>> Okay, up next in the Lightning Talk Session is Brian Galligan; Mgr, Security and Operations at Brookfield Properties. Brian, great to see you. Thanks for coming on. >> Thanks for having me, John. >> So unified visibility across extended asset surface area is key these days. You can't secure what you can't see. So tell me more about how you were able to centralize your view of network assets with Armis and what impact that had on your business. >> Yeah, that's been a really key component of ours where we've actually owned multiple companies with them and are always acquiring companies from time to time. So it's always a question. What is actually out there and what do we need to be worried about. So from an inventory perspective it's definitely something that we've been looking into. Armis was a great partner in being able to get us the visibility into a lot of the IoT that we have out in the environment. And then also trying to find what we have and what's actually installed on those devices. What's running, who's talking to who. So that's definitely been a key component with our partnership with Armis. >> You know, we interview a lot of practitioners and companies and one things we found is vulnerability Management programs. There's a lot of gaps. You know, vulnerability management comes across more sometimes just IT devices, but not all assets. How has Armis Vulnerability Management made things better for your business? And what can you see now that you couldn't see before? >> Yeah, again, because we own multiple companies and they actually use different tools for vulnerability management. It's been a challenge to be able to compare apples to apples on when we have vulnerability. When we have risk out there, how do you put a single number to it? How do you prioritize different initiatives across those sectors? And being able to use Armis and have that one score, have that one visibility and also that one platform that you can query across all of those different companies, has been huge because we just haven't had the ability to say are we vulnerable to X, Y and Z across the board in these different companies? >> You know, it's interesting when you have a lot of different assets and companies, as you mentioned. It kind of increases the complexity and yeah we love the enterprise. You solve complexity by more complexity but that's not the playbook anymore. We want simplicity. We want to have a better solution. So when you take into account, the criticality of these businesses as you're integrating in, in real time and the assets within those business operations you got to keep focused on the right solutions. What has Armis done for you that's been correct and right for you guys? >> Yeah, so being able to see the different like be able to actually drill down into the nitty gritty on what devices are connecting to what. Being able to enforce policies that way, I think has been a huge win that we've been able to see from Armis. It's one of those things where we were able to see north-south traffic. No problem with our typical SIM tools, firewall tools and different logging sources but we haven't been able to see anything east-west and that's where we're going to be most vulnerable. That's where we've been actually found. We found some gaps in our coverage from a pen test perspective where we've found that where we don't have that visibility. Armis has allowed us to get into that communication to better fine tune the rules that we have across devices across sectors, across the data center to properties. Properties of the data center and then also to the cloud. >> Yeah, visibility into the assets is huge. But as you're in operations you got to operationalize these tools. I mean, some people sound like they've got a great sales pitch and all sounds like, "Wait a minute, I got to re-configure my entire operations." At the end of the day, you want to have an easy to use, but effective capability. So you're not taxed either personnel or operations. How easy has it been with Armis to implement from an ease of use, simplicity, plug and play? In other words, how quickly did you get to the time to value? Can you share your thoughts? >> This honestly is the biggest value that we've seen in Armis. I think a, a big kudos goes to the professional services group for getting us stood up being able to explain the tool, be able to dig into it and then get us to that time to value. Honestly, we've only scratched the surface on what Armis can give us which is great because they've given us so much already. So definitely taking that model of let's crawl, walk, run with what we're able to do. But the professional services team has given us so much assistance in getting from one collector to now many collectors. And we're in that deployment phase where we're able to gather more data and find those anomalies that are out there. I again, big props to the, the professional services team. >> Yeah, you know one of we'd add an old expression when you know when the whole democratization happened on the web here comes all the people, you know social media and whatnot now with IoT here comes all the devices. Here comes all the things- >> Yeah. >> Things >> More things are being attached to the network. So Armis has this global asset knowledge base that crowd-sources the asset intelligence. How has that been a game changer for you? And were you shocked when you discovered how many assets they were able to discover and what impact did that have for you? >> We have a large wifi footprint for guests, vendors, contractors that are working on site along with our corporate side, which has a lot of devices on it as well. And being able to see what devices are using what services on there and then be able to fingerprint them easily has been huge. I would say one of the best stories that I can tell is actually with a pen test that we ran recently. We were able to determine what the pen test device was and how it was acting anomalous and then fingerprint that device within five minutes opposed to getting on the phone with probably four or five different groups to figure out what is this device? It's not one of our normal devices. It's not one of our normal builds or anything. We were able to find that device within probably three to five minutes with Armis and the fingerprinting capability. >> Yeah, nothing's going to get by you with these port scans or any kind of activity, so to speak, jumping on the wifi. Great stuff. Anything else you'd like to share about Armis while I got you here? >> Yeah, I would say that something recently, we actually have an open position on our team currently. And one of the most exciting things is being able to share our journey that we've had with Armis over the last year, year and a half, and their eyes light up when they hear the capabilities of what Armis can do, what Armis can offer. And you see a little bit of jealousy of, you know, "Hey I really wish my current organization had that." And it's one of those selling tools that you're able to give to security engineers, security analysts saying, "Here's what you're going to have on the team to be able to do your job, right." So that you don't have to worry about necessarily the normal mundane things. You get to actually go do the cool hunting stuff, which Armis allows you to do. >> Well. Brian, thanks for the time here on this Lightning Talk, appreciate your insight. I'm John Furrier with theCUBE the leader in enterprise tech coverage. Up next in the Lightning Talk Session is Alex Schuchman. He's the CISO of Colgate-Palmolive Thanks for watching.

>> Okay, up next in the Lightning Talk Session is Brian Galligan; Mgr, Security and Operations at Brookfield Properties. Brian, great to see you. Thanks for coming on. >> Thanks for having me, John. >> So unified visibility across extended asset surface area is key these days. You can't secure what you can't see. So tell me more about how you were able to centralize your view of network assets with Armis and what impact that had on your business. >> Yeah, that's been a really key component of ours where we've actually owned multiple companies with them and are always acquiring companies from time to time. So it's always a question. What is actually out there and what do we need to be worried about. So from an inventory perspective it's definitely something that we've been looking into. Armis was a great partner in being able to get us the visibility into a lot of the IoT that we have out in the environment. And then also trying to find what we have and what's actually installed on those devices. What's running, who's talking to who. So that's definitely been a key component with our partnership with Armis. >> You know, we interview a lot of practitioners and companies and one things we found is vulnerability Management programs. There's a lot of gaps. You know, vulnerability management comes across more sometimes just IT devices, but not all assets. How has Armis Vulnerability Management made things better for your business? And what can you see now that you couldn't see before? >> Yeah, again, because we own multiple companies and they actually use different tools for vulnerability management. It's been a challenge to be able to compare apples to apples on when we have vulnerability. When we have risk out there, how do you put a single number to it? How do you prioritize different initiatives across those sectors? And being able to use Armis and have that one score, have that one visibility and also that one platform that you can query across all of those different companies, has been huge because we just haven't had the ability to say are we vulnerable to X, Y and Z across the board in these different companies? >> You know, it's interesting when you have a lot of different assets and companies, as you mentioned. It kind of increases the complexity and yeah we love the enterprise. You solve complexity by more complexity but that's not the playbook anymore. We want simplicity. We want to have a better solution. So when you take into account, the criticality of these businesses as you're integrating in, in real time and the assets within those business operations you got to keep focused on the right solutions. What has Armis done for you that's been correct and right for you guys? >> Yeah, so being able to see the different like be able to actually drill down into the nitty gritty on what devices are connecting to what. Being able to enforce policies that way, I think has been a huge win that we've been able to see from Armis. It's one of those things where we were able to see north-south traffic. No problem with our typical SIM tools, firewall tools and different logging sources but we haven't been able to see anything east-west and that's where we're going to be most vulnerable. That's where we've been actually found. We found some gaps in our coverage from a pen test perspective where we've found that where we don't have that visibility. Armis has allowed us to get into that communication to better fine tune the rules that we have across devices across sectors, across the data center to properties. Properties of the data center and then also to the cloud. >> Yeah, visibility into the assets is huge. But as you're in operations you got to operationalize these tools. I mean, some people sound like they've got a great sales pitch and all sounds like, "Wait a minute, I got to re-configure my entire operations." At the end of the day, you want to have an easy to use, but effective capability. So you're not taxed either personnel or operations. How easy has it been with Armis to implement from an ease of use, simplicity, plug and play? In other words, how quickly did you get to the time to value? Can you share your thoughts? >> This honestly is the biggest value that we've seen in Armis. I think a, a big kudos goes to the professional services group for getting us stood up being able to explain the tool, be able to dig into it and then get us to that time to value. Honestly, we've only scratched the surface on what Armis can give us which is great because they've given us so much already. So definitely taking that model of let's crawl, walk, run with what we're able to do. But the professional services team has given us so much assistance in getting from one collector to now many collectors. And we're in that deployment phase where we're able to gather more data and find those anomalies that are out there. I again, big props to the, the professional services team. >> Yeah, you know one of we'd add an old expression when you know when the whole democratization happened on the web here comes all the people, you know social media and whatnot now with IoT here comes all the devices. Here comes all the things- >> Yeah. >> Things >> More things are being attached to the network. So Armis has this global asset knowledge base that crowd-sources the asset intelligence. How has that been a game changer for you? And were you shocked when you discovered how many assets they were able to discover and what impact did that have for you? >> We have a large wifi footprint for guests, vendors, contractors that are working on site along with our corporate side, which has a lot of devices on it as well. And being able to see what devices are using what services on there and then be able to fingerprint them easily has been huge. I would say one of the best stories that I can tell is actually with a pen test that we ran recently. We were able to determine what the pen test device was and how it was acting anomalous and then fingerprint that device within five minutes opposed to getting on the phone with probably four or five different groups to figure out what is this device? It's not one of our normal devices. It's not one of our normal builds or anything. We were able to find that device within probably three to five minutes with Armis and the fingerprinting capability. >> Yeah, nothing's going to get by you with these port scans or any kind of activity, so to speak, jumping on the wifi. Great stuff. Anything else you'd like to share about Armis while I got you here? >> Yeah, I would say that something recently, we actually have an open position on our team currently. And one of the most exciting things is being able to share our journey that we've had with Armis over the last year, year and a half, and their eyes light up when they hear the capabilities of what Armis can do, what Armis can offer. And you see a little bit of jealousy of, you know, "Hey I really wish my current organization had that." And it's one of those selling tools that you're able to give to security engineers, security analysts saying, "Here's what you're going to have on the team to be able to do your job, right." So that you don't have to worry about necessarily the normal mundane things. You get to actually go do the cool hunting stuff, which Armis allows you to do. >> Well. Brian, thanks for the time here on this Lightning Talk, appreciate your insight. I'm John Furrier with theCUBE the leader in enterprise tech coverage. Up next in the Lightning Talk Session is Alex Schuchman. He's the CISO of Colgate-Palmolive Thanks for watching.

>>Okay, welcome everyone to the cube conversation here in Palo Alto, California. I'm John furrier, host of the cube. Got a great guest, Brian Gallagin manager of security and operations at Brookfield properties in the middle of all the sites, CSO action, a lot of security, a lot of operations to secure his environ. Brian, great to come on with you. Appreciate it. >>Thanks John. >>So talk about Brookfield properties. What's your environment look like you're in the middle of the security operations piece of it. You've got a great implementation. You got Armas doing some device management work. We've talked about that in the segment there, but broader speaking, what's your environment look like? What are some of the challenges? What's the scope and scale of the security that you're trying to manage? >>Yeah. Brookfield properties owns it's an asset management company and it owns real estate of all kinds. And we're current, we're constantly buying and selling assets. So the biggest challenge is finding out when we acquire company, what is actually in that environment and how quickly can we actually spin up our policies and protection capabilities in, in those areas? So I think uniquely from our perspective, it's a, a lot about finding what, what has been installed over the last decade, what what's secure, what's not secure, what follows our policies. And then what do we do to actually lock those down? Do, can we use the existing hardware that's in place? So we don't have to buy something new and we can use Armas policies to dictate that, or is it something that needs to be potentially removed? Because it is that critical vulnerability. There's something out there being used in the wild that we might actually have to purge that from our >>Environment, you know, facilities and companies you guys bought, and you're buying companies, you're buying assets, you're buying a lot of internet of things. You've got it, environments, you know, all kinds of challenges from, you know, identity, access management to, you know, what's connecting to your wifi networks all over the place. You got a diverse set of things. And one of the challenges in cyber right now is if you're just behind a little bit, you're gonna be vulnerable. I'm not talking about antiquated old, outdated. It we're talking about like getting it up to speed. If you're just a little bit behind you're behind the hackers and the bad guys. So the, the, the constant, you know, bar raising required is a huge challenge. What's your reaction to that? Can you scope the, the scale of this opportunity and challenge? >>Yeah, so you're, you're absolutely right. It's not only are the vulnerabilities changing, but again, our landscapes constantly changing. So being able to try to keep up with that velocity is, is a challenge with our current tool set. So when we actually onboarded with Armas about a year and a half ago, that's one of those things that we were con we were instantly given the ability to increase our visibility past our normal areas, which typically was, was our firewalls. Now we're able to see beyond the firewalls, to the switch level on, on the access points themselves a lot, a lot of guest traffic. I think we talked about in the previous segment, there's a lot of guest traffic on there trying to figure out who's doing what, and are they following the policies that are there. It also gives us the ability to double check our configurations that we have out there. We assume that we're, we're correct. And we do, you know, our annual pen test that we do, but that's something that's not necessarily enough. We, we, one at one once a year, checkin is not enough to be able to prove that the configurations we have is keeping us secure in the way that we think that, that, that we are. >>Yeah. I love the fact that you got the engineering and your title because engineering, the solutions is almost on a, a constant cadence. You have to have the re-engineering and the refactoring of the, of the, of the technology to match in as the changing landscape comes in, whether it's just physical access or more, more devices coming on the network, do you worry about like ransomware and inheriting previous environments, and, and you mentioned earlier locking things down. That's one step, what's your, what's your posture on all this? >>That that's a hundred percent. The biggest, the biggest problem is, is making sure, especially with ransomware we've, we've seen it before, making sure that when we buy an asset, that they have the capabilities to detect deter and potentially clean up in, in, in those circumstances of, of a, like a ransomware malware attack and that kind of stuff. So it's, it's definitely a, a huge concern of ours. So what we, what we're able to do now with Armas is once we buy that company, before we integrate their services with everything else that we have, we're able to actually have that kind of grace period, where they still are functioning a little bit more autonomously and not hooked into our network. We can do that due diligence that maybe we couldn't do prepurchase to see what's actually out there what's vulnerable. What needs to get changed day one, what needs to get changed six months from now, and what can maybe wait a whole sales cycle of two to three years to actually change >>Out? Yeah, Brian, you hit a really hot topic. That's not talked about much in the press or in the media. And that is, is that a lot of MNA, mergers and acquisitions happen, and there's actually ransomware waiting in the wings to actually lock that down pre post acquisition, then ransom on that asset. And so there's not a lot of due diligence or options to say, Hey, you know, make sure you make sure that they're ransomware free prior to the acquisition, not get stuck with an asset and saying that code's gone, or we are, you know, being held hostage. And this is a huge issue. >>It it's, it's all about trust by verify. You know, also like, you know, we're, we're doing surveys with these guys. We're, we're sitting down with the it teams that end up being our partners. And it it's about figuring out what, what have they done and what, what can you actually transition to? Like, maybe there's some gaps here. Maybe there's some improvements we can do. The, the other, the other key piece is making sure that our, our security tools are out there. So we, if we have an expectation that our security tools are on there before we grant them access to the greater Brookfield network, we're able to do compliance checks on things like that. Obviously vulnerability is another one that we actually haven't gotten too far into, but it's another one of those things where we can actually do compliance checks on here's the CVEs that are out there that we wanna make sure that you meet a minimum bar that you have defense against that. Or if you have devices out there that are banned per, per our policy, we're able to do those checks prior to granting greater visibility to the rest of the network. >>Yeah. You know, there's a lot of industry hype around certain things. We have a con congested market of people trying to sell you stuff right. And gonna really empathize with you there. And, you know, there's a big discussion endpoint protection. And then, you know, you mentioned trust and verify earlier, you know, there's kind of this confluence of zero trust, which kind of comes from me like no perimeter. So we gotta have a word that says zero trust. I get that. And then we look at like security supply chain in software, say open source, the word trust is coming out more and more. So, you know, what is it? Is it more trust or zero trust, trust and verified. So you're starting to see this confluence of, of posture. What's your reaction to this, this, these conversations, because I can see where you want to have trust, cuz you're moving across multiple access systems. I can see zero trust cuz trust and verify. What's your take on that? >>Yeah, I'm I, I think as a security professional, I think most of us I wanna say are in that trust, but verify boat definitely closer to the zero trust where we wanna make sure that we, we have a whole list of good policies out there. But if there's nothing to back it up, there's nothing to double check it. There's nothing to verify that you're, you're basically just hoping that it was done correctly. So that's, that's one of those things that is, is definitely huge. I think on our side is we, we trust our, our friends in it to do the right thing. We trust our customers on the business side to do the right thing. That's, that's huge for us, but having the tools to be able to say, are we actually good again without having an incident or having our pen test or pen test friends find it. That's one of those things where we don't have a lot of tools to do that. And like you said, people are always trying to sell you those tools. So being able to transition to something like ouris where we've actually seen the value right off the bat in being able to have that confidence raised that the risks that we've identified are the risks that are out there is, is huge for us. >>You know, as, as physical assets change, you, you acquire more territory, more companies, topologies change, software changes in the cloud with more iteration. I mean, you could have an always on pen test model, right? You gotta have pen test. You gotta have the slack reports. This is a challenge to move across environments. I wanna get your thoughts on the identity and access management. And the big cloud players are doing the same thing you got Amazon's Amazon, it's different from Azure and you got on-premises. So, you know, inter access. Management's great if you have an environment, but interoperability is a conversation that's happening a lot. What's your view on this because everything is changing, but you wanna lock it down and not restrict the growth and the evolution of change. What's your, what's your reaction to that? >>Yeah. With our, with our main identity management platform, that's actually freed us up to be able to give cross access access to employees that we have that maybe do work in multiple systems, or there's an application that's purchased by one group that is not purchased by another group instead of creating a whole new contract for that, we were, we're actually able to utilize that one system to be able to grant access to things that you otherwise wouldn't have. So I, I think having that in our business model where we are very segmented from an it perspective, we have multiple infrastructure teams. We have multiple development teams, multiple infrastructure or multiple networking teams. Being able to have that collaboration where you can share information a little bit better. It has been huge for us. And then from a security perspective, privilege access management, making sure that we can lock down special access, special permissions applications that shouldn't be used at certain times of the day, certain locations, whatever it might be is, is huge for us. And, and we definitely partner with, with all of our, our vendors for that very closely, for the reason that that's where a lot of these breaches happen, where one account gets hit and that that account has more privileges than it should. That's something that keeps us up at night. And again, our, our vendors that we use for identity management, our, our key partners of ours for that >>All great, great insight there, Brian, I really appreciate that final question for you. You know, as a makeup for people who are insecurity, it's kinda like sports, you know, you want to have an athlete that knows the game, you're playing football. You better know the game, you're playing baseball. You gotta know the game you're in. And cyber's one of those games it's got, got a lot going on. What is the, what is the ideal candidate coming outta school or profile? I mean, if you got a quarterback, they gotta throw the ball. They gotta have agility. If you're running back, you gotta have skills. What does the, the tech athlete look like? If you look at a person you're looking at hiring, what does that person look like? What's the makeup of their skillset. Can you share cuz there's not a lot of degrees out there for cyber. You gotta kind of learn it. It's evolving and it's a huge opportunity. What's your take. >>Yeah. And, and I would even say, you know, beyond somebody coming outta the school, somebody transitioning into the field too practical experience is key. And obviously you can't get your foot in the door before you actually have the opportunity to do that. So what are some things that you can do on your own? There are plenty of resources out there that actually give you tutorials on how to do, hacking how to do directory traversal, how to, how to do some of those small things that you can set up a lab, or maybe even there's a virtual lab that's hosted via. There's a, there's a free platforms out there that you can actually do this where you're doing virtual capture the flags. And you're able to post that. I've seen that on a couple resumes. I haven't seen it on a whole lot, but that shows that like not only do you know, you, you know, your fundamentals of it, but now you also understand the mindset of what a hacker is and whether you're gonna be blue team red team or purple team, being able to understand what a hacker can do is huge. >>So my CSO and I have had plenty of conversations where if we see any sort of practical experience, any hacking experience, any technical experience, that's gonna Trump, a lot of the other certifications that you can get. Yeah. Resumes these days. It's, it's a lot of cert chasers. And from our perspective, like that's, that's not as important. It's great to see the, the effort and, and the desire to up your game via certifications, but being able to show practical experience even on these free websites and being able to kind of link your profile to, to that is, is huge. And it's one of those things that's, you're not necessarily gonna get from a, a, you know, cybersecurity 1 0 1 class. You may actually have to go out and find some of those materials. >>Yeah. And then get, you know, you gotta get in, in the flow, so to speak and, and again, thinking like you gotta think like the enemy to beat the enemy. >>Exactly. >>Right. Brian Galligan, thanks for coming on the cube. Really appreciate your insight manager of security and operations engineering at Brookfield properties, man, you're in the center. We got a lot of things going on. You guys doing a great job. Thanks for sharing your, your insights here in the cube. I really appreciate it. >>Thanks, John. >>Okay. This is a cube conversation. I'm Jennifer with the cube. Thanks for watching.