >> Yeah, absolutely. It's the low latency that really matters. Sometimes we think we're going to solve that with things like 5G networks. We're going to be able to send data really fast across the wire, but again, that self-driving car is yet another example because what if all of a sudden the network drops out you still need to make the right decision with the network not even being there. >> Yeah that darn speed of light problem. And so you use this term data mesh or data fabric, double click on that, what do you mean by that? >> Well, for me, it's sort of a unified way of thinking about all your data. And when I think of mesh, I think of like weaving on a loom, you're creating a a blanket or a cloth and you do weaving and you do that all that cross layering of the different threads. And so different use cases in different applications in different techniques can make use of this one fabric no matter where it is in the business or again, if it's at the edge or back at the office. One unified fabric, which has a global namespace so anyone can access the data they need, sort of uniformly no matter where they're using it. And so it's a way of unifying all of the data and use cases and sort of a virtual environment that you no longer need to worry about. So what's the actual file name or what's the actual server this thing is on, you can just do that for whatever use case you have. I think it helps the enterprises now to reach a stage which I like to call the self-driving enterprise, okay? So it's modeled after the self-driving car. So the self-driving enterprise, the business leaders and the business itself you would say needs to make decisions, oftentimes in real time, All right? And so you need to do sort of predictive modeling and cognitive awareness of the context of what's going on. So all of these different data sources enable you to do all those things with data. And so, for example, any kind of a decision in a business, any kind of decision in life, I would say is a prediction, right? You say to yourself, if I do this such and such will happen. If I do that, this other thing will happen. So a decision is always based upon a prediction about outcomes and you want to optimize that outcome. So both predictive and prescriptive analytics need to happen in this same stream of data and not statically afterwards. And so that self-driving enterprise is enabled by having access to data wherever and whenever you need it and that's what that fabric, that data fabric and data mesh provides for you, at least in my opinion. >> Also like carrying that analogy like the self-driving vehicle, you're abstracting that complexity away and there's a metadata layer that understands whether it's on prem or in the public cloud or across clouds, or at the edge, where are the best places to process that data, what makes sense, does it make sense to move it or not, ideally, I don't have to, Is that how you're thinking about it? Is that why we need this notion of a data fabric? >> Right, it really abstracts away all the, sort of the complexity that the IT aspects of the job would require, but not every person in the business is going to have that familiarity with the servers and the access protocols and all kinds of IT related things. And so abstracting that away, and that's in some sense what containers do. Basically the containers abstract away all the information about servers and connectivity, you know, and protocols and all this kind of thing. You just want to deliver some data to an analytic module that delivers me an insight or a prediction, I don't need to think about all those other things. And so that abstraction really makes it empowering for the entire organization. We like to talk a lot about data democratization and analytics democratization. This really gives power to every person in the organization to do things without becoming an IT expert. >> So the last question we have time for here is, so it sounds like Kirk, the next 10 years of data are not going to be like the last 10 years, it will be quite different. >> I think so. I think we're moving to this, well, first of all, we're going to be focused way more on the why question, like, why are we doing this stuff? The more data we collect we need to know why we're doing it. And what are the phrases I've seen a lot in the past year which I think is going to grow in importance in next 10 years is observability. So observability to me is not the same as monitoring. Some people say monitoring is what we do but what I like to say is, "Yeah, that's what you do, but why you do it is observability." You have to have a strategy. Why am I collecting this data? Why am I collecting it here? Why am I collecting it at this time resolution? And so getting focused on those why questions, be able to create targeted analytics solutions for all kinds of different business problems. And so it really focuses it on small data. So, I think the latest Gartner data and analytics trending report, so we're going to see a lot more focus on small data in the near future. >> Kirk Borne, you're a dot connector. Thanks so much for coming on The Cube and being of the part of the program. >> My pleasure. (soft music)

>> Announcer: Live from Washington D. C., it's the CUBE. Covering .conf2017. Brought to you by Splunk. (electronic music) >> Welcome back to the nation's capitol everybody. This is the CUBE, the leader in live tech coverage. And we're here at day two covering Splunk's .conf user conference #splunkconf17, and my name is Dave Vellante, I'm here with with co-host, George Gilbert. As I say, this is day two. We just came off the keynotes. I'm over product orientation today. George, what I'd like to do is summarize the day and the quarter that we've had so far, and then bring you into the conversation and get your opinion on what you heard. You were at the analyst event yesterday. I've been sitting in keynotes. We've been interviewing folks all day long. So let me start, Splunk is all about machine data. They ingest machine data, they analyze machine data for a number of purposes. The two primary use cases that we've heard this week are really IT, what I would call operations management. Understanding the behavior of your systems. What's potentially going wrong, what needs to be remediated. to avoid an outage or remediate an outage. And of course the second major use case that we've heard here is security. Some of the Wall Street guys, I've read some of the work this morning. Particularly Barclays came out with a research note. They had concerns about that, and I really don't know what the concerns are. We're going to talk about it. I presume it's that they're looking for a TAM expansion strategy to support a ten billion dollar valuation, and potentially a much higher valuation. It's worth noting the conference this year is 7,000 attendees, up from 5,000 last year. That's a 40% increase, growing at, or above actually, the pace of revenue growth at Splunk. Pricing remains a concern for some of the users that I've talked to. And I want to talk to you about that. And then of course, there's a lot of product updates that I want to get into. Splunk Enterprise 7.0 which is really Splunk's core analytics platform ITSI which is what I would, their 3.0, which I would call their ITOM platform. UBA which is user behavior analytics 4.0. Updates to Splunk Cloud, which is a service for machine data in the cloud. We've heard about machine learning across the portfolio, really to address alert fatigue. And a new metrics engine called Mstats. And of course we heard today, enterprise content security updates and many several security-oriented solutions throughout the week on fraud detection, ransomware, they've got a deal with Booz Allen Hamilton on Cyber4Sight which is security as a service that involves human intelligence. And a lot of ecosystem partnerships. AWS, DellEMC was on yesterday, Atlassian, Gigamon, et cetera, growing out the ecosystem. That's a quick rundown, George. I want to start with the pricing. I was talking to some users last night before the party. You know, "What do you like about Splunk? "What don't you like about Splunk? "Are you a customer?" I talked to one prospective customer said, "Wow, I've been trying to do "this stuff on my own for years. "I can't wait to get my hands on this." Existing customers, though, only one complaint that I heard was your price is to high, essentially is what they were telling Splunk. Now my feeling on that, and Raymo from Barclays mentioned that in his research note this morning. Raymo Lencho, top securities analyst following software industry. And my feeling George is that historically, "Your price is too high," has never been a headwind for software companies. You look at Oracle, you look at ServiceNow, sometimes customers complain about pricing too high. Splunk, and those companies tend to do very well. What's your take on pricing as a headwind or tailwind indicator? >> Well the way, you always set up these questions in a way that makes answering them easy. Because it's a tailwind in the sense that the deal sizes feed an enterprise sales force. And you need an enterprise sales force ultimately to be pervasive in an organization. 'Cause you can't just throw up like an Amazon-style console and say, "Pick your poison and put it all together." There has to be an advisory, consultative approach to working with a customer to tell them how best to fit their portfolio. >> Right. >> And their architecture. So yes, the price helps you feed that what some people in the last era of enterprise software used to call the most expensive migratory workforce in the world., which is the sales, enterprise sales organization. >> Sure, right. >> But what's happened in the different, in the change from the last major enterprise applications, ERPCRM, and what we're getting into now, is that then the data was all generated and captured by humans. It was keyboard entry. And so there was no, the volumes of data just weren't that great. It was human, essentially business transactions. Now we're capturing data streaming off everything. And you could say Splunk was sort of like the first one out of the gate doing that. And so if you take the new types of data, customer interactions, there are about ten to a hundred customer interactions for every business transaction. Then the information coming out of the IT applications and infrastructure. It's about ten to a hundred times what the customer interactions were. >> Yeah. >> So you can't price the, Your pricing model, if it stays the same will choke you. >> So you're talking about multiple orders of magnitude >> Yes. >> Of more data. >> Yeah. >> And if you're pricing by the terabyte, >> Right. >> Then that's going to cross your customers. >> Right. But here's what I would argue though George. I mean, and you mentioned AWS. AWS is another one where complaints of high pricing. But if, to me, if the company is adding value, the clients will pay for it. And when you get to the point where it becomes a potential headwind, the company, Oracle is a classic at this, will always adjust its pricing to accommodate both its needs as a public organization and a company that has to make money and fund R & D, and the customers needs, and find that balance where the competition can't get in. And so it seems to me, and we heard this from Doug Merritt yesterday, that his challenge is staying ahead of the game. Staying, moving faster than the cloud guys. >> Yeah. >> In what they do well. And to the extent that they do that, I feel like their customers will reward them with their loyalty. And so I feel as though they can adjust their pricing mechanisms. Yeah, everybody's worried about 606, and of course the conversions to subscriptions. I feel as though a high growth, and adjustments to your pricing strategy, I think can address that. What do you think about that? >> It's... It sounds like one of those sayings where, the friends say, "Well it works in practice, "but does it work in theory?" >> No, no. But it has worked in practice in the industry hasn't it? So what's different now? >> Okay. So take Oracle, at list price for Oracle 12C, flagship database. The price per processor core, with all the features thrown in, is something like three hundred thousand, three hundred fifty thousand per core. So you take an average Intel high end server chip, that might have 24 cores, and then you have two sockets, so essentially one node server is 48 times 350. And then of course, Oracle will say, "But for a large customer, we'll knock 90% off that," or something like that. >> Yeah, well exactly. >> Which is exactly what the Splunk guys told me yesterday. But it's-- >> But that's what I'm saying. They'll do what they have to do to maintain the footprint in the customer, do right by the customer, and keep the competition out. >> But if it's multiple orders of magnitude different. If you take the open source guys where essentially the software's free and you're just paying for maintenance. >> (laughs) Yeah and humans. >> Yeah, yeah. >> Okay, that's the other advantage of Splunk, as you pointed out yesterday, they've got a much more integrated set of offerings and services that dramatically lower. I mean, we all know the biggest cost of IT is people. It's not the hardware and software but, all right, I don't want to rat hole on pricing, but that was a good discussion. What did you learn yesterday? You've sat through the analyst meeting. Give us the rundown on George Gilbert's analysis of .conf generally and Splunk as a company specifically. >> Okay, so for me it was a bit of an eye opener because I got to understand sort of, I've always had this feeling about where Splunk fits relative to the open source big data ecosystem. But now I got a sense for what their ambitions are, and what their tactical plan is. I've said for awhile, Splunk's the anti-Hadoop. You know, Hadoop is multiple, sort of dozens of animals with three zookeepers. And I mean literally. >> Yeah. >> And the upside of that is, those individual projects are advancing with a pace of innovation that's just unheard of. The problem is the customer bears the burden of putting it all together. Splunk takes a very different approach which is, they aspire apparently to be just like Hadoop in terms of platform for modern operational analytic applications, but they start much narrower. And it gets to what Ramie's point was in that Wall Street review, where if you take at face value what they're saying, or you've listened just to the keynote, it's like, "Geez, they're in this IT operations ghetto, "in security and that's a La Brea tar pit, "and how are they ever going to climb out of that, "to something really broad?" But what they're doing is, they're not claiming loudly that they're trying to topple the giants and take on the world. They're trying to grow in their corner where they have a defensible moat. And basically the-- >> Let me interrupt you. >> Yeah. >> But to get to five billion >> Yeah. >> Or beyond, they have to have an aggressive TAM expansion strategy, kind of beyond ITOM and security, don't they? >> Right. And so that's where they start generalizing their platform. The data store they had on the platform, the original one, is kind of like a data lake in the sense that it really was sort of the same searchable type index that you would put under a sort of a primitive search engine. They added a new data store this time that handles numbers really well and really fast. That's to support the metrics so they can have richer analytics on the dashboard. Then they'll have other data stores that they add over time. And for each one, you're able to now build with their integrated tool set, more and more advanced apps. >> So you can't use a general purpose data store. You've got to use the Splunk within data. It's kind of like Work Day. >> Yeah, well except that they're adding more over time, and then they're putting their development tools over these to shield them. Now how seamlessly they can shield them remains to be seen. >> Well, but so this is where it gets interesting. >> Yeah. >> Splunk as a platform, as an application development platform on which you can build big data apps, >> Yeah. >> It's certainly, conceptually, you can see how you could use Splunk to do that right? >> And so their approaches out of the box will help you with enterprise security, user, they call it user behavior analytics, because it's a term another research firm put on it, but it's really any abnormal behavior of an entity on the network. So they can go in and not sell this fuzzy concept of a big data platform. They said, they go in and sell, to security operations center, "We make your life much, much easier. "And we make your organization safer." And they call these curated experiences. And the reason this is important is, when Hadoop sells, typically they go in, and they say, "Well, we have this data lake. "which is so much cheaper and a better way "to collect all your data than a data warehouse." These guys go in and then they'll add what more and more of these curated experiences, which is what everyone else would call applications. And then the research Wikibon's done, depth first, or rather breadth first versus depth first. Breadth first gives you the end to end visibility across on prem, across multiple clouds, down to the edge. But then, when they put security apps on it, when they put dev ops or, some future big data analytics apps as their machine learning gets richer and richer, then all of a sudden, they're not selling the platform, because that's a much more time-intensive sale, and lots more of objectives, I'm sorry, objections. >> It's not only the solutions, those depth solutions. >> Yes, and then all of a sudden, the customer wakes up and he's got a dozen of these things, and all of a sudden this is a platform. >> Well, ServiceNow is similar in that it's a platform. And when Fred Luddy first came out with it, it's like, "Here." And everybody said, "Well, what do I do with it?" So he went back and wrote a IT service management app. And they said, "Oh okay, we get it." Splunk in a similar way has these depth apps, and as you say, they're not selling the platform, because they say, "Hey, you want to buy a platform?" people don't want to buy a platform, they want to buy a solution. >> Right. >> Having said that, that platform is intrinsic to their solutions when they deliver it. It's there for them to leverage. So the question is, do they have an application developer kit strategy, if you will. >> Yeah. >> Whether it's low code or even high code. >> Yeah. >> Where, and where they're cultivating a developer community. Is there anything like that going on here at .conf? >> Yeah, they're not making a big deal about the development tools, 'cause that makes it sound more like a platform. >> (laughs) But they could! >> But they could. And the tools, you know, so that you can build a user interface, you can build dashboards, you can build machine learning models. The reason those tools are simpler and more accessible to developers, is because they were designed to fit the pieces underneath, the foundation. Whereas if you look at some of the open source big data ecosystem, they've got these notebooks and other tools where you address one back end this way, another back end that way. It's sort of, you know, you can see how Frankenstein was stitched together, you know? >> Yeah so, I mean to your point, we saw fraud detection, we saw ransomware, we see this partnership with Booz Allen Hamilton on Cyber4Sight. We heard today about project Waytono, which is unified monitoring and troubleshooting. And so they have very specific solutions that they're delivering, that presumably many of them are for pay. And so, and bringing ML across the platform, which now open up a whole ton of opportunities. So the question is, are these incremental, defend the base and then grow the core solutions, or are they radical innovations in your view? >> I think they're trying to stay away from the notion of radical innovation, 'cause then that will create more pushback from organizations. So they started out with a google-search-like product for log analytics. And you can see that as their aspirations grow for a broader set of applications, they add in a richer foundation. There's more machine learning algorithms now. They added that new data store. And when we talked about this with the CEO, Doug Merritt yesterday at the analyst day, he's like, "Yes, you look out three to five years, "and the platform gets more and more broad. "and at some point customers wake up "and they realize they have a new strategic platform." >> Yeah, and platforms do beat products, and even though it's hard sell, if you have a platform like Splunk does, you're in a much better strategic position. All right, we got to wrap. George thanks for joining me for the intro. I know you're headed to New York City for Big Data NYC down there, which is the other coverage that we have this week. So thank you again for coming on. >> Okay. >> All right, keep it right there. We'll be back with our next guest, we're live. This is the CUBE from Splunk .conf2017 in the nation's capitol, be right back. (electronic music)