>>Hey everyone. Welcome to the cubes presentation of the AWS startup showcase. This is season two, episode four, where we continue to talk with the AWS ecosystem partners, this topic, cybersecurity protect and detect against threats. I'm your host, Lisa Martin. I've got a new guest with me. Ryan Ferris joins me the VP of products and engineering at Anisha. Ryan. Welcome to the program. Great to have you. >>Thank you so much for having me. >>So let's dig right in. Why are software vendors turning to Anisha to help them address and access the nearly for over 200 billion market public sector, federal market for cloud services? What is that key event? >>Yeah, it's it. If you know anything about FedRAMP and if you've looked into it, it takes a long time to achieve Fedra. So when customers kind of go into this cold and they're from Mars and they're like, what is bed? They usually find that it's an 18 month journey, maybe a 24 month journey. And so Anisha helps shorten that journey with lower costs and faster time to market. So if you're waiting for our revenue stream from say a government entity, we can get you there faster and get you to a, a state of Fedra certified in a shorter time period. And that's the value problem. >>Faster time to value is critical for organizations. So let's look at this journey as you talked about it, what does the path to compliance look like for specifically for AWS customers with a nation and without help us understand the value add? >>Yeah. So if you're doing it without Angen or if you're just kind of doing it yourself, which some customers choose to do, then they have to go on that journey and kind of learn about three primary things. One thing is how do I just write the entire package? Like there there's a thing called an SSP or a, a system security plan. And that thing is maybe seven or 800 pages long. And you have to offer that all by yourself so you can get help with that or not. That's sort of the academic and, and, and tech writing piece of it. There's another piece of it around what does my environment look like? So as I am ruling out this Fedra solution, what are each piece in my environment that needs to be compliant with Fedra? And it's a voluminous amount of things can be either a dozen or maybe up to a hundred things that you have to tweak and change. So there's a technical deployment store here as well. And then the third thing is keeping you compliant in your AWS environment after you've achieved kind of that readiness state. So the journey does not stop once you achieve Fedra, ATO, it goes on and on and on, and Anisha helps customers kind of maintain and keep them there in that fully compliance state after achieving ATO, >>What's the timeframe for AWS customers in terms of going, alright, we realize we're going on this journey. It's challenging. We need An's help. What's the timeframe to get them actually certified. >>Yeah. We look at the timeframe between the moment you deploy and the moment you start writing about that tech, that Fedra package and when you're audit ready, and in the best case scenario, that could be a few months, right? But you're always, your mileage may vary based on kind of your application readiness and how ready you are to pursue that journey. So the fastest happy path is a few months to audit, audit an audit ready state, but then you have, you kinda have to go through a process whereby you're in the queue for Fedra. And that can kind of take maybe an extra few months, but it really is that that three month accelerated timeframe in the best case scenario, >>Got it. Three months accelerated timeframe. Are there other compliance standards that besides Fedra that you help organizations get compliance with? >>Right. So it's a great question. So FedRAMP in and of itself is just really hard to get to. It's just so many things that you have to do, but if you get to that state, it's based off of a standard called missed 853 specifically rev four, that's kind of a mouthful, but once you achieve that state, there's basically 325 controls that come along with fed moderate. And that buys you a lot of leverage in leeway in mapping and sort of crosswalking to other compliance levels. So if you achieve that state, you buy a lot of, kind of goodness with things that map to either PCI or even HIPAA or SOC two. And, and so you, you kind of get a big benefit and sort of a big bang for your buck by having achieved that, that state for Fedra. >>So from an AWS customer, talk to me about, obviously we talked about the time to value the speed with which you enable organizations to achieve compliance and, and readiness. What what's in it for me in terms of working with a nation as an AWS customer. >>Yeah. For, so for AWS specifically our stack, well, we have kind of two versions of our stack. One is meant for Azure and it's kind of cookie cutter and meant for folks that have an entrenched Azure footprint. The other is it's the majority of our market it's folks that want to in accelerator footprint in AWS. So what's in it for you is that Anan kind of presents something that looks pretty similar to a landing zone, but it's a little bit more peppered with complexity and with tuned configurations. So if you're an AWS customer and let's see you've had an environment for the last 5, 6, 7 years, we help you kind of take that environment and enhance it and become FedRAMP ready in a much faster state. And we are leveraging and utilizing a lot of native AWS core services like ECR, for example, is one we're just starting to lean into AWS inspector for bone scans, those types of things. And then kind of when you get up to that audit, ready state and through ATO, we aggregate a lot of that vulnerability information and vulnerability scanning information into a parable readable, actionable format. And most of those things, those gatherings of data are AWS specific functions that we kind of piggyback on. So we're heavily into cloud trail and, and quite heavy into kind of using the things that are already at our fingertips just by deploying into AWS. >>Yeah. Leveraging what they already are familiar with kind of meeting the customers where they are. I think these days is such an important factor to help organizations make the changes as quickly and dynamically as they need to. >>That's right. Yeah. That's perfect. Yeah. A lot of customers, you know, when, when they start on the journey, they kind of, they, they sort of uncover the, uncover the details around, well, I have an application and this application has existed for six or seven years. How do I get this thing FedRAMP ready? And what does onboarding mean to your stack? We try to make that specific step as easy as possible. So when I'm on the phone with prospects and I'm talking to 'em about embarking on a journey, I kind of get them to a mental model where they treat their application VPC or their application environment as sort of a, and we deploy a separate VPC into their, into their cloud account. And then we peer that information. It's kind of getting into the mechanics a little bit, but we try to make it as easy as possible to start doing the things that we're obliged to do for FedRAMP, for their application, like bone scans and, and operationalization of logging and things like that. And then we pull that information into our AIAN managed BPC. And I think once customers really start to understand and sort of synthesize that mental model, then they kind of have this Baha moment. They're like, oh, okay. Now I, now I really understand how your platform can accelerate this journey into a period that is no more than say two or three months of onboarding >>No more than two or three months. That's, that's a nice kind of guarantee for organizations who are you typically engaging with? Is it the CISO level or are there other folks involved in this conversation? >>Yeah, I, the CISO is probably the best persona to engage with, but it so varies from customer to customer and you never really know who's really gonna, oftentimes it's the CEO or, or sometimes it's a champion that might be the CFO or someone that's incentivized to really start getting market share for federal customers that they don't have access to. That might even be a VP of engineering that we're, that we're conversing with. But most often I think the CISO is central because the CISO of course wants to give in details of what does the staff consist of and exactly how are you helping me with this big burden of continuous monitoring that fed Fedra makes me do. And, and where, where do you fit in that story? So it's usually the CSO, >>Usually the CSO, but some of the other personas that you mentioned sounds like it's definitely a C level or at least a, an executive level conversation. >>It is. Yeah. I'll try to divide that a little bit from my persona. Like I, I run engineering and product. I'm usually dealing with a rather talking to and engaging with the CSO, but the folks that cut the check are either either the CEO or the CFO that really want to widen that kind of revenue stream that they don't have access to. And they're the real decision making personas in this deal. Now, after the decision decision is made, then, you know, they're vetting through VPs of engineering or engineering leaders or the CSO. So like the, the folks that pull the purse strings are usually, you know, the ones that are cutting the check to make this investment that is usually the CSO or rather CEO and the CFO. >>Got it. Okay. So if I'm an AWS customer and I'm on this journey for fed re certification, I've, I've been on it for a while. How do I know it's time to raise my hand or pick up the phone and call Anisha? >>Yeah. You know, some customers that we speak with have already tried to do it and maybe they've failed. Maybe they've been like 12 or 14 months into the journey. And they've said things like, we just don't know how to put the package together, or maybe they've engaged with the third party auditor. And the third party auditor has said, sorry, you guys need to go back to the drawing board or maybe they've missed a good percentage of the technical requirements and they need some consultation and advice or a cookie cutter approach. So it kind of, every journey is different when we are engaging. Sometimes folks are just coming in completely cold or maybe they failed. But the more interesting ones, and I think when we can look a little bit more like heroes are the ones that have tried it, and then a year later they come back, they come back to an, and they want that accelerated goodness. >>Do you have a favorite customer story that you think really articulates the value either from a customer who came in cold or a customer who came in after trying it on their own or with another partner for a year that you think really demonstrates the value that AIAN delivers? >>Yeah. There is a customer story that's sort of top of mind and it's, I think the guy primarily stuck in what tooling I'll anonymize the customer, but this customer kind of chose the wrong level of tooling as they embarked on their journey. And by tooling, I mean, let me get a little bit more specific here. You can't just choose any vulnerability scanner, for instance, if it's a SAS product, or if it's sending data or requests outside of your Fedra boundary, then you're gonna run into trouble. And this reference customer, or this prospect at the time kind of had a lot of friction there. So as they were bumping up against that three Pao deadline, they realized they had a lot of work to do. And we simplified that, that part of the journey substantially for them by essentially selecting and spoon feeding them and, and sort of accelerating that part of the deployment and technical journey for them. And they were very delighted by that part of it. >>When you're talking with customers who are in, in a state of, of change and fluxes, who isn't these days, we've seen the acceleration of digital transformation considerably over the last couple of years. How do you talk with them about a nation as an enabler of their digital transformation overall? >>Yeah. Digital transformation. It's a, it's a broad word. Isn't it like for, for customers that are moving from an on-prem world into the cloud world, you have this great opportunity to kind of start from scratch. And so for Anisha, we are deploying and maybe not start from scratch, but when you're moving from an on-prem environment into the cloud, your footprint, you have this really nice opportunity to embrace more of AWS core services and to kind of rebuild things, kind of make your architecture drastically improved, or like look different to be more supportable and like less operational overhead. And so when an nation presents itself as sort of this platform in a walled garden environment, some customers have this aha moment that like, if you're gonna move either a portion of your environment or a specific application to the cloud, AIAN really helps you establish that security within that boundary and that footprint in a, in a much more accelerated fashion, then if you were selecting each part of your security infrastructure and then trying to implement it by hand, and that's kind of where we shine. >>Got it. We talked about the personas that you're typically engaging with depending on the organization, but how do you help enterprise companies who say Anisha, we wanna improve DevOps efficiency. We wanna get our applications secure that are running on AWS and those that we may wanna move to AWS in the future. >>Yeah. This gets into futures a little bit, but part of our roadmap, a little bit of a, a kind of a look around the corner for our roadmap is that since we know so much about the FedRAMP environment and FedRAMP moderate and the standard called this 853, it's a really powerful security view. And it's also a really powerful compliance view. So, you know, as I was saying before that, if you achieve a lot of depth and excellence in nest 853, it buys you a lot of kind of crosswalk and applicability for SOC two and HIPAA and PCI. So for DevOps organizations and for just engineering organizations that want more pre-pro insight, there's no reason why you can't just deploy our platform and our stack in a pre fraud environment to get that security signaling such that you can catch things early and prevent maybe spillage or leakage or security issues to go into production. So one of the things that we're doing on a roadmap is a, a feature that we call compliance insights, whereby we present a frame of missed 853 RAV4 that you can deploy into any environment. And that particularly helps the DevOps role by saying, well, if I just, for example, exposed an S3 bucket to world, then I can catch that configuration, that compliance product and catch it, trap it and fix before it leaks out to. >>So you talked a little bit about kind of some of the things that are coming up on a, on the product side, what's next for Anisha, as we look at we're rounding out calendar year 22 coming into 2023, there's still so much change in the market. We've got to embrace that. What's next for the company. What can we expect from the VP of products and engineering? >>Yeah, I think in two, two big areas here, we're gonna double down on our Fedra offering offering, and just continuously improve it and improve it. We're pretty tempted to lean in more heavily to CMMC. We hear a lot about CMMC kind of on the periphery, but we just haven't quite felt the market pressure to really go after that. But there's definitely something there. And I would anticipate some offering that maps to that specific compliance that, that compliance framework. And then in the enterprise, we just month after month, we discuss more about how we can create more flexibility in our platform, such that commercial customers can get more of that goodness, and sort of more of that consolidation and time to market, particularly for small and mid-sized customers. So we'll be releasing more of those pieces of functionality in 2023 as well. >>So the commercial folks be on the lookout for that. >>Yes, absolutely. That's a huge untapped market for us. We're super excited about it and we'll be a little cagey on in our plans until we kind of get through this early availability period and then probably make a bigger splash in the first half of 2023. >>That sounds appropriate. Where can the audience go to learn more about what you guys are doing and maybe get ahead on some of those teaser that you just mentioned? >>Yeah. I think our marketing folks will push out more data sheets and marketing material on what's to come. And if you ever wanted to be part of this early availability program that I just discussed, or that I mentioned, you can always go to anan.com and ping us, and we'd be happy to have a conversation with you and we'll lift up the hood and allow you to look under there for, and just carry on the conversation around what's to come. >>All right, getting a peek of what's under the hood. That's always exciting, Ryan, thank you for joining me on this program. AWS startup showcase. We appreciate your time, your insights and a peek into what's going on at Anisha. >>Awesome. It was a pleasure. Thank you so much. >>Likewise. We wanna thank you for watching the AWS startup showcase for Ryan Ferris. I'm Lisa Martin stick right here on the, for great content coming your way. Take care.

>>And welcome back to the cubes coverage of alias reinvent 2021. I'm Jon furrier, your host of the cube we're onsite we're hybrid. It's a hybrid event. We've got Odile, Shara Dean vice president of north America solution engineering at Salesforce. We deal SIM thank you for coming on the cube >>You John, excited to be >>Here. So w you know, Salesforce obviously, um, being in Palo Alto in the bay area, they've got the Salesforce tower, great business cloud before cloud great innovation. A lot of growth has been very successful at SAS and platform. So you take that to the government, uh, an area public sector where public sector and other areas around this have been exploding with the pandemic with new use cases and just kind of a refactoring and replatforming of L all aspects of digital. It's been a big digital transformation surge, and rightfully so you guys are in the mix here. Um, talk about the Salesforce is positioned as you guys innovate and scale your platform and rethink this architecture with AWS in the public sector. >>Yeah. Thank you, John. So you're spot on Salesforce defines SAS as a delivery of services to customers, and that's really the precursor to where we are with cloud here. So let's talk about public sector and what that means. I'm very proud to work in and around public sector for many years. And I'll Salesforce, public sector group supports any number of use cases, different missions, anywhere from state and local, all the way through to federal use cases on, on a global scale. But what that means, and I mean, right back to your question is how do we deliver those in the cloud in a scalable, responsive way? You mentioned the pandemic and throughout the pandemic, we were instrumental in trying to deliver these services and getting states and localities towns, countries up and running to deliver the critical things that we all learned about in a hurry contact pricing. >>COVID testing all these ideas around vaccine management, what it takes to get vaccines to populations, but many of our customers, many of our governments just weren't well positioned to do that. So what they were relying on was a secure, scalable, flexible environment that allowed them to define their workflows or their business models in a very, very rapid pace as we were dealing with the surge and the constantly changing landscape of the pandemic. So from our perspective, we've spent years investing in public sector to make sure that we need the compliance requirements, whether that's FedRAMP or, or CMMC, or protected being Canada, how do we do that reliably quickly so that our government customers can rely on us for situations like the pandemic to be able to respond? >>Yeah, one of the things we've been doing a lot of reporting around is the idea that the pandemic has kind of forced, and it was a forcing function around digital transformation. Uh, so I have to ask you knowing the history of Salesforce and the greatness of the company that you guys have had over the years, uh, when you get into the public sector, I'm sure you get all kinds of questions. We don't have sales forces, and we don't have sales managers. Um, we don't need a CRM. Um, and we have industry regulations. We're not a commercial thing. How do you answer those? Because you guys have infrastructure, you are a hyperscale, uh, what's your take on that and how do you answer those direct questions when they come up? >>All great questions and yes, we get them all the time. Uh, so how do we answer them? Well, first and foremost, the idea of a CRM is around putting your customer at the center of your view of them. So that customer relationship management means you, you have a view into the services your customer needs and how they're engaging with you, digitally engagement, in-person engagement, et cetera. I would intend that that's no different for a government entity than it is for a consumer. Very sensitive government entity wants to treat their constituents around the services they need and getting that full 360 view of what, what are the services available to them? How do they access them, et cetera, actually fits really well into that CRM model, but it does take some explaining and reinvisioning it, but it plays really well into the digital transformation imperatives that these agencies have, because what you want to do in a digital transformation is also re-imagined all these old systems and legacy systems, how you're going to make them more accessible. >>But also to your point, how do you bring them to this level of expectation that our consumers have? I'm now accustomed to having mobile apps and on-demand, uh, applications and websites for ordering products for ordering needs, et cetera, for booking a restaurant reservation, I've developed the exact same requirements and expectations of my government services and our government customers are clearly aware of this. So they want to bring this capability to the fore and offer their constituents a better experience as well. When you asked about government regulations, this is absolutely critical to how we think about delivering that service, the value of the cloud. Isn't just, you can go get access to a service and not have to worry about that service. It's also, how do we unencumber agencies from these compliance requirements from audits, from privacy checks and needs in a constantly evolving landscape. There's always a legislative imperative to change something, add more constraints, more privacy requirements, compliance requirements, et cetera. So what we want to do is free our customers up from having to worry about that. That's what we undertake. We provide them that level of assurance, and they focus once again, on that higher value of the business flows, the mission, the constituency context, and how to make that constituent experience better. >>I have to ask you, I had a chance to sit down one-on-one with Adam. Slupski the new CEO of AWS recently prior to re-invent. And he said something to me. I want to get your reaction to, he said with scale, you can get visibility on some new use cases. So this applies to Salesforce. You guys are a hyperscaler, you have this new architecture named hyper force. What is this all about? And how does that tie into celebrities comment? Okay. >>Yeah. Uh, excellent question. And we'll talk a little about that history that brings us to two hype before. So just like many of our customers, we realize that having the ability to scale across the globe and be able to offer our services in different regions, different compliance requirements meant that our investments in first party data centers needed to be reconstructed a little bit. And that posed a bit of a rearchitecture for us as well. But that's what gave us the flexibility then to essentially decouple our architecture from the physical infrastructure layer, but it afforded us then the ability to deploy very quickly and very scaleably on AWS in regions that we previously weren't operating in. So it allows us to move along quicker, allows us to bring that flexibility and that scale to the customer where they are. And then we can meet once again, coming back to compliance and regulations. >>We can meet requirements around data residency and data privacy requirements in different regions that we were somewhat constrained in doing earlier. And that also then gives us the ability, I think, to what Adam might've been alluding to now that we're able to bring that service to the customer, they can say, well, actually here's another use case that I would like Salesforce to deliver on. And it gives us that flexibility. We do a lot in terms of expanding across use cases. And if I can point to the pandemic again, just as a great frame of reference that we're all thrust into. Initially, if you cast your mind back to may of last year, we were all worried about contact tracing, right? No side effects scenes, yet we didn't even have pelvic testing. Well, shortly thereafter, COVID testing became available and states were offering those well that from contact tracing to COVID testing is a massive shift. If you think about the use case for technology. So we enable our customers to move very quickly from contact tracing, to COVID, testing them to vaccine management. They're actually entirely different use cases, even though they all apply to solving for the pandemic where we had so many others, digital outreach, helping with loans and grants and management through the PPP programs, through unemployment programs, all different use cases that we helped our customers extend to, which you can't do that if you're not flexible enough to move quickly and scale effectively to support those. >>I think that value proposition and that notion of having that regional global support is going to really come into the whole data programmability trend. I call data as dev ops kind of vibe where data as code becomes more, more agile, right? You're going to see that. I think that's going to be, that's a big theme at a reinvent this year. So, so I have to ask you now, now we're sitting in this global scale, you've got geopolitics, you got public sector. How does Salesforce government cloud plus, and hyper force help your help governments and their partners because their ecosystems too, right? So it's not a commercial. Now it's looking a lot like a commercial lines between commercial and government looking the same. How do you guys help governments and their partners? >>So having been in this, this, uh, area for so long, I, I like to position this tonight. I use this actually as a good selling point, even in selling the value propositions for investment internally, I think of the government regulations and requirements around privacy compliance as a minimum barrier of entry. So I'll, uh, you mentioned our government cloud, plus that's really more in the U S and it's a FedRAMP, uh, tested at a federal and PI level. We've got privacy of lays. We've got our DOD out for, uh, PA in there we've got HIPAA and PCI compliance bank 10. Those are efforts that if a company or a government customer were to go run through individually, it's going to take them a lot of time, effort, and investment to support those. And you end up creating an operations business that just does that for 24 7. >>That's the only reason for them to exist is to manage those. But then we have the government adjacent industries that you're referring to. What about the parkers that service government, they have their own set of regulations. more recently CMMC coming out, et cetera. We provide all of those as a baseline for our government cloud plus. So that level of assurance is assumed by customers and consumers of the service. And again, they're worried about what type of beta and what type of business workflows they're gonna enable and not, can they meet the basic regulations to stand up the service? >>Yeah, I think that highly of the workflows piece is critical because workflows is the new integration layer, right? So these seeing a lot of that, and again, that's a big theme at a re-invent this year. I'll see the performance is key graviton to all the processor stuff and, and, you know, it's lambed and old serverless, but as you move up to the stack where there's actual agility and modern applications that need to be built, whatever they are, you need to have this programmable cloud scale, but the customization on workflows and machine learning and AI. So this is all beautiful for everyone to think about, but now they have to implement it. So how might your customers and prospects consider expanding their offerings with Salesforce in the cloud? Is there, is there a certain playbook that you see, is there a situational awareness that's needed? How would you advise your customers will want to consider expanding, uh, their portfolio in their, their apps and workflows with Salesforce? >>Yeah, that's a fantastic question. So, John, and I'm going to start with, again, going back a little bit to what is Salesforce and who are we as a company? So in as much as we started talking about Salesforce as the number one CRM platform was SAS, we've also acquired some companies and invested in a lot of different, uh, elements of businesses, uh, Tableau NeoSoft and velocity more recently, the slack acquisition, and they're all slightly outside of our platform in terms of capabilities and what we intend for those to deliver. So our customers have a lot more options in terms of what it means to partner with and invest with Salesforce. Uh, slack is a great example of where that becomes a communications mesh and infrastructure that allows them to integrate, uh, technologies, applications, workflows, et cetera. So you want to rethink almost what is Salesforce and what does it mean in your enterprise? >>And then coming back to, to the core of what we do, a lot of how we enable our customers is here's an environment. We enable these very quickly a customer's access to the environment right away. They can set up testing environments, sandboxes, start playing with workflows and really reimagine what that environment is going to look like for their internal users and their engagement with these applications. So yes, we have runbooks we have playbooks, but we've also got enablers in the form of applications. We have a huge application market, if you will, where customers can download different accelerators and try those. We've got a huge network of partners that have delivered rich value added applications. So in most cases, our customers are going to find someone's already created the use case or the application or the workflow they needed. And maybe it's a case of just announcing that a little bit or updating it a little bit, or creating the integration to an in-house system already. So it makes it very exciting, but also makes it a very quick start to solve a problem. >>Oh, Nielsen, you guys have a great opportunity with the cloud and cloud scale. Obviously, companies successful Salesforce is well-known, but as data and governance has to be more agile, more secure often, that sounds counter-intuitive, but this is the big deal that's happening right now, where you need the leverage, the scale you need to have it secure, which you'd think needs to be protective, but making it more permissive is agility. This is the core theme, your, your reaction to wrap up, >>Uh, all great points and yes, to be the data isn't useful if it's entirely locked up. So at Todd, you bring the user to the data they have access to, and that data to provide them value. But especially in a, we'll put a government lens on this. On the government side, the data is ultimately what our government entities are stewarding. So yes services, but that data is imperative. So our customers understand the value of that data and then also how to not just extract value from it, but how to shepherd and steward the security of that data very well. So for us, it's the ability to get that data to the right users, allow them to construct their business omission flow on that data. But the data has to persist has to add value, has to be available for analytics and so on >>Nielsen. Jardeen vice president of north America solutions engineering at Salesforce. Thanks for coming on the cube and, and sharing your story and congratulate a big opportunity ahead for you guys. Congratulations. >>Absolutely. John, thank you so much. Enjoy the rest of the week. Okay. >>It was coverage of eight of us reinvent 2021. Um, John for a, your host. Thanks for watching.

>> From around the globe, it's theCube, with digital coverage of AWS re:Invent 2020. Special coverage sponsored by, AWS Worldwide Public Sector. >> Okay, welcome back to theCube's coverage, of re:Invent 2020 virtual. It's theCube virtual, I'm John Farrow your host, we're here celebrating, the special coverage of public sector with Sandy Carter, vice president of AWS Public Sector Partners. She heads up the partner group within Public Sector, now in multiple for about a year now. Right Sandy, or so? >> Right, you got it, John. >> About a year? Congratulations, welcome back to theCube, >> Thank you. >> for reason- >> Always a pleasure to be here and what an exciting re:Invent right? >> It's been exciting, we've got wall-to-wall coverage, multiple sets, a lot of actions, virtual it's three weeks, we're not in person we have to do it remote this year. So when real life comes back, we'll bring the Cube back. But I want to take a minute to step back, take a minute to explain your role for the folks that are new to theCube virtual and what you're doing over there at Public Sector. Take a moment to introduce yourself to the new viewers. >> Well, welcome. theCube is phenomenal, and of course we love our new virtual re:Invent as well, as John said, my name is Sandy Carter and I'm vice president with our public sector partners group. So what does that mean? That means I get to work with thousands of partners globally covering exciting verticals like, space and healthcare, education, state and local government, federal government, and more. And what I get to do is, to help our partners learn more about AWS so that they can help our customers really be successful in the marketplace. >> What has been the most, exciting thing for you in the job? >> Well, you know, I love, wow, I love everything about it, but I think one of the things I love the most, is how we in Public Sector, really make technology have a meaningful impact on the world. So John, I get to work with partners like Orbis which is a non-profit they're fighting preventable blindness. They're a partner of ours. They've got something called CyberSec AI which enables us to use machine learning over 20 different machine learning algorithms to detect common eye diseases in seconds. So, you know, that purpose for me is so important. We also work with a partner called Twist Inc it's hard to say, but it just does a phenomenal job with AWS IoT and helps make water pumps, smart pumps. So they are in 7,300 remote locations around the world helping us with clean water. So for me that's probably the most exciting and meaningful part of the job that I have today. >> And it's so impactful because you guys really knew Amazon's business model has always been about enablement from startups to now up and running Public Sector; entities, agencies, education, healthcare, again, and even in spaces, this IoT in space. But you've been on the 100 partner tour over a 100 days. What did you learn, what are you hearing from partners now? What's the messages that you're hearing? >> Well, first of all, it was so exciting. I had a 100 different partner meetings in a 100 days because John, just like you, I missed going around the world and meeting in person. So I said, well, if I can't meet in person I will do a virtual tour and I talked to partners, in 68 different countries. So a couple of things I heard, one is a lot of love for our map program and that's our migration acceleration program. We now have funding available for partners as they assess migration, we can mobilize it and as they migrate it. And you may or may not know, but we have over twice the number of migration competency partners doing business in Public Sector this year, than we did last year. The second thing we heard was that, partners really love our marketing programs. We had some really nice success this year showcasing value for our customers with cyber security. And I love that because security is so important. Andy Jassy always talks about how her customers really have that as priority zeros. So we were able to work with a couple of different areas that we were very proud at and I loved that the partners were too. We did some repeatable solutions with our consulting partners. And then I think the third big takeaway that I saw was just our partners love the AWS technology. I heard a lot about AI and ML. We offered this new program called The Rapid Adoption Assistance Program. It's going global in 2021, and so we help partners brainstorm and envision what they could do with it. And then of course, 5G. 5G is ushering in, kind of a new era of new demand. And we going to to do a PartnerCast on all about 5G for partners in the first quarter. >> Okay, I'm going to put you on the spot. What are the three most talked about programs that you heard? >> Oh, wow, let's see. The three most talked about programs that I heard about, the first one was, is something I'm really excited about. It's called a Think Big for Small Business. It really focuses in on diverse partner groups and types. What it does is it provides just a little bit of extra boost to our small and medium businesses to help them get some of the benefits of our AWS partner program. So companies like MFT they're based down in South Africa it's a husband and wife team that focus on that Black Economic Empowerment rating and they use the program to get some of the go to market capability. So that's number one. Let's see, you said three. Okay, so number two would be our ProServe ready pilot. This helps to accelerate our partner activation and enablement and provides partners a way to get badged on the ProServe best practices get trained up and does opportunity matching. And I think a lot of partners were kind of buzzing about that program and wanting to know more about it. And then ,last but not least, the one that I think of probably really has impact to time to compliance it's called ATO or Authority to Operate and what we do is we help our partners, both technology partners and consulting partners get support for compliance framework. So FedRAMP, of course, we have over 129 solutions right now that are FedRAMPed but we also added John, PCI for financial HIPPA for healthcare, for public safety, IRS 1075 for international GDPR and of course for defense, aisle four, five and six, and CMMC. That program is amazing because it cuts the time to market and have cuts across and have and really steps partners through all of our best practices. I think those are the top three. >> Yeah, I've been like a broken record for the folks that don't know all my interviews I've done with Public Sector over the years. The last one is interesting and I think that's a secret sauce that you guys have done, the compliance piece, being an entrepreneur and starting companies that first three steps in a cloud of dust momentum the flywheel to get going. It's always the hardest and getting the certification if you don't have the resources, it's time consuming. I think you guys really cracked the code on that. I really want to call that out 'cause that's I think really super valuable for the folks that pay attention to and of course sales enablement through the program. So great stuff. Now, given that's all cool, (hands claps) the question I have and I hear all the time is, okay, I'm involved I got a lot of pressure pandemic has forced me to rethink I don't have a lot of IT I don't have a big budget I always complaint but not anymore. Mandate is move fast, get built out, leverage the cloud. Okay, I want to get going. What's the best ways for me to grow with Public Sector? How do I do that if I'm a customer, I really want to... I won't say take a shortcut because there's probably no shortage. How do I throttle up? Quickly, what's your take on that? >> Well, John, first I want to give one star that came to us from a Twilio. They had interviewed a ton of companies and they found that there was more digital transformation since March since when the pandemic started to now than in the last five years. So that just blew me away. And I know all of our partners are looking to see how they can really grow based on that. So if you're a consulting partner, one of the things that we say to help you grow is we've already done some integrations and if you can take advantage of those that can speed up your time to market. So I know know this one, the VMware Cloud on AWS. what a powerful integration, it provides protection of skillsets to your customer, increases your time to market because now VMware, vSphere, VSAN is all on AWS. So it's the same user interface and it really helps to reduce costs. And there's another integration that I think really helps which is Amazon connect one of our fastest growing areas because it's a ML AI, breads solution to help with call centers. It's been integrated with Salesforce but the Service Cloud and the Sales Cloud. So how powerful is that this integrated customer workflow? So I think both of those are really interesting for our consulting partners. >> That's a great point. In fact, well, that's the big part of the story here at re:Invent. These three weeks has been the integration. Salesforce as you mentioned connect has been huge and partner- >> Huge >> so just just great success again, I've seen great momentum. People are seeing their jobs being saved, they're saving lives. People are pretty excited and it's certainly a lot of work you've done in healthcare and education two big areas of activity which is really hard corporation, really, really hard. So congratulations on that and great work. Great to see you, I going to ask you one final question. What's the big message for your customers watching as they prepare for 2021 real life is coming back vaccines on the horizon. We're hearing some good news a lot of great cloud help there. What's your message to send to 2021? >> 2021, for our partners for 2021, one, there is a tremendous growth ahead and tremendous value that our partners have added. And that's both on the mission side, which both Theresa and I discussed during our sessions as well as technology. So I think first messages is, there's lots of growth ahead and a lot of ways that we can add value. Second is, all of those programs and initiatives, there's so much help out there for partners. So look for how you could really accelerate using some of those areas on your customer journey as you're going along. And then finally, I just want John, everybody to know , that we love our partners and AWS is there to help you every step of the way. And if you need anything at all obviously reach out to your PDM or your account manager or you're always welcome to reach out to me. And my final message is just, thank you, through so many different things that have happened in 2020, our partners have come through amazingly with passion with value and just with persistence, never stopping. So thank you to all of our partners out there who've really added so much value to our customers. >> And Amazon is recognizing the leadership of partners in the work you're doing. Your leadership session was awesome for the folks who missed it, check it out on demand. Thank you very much, Sandy for coming on the sharing the update. >> Thank you, John, and great to see all your partners out there. >> Okay, this is theCube virtual covering AWS re:Invent 2020 virtual three weeks, wall-to-wall coverage. A lot of videos ,check out all the videos on demand the leadership sessions, theCube videos and of course the Public Sector video on demand. Micro-site with theCube. I'm John Furrier, thanks for watching. (upbeat music)

>>From around the globe. It's the queue cover >>Space and cyber security >>Symposium 2020 hosted by Cal poly. >>Hello and welcome to the space and cybersecurity symposium 2020 hosted by Cal poly and the cube I'm chilling for a, your host. We have a great session here. Space, cyber security, the department of defense perspective. We have bond Google hall, director of C four ISR directorate office of the undersecretary of defense for acquisition and sustainment for the DOD and Chris Henson, technical director space and weapons, cybersecurity solutions for the national security agency. Gentlemen, thank you for taking the time for this awesome session. Thank you, John. Thank you. So we're gonna talk about the perspective of the DOD relative to space cybersecurity, a lot, going on congestion, contention, freedom, evolution innovation. So Paul, I'd like to have you start with your opening statement on how you see the space cybersecurity perspective, Don, thanks for the intro. Really appreciate it. First, let me give my thanks to Cal poly for a convening, the space and cybersecurity symposium this year, you know, and despite the pandemic, the organization and the content delivery spreading impressive, I really foot stomping. >>What can possibly be done with a number of these virtual platforms? This has been awesome. Thanks for the opportunity. I also want to recognize my colleague, Chris Nissen from NSA was actually assigned to our staff that LSD, but he brings both policy and technical perspective in this whole area. So I think you'll, you'll find his commentary, uh, and positions on things very refreshing or for today's seminar. Now space cyber security is a pretty interesting terminology for us all. Uh, cyber security means protecting against cyber threats and it's really more than just computers here on earth, right? Uh, space is the newest war fighting domain, and cybersecurity's perhaps even more of a challenge in this domain that and others. Uh, I'm sure it'll turn journal Thompson and major journals Shaw discuss the criticality of this new dorm space force. It's the newest military service in the earlier sessions and they're at the risk of repeating what they already addressed. >>Let me start by talking about what space means to DOD and what we're doing directly from my vantage point as part of the acquisition and sustainment arm of the Pentagon. Uh, what I want to share with you today is how the current space strategy ties into the national defense strategy and supports the department's operational objectives. As the director of CFRI SAR. I have come to understand how the integration of CFRI Sarcic. Billy is a powerful asset to enhance the lethality of the joint war fighter. Secretary Lord, our boss, the sec, the undersecretary for acquisition and sustainment is diligent in her pursuit to adapt and modernize acquisition processes, to influence the strategy and to focus our efforts domain are to make our objectives a reality. I think first and foremost, we are building a more lethal force. This joint force will project low Valley and custom contested environments and across all domains through an operationally integrated and resiliency for ISR infrastructure. >>We are also called debating our alliances, deepening interoperability, which is very important in a future fight and collab, collaboratively planning with those partner with us in the fight most significantly for our work in acquisition and sustainment, we continue to optimize the department for greater performance and affordability through reform of the acquisition process. Now space is our newest war fighting domain. And while it is indeed unique, it shares many common traits with the others land, air and sea all are important to the defense of the U S in conflict. No doubt about this. They will be contested and they must be defended. One domain will not win future conflicts in a joint operation in a future fight in the future conflict. They must all succeed. I see three areas being key to a DOD strategic success in space, one, developing our whole of government approach in close partnership with the private sector and our allies to prioritizing our investments in resiliency, innovation, and adaptive operations, and third responding rapidly and effectively to leverage emerging technologies and seize opportunities to advance your strengths, partnerships and alliances. >>Let me emphasize that space is increasingly congested and tested and demanded as essential delete Valley operational effectiveness and the security of our nation. Now the commercialization of space offers a broad set of investments in satellite technology, potential opportunities to leverage those investments and pathways to develop cost efficient space architecture, where the department and the nation. It's funny, there's a new race, a race for space. If you will, between commercial companies buying for dominance of space. Now the joint staff within DOD is currently building an operational construct to employ and engage as a unified force, coordinated across all domains. We call it the joint, all domain command and control. It is the framework that is under development to allow us to conduct integrated operations in the future. The objective of Jesse too is to provide the war fighter access to the decision making information while providing mission assurance of the information and resilience of the underlying terrestrial air in space networks that support them operationally. >>six to maintain seamless integration, adaptation, and employment of our capability. To sense signal connect, transmit, process control, direct, and deliver lethal capabilities against the enemy. We gain a strategic advantage through the integration of these capabilities across all the domains, by providing balance bowel space, awareness, horse protection, and weapons controlled and deployment capabilities. Now successfully any ratings, the systems and capabilities will provide our war fighters overwhelming superiority on the battlefield environment, challenged by near peer adversaries, as well as non state actors in space. The character of its employment is changing, driven by increasing demands, not just by DOD, but by the commercial sector as well. You know, more and more, uh, we see greater use of small satellite systems to address a myriad of emerging questions, ubiquitous communications, awareness, sensor diversity, and many more. Uh, as I said before, the commercial world is pioneering high rate production of small satellites in our efforts to deploy hundreds, if not thousands of nodes space X, Darlene constellation is one example. >>Another one is Amazon's Kiper, uh, Kuyper just received FCC approval to deploy like over 3000 of these different notes. While a number of these companies continue to grow. Some have struggled. They some pointed as one web, uh, nevertheless, the appetite remains strong and DOD is taking advantage of these advances to support our missions. We are currently exploring how to better integrate the DOD activities involving small satellites under the small satellite coordinating activity, scholarly call it. We want to ensure collaboration and interoperability to maximize efficiency in acquisition and operation. When we started this activity on over a year and a half ago, we documented over 70 plus separate small, small sat programs within DOD. And now we've developed a very vibrant community of interest surrounding a small satellites. Now, part of the work we have identified nine focus areas for further development. These are common areas to all systems and by continuing to expand on these, our plan is they enable a standard of practice that can be applied across all of the domains. >>This includes lawn services, ground processing distribution, and of course, a topic of interest to the symposium space security and Chris we'll, we'll talk more about that being the Houston expert, uh, in this area. Uh, one challenge that we can definitely start working on today is workforce development. Cybersecurity's unique as it straddles STEM and security and policy, the trade craft is different. And unfortunately I've seen estimates recently, so suggesting a workforce gap in the next several years, much like the STEM fields, uh, during the next session, I am a part of a panel with precedent, Armstrong, Cal poly, and Steve Jake's the founder of the national security space association to address workforce development. But for this panel, I'll look forward to having further dialogue surrounding space, opera security with Chris and John. Thank you, John >>Bob, thank you for that whole thing, Steven. Yes. Workforce gaps. We need the new skill space is here. Thank you very much. Chris Henson, technical director of space and weapons, cybersecurity solutions for the national security agency. Your statement, >>Thank you for having me. Uh, I'm one of several technical leaders in space at the national security agency. And I'm currently on a joint duty assignment at the office of under secretary of defense for acquisition and sustainment. I work under mr. GUMA hot in the C four ISR area, but almost 63 years ago on the 4th of October, 1957, Sputnik was the first artificial satellite launched by the Soviet union in space. History was made in each of you can continue to write future space history in your careers. And just like in 1957, the U S isn't alone in space to include our close partnerships and longterm activities with organizations like the Japanese space agency, the European space agency, and, uh, the Canadian space agency, just to name a few. And when we tackle cybersecurity per space, we have to address, address the idea that the communications command and control, uh, and those mission datas will transverse networks owned and operated by a variety of partners, not only.go.mil.com.edu, et cetera. We need to have all the partners address the cyber effects of those systems because the risk excepted by one is shared by all and sharing cyber best practices, lessons learned, uh, data vulnerabilities, threat data, mitigation, mitigation procedures, all our valuable takeaways, uh, in expanding this space community, improving overall conditions for healthy environment. So thank you for having me, and I appreciate the opportunity to speak to you and your audience. And I look forward to the discussion questions. Thank you. >>Thank you, Chris. Thank you, Bob. Okay. I mean open innovation, the internet, you see plenty of examples. The theme here is partners, commercial government. It's going to take a lot of people and tech companies and technologies to make space work. So we asked my first question, Bonnie, we'll start with you is what do you see as the DOD his role in addressing cybersecurity in space? Uh, it's real, uh, it's a new frontier. Um, it's not going away. It's only going to get more innovative, more open, more contested. It seems like a lot to do there. So what's your role in addressing cyber security in space? >>I think our role is to be the leader in developing and only is it the strategy, but the, uh, the implementation plan is to ensure a full of cybersecurity. If you look at the national cyber cyber strategy, I think publishing 2018 calls for like-minded countries, industry academia, and civil society. Once you mentioned John, the support technology development, uh, digital safety policy advocacy, and research you here today, and those listening are fulfilling their strategy. When you, when you develop, enable use cyber hygiene products, as examples of capabilities, you're pushing the goal to fruition. When you know, what's on your network patron network backup, you're in encrypt your network, you're hardening and preventing cyber attacks. And we in government academia in the case of Cal poly civil networks and in commercial companies, we all benefit from doing that cyber security. Uh, and I think Chris will, we'll, we'll definitely back me up on this more than passwords encryption or pharma. It's truly a mindset and a culture of enabling missions to succeed in assured in a resilient fashion. >>Chris, you're taking reaction to, to the cybersecurity challenge involved here, >>That's it, it's starting really at the highest level of governments. We have, uh, you know, the, the recent security policy directive five that just came out just a couple of days ago, recognize all the factors of cybersecurity that need to come into play. And probably the most important outcome of that as mr said, is the leadership role and that leadership, uh, blends out very well into partnership. So partnership with industry partnership with academia partnership, with, uh, other people that are exploring space. And those partnerships lend itself very naturally to sharing cybersecurity issues, topics as we come up with best practices as we come up with mitigation strategies. And as we come up with vulnerabilities and share that information, the, uh, we're not going to go alone in space, just like we're probably not going to go alone in many other industries or areas, uh, that the DOD has to be, uh, involved in many spectrums of deploying to space. >>And that deployment involves as Mr. Guzman said, encryption authentication, knowing what's on the network, knowing the, the fabric of that network. And if nothing else, this, uh, this, uh, internet of things and work from home environment that we've, uh, partaken of these last few months has even explored and expanded that notion even more dramatically as we have people dial in from all over the different, uh, locations, well space will be that natural node that, uh, natural, uh, next network and mesh involvement that we'll have to protect and explore on not just from a terrestrial involvement, but all segments of it. Th the comm segment, the space vehicle and the ground portion, >>No bond. We talked about this in our other segment, um, around with the president of Cal poly, but the operating models of the space force and the DOD and getting space. It's a software defined world, right? So cybersecurity is a real big issue. Cause you have an operating model that's requiring software to power, these low hanging satellites. That's just an extension to the network. It's distributed computing, know what this is. If you understand what technology we do in space, it's no different, it's just a different environment. So it's software defined that just lends itself well to hacking. I mean, if I'm a hacker I'm going, Hey, why not just take out a satellite and crash it down or make the GPS do something different? I mean, it's definitely an attack vector. This is a big deal. It's not just like getting credentials that are cashed on a server. You gotta really protect, >>Right? Because in one hand it space will carry not only, uh, uh, you know, for local national security information. Uh, but the, uh, I feel like at the economic wellbeing, the financial state of allowed a lot of countries and institutions, you know, more and more John lb, they'll be using space assets to, uh, uh, to make, uh, make, make all that happen. Right. So, and if you look at the, you talk, you mentioned the attack vectors in space, you know, it's not just the computers in the ground, but if you look at the whole life cycle for satellite systems in space, you know, that the, the, the tasking that you need to do that the command, the controlling of the vehicle, the data that comes down in the ground, even when you launch the, the birds, the satellites, you know, they only need to be protected because they're all somewhat vulnerable to, uh, to hacking, uh, to cyber attacks. Especially as we grow into commercialization space, it's going to be a lot more people out there playing in this world. It's going to be a lot more companies out there. And, you know, it's hard to track, uh, uh, you know, the, the potential of, of, of foreign influences as an example, and therefore the potential of being vulnerable in terms of the cyber threat. >>Gentlemen, I like you guys said to move on to this leadership role, you mentioned that you want to be a leader. I get it. The DOD is department of defense. That's a new frontier to defend war time zone. You mentioned war time opportunity potentially, but how do you guys assist that's term hat to getting done? Because there's public and private space operations happening, um, there's security challenge. What does being a leader mean? And how does the DOD department of defense assist driving the public and private? Do you lead from a project standpoint, you lead from a funding standpoint? Is it architectural? I mean, you're talking about now a new end to end architecture. It's not just cloud it's on premise. It's in devices, it's offloaded with new AI technology and Nicks and devices. It's IOT, it's all, this is all new, this is all new. What does it mean for the DOD to be a leader and how do you assist others to get involved? And what does that mean? >>Yeah, I think, uh, the one hand, you know, DOD used to lead, uh, in terms of, uh, uh, being the only source of funding for a lot of, uh, highly developmental efforts. Uh, we're seeing a different story in space. Again, I keep going back to the commercialization of space. We're seeing a lot more players, right? So in many ways >>Ally's commercial companies are actually legally leading the R and D uh, of a lot of different technologies. So we want to take, we certainly want to take advantage of that. So from a leadership standpoint, I think we, we, Lucia can come in, you know, by partnering a lot more with, with the commercial companies, uh, in 2022, the DOD released the defense, uh, uh, space strategy as an example that highlights the threats, the challenges and opportunities the United States has faced by, by sending a example of how we, how we, uh, how we counter, uh, the threats that are out there, not just the DOD, but, but the disability and the commercial sector as well. Our current conditions are strong, but we want to use four lines of effort to meet our challenges and capitalize on our desire state space, uh, lines of effort include building a comprehensive military badges space, integrating space into a national joint and combined operations. Like I mentioned before, shaping that strategic environment and cooperating with allies, partners, and industry and other U S governmental agencies, departments, and agencies to advance the cost of space to take full advantage of what space can provide us, uh, in DOD, uh, and the nation. Chris has a domain. Now, what's your take on all that? >>That's because again, it's going to take more people, >>More diverse, potentially more security >>Halls. What's your view on it? >>Well, let's, let's look at how innovation and new technologies can help us in these areas. So, uh, and, and mentioned it a couple of topics that you hit on already. One of the areas that we can improve on is certainly in the, uh, the architecture, uh, where we look at a zero trust architecture, one of the NIST standards that's come about where it talks about the authentication, uh, the need to know a granular approach, this idea of being able to protect, not just data, but the resources and how people can get access to those, whether they're coming in through an identification, authentication Prudential, or, uh, other aspects of, uh, the, the idea of not just anybody should be able to have access to data or anybody should have access once they're on the inside of the network. So that zero trust architecture is, is one approach where we can show some leadership and guidance. >>Another area is in, uh, a topic that you touched on as well was in the software area. So some innovations are coming on very rapidly and strong in this artificial intelligence and machine learning. So if we can take this AI and ML and apply it to our software development areas, they can parse so much information very quickly. And, uh, you know, this vast array of code that's going into system nowadays, and then that frees up our human, uh, explicit talent and developers that can then look at other areas and not focus on minor bawling to Beverly fix a vulnerability. Uh, they, they can really use their unique skills and talents to come up with a better process, a better way, and let the artificial intelligence and machine learning, find those common problems, those, those unknown, hidden lines of code that, uh, get put into a software alarm Prairie, and then pull down over and over again from system to system. So I think between, uh, an architecture leadership role and employee innovation are two areas that we can show, uh, some benefits and process improvement to this whole system. >>That's a great point, Chris, and you think about just the architectural computer architecture, you know, S you know, network attached storage is an advantage software defined there. You could have flash all flash arrays for storage. You could have multiple cores on a device and this new architecture, offloads things, and it's a whole new way to gain efficiencies. I mean, you got Intel, you got Nvidia, you've got armed all the processors all built in. Um, so there's definitely been commercial best practices and benefits to a new kind of architecture that takes advantage of these new things. It's just, just efficiencies. Um, but this brings up the whole supply chain conversation. I want to get your thoughts on this, because there is talk about predatory investments and access and tactics to gain supply chain access to space systems, your thoughts. >>Yeah. It's a serious threat and not just for, uh, the U S uh, space. So supply chain, if you will, is the supply chain. And I says, you know, writ large, I think, uh, I think it's a, it's a, it's a threat that's, that's real, we're we're seeing today. I just saw an example recently, uh, involving, uh, our, I think our launch services were, there was a, uh, a foreign, uh, threat that was those trying to get into a true through with predatory investments. Uh, so, uh, it is something that we need to, uh, be aware of it it's happening, uh, and is continuing to happen. Uh, it's an easy way to gain access, to, uh, do our IP. Uh, and, uh, so it's something that we, uh, are serious about in terms of, uh, awareness and, and countering >>Chris, your thoughts. I mean, we've see, I mean, I'm an open source guy. I was seen it when I grew up in the industry in the eighties, open source became a revolution, but with that, it enabled new tactics for, um, state sponsored attacks on it that became a domain in of itself. Um, that's well-documented and people talk about that all the time in cyber. Now you have open innovation with hardware, software connected systems. This is going to bring supply chain nightmare. How do you track it all? Who's got what software and what device, where the chip come from, who made it, this is the potential is everywhere. How do you see the, these tactics, whether it's a VC firm from another country or this, that, and the other thing startup. >>Yeah. So when we see, when we see coal companies being purchased by foreign investors, and, you know, we can get blocked out of those, whether it's in the food industry, or if it's in a microchip, then that microchip could be used in a cell phone or a satellite or an automobile. So all of our industries that have these companies that are being purchased, or a large born investment influx into those, you know, that could be suspect. And we, we have to be very careful with those, uh, and, and do the tracking of those, especially when those, uh, some of those parts of mechanisms are coming from off shore. And then going again, going back to, uh, the space policy directive five, it calls out for better supply chain, resource management, the tracking, the knowing the pedigree and the, the quantitative of ability of knowing where those software libraries came from, where the parts came from and the tracking and delivery of that from an end to end system. >>And typically when we have a really large vendor, they can, they can do that really well. But when we have a subcontractor to a subcontractor, to a subcontractor, their resources may not be such that they can do that. Try tracking in mitigation for counterfeits or fraudulent materials going into our systems. So it's a very difficult challenge, and we want to ensure as best we can that as we ingest those parts, as we ingest those software libraries and technologies into the system, that, uh, before we employ them, we have to do some robust testing. And I don't want to say that the last line of defense, but that certainly is a mechanism for finding out, do the systems perform as they stated, uh, on a test bench or a flat set, whatever the case may be before we actually deploy it. And then we're relying on the output or the data that comes from that, that system that may have some corrupt or suspect parts in it. >>Great point, this federal grant, >>The problem with space systems is kind of, you know, is once you, once you launch the bird or the sunlight, uh, your access to it is, is diminished significantly, right? Unless you, you go up there and take it down. Uh, so, you know, kind of to Chris's point, we need to be able to test all the different parts of insurer that is performing as, as described there ass, I spent as specified, uh, with, with good knowledge that it's, uh, it's, uh, it's trustworthy. Uh, and, uh, so we that all on the ground before we, we take it up to launch it. >>It's funny. You want agility, you want speed and you want security, and you want reliability and risk management all aggressive, and it's a technical problem. It says it's a business model problem. I'd love to get real quick. Before we jump into some of the more workforce and gap issues on the personnel side, have you guys should just take a minute to explain quickly what's the federal view. If you had to kind of summarize the federal view of the DOD and the roll with it wants to take, so all the people out there on the commercial side or students out there who are, you know, wanting to jump in, what is the current modern federal view of space cybersecurity. >>Chris, why don't you take that on I'll follow up. Okay. Uh, I don't know that I can give you the federal view, but I can certainly give you the department of defense. That cybersecurity is extremely important. And as our vendors and our suppliers, uh, take on a very, very large and important role, one area that we're looking at improving on is a cyber certification maturity model, where we, where we look at the vendors and how they implement an employee cyber hygiene. So that guidance in and of itself shows the emphasis of cyber security that when we want to write a contract or a vendor, uh, for, for a purchase, that's going to go into a space system. We'd like to know from a third party audit capability, can that vendor, uh, protect and defend to some extent the amount that that part or piece or software system is going to have a cyber protection already built into it from that vendor, from the ground floor up before it even gets put into a larger system. >>So that shows a level of the CMMC process that we've thought about and, uh, started to employ, uh, beginning in 2021 and will be further built on in, in the out years. How, how important the DOD takes that. And other parts of the government are looking at this, in fact, other nations are looking at the CMMC model. So I think it shows a concern in very many areas, uh, not just in the department of defense that they're going to adopt an approach like this. Uh, so it shows the, the pluses and the benefits of a cybersecurity model that, uh, all can build on boggy reaction. Yeah, I'll just, uh, I'll just add to that, John, you, you, you, you asked earlier about, you know, how do we, uh, track, uh, commercial entities or, or people in the space and cyber security domains? Uh, I can tell you that, uh, at least my view of it, you know, space and cyber security are new, it's exciting, it's challenging a lot technical challenges there. So I think in >>Terms of attracting the right people, personnel to work those areas, uh, I think it's, it's not only intellectually challenging, uh, but it's important for, for the dependency that NASA States, uh, and it's important for, for, for economic security, uh, writ large for, for us as well. So I think, uh, in terms of a workforce and trying to get people interested in, in those domains, uh, I hope that they see the same thing we do in terms of, of the challenges and the opportunities it presents itself in the future. >>Awesome. I love your talk on intro track there falling. You mentioned, uh, the three key areas of DOD sec success, developing a government whole government approach to partnership with the private sector. I think that's critical and the allies prioritizing the right investments on resilience, innovation, adaptive operations, and responding to rapidly to effectively emerging technology. So you can be fast, all think are all things. I all, all those things are relevant. So given that, I want to get your thoughts on the defense space strategy in 2020, the DOD released dispense defense space, strategy, highlighting threats, and challenges and opportunities. How would you summarize those threats and those challenges and opportunities? What are the, what are those things that you're watching in the defense space area? Right. >>Well, I think, I think I saw, as I said before, of course, as well, you know, uh, or, or seeing that a space will be highly contested, uh, because it's a critical element in our, in our war fighting construct, uh, Dwayne, a future conflict, I think we need to, to win space as well. So when you, when you look at our near peer adversaries, there's a lot of efforts, uh, in trying to, to, to take that advantage away from the United States. So, so the threat is real, uh, and I think it's going to continue to evolve and grow. Uh, and the more we use space, both commercial and government, I think you're going to see a lot more when these threads some AFAs itself, uh, in, in forms of cyber, cyber attacks, or even kinetic attacks in some cases as needed. Uh, so yeah, so with the, the, the threat is need growing, uh, space is congested, as we talked about, it will continually be contested in the future as well. So we need to have, uh, like we do now in, in, in all the other domains, a way to defend it. And that's what we're working on with India, with the, how do we pilot with tech, our assets in space, and how do we make sure that the data information that traverses through space assets are trust 40, um, and, uh, and, and, and free of any, uh, uh, interference >>Chris, exciting time. I'm your, if you're in technology, um, this is crossing many lines here, tech society will war time, defense, new areas, new tech. I mean, it's security, it's intoxicating at many levels, because if you think about it, it's not one thing. It's not one thing anymore. It spans a broader spectrum, these opportunities. >>Yeah. And I, and I think that expansion is, is a natural outgrowth from, as our microprocessors and chips and technology continue to shrink smaller and smaller. You know, we, we think of our, our cell phones and our handheld devices and tablets, and so on that have just continued to, uh, get embedded in our everyday society, our everyday way of life. And that's a natural extension when we start applying those to space systems. When we think of smallsats and cube sets and the technology that's, uh, can be repurposed into, uh, a small vehicle and the cost has come down so dramatically that, you know, we, we can afford to get a rapid experiments, rapid, um, exploitations and, and different approaches in space and learn from those and repeat them very quickly and very rapidly. And that applies itself very well to an agile development process, dev sec ops, and this notion of spins and cycles and refreshing and re uh, addressing priorities very quickly so that when we do put a new technology up, that the technology is very lean and cutting edge, and hasn't been years and years in the making, but it's, uh, relevant and new, and the, uh, the cybersecurity and the vulnerabilities of that have to be addressed because of, and allow that DevSecOps process to take place so that we can look at those vulnerabilities and get that new technology and those new, new experiments and demonstrations in space and get lessons learned from them over and over again. >>Well, that brings us to the next big topic I want to spend the remainder of our time on that is workforce this next generation. If I wasn't so old, I would quit my job and I would join medially. It's so much, it's a fun, it's exciting. And it's important. And this is what I think is a key point is that cybersecurity in and of itself has got a big gap of shortage of workers, nevermind, adding space to it. So this is, uh, the intersection of space and cybersecurity. There is a workforce opportunity for this next generation, a young person to person re-skilling, this is a big deal. Bong, you have thoughts on this. It's not just STEM, it's everything. >>Yeah. It's everything, you know, uh, the opportunities would have in space it's significant and tremendous. And I think, uh, if I were young, again, as you pointed out, John, uh, you know, I'm, I'm, I'm lucky that I'm in this domain in this world and I started years ago. Uh, but it continues to be exciting, uh, lots of, lots of opportunities, you know, and when you, when you look at, uh, some of the commercial space, uh, systems that are being, being put up, uh, if you look at, I mentioned Starlink before, and, and, uh, Amazon's Kuyper constellation. These guys are talking about couple of thousand satellites in space to provide ubiquitous communications for internet globally and that sort of thing. Uh, and they're not the only ones that are out there producing capability. Uh, we're seeing a lot more commercial imagery products being developed by bike, by companies, both within the U S and, and, uh, foreign foreign elements as well. So I think it's an exciting time to be in space. Certainly lots of opportunities, there's technical challenges, uh, galore in terms of, you know, not only the overcoming the physics of space, but being able to operate, uh, flexibly, uh, in, uh, get the most you can out of the capabilities we have, uh, uh, operating up as high as being cool. I mean, everyone looks at launch. >>She gets millions of views on live streams, the on demand, reruns get millions and millions of views. Um, it's, there's a lot of things there. Um, so Chris, what specifically could you share are things that people would work on? Um, jobs skills, what are some, what's the aperture, what's it look like if you zoom out and look at all the opportunities from a scale standpoint, what's out there, >>We'll talk to the aperture, but I want to give a shout out to our space force. And I mean, their, their job is to train and equip, uh, future space and, uh, that, that space talent. And I think that's going to be a huge plus up, uh, to have, uh, uh, a space force that's dedicated to training equipping, uh, the, an acquisition and a deployment model that, uh, will benefit not just the other services, but all of our national defense and our, uh, you know, our, our strategic way of, uh, how, how this company, country, employees space, uh, altogether. So having, having a space for us, I think, as a, is a huge, uh, a huge issue. And then to get to that aperture aspect of, of what you're, what you're asking and, you know, that addresses a larger workforce. Uh, we need so many different talents in, in this area. >>Uh, we can, we can have, we can employ a variety of people, uh, from technical writers to people who write, uh, write in developed software to those who, uh, are bending metal and actually, uh, working in a hardware environment. And, uh, those that do planning and launch operations and all of those spectrums and issues of jobs, or are directly related to a workforce that can contribute to, to space. And then once that data gets to the ground and employed out to a user, whether it's a data or we're looking at, uh, from a sensor recent, uh, recent events on, uh, shipping lanes, those types of things. So space has such a wide and diverse swath that the aperture's really wide open, uh, for a variety of backgrounds. And, and those that, uh, really just want to take an opportunity, take a, take a technical degree or a degree that, uh, can apply itself to a tough problem, uh, because they certainly exist in space. And we can, we can use that mindset of problem solving, whether you come at it from a hacker mindset, an ethical, a white hat approach to testing and vulnerability exploration, or somebody who knows how to actually, um, make, uh, operations, uh, safer, better, uh, through space situation awareness. So there's a, there's a huge swath of opportunity for us >>Bon talk about the, um, the cyber security enabled environment, the use cases that are possible when you have cybersecurity in play with space systems, um, which is in and of itself, a huge range of jobs, codings supply chain. We just talked about a bunch of them. There's still more connected use cases that go beyond that, that, that are enabled by it. If you think about it, and this is what the students at Cal poly and every other college and university community college, you name it, or watching videos on YouTube, anyone with a brain can jump in. If they, if they see the future, it's an all net new space force is driving awareness, but there's a whole slew of these new use cases that I call space enabled by cybersecurity systems. Your thoughts. >>Absolutely. I, you know, I was, uh, had planned on attending the, uh, uh, the cyber challenge that's Cal poly had planned in June, of course, a pandemic, uh, uh, took care of that plan. But, but I was intrigued by, by the approach that the Cal poly was taking with, with, uh, middle school and high school kids of, of, of, of exposing him to a problem set here. You have a, a satellite that came down from space, uh, and, uh, part of the challenge was to do Porensic analysis on the debris, uh, the remaining pieces of the sound like to figure out what happened. Uh, it had a, uh, a cybersecurity connotation. It was hacked. It was attacked by, by cyber threat nation, took it down. And the beauty of having these kids kind of play with, with the remaining parts of the satellite figure out what happened. >>So I was pretty exciting. I was really looking forward to participating in that, but again, the pandemic kind of blew that up, but I, I look forward to future events like that to, to get our young people intrigued and interested in, uh, in this new field of space. Now, you know, Chris was talking earlier about opportunities, the opportunity that you talk about, you know, while I would like to have people come to the government, right. To help us out. It's not, it's not just focused on government, right? There's not lots of opportunities in commercial space. I, if you will, uh, for, for a lot of talent to, uh, uh, to have, uh, to participate in. So the challenge is a man's government and the commercial sector, John, >>I mean, you get the hardcore, you know, I want to work for the DOD. I want to work for NSA. I want to work for the government. You clearly got people who want to have that kind of mission, but for the folks out there, Chris and bong that are like, I'll do I qualify it? It's like the black box of the DOD. It's like a secret thing. You got any clearance, you've got to get all these certifications. And you've got to take all kinds of tests and background checks. And, um, is it like that? And will that continue? Cause some people might say, Hey, can I even get involved? What do I do? So I know there's some private partnerships going on with companies out there in the private sector. So this is now a new, you guys seem to be partnering and going outside the comfort zone of the old kind of tactical things. What are some of those opportunities that people could get involved that they might not know about >>PR for NSA, there's a variety of workforce, uh, initiatives that, uh, uh, for anybody from a high school work study can take advantage of to, uh, those that would like have to have internships. And those that are in a traditional academic environment, there's, uh, several NSA schools across the country that have a academic and cyber acts, uh, sites of excellence that participate in projects that are shepherded and mentored by those at NSA that can get those tough problems that don't have maybe a classified or super sensitive, uh, nature that that can be worked in and in an academia environment. So, so those are two or three examples of how somebody can break into, uh, the, uh, an intelligence organization and the, and the other agencies have those, uh, opportunities as well across the intelligence community and the, the partnership between and collaborative collaboration between private industry and the agencies and the department of defense just continue to grow over and over again. And even myself being able to take care advantage of a joint duty assignment between my home organization and the Pentagon just shows another venue of somebody that's in one organization can partner and leverage with another organization as well. So I'm an example of, of that partnering that's going on today. >>So there's some innovation, bong, non traditional pathways to find talent. What are out there? What are new, what are these new nontraditional ways >>I was going to add to what Chris was, was mentioning John? Yeah. Even within view and under the purview of our chief information officer, back in 2013, the deputy surfed dirty defense signed the, uh, what we call the DOD cyberspace workforce strategy, uh, into effect. And that included a program called the cyber information technology exchange program. It's an exchange program in which a, uh, you know, private sector employee and worked for the DOD in cyber security positions, uh, span across multiple mission critical areas. So this is one opportunity to learn, uh, you know, in inside the DOD what's happening as a private sector person, if you will, uh, going back to what we talked about, you know, kinda, uh, opportunities, uh, within the government for, for somebody who might be interested, uh, you know, you don't have to be super smart, Bork and space. Uh, there's a lot of like, like Chris pointed out, there's a lot of different areas that we need to have people down within people to do, uh, to conduct the mission space. So you don't have to be mathematician mathematician. You don't have to be an engineer to succeed in this business. I think there's plenty of opportunities for, for any types of, of talent, any type of academic disciplines that, that, that, that they're out there. >>And I think, you know, Chris is shout out to the space force is really worth calling out again, because I think to me, that's a big deal. It's a huge deal. It's going to change the face of our nation and society. So super, super important. And that's going to rise the tide. I think it's gonna create, uh, some activation, uh, for a younger generation, certainly, and kind of new opportunities, new problems to solve new threats to take on and, and move it on. So really super conversation space in cybersecurity, the department of defense perspective, Von and Chris, thank you for taking the time. I'd love you guys just to close out. We'll start with you bong. And then Chris summarize for the folks watching, whether it's a student at Cal poly or other university or someone in industry and government, what is the department of defense perspective for space cybersecurity? >>Chris, won't go and take that on. I started, thank you. Uh, cyber security applies to much more than just the launch and download of mission data or human led exploration and the planning, testing, and experiments in the lab prior to launch require that cyber protection, just as much as any other space link, ground segment, trust rail network, or user data, and any of that loss of intellectual property or proprietary data is an extremely valuable and important, and really warrants, cybersecurity safeguards in any economic espionage or data exfiltration or denied access to that data I E ransomware or some other, uh, attack that can cripple any business or government endeavor. Uh, no matter how small or large, if it's left in our economic backbone, uh, clearly depends on space and GPS is more than just a direction finding our banking needs that a T and timing from P and T or whether it says systems that protect our shipping and airline industry of whether they can navigate and go through a particular storm or not, uh, even fighting forest fires picked up by a remote sensor. >>All those space-based assets, uh, require protection from spoofing date, uh, data denial or total asset loss. An example would be if a satellite sensitive optics were intentionally pointed at the sun and damaged, or if a command, uh, to avoid collision with another space vehicle was delayed or disrupted or a ground termination command. As we just saw just a few days ago at T minus three seconds prior to liftoff, if those all don't go as planned, uh, those losses are real and can be catastrophic. So the threat to space is pervasive real and genuine, and your active work across all those platforms is a necessary and appreciated. And your work in this area is critical, uh, going forward going forward. Uh, thank you for this opportunity to speak with you and, uh, talking on this important topic. >>Thank you, Chris Henson, goodbye. >>Closing remarks. Yeah. Likewise, John, uh, again, uh, as, as Chris said, thank you for, for the opportunity to discuss this very important, uh, around space, cyber security, as well as addressing, uh, at the end there, we were talking about workforce development and the need to have, uh, people, uh, in the mix for four features. We discussed with you. We need to start that recruiting early, uh, as we're doing to address, uh, the STEM gap today, we need to apply the same thing for cybersecurity. We, we absolutely need smart, innovative people to protect both Iraq. Anomic wellbeings a nation as well as our national defense. So this is the right conversation to have at this time, John and I, again, thank you and our Cal poly hose for, or, uh, having a symposium and, and having this opportunity to have this dialogue. Thank you, >>Gentlemen. Thank you for your time and great insights. We couldn't be there in person. We're here virtual for the space and cybersecurity symposium, 2020, the Cal poly I'm Jennifer with Silicon angle and the cube, your host. Thank you for watching.