from New York it's the cube covering escape 19 okay welcome back to the cube coverage New York City for the inaugural multi-cloud conference the first one ever in the industry is called escape 2019 we're in New York so escapee from New York City from cloud that's the conversation all the thought leaders are here and executives people thinking about the next generation architecture and top tracks are all here if it's Wednesday who's the chief information security officer for Flextronics flex let's thank you for coming on love to have see so some because security seems to be there always a top conversation you got a very busy job I do yes you heard a lot of pressure all the time it's fun it's so fun for me so yeah as a Caesar and it's always like security stop in mind right of everyone out these days yeah and it's very sir one of the most interesting job I think most of the interesting for my trophies I learned so much about our business and they have insight into so many things that's actually really great you know one of the things I was just talking about on the kind of cube conversation was you know how date is really important part of it and how data backup and recovery was built on old thinking around you know data centers failing floods hurricanes electricity gets outages but the biggest disruption in business today is security security threats and so that's the cyber security pressure it's causing CISOs to to be mindful of the best architecture the best platform do we have the right tools so I wanna get your thoughts how are you thinking about that as an organization because you are you building in-house developers are you how you how are you organizing how are you gearing up to fight the battles that need to be fought so I am and I'm with the company so if Lex is a big manufacturing company right 26 billion so we have a lot of p2p business not consumer business which is I believe a different perspective of security versus actually like a consumer company facing so and I'm if in a security team for 15 years so we put it up like security operations and the orders kind of things really right we're old school I am what school learnt everything in that right but you a lot of IOT I mean you just really achieve oh yeah Industrial tea it's one of the topic but coming back to you you're right data is actually the center in Flour business data is getting more center right you collect data from the machine you collect data actually for the business actually to make more decisions right and could be predictive maintenance could be inventory management there could be a lot of things right you have to think about it so and the funny thing is I'm real I'm the seasonal for five years 15 years with the security team 20 years with the company so I rebuilt the team always like every three four years you like it's a kind of rebirth of the team we renew we add new skills right and cloud is one of the things which I think it's a fundamental change and the change is actually with it's actually on the development side what it means with that it's a security team has to move to serve the developers and the problem if the wood school was always like it's after sort so why I secured to such an issue because we had to do patching after we found vulnerabilities right and then old network is unsecure you need to wrap something around that like we did firewall so it was always an after sort now with the cloud it's changing because you have a lot of different things to do but basically we need to enable developers to be very quick and deploy their software very quickly so you know it is a fundamental change in the way you have to think the particular yeah and then that brings up the good question love to ask you because given you guys again not a consumer like Capital One yeah they don't challenge they got they weren't hacked Amazon actually the firewall was misconfigured an s3 bucket but that's a consumer company you have data though you're an industrial company got a lot of industrial IOT ransomware folks are targeting data yes and everyone's a target it's your surface area is large but you probably lock that down in the past so how are you thinking about all this new stuff so yeah I mean IOT it's I mean I would tease the problem as you said Industrial right it's not solved yet completely right because they still have to rethink a lot of the vendors providing this machinery which you've purchased for 25-30 years right this Silla wood school right sometimes like the one witness you can't upgrade or whatever such basic things they'd be lacking actually in terms of security there still has to be a shift in this you know not just in the industry but in a general thinking how you do that yes I have a big environment so we locked it down we use a lot of innovative technologies actually preventive measurements was also detected measuring and you need to create kind of mightily a concept where you actually start okay what is if this figures how we test it okay this face do we have other measurements where we can try to prevent measure stop those kind of things right but Wrentham is a big one there's other things as you know like hacking I mean they're kept in I was healing probably the capital one was an interesting money my I believe in that for the cloud its configuration issues right which I think it comes with cloud security it's about policy and configuration management right how you manage that and how you think about it but it's not it was not a nation gonna solve that I mean that's a open s3 bucket that's trivial I wasn't a big yes and no you look if you look at that it was a little bit more in detail so it was actually the back firewall was misconfigured which is a mod security running on a fresh air but the Miss configuration was actually a SS as server surgery force request issue which means like you tricked this firewall in giving you information you shouldn't give you so it was a little bit more granular as people think it was right just as free pocket configuration so it was a little bit more greener but I think that's the word the difficult comes about it which every security it's a complex problem right it's the many things you have - configuration error it was a configuration dumb as an s3 bucket no it was not rounded more sophisticated but not that sophisticated was it yellow what the change I would not sophisticated but something it's not easy to solve so you have to think about it but you're right it's still something exploit from a corner case it's still something you could have I mean I I'm careful to say you could have avoided yes you could because that's for sure but I know it's a complex environment right I'm not a human as humans involved and I know I don't know that eaters exactly we only know that once it's published right so it's very hard to to charge well let's bring some cloud security so let me ask you on multi-cloud this is a multi cloud conference what's your definition of multi-cloud how do you look at the multiple clouds for me more debris cloud is actually doesn't matter we had the good keynote where I said it's a bunch of service right that's how I see my two cloud it's a bunch of service could be my data centers in the public cloud data centers with different vendors that's what a cow is where I move my services should be actually independent from the public hybrid on-premise whatever it is right that's basically how I see it so it doesn't matter it's infrastructure on demand leverage it leverage it it could be say hey today I spin off this test server but you know what today it seems to be a cheaper all running on the Eva Lovelace versus CPC let's do it here next day next week we might do it somewhere else whatever you trigger whatever what is your requirements so you'd only look at that resource that like that how do you think about the cloud security then because the configurations compliance how do you how do you stay on top of that so that's an interesting thing because we a big enterprise but we as you said know consumer business so our problem is to find the right skill set to attract the right people to our company to do that right because this is our we have some cloud but it's not yet there's a journey we are trying to do as most of the enterprise so we're looking into startups managed services we say okay where are the gaps where we have to really have to outsource some of the things and gaps where we need to get information what's your advice to other CISOs out there that are in the b2b space of none other deal to consumer but I have to get serious that is now becoming more industrialized on the IOT side because you guys have been you know been there done that you have a big footprint on the IOT because you're history but as people get more facilities and they have more virtual offices more people working the edge is extending what's your advice to those CEOs who have to deal with this industrial and IOT edge I think you have to visibility is the key ingredient is first right if you don't know what you have it's very hard to understand what's the risk portfolios right so you need to find the right to set and don't believe you know what they have it's fantastic what you see when you use the right tool what this is everything is connected I mean basically even like I found like this coffee market I connect the devices right it's like like everyone just don't understand like it's kind of light poles get both wake multi-threaded processor what is that doing so there's I mean but visibility is a key ingredient so you have to understand and then you have to look into how you might take a terrace what is your risk about it right I mean if the coffee mug goes down I don't really care but if my testicles sound and I shut down the production I really care about that so you need to understand that risk and say how can i mitigating risk so while I got you here what's your final question what's your message to suppliers out there that all want to sell you something they want to sell you another tool you know an another tool you know I got a platform I got a tool you mean this here 750 which is existing now like the cybersecurity if you go to I say conferences unbelievable right it's like I want to sell you something you're the top dog I use shrinking suppliers down are you looking at some sort of standard API way to deal with them because you know you're obviously probably thinking about platforming and data visibility is critical what's your philosophy on how to support medieval suppliers so usually honestly the most time I really go in so for innovative technology we built in our company our so-called strategic partnership program were being it for startups and most of the time we engage we start of services or through other channels right but you get introduced and you review with a proof of concept of value the technology and we try to keep it like as a minimum value product very short time and say okay let's show what you can where your gaps are and can we get with you guys and come and get you but don't send me an email don't call me because I usually not react I have a job to do so that's most of the time where the disease were what comes all of the guys that hey I found another scissors tell me there's great technology you should look into that and what shows do you go to what events do you hang out and what are good events for you in this in the space RSA Red Hat black depth on are there certain events that you go to that you think are valuable I mean it's easily I go to the to the RSA Conference ership because actually it's very close to me as well yeah and being part being out of Santa C I recommend the b-sides actually I like the peace sign that these guys are great the pieces are great I think they are real value and then I try to a smaller circus I'd be a fun person around papers there's b-sides for folks watching is an alternative group of community industry participants they have kind of a b-side of a side like an album but it's essentially community event they do hackathons and variety of other cool things where people get together very unstructured kind of cool conference addition to bigger conferences I can't recommend desk yeah bitch thanks for coming on and sharing your insights there's pleasure there's a cube coverage here in New York City we're not escaping from the University escape conference the first multi-cloud conference in the industry we'll see how it goes if they're successful they might be back next year if not they won't be but I think multi-class here today what do you think okay great thanks for coming on I'm John Fourier thanks for watching