Image Title

Search Results for CSUN:

Snehal Antani S2 E4 Final


 

>>Hey everyone. Welcome to the Cube's presentation of the AWS startup showcase. Season two, episode four, I'm your host. Lisa Martin. This topic is cybersecurity detect and protect against threats. Very excited to welcome a Cub alumni back to the program. SNA hall, autonomy, the co-founder and CEO of horizon three joins me SNA hall. It's great to have you back in the studio. >>Likewise, thanks for the invite. >>Tell us a little bit about horizon three. What is it that you guys do you we're founded in 2019? Got a really interesting group of folks with interesting backgrounds, but talk to the audience about what it is that you guys are aiming to do. >>Sure. So maybe back to the problem we were trying to solve. So my background, I was a engineer by trade. I was a CIO at G capital CTO at Splunk and helped, helped grows scale that company and then took a break from industry to serve within the department of defense. And in every one of my jobs where I had cyber security in my responsibility, I suffered from the same problem. I had no idea I was secure or that we were fixing the right vulnerabilities or logging the right data in Splunk or that our tools and processes and people worked together well until the bad guys had showed up. And by then it was too late. And what I wanted to do was proactively verify my security posture, make sure that my security tools were actually effective, that my people knew how to respond to a breach before the bad guys were there. And so this whole idea of continuously verifying my security posture through security testing and pen testing became a, a passion project of mine for over a decade. And I, through my time in the DOD found the right group of an early people that had offensive cyber experience that had defensive cyber experience that knew how to build and ship and, and deliver software at scale. And we came together at the end of 2019 to start horizon three. >>Talk to me about the current threat landscape. We've seen so much change in flux in the last couple of years globally. We've seen, you know, the threat actors are just getting more and more sophisticated as is the different types of attacks. What are you seeing kind of horizontally across the threat landscape? >>Yeah. The biggest thing is attackers don't have to hack in using zero days. Like you see in the movies. Often they're able to just log in with valid credentials that they've collected through some mechanism. As an example, if I wanted to compromise a large organization, say United airlines, one of the things that an attacker's gonna go off and do is go to LinkedIn and find all of the employees that work at United airlines. Now you've got, say 7,000 pilots of those pilots. You're gonna figure out quickly that their use varie and passwords or their use varie@leastarefirstnamelastinitialatunited.com. Cool. Now I have 7,000 potential logins and all it takes is one of them to reuse a compromise password for their corporate email. And now you've got an initial user in the system and most likely that initial user has local admin on their laptops. And from there, an attacker can dump credentials and find a path to becoming a domain administrator. >>And what happens oftentimes is security tools. Don't detect this because it looks like valid behavior in the organization. And this is pretty common. This idea of collecting information on an organization or a topic or target using open source intelligence, using a mix of credentialed spraying and kinda low priority or low severity exploitations or misconfigurations to get in. And then from there systematically dumping credentials, reusing those credentials and finding a path towards compromise and almost less than 2% of, of CVEs are actually used in exploits. Most of the time attackers chain together misconfigurations bad product defaults. And so really the threat landscape is attackers don't hack in. They log in and organizations have to focus on getting the basics right and fundamentals right first, before they layer on some magic, easy button that is some security AI tools hoping that that's gonna save their day. And that's what we found systemically across the board. >>So you're finding that across the board, probably pan industry, that, that a lot of companies need to go back to basics. We talk about that a lot when we're talking about security, why do you think that >>Is? I think it's because one, most organizations are barely treading water. When you look at the early rapid adopters of horizon threes, pen testing, product, autonomous pen testing, the early adopters tended to be teams where the it team and the security team were the same person and they were barely treading water. And the hardest part of my job as a CIO was deciding what not to fix because the bottleneck in the security processes, the actual capacity to fix problems. And so fiercely prioritizing issues becomes really important, but the, the tools and the processes don't focus on prioritizing what's exploitable, they prioritize, you know, by some arbitrary score from some arbitrary vulnerability scanner. And so we have as a fundamental breakdown of the small group of folks with the expertise to fix problems, tend to be the most overworked and tend to have the most noise to need to sift through. So they don't even have time to get to the basics. They're just barely treading water doing their day jobs. And they're often sacrificing their nights and weekends. All of us at horizon three were practitioners at one point in our career, we've all been called in on the weekend. So that's why, what we did was fiercely focus on helping customers and users fix problems that truly matter, and allowing them to quickly retack and verify that the problems were truly fixed. >>So when it comes to today's threat landscape, what is it that organizations across the board should really be focused on? >>I think systemically what we see are bad password or credential policies, least access, privileged management type processes, not being well implemented. The domain user tends to be the local admin on the box, no ability to understand what is a valid login versus a, a malicious login. Those are some of the basics that we see systemically. And if you layer that with, it's very easy to say misconfigure vCenter, or misconfigure a piece of Cisco gear, or you're not gonna be installing monitoring and OB observa security observability tools on that. HP integrated lights out server. And so on. What you'll find is that you've got people overworked that don't have the capacity to fix. You have the fundamentals or the basics, not, not well implemented. And you have a whole bunch of blind spots in your security posture, and defenders have to be right. Every time attackers only have to be right once. And so what we have is this asymmetric fight where attackers are very likely to get in. And we see this on the news all the time. >>So, and, and nobody of course wants to be the next headline. Right? Talk to me a little bit about autonomous pen testing as a service, what you guys are delivering and what makes it unique and different than other tools that have been out there as, as you're saying that clearly have >>Gaps. Yeah. So first and foremost was the approach we took in building our product. What we set up front was our primary users should be it administrators, network, engineers, and P. And that, that it intern who in three clicks should have the power of a 20 year pen testing expert. So the whole idea was empower and enable all of the fixers to find, fix in verify their security weaknesses continuously. That was the design goal. Most other security products are designed for security people, but we already know they're they're task saturated. They've got way too many tools under the belt. So first and foremost, we wanted to empower the fixers to fix problems. That truly matter, the second part was we wanted to do that without having to install credentialed agents all over the place or writing your own custom attack scripts, or having to do a bunch of configurations and make sure that it's safe to run against production systems so that you could, you could test your entire attack surface your on-prem, your cloud, your external perimeter. >>And this is where AWS comes in to be very important, especially hybrid customers where you've got a portion of your infrastructure on AWS, a portion on-prem and you use horizon three to be able to attack your complete attack surface. So we can start on Preem and we will find, say the AWS credentials file that was mistakenly saved on a, a share drive, and then reuse that to become admin in the cloud. AWS didn't do anything wrong. The cloud team didn't do anything wrong. A developer happened to share a password or save a password file locally. That's how attackers get in. So we can start from on-prem and show how we can compromise the cloud, start from the cloud and, and, and show how we can compromise. On-prem start from the outside and break in. And we're able to show that complete attack surface at scale for hybrid customers. >>So showing that complete attack surface sort of from the eyes of the attacker, >>That's exactly right, because while blue teams or the defenders have a very specific view of their environment, you have to look at yourself through the eyes of the attacker to understand what are your blind spots? What do do they see that you don't see? And it's actually a discipline that is well entrenched within military culture. And that's also important for us as the company. We're about a third of horizon, three served in us special operations or the intelligence community with the United States, and then do OD writ large. And a lot of that red team mindset view yourself through the eyes of the attacker and this idea of training. Like you fight in building muscle memories. So you know how to react to the real incident when it occurs is just ingrained in how we operate. And we disseminate that culture through all of our customers as well. >>And, and at this point in time, it's, every business needs to assume an attacker's gonna get in >>That's right. There are way too many doors and windows in the organization. Attackers are going to get in, whether it's a single customer that reused their Netflix password for their corporate email, a patch that didn't get applied properly, or a new zero day that just gets published a piece of Cisco software that was misconfigured, you know, not by anything more than it's easy to misconfigure. These complex pieces of technology attackers are going to get in. And what we want to understand as customers is once they're in, what could they do? Could they get to my crown Jewel's data and systems? Could they borrow and prepare for a much more complicated attack down the road? If you assume breach, now you wanna understand what can they get to, how quickly can you detect that breach and what are your ways to stifle their ability to achieve their objectives. And culturally, we would need a shift from talking about how secure I am to how defensible are we. Security is kind of a state, a point in time, state of your organization, defense ability is how quickly you can adapt to the attacker to stifle their ability to achieve their objective >>As things are changing >>Constantly. That's exactly right. >>Yeah. Talk to me about a typical customer engagement. If there's, you mentioned folks treading water, obviously there's the huge cybersecurity skills gap that we've been talking about for a long time. Now that's another factor there, but when you're in customer conversations, who were you talking to? What typically are, what are they coming to you for help? >>Yeah. One big thing is you're not gonna win and, and win a customer by taking 'em out to steak dinners. Not anymore. The way we focus on, on our go to market and our sales motion is cultivating champions. At the end of the proof of concept, our internal measure of successes is that person willing to get a horizon three tattoo. And you do that, not through state dinners, not through cool swag, not through marketing, but by letting your results do the talking. Now, part of those results should not require professional services or consulting it. The whole experience should be self-service frictionless and insightful. And that really is how we've designed the product and designed the entire sales motion. So a prospect will learn or discover about us, whether it's through LinkedIn, through social, through the website, but often because one of their friends or colleagues heard about us saw our result and is advocating on our behalf. >>When we're not in the room from there, they're gonna be able to self-service just log to our product through their LinkedIn ID, their Google ID. They can engage with a salesperson if they want to, they can run a pen test right there on the spot against their home, without any interaction with a sales rep, let those results do the talking, use that as a starting point to engage in a, in a more complicated proof of value. And the whole idea is we don't charge for these. We let our results do the talking. And at the end, after they've run us to find problems they've gone off and fixed those issues. And they've rerun us to verify that what they've fixed was properly fixed, then they're hooked. And we have a hundred percent technical win rate with our prospects when they hit that fine fix verify cycle, which is awesome. And then we get the tattoo for them, at least give them the template. And then we're off to the races >>That it sounds like you're making the process more simple. There's so much complexity behind it, but allowing users to be able to actually test it out themselves in a, in a simplified way is huge. Allowing them to really focus on becoming defensible. >>That's exactly right. And you know, the value is we're all, especially now in security, there's so much hype and so much noise. There's a lot more time being spent, self discovering and researching technologies before you engage in a commercial discussion. And so what we try to do is optimize that entire buying experience around enabling people to discover and research and learn the other part, right. Remember is offensive cyber and ethical hacking. And so on is very mysterious and magical to most defenders. It's such a complicated topic with many nuance tools that they don't have the time to understand or learn. And so if you surface the complexity of all those attacker tools, you're gonna overwhelm a person that is already overwhelmed. So we needed the, the experience to be incredibly simple and, and optimize that fine fix verify aha moment. And once again, be frictionless and be insightful, >>Frictionless and insightful. Excellent. Talk to me about results. You mentioned results. We, we love talking about outcomes. When a customer goes through the, the POC POB that you talked about, what are some of the results that they see that hook them? >>Yeah. The biggest thing is what attackers do today is they will find a low from machine one, plus a low from machine two equals compromised domain. What they're doing is they're chaining together issues across multiple parts of your system or your organization to hone your environment. What attackers don't do is find a critical vulnerability and exploit that single machine it's always a chain is always, always multiple steps in the attack. And so the entire product and experience in actually our underlying tech is around attack pads. Here is the path, the attack path an attacker could have taken. You know, that node zero, our product took here is the proof of exploitation for every step along the way. So, you know, this isn't a false positive, in fact, you can copy and paste the attacker command from the product and rerun it yourself and see it for yourself. >>And then here is exactly what you have to go fix and why it's important to fix. So that path proof impact and fix action is what the entire experience is focused on. And that is the results doing the talking, because remember, these folks are already overwhelmed. They're dealing with a lot of false positives. And if you tell them you've got another critical to fix their immediate reaction is Nope. I don't believe you. This is a false positive. I've seen this plenty of times. That's not important. So you have to in your product experience in sales process and adoption process immediately cut through that defensive or that reflex and its path proof impact. Here's exactly what you fix here are the exact steps to fix it. And then you're off to the races. What I learned at Splunk was you win hearts and minds of your users through amazing experience, product experience, amazing documentation, yes, and a vibrant community of champions. Those are the three ingredients of success, and we've really made that the core of the product. So we win on our documentation. We win on the product experience and we've cultivated pretty awesome community. >>Talk to me about some of those champions. Is there a customer story that you think really articulates the value of no zero and what it is that, that you are doing? Yeah. >>I'll tell you a couple. Actually, I just gave this talk at black hat on war stories from running 10,000 pen tests. And I'll try to be gentle on the vendors that were involved here, but the reality is you gotta be honest and authentic. So a customer, a healthcare organization ran a pen test and they were using a very well known, managed security services provider as their, as their security operations team. And so they initiate the pen test and they were, they wanted to audit their response time of their MSSP. So they run the pen test and we're in and out. The whole pen test runs two hours or less. And in those two hours, the pen test compromises, the domain gets access to a bunch of sensitive data. Laterally, maneuvers rips the entire entire environment apart. It took seven hours for the MSSP to send an email notification to the it director that said, Hey, we think something's suspicious is wow. Seven hours. That's >>A long time >>We were in and out in two, seven hours for notification. And the issue with that healthcare company was they thought they had hired the right MSSP, but they had no way to audit their performance. And so we gave them the, the details and the ammunition to get services credits to hold them accountable and also have a conversation of switching to somebody else. >>That accountability is key, especially when we're talking about the, the threat landscape and how it's evolving day to day. That's >>Exactly right. Accountability of your suppliers or, or your security vendors, accountability of your people and your processes, and not having to wait for the bad guys to show up, to test your posture. That's, what's really important. Another story is interesting. This customer did everything right. It was a banking customer, large environment, and they had Ford net installed as their, as their EDR type platform. And they, they initiate us as a pen test and we're able to get code execution on one of their machines. And from there laterally maneuver to become a domain administrator, which insecurity is a really big deal. So they came back and said, this is absolutely not possible. Ford net should have stopped that from occurring. And it turned out because we showed the path and the proof and the impact Forder net was misconfigured on three machines out of 5,000. And they had no idea. Wow. So it's one of those you wanna don't trust that your tools are working. Don't trust your processes. Verify them, show me we're secure today. Show me we're secured tomorrow. And then show me again, we're secure next week, because my environment's constantly changing. And the, and the adversary always has a vote, >>Right? The, the constant change in flux is, is huge challenge for organizations, but those results clearly speak for themselves. You, you talked about the speed in terms of time, how quickly can a customer deploy your technology, identify and remedy problems in their environment. >>Yeah. You know, this fine fix verify aha moment. If you will. So traditionally a customer would have to maybe run one or two pen tests a year and then they'd go off and fix things. They have no capacity to test them cuz they don't have the internal attack expertise. So they'd wait for the next pen test and figure out that they were still exploitable. Usually this year's pen test results look identical the last years that isn't sustainable. So our customers shift from running one or two pen tests a year to 40 pen tests a month. And they're in this constant loop of finding, fixing and verifying all of the weaknesses in their infrastructure. Remember there's infrastructure, pen testing, which is what we are really good at. And then there's application level pen testing that humans are much better at solving. Okay. So we focus on the infrastructure side, especially at scale, but can you imagine so 40 pen tests a month, they run from the perimeter, the inside from a specific subnet from work from home machines, from the cloud. And they're running these pen tests from many different perspectives to understand what does the attacker see from each of these locations in their organization and how do they systemically fix those issues? And what they look at is how many critical problems were found, how quickly were they fixed? How often do they reoccur? And that third metric is important because you might fix something. But if it shows up again next week, because you've got bad automation, you're not gonna you're in a rat race. So you wanna look at that reoccurrence rate also >>The recurrence rate. What are you most excited about as obviously the threat landscape continues to evolve, but what are you most excited about for the company and what it is that you're able to help organizations across industries achieve in such tumultuous times? Yeah. You >>Know, one of the coolest things is back because I was a customer for many of these products, I, I despised threat intelligence products. I despised them because they were basically generic blog posts maybe delivered as a, as a, as a data feed to my Splunk environment or something. But they're always really generic. Like you may have a problem here. And as a result, they weren't very actionable. So one of the really cool things that we do, it's just part of the product is this concept of, of flares flares that we shoot up. And the idea is not to be, to cause angst or anxiety or panic, but rather we look at threat intelligence and then because all, all the insights we have from your pen test results, we connect those two together and say your VMware horizon instance at this IP is exploitable. You need to fix it as fast as possible or as very likely to be exploited. >>And here is the threat intelligence and in the news from CSUN elsewhere, that shows why it's important. So I think what is really cool is we're able to take together threat intelligence out in the wild combined with very precise understanding of your environment, to give you very accurate and actionable starting points for what you need to go fix or test or verify. And when we do that, what we see is almost like, imagine this ball bouncing, that is the first drop of the ball. And then that drives the first major pen test. And then they'll run all these subsequent pen tests to continue to find and fix and verify. And so what we see is this tremendous amount of AC excitement from customers that we're actually giving them accurate, detailed information to take advantage of, and we're not causing panic and we're not causing alert, fatigue as a result. >>That's incredibly important in this type of environment. Last question for you. If, if autonomous pen testing is obviously critical and has tremendous amount of potential for organizations, but it's not, it's only part of the equation. What's the larger vision. >>Yeah. You know, we are not a pen testing company and that's something we decided upfront. Pen testing is a sensor. It collects and understands a tremendous amount of data for your attack surface. So the natural next thing is to analyze the pen test results over time, to start to give you a more accurate understanding of your governance risk and compliance posture. So now what happens is we are able to allow customers to go run 40 pen tests a month. And that kind of becomes the, the initial land or flagship product. But then from there we're able to upsell or increase value to our customers and start to compete and take out companies like security scorecard or risk IQ and other companies like that, where there tended to be. I was a user of all those tools, a lot of garbage in garbage out, okay, where you can't fill out a spreadsheet and get an accurate understanding of your risk posture. You need to look at your detailed pen, test results over time and use that to accurately understand what are your hotspots, what's your recurrence rate and so on. And being able to tell that story to your auditors, to your regulators, to the board. And actually it gives you a much more accurate way to show return on investment of your security spend also, which >>Is huge. So where can customers and, and those that are interested go to learn more. >>So horizon three.ai is the website. That's a great starting point. We tend to very much rely on social channels. So LinkedIn in particular to really get our stories out there. So finding us on LinkedIn is probably the next best thing to go do. And we're always at the major trade shows and events also. >>Excellent SNA. It's been a pleasure talking to you about horizon three. What it is that you guys are doing, why and the greater vision we appreciate your insights and your time. >>Thank you, likewise. >>All right. For my guest. I'm Lisa Martin. We wanna thank you for watching the AWS startup showcase. We'll see you next time.

Published Date : Aug 19 2022

SUMMARY :

It's great to have you back in the studio. What is it that you guys do you we're founded in 2019? that my people knew how to respond to a breach before the bad guys were there. Talk to me about the current threat landscape. And now you've got an initial user in the system and And so really the threat landscape is attackers don't hack in. that, that a lot of companies need to go back to basics. And so we have as a fundamental breakdown of the small group of folks with the expertise And you have a whole bunch of blind spots in your security posture, and defenders testing as a service, what you guys are delivering and what makes it unique and different and make sure that it's safe to run against production systems so that you could, you could test your entire attack surface three to be able to attack your complete attack surface. And a lot of that red team mindset And culturally, we would need a shift from talking That's exactly right. What typically are, what are they coming to you for help? And you And at the end, after they've run us to find problems Allowing them to really focus on becoming defensible. And so if you surface the complexity of all those attacker tools, you're gonna overwhelm a POB that you talked about, what are some of the results that they see that hook them? And so the entire product and experience in actually our underlying tech is And then here is exactly what you have to go fix and why it's important to fix. Talk to me about some of those champions. And I'll try to be gentle on the vendors that were involved here, but the reality is you gotta be honest and the details and the ammunition to get services credits to hold them accountable and also to day. And from there laterally maneuver to become You, you talked about the speed And that third metric is important because you might fix something. to evolve, but what are you most excited about for the company and what it is that you're able to help organizations across And the idea is not to be, And here is the threat intelligence and in the news from CSUN elsewhere, that shows why it's important. but it's not, it's only part of the equation. And being able to tell that story to your auditors, to your regulators, to the board. So where can customers and, and those that are interested go to learn more. So LinkedIn in particular to really get our stories out there. It's been a pleasure talking to you about horizon three. We wanna thank you for watching the AWS startup showcase.

SENTIMENT ANALYSIS :

ENTITIES

EntityCategoryConfidence
Lisa MartinPERSON

0.99+

two hoursQUANTITY

0.99+

2019DATE

0.99+

twoQUANTITY

0.99+

AWSORGANIZATION

0.99+

Seven hoursQUANTITY

0.99+

oneQUANTITY

0.99+

HPORGANIZATION

0.99+

seven hourQUANTITY

0.99+

tomorrowDATE

0.99+

next weekDATE

0.99+

LinkedInORGANIZATION

0.99+

CiscoORGANIZATION

0.99+

CSUNORGANIZATION

0.99+

20 yearQUANTITY

0.99+

NetflixORGANIZATION

0.99+

SplunkORGANIZATION

0.99+

zero daysQUANTITY

0.99+

5,000QUANTITY

0.99+

second partQUANTITY

0.99+

firstQUANTITY

0.99+

United airlinesORGANIZATION

0.99+

first dropQUANTITY

0.99+

third metricQUANTITY

0.99+

7,000 pilotsQUANTITY

0.98+

todayDATE

0.98+

this yearDATE

0.98+

Ford netORGANIZATION

0.98+

hundred percentQUANTITY

0.98+

three machinesQUANTITY

0.98+

one pointQUANTITY

0.97+

seven hoursQUANTITY

0.97+

three clicksQUANTITY

0.97+

three ingredientsQUANTITY

0.97+

single machineQUANTITY

0.97+

eachQUANTITY

0.97+

varie@leastarefirstnamelastinitialatunited.comOTHER

0.96+

end of 2019DATE

0.96+

CubORGANIZATION

0.96+

40 penQUANTITY

0.96+

DODORGANIZATION

0.96+

threeQUANTITY

0.95+

less than 2%QUANTITY

0.95+

single customerQUANTITY

0.95+

Forder netORGANIZATION

0.95+

G capital CTOORGANIZATION

0.95+

last yearsDATE

0.94+

two pen testsQUANTITY

0.94+

7,000 potential loginsQUANTITY

0.93+

Snehal AntaniPERSON

0.92+

zero dayQUANTITY

0.91+

40 pen testsQUANTITY

0.9+

horizon threeTITLE

0.89+

United StatesLOCATION

0.88+

horizonORGANIZATION

0.87+

last couple of yearsDATE

0.87+

SNA hallORGANIZATION

0.86+

a yearQUANTITY

0.86+

40 pen tests a monthQUANTITY

0.86+

machine twoQUANTITY

0.85+

10,000 pen testsQUANTITY

0.84+

over a decadeQUANTITY

0.84+

machine oneQUANTITY

0.82+

a monthQUANTITY

0.81+

CubePERSON

0.76+

episode fourOTHER

0.75+

S2COMMERCIAL_ITEM

0.74+

onceQUANTITY

0.73+

DeLisa Alexander, Netha Hussain, Megan Byrd-Sanicki | Red Hat Summit 2020


 

from around the globe it's the cube with digital coverage of Red Hat summit 2020 brought to you by Red Hat hi I'm Stu min a man and this is the cubes coverage of Red Hat summit 2020 of course this year the event is happening all online and that gives us an opportunity to meet with red hat executives customers partners and practitioners where they are around the globe in this segment one of our favorites ever years we're talking to the women in open source and joining me for this segment first of all we have Elissa and Alexander who is the executive vice president and chief people officer of Red Hat this award fit thunder her domain dallisa it is great to see you again thanks so much for joining us thank you so much for having us all right and we have two of the Award winners so first if you see right next bit Elissa we have an epic Sain who's a doctor and PhD candidate in clinical neuroscience at the University of Gothenburg coming to us from Sweden method great to see you thank you very much all right we also have Megan Burge Sinicki who is a manager of research and operations at the open source program office at Google Megan thank you so much for joining us off though thanks for having me all right so dallisa let me hand it off to you is give our audience a little bit if they're not familiar with whipping an open source what the initiative is the community and you know what might have changed from previous years when we've talked about this sure so we realized that the tech industry is a great industry for diverse populations but a lot of diverse populations don't realize that and so as the open source leader we wanted to shine a light on the contributions that some of our underrepresented populations are making an open source that trying to inspire more people to join communities to participate to contribute we know that more diverse populations help us to innovate more rapidly they help us to solve more problems and so it's really important especially today with what's happening in the world lots of important problems to solve that we really invite more of our other upper sort of populations to join in the communities awesome so absolutely there there are lots of people that volunteer there are lots of people that do it as their day job Megan why don't we fuck you have a roll open source first Google as a strong legacy and open source in general so tell us a little bit about you know what you were working on and what you're being recognized for here yeah well a lot of the recognition comes from my work with the Drupal Association I had been with Drupal for 8 years hoping to build that foundation in supporting that community and lots of different ways from fundraising to community events running sprints and helping with their developer tools and so that was a lot what the award was based on and now I'm at Google and I've been here for about a year and a half and I run their research and operations and so Google is an expression of open source and we have thousands of people using thousands of projects and we want to make sure they do it well they feel supported that we are good citizens in the projects that we participate in and so my group provides the operational support to make sure that happens you know you know what one of the things that's always fascinating when I go to Red Hat there's so many projects there's so many participants from various walks of life last year at the show there was a lot of discussion of you know it was a survey really and said that you know the majority of people that tribute now it's actually part of their job as opposed to when I think back you know you go back a couple of decades ago and it was like oh well in my spare time or down in my basement I'm contributing here so maybe talk a little bit about the communities and you know what what Megan is embodying CSUN she worked on project now she's working for obviously a good partner of Red Hat's that does a lot of open source yeah I love the way she described what her role is at Google and that it's fascinating and Google has been really a huge contributor in the community for in communities for years and years so I think that what we're seeing with the communities and people saying yeah now it's part of my day job is that you know 20 years ago the idea that open-source development would be kind of on par with proprietary development and on par in terms of being used in the enterprise and the data center was something that I think many people questioned proprietary software was the way that most people felt comfortable making sure that their intellectual property is protected and that users could feel comfortable using it within the parameters required so that was the way it was 20 years ago and then now you think about you know most companies there is some form of open source that is part of their infrastructure so now open source is no longer you know that disrupter but it's really a viable alternative and organizations really want to use both they want to have some propriety or they want to have some open sources so that means like every company is going to need to have some need to understand how to participate in communities how to influence communities and Red Hat's a great partner in helping enterprise customers to be able to understand what those red Nets might look like and then helping to kind of harden it make sure things that they need to have application city to have certified or certified and make it really usable in a way they're comfortable with in the enterprise that's kind of special Red Hat place but it's just a tribute to where we come in a world in terms of open source being really accepted and thriving and it helps us to innovate much more rapidly yeah and there's there's no better way to look at not only where we are but where we're going then talk about what's happening in the academic world so that gives it brings us Aneta so you are the academic award winner you're a PhD candidate so tell us a little bit about your participation and open source what it means to be part of this community my PhD project involves using virtual reality to measure the arm movements of people with stroke so we have participants coming in into our lab so they we're these 3d glasses and then they start seeing virtual objects in the 3d space and they use their hands to touch at these targets and make them disappear and we have all these movements data specially interpreters and then we write code and analyze the data and find out how much they have recovered within one year after stroke this is my PhD project but my involvement with open source happens they before like in starting from 2010 I have been editing Wikipedia and I have been writing several articles related to medicine and healthcare so that is where I started with open open knowledge and then I moved on words and after my medical studies I moved to research and worked on this awesome project and so there are multiple ways by which I have engaged with open source that's far that's awesome my understanding is also some of the roots that you had and some of the medical things that you're doing have an impact on what's happening today so obviously we're all dealing with the global pandemic in Koba 19 so I'd like to hear you know what your involvement there you know your data obviously is politically important that we have the right data getting to the right people as fast as possible definitely yes right now I'm working on writing creating content for Wikipedia writing on articles related to Kobe 19 so I mostly work on writing about its socio-economic impact writing about Kobe 19 testing and also about the disease in general mental health issues surrounding that social stigma associated began with it and so forth so I use all these high-quality references from the World Health Organization the United Nations and also from several journals and synthesize them and write articles on Wikipedia so we have a very cool project called wiki project code 19 on Wikipedia where people who are interested in writing articles creating data uploading images related to poet 19 come together and create some good content out of it so I am a very active participant there alright and making my understanding is you you also have some initiatives related to kovat 19 maybe you can tell us a little bit about those yeah well one I'm loosely affiliated with this kovat act now and that is a combination of developers data scientists epidemiologists and US state government officials and it's looking at how was the curve look like and how does that curve get flattened if governor's made decisions faster or differently than what they're making today and how does it impact the availability of ICU beds and ventilators and so that is a tool that's being used today by many decision-makers here in the US and my contribution to that was they needed some resources I reached into Google and found some smart generous volunteers that are contributing to the dataset and actually I just connected with Neda do this award program and now she's connected and is gonna start working on this as well yes oh that's fantastic yeah I mean dallisa you know we've known for a long time you want to move fast if you want to connect you know lots of diverse groups you know open sources is an important driver there what what else are you seeing in your group you know with your hat is the the people officer you know obviously this is a big impact not only on all of your customers partners but on fun Red Hatters themselves well it is a huge impact we're so fortunate that we have some experience working remotely we have about 25 percent of our population that historically works remotely so we have that as a foundation but certainly the quick move the rapid move to really thinking about our people first and having them work from home across the globe that is unprecedented and at this point we have some individuals who have been working from home for many many many week and others that are really in entering their fourth week so we're starting to have this huge appreciation for what it's like to work remotely and what we can learn about more effective inclusion so I think you know back to the idea of women and open source and diversity inclusion one of the things you may always prided ourself in is we focus on inclusion and we think about things like okay if the person is not in the room with their remote let's make sure for including them let's make sure they get to speak first etcetera well now we're learning what it's really like to be remote and for everyone to be remote and so we're creating this muscle as an organization I think most organizations are doing this right getting a muscle you didn't have before we really really having to think about inclusion in a different way and you're building a capability as an organization that you didn't have to appreciate those that are not in the room and to make sure they are included because no one's in the room you know we're really important pieces and dallisa you know one of the things that that's always great about Red Hat summit is you you bring together all these people as we just heard you know that your two Award winners here you know got connected through the awards so maybe give us a little bit of a peek as to what sort of things the community can still look forward to how they can continue to connect even though we're all going to be remote for this event yeah this event is is it going to be great event and I hope everyone joins us along our journey we are fortunate that Red Hat you know as the open source leader really wants to take a leadership position in thinking about how we can shine a light on opportunities for us to highlight the value of diversity and inclusion and so we've got a number of events not throughout the summit that we'd love people to join in and we're going to be celebrating our women and open-source again at our women's leadership community lunch is now not a lunch it is now a discussion unless you're having your lunch that you can check your desk but we're having a great conversation at that event I mean by people to join in and have a deeper conversation and also another look at our women in open source Award winners but these Award winners are just so amazing every year that applications that are submitted are just more and more inspiring and all the finalists were people that are so impressive so I love the fact that our community continues to grow and that they're more and more impressive people that are joining the community and that they're making those connections so that together we can you know really shine a light on the value that women bring to the communities and continue to inspire other underrepresented groups to join in and participate then a you know research obviously is an area where open-source is pretty well used but just give us a little bit of viewpoint from your standpoint yourself and your peers you know I would think from the outside that you know open sourced is just kind of part of the fabric of the tools that you're using is it something that people think specifically about a course or does it just come naturally that people are you know leveraging using and even contributing what what's available the tool I'm using is called cuteness it's an open source tool written in Python and so that gives me the possibility to have a look in deeper into the code and see what's actually inside for example I would like to know how what is the size of the target that is shown in the virtual space and I can fit know that correctly to the millimeters because it's available to me in open source so I think these are the advantages which researchers see when they have tools open-source tools and at the same time there's also a movement in Sweden and in most of Europe where they want the researchers are asking for publishing their articles in open access journals so they want most of their research be published as transparent as possible and there is also this movement where people want researchers want to have their data put in some open data city so that everybody can have a look at it and do analysis on the data and build up on that data if other people want to so there's a lot going from the open access side and knowledge side and also the open source side in the research community and I'm looking forward to what probably 19 will do to this movement in future and I am sure people will start using more more and more open-source tools because after the Manderly yeah making I'm curious from your standpoint when I think about a lot of these communities you know meetups are just kind of some of the regular fabric of how I get things done as well as you know just lots of events tie into things so when you're talking to your colleagues when you're talking to your peers out there how much is kind of the state of reality today having an impact in any any learnings that you can share with gaudí yeah that is definitely a challenge that we're going to figure out together and I am part of a group called Foss responders we are reaching out to projects and listening to their needs and amplifying their needs and helping to get them connected with resources and one of the top three areas of need include how do I run an online community event how do I replace these meetups and what is wonderful is that groups have been moving in this direction already and so who would release a guide of how they run online events and they provide some tooling as well but so has WordPress put out a guide and other projects that have gone down this path and so in the spirit of open source everyone is sharing their knowledge and Foss responders is trying to aggregate that so that you can go to their site find it and take advantage of it yeah definitely something I've seen one of the silver linings is you know these communities typically have been a lot of sharing but even more so everybody's responding everybody's kind of rallying to the cause don't want to give you the final word obviously you know this is a nice segment piece that we usually expect to see at Red Hat summit so what else do you want to help share where the community is final closing thoughts well I think that you know we're not done yet we have been so fortunate to be able to highlight you know the contributions that women make to open source and that is a honor that we get to take that role but we need to continue to go down this path we are not we're not done we have not made the improvement in terms of the the representative in our communities that will actually foster all of the improvements and all the solutions that need to happen in the world though we're going to keep down this pathway and really encourage everyone to think through how you can have a more inclusive team how you can make someone feel included if you're participating in a community or in an organization so that we really continue to bring in more diversity and have more innovation well excellent thank you so much Alisa for sharing it thank you too - both of you Award winners and really look forward to reading more online definitely checking out some of the initiatives that you've shared valuable pieces that hopefully everybody can leverage all right lots more coverage from Red Hat summit 2020 I'm Stu minimun and as always thank you for watching the cube [Music]

Published Date : Apr 29 2020

**Summary and Sentiment Analysis are not been shown because of improper transcript**

ENTITIES

EntityCategoryConfidence
AlexanderPERSON

0.99+

SwedenLOCATION

0.99+

Netha HussainPERSON

0.99+

World Health OrganizationORGANIZATION

0.99+

ElissaPERSON

0.99+

DeLisa AlexanderPERSON

0.99+

AlisaPERSON

0.99+

Megan Burge SinickiPERSON

0.99+

fourth weekQUANTITY

0.99+

2010DATE

0.99+

GoogleORGANIZATION

0.99+

8 yearsQUANTITY

0.99+

Red HatORGANIZATION

0.99+

EuropeLOCATION

0.99+

Drupal AssociationORGANIZATION

0.99+

PythonTITLE

0.99+

MeganPERSON

0.99+

Stu minimunPERSON

0.99+

kovat 19TITLE

0.99+

kovat actTITLE

0.99+

Megan Byrd-SanickiPERSON

0.99+

bothQUANTITY

0.99+

last yearDATE

0.99+

USLOCATION

0.98+

firstQUANTITY

0.98+

thousands of projectsQUANTITY

0.98+

todayDATE

0.98+

20 years agoDATE

0.98+

CSUNORGANIZATION

0.98+

University of GothenburgORGANIZATION

0.98+

NedaORGANIZATION

0.97+

one yearQUANTITY

0.97+

two AwardQUANTITY

0.97+

red hatORGANIZATION

0.97+

WikipediaORGANIZATION

0.97+

this yearDATE

0.97+

Red Hat summit 2020EVENT

0.96+

FossORGANIZATION

0.96+

oneQUANTITY

0.96+

thousands of peopleQUANTITY

0.96+

about 25 percentQUANTITY

0.95+

Red HatEVENT

0.94+

about a year and a halfQUANTITY

0.93+

Red Hat Summit 2020EVENT

0.93+

poet 19TITLE

0.92+

AnetaPERSON

0.9+

redORGANIZATION

0.9+

United NationsORGANIZATION

0.9+

yearsQUANTITY

0.9+

Red HattersORGANIZATION

0.87+

DrupalTITLE

0.85+

Red Hat summitEVENT

0.85+

wiki project code 19TITLE

0.82+

Kobe 19TITLE

0.81+

pandemicEVENT

0.81+

SainPERSON

0.78+

a couple of decades agoDATE

0.78+

lots of peopleQUANTITY

0.77+

dallisaPERSON

0.76+

lots of eventsQUANTITY

0.75+

WordPressORGANIZATION

0.75+

globalEVENT

0.74+

so many participantsQUANTITY

0.73+

two of the Award winnersQUANTITY

0.71+

USORGANIZATION

0.7+

executive vice presidentPERSON

0.69+

thingsQUANTITY

0.69+