[Music] hi I'm Peter burns and welcome to another cube conversation we are here in our Palo Alto studios with Chen C Wang Chen C is the founder and General Partner of rain capital and an old colleague Chen see you've been around for a long time we're very happy to have you here in a cube at least in my opinion one of the leading thinkers and security what's happening in ite data security digital business security we were colleagues at four store many years ago what are you doing now well I'm doing this new fund I just started rain capital it's an early-stage venture fund focusing on cyber security innovation so very excited about that and very specific yes I was security and AI as well but the core focus is cyber security so let's talk about what that actually means because there's a lot of new practices new processes new groups with NIT that are being spawned as a consequence of this memoriae agile devops one of the groups or one of the practices or expertise centers it's especially underrepresented in the security world somewhat surprisingly is DevOps what do we need to do to bring more security into DevOps right that's a really good question and that's one of the areas that I've been focusing on in the last two three years is looking at the impact of DevOps practices to IT or including security and it's a huge impact because initially or originally what we have is security is a practice that that is gatekeeper right so you got applications being developed and then you you test them and then you go through security tests at the end and before you could deploy DevOps practices disrupt all of that what DevOps set says is I'm a developer I can deploy my application directly onto a production productionserver without going through all those gates because business agility demands it right once you have developers or testers touching your production servers directly some of the old security practices go away right you cannot do that anymore because too heavy-handed there's also the notion of portability so today it's very common for companies to want move their workloads from the internal data center to AWS or maybe next month I want to move to Google Cloud or Azure and I don't want to go through all the testing and pre-implementation practices I want to do it right away and the portability also disrupts existing security practices right so if your security policy depends on you instrumenting the server to put some kind of module on there tomorrow the server is not not there anymore right so what do you do so it engenders hosts loads of issues and also is a catalyst for innovation so that's why I'm very very excited about that so when you talk to customers users because I know you still have work with a lot of relationships I'm sure that's going to be one of the distinctions that you bring to bear when you think about what rain capital does what are say the three things that you tell them you've already mentioned you got a you got to ensure that the practices are in place that portability is at least made more obvious and that you don't bind security down to a particular device because it device may not be there that's three what are some of the kind of organizational institutional things that DevOps folks have to do to make sure that everybody gets the security profile with the need right so what we're seeing in terms organizationally or culturally the change is that in a in a DevOps led organization the the boundaries are going away right so some of the companies that I'm seeing cloud native to start with they may not have an ops team right what they do is that IT there their infrastructure team is embedded with the applications team it really the application demand and knowing what the application wants to do and then works with the developers to establish policies and deployment practices as opposed to being arms and lands from the the developers which you know creates all kinds of tension so it's an organizational shift as well and mindset shift right so the mindset shift is that you're no longer somebody who enforces policies you actually enable business versus the policy enforcer and it's easy to say but they actually requires a very deep shift in thinking so I got another question on security and I won't move to something else but really quickly as IT organizations or as businesses source their IT capabilities more from public cloud or service providers that means that they also have to have a new approach to how they to institutionalizing the work the practice the process the certainty associated with good security in in your experience what are just a couple of things that businesses have to worry about as they negotiate and monitor and manage relationships with third parties as it pertains to security right that's a good question there possibly a long list of things right but I don't use the the top things is don't get locked in right all the platform providers want to give you all these enriched capabilities as long as you buy into our services right so what you want to do is I want to stay at the level that I can easily move right so then this may mean I have to do a little bit more things or have to compensate with third party technologies as opposed to buying into this vertically integrated notion of the platform providers and that's where you need to stay at because if otherwise you get locked it so that's one second is the the ability to do monitoring has to be real-time has and the the thing about DevOps is real-time visible of the real-time closed loop response right so you cannot like secure the analytics in the past has to usually is you get tons of logs put there and somebody chewing through logs and look for anomalies it's not fast enough it's not good enough anymore so what we want is monitoring capabilities that are able to do it platform in the platform independent way but able to give you real-time visibility and response capability right there and that's where the innovation comes from you know one thing I've noticed we've been talking I've been talking a couple customers and they're starting to discover that some of the cloud service providers are using security as a way to lock in right so so and security I think should be built in right it should be by default secure by default is the way we want to be you always know how to do yeah yeah and and you should be able to get out if if security is the differentiation then maybe it's not the right market rights group yeah all right so ring capital has in addition to looking at the whole DevOps world you bring in your security expertise to bear on potential investments it's got another distinction what's the other distinction about rain capital um it's a woman led venture fund which is a rarity in Silicon Valley right so oh is it I don't know you tell me yeah no it is a rarity there are not a lot of funds that one would associate as being a broadly representative of or very inclusive so as you are moving forward with recap we'll talk a bit about the evolving role of women in technology so so I would say that even though it's a woman led venture fund I don't think of ourselves as different just because woman led I think we are different because we have a deep deep understanding of the market and deep understanding of the technology and also very extensive relationship with end-users but in terms of women in technology and women in security I'm a big advocate um so for the past two years I was the program co-chair for the Grace Hopper conference I put together the security and privacy content for the conference and the the need for a an ecosystem that is inclusive that is enabling for underrepresented either gender or race it is huge right so people go to Grace Hopper conference and they come back and they so inspired because they see all these women representing them and I think in Silicon Valley we need that insecurity we need that even more because if you look at some statistics I think women in general IT is about 24% representative army representation in security is about 11% so we have a long way to go now I'm going to avoid making comments about that because it's smart not to but those are those are numbers that are distressing that's obvious clearly there's a lot of talent you're not the only one there's a lot of talent out there there's clearly got be brought to bear and so you might not be differentiated by the fact that as women you do things differently but it might nonetheless be a more comfortable home for a woman like yourself and have a great idea and want to turn it into a business failure that's one thing all right so Chauncey and by the way I got to say just a quick advertisement for the cube the cube has been a major supporter for for women in tech for a couple years now we've been at a number of these different conferences Jeff Frick who's the general manager john john fourier co co dave one co co put a lot of time and energy so we look forward and give us a point oh absolutely we look forward to more fruitful relationships like that in the future so once again I'm Peter Burris with Wicky bonds looking angle and we've been talking to Chen Zi Wang of rain Capital founder General Partner about a number of different topics Chauncey once again thank you for every much for being on the cube thank you for having me