>> Narrator: Live from San Juan, Puerto Rico. It's theCUBE, covering Blockchain Unbound. Brought to you by Blockchain Industries. >> Hello everyone, welcome back to our exclusive coverage of, in Puerto, Rico for Blockchain Unbound. This is the industry conference room. People around the world from Silicon Valley, New York, and around the glove, coming to Puerto, Rico to talk about Blockchain decentralized internet cryptocurrency and really the future of society and global economic value creation of course our continuing coverage is focusing La Sierra for 2018. Our next guest is Mark Jeffery, CEO and Co-Founder of a company called Guardian Circle. Welcome. >> Thank you, thanks for having me. >> So you guys are doing something really interesting, so we, first of all, we like to geek out, as Fred say, "We're alpha-geeks." But we love IoT, cloud computing. You're doing something really interesting right now with Blockchain and this new decentralized internet around something of a critical infrastructure nature. Take a minute to talk about Guardian Circle's product, the coin, token that you're doing, and what it all means. >> So, Guardium is the token, the company's called Guardian Circle. Together they comprise global decentralized emergency response. So, six billion people on earth have no 911, There's just no magic number you can call, right? So hold that in your mind for a second. The other one billion of us, we do have 911, but it's not very good, it hasn't been really updated since the 60's. If you call 911 and if you're lucky enough to not get a busy signal, they have no idea where you are. Your location information is not transmitted. Which Uber can find you more easily than 911. Which is just insane, but that is the way it is. So, nevermind, so throw all that out >> So 911 is broken? 911 is broken. >> Yep If you have it, it's broken, and most people don't have it, so throw the whole thing out the window, let's start over. What would we build today? The way the world should work is whenever you're in trouble, no matter where you are on the globe, all you should have to do is press a button, that button sends an alert up to the Cloud, the Cloud looks down and sees what people and resources are already nearby, and then activates, coordinates, pushes all that help to you as quickly as possible. So, ten people in three minutes. That's what were, that's our-- >> So a couple things going on. So to me when you say, what should we start from scratch, put in my little operating system design network solutions add on, all kind of rolled into one as a stable, fault-tolerant, resilient, robust, always on network. >> Yes. >> Database that is fully interoperable and updated in real time of every number, every location, every persons capability to understand the discovery and resolution of a number. >> Yeah, so >> So that sounds like the internet. That sounds like the internet. >> (laughs) Well that's a little bit, probably further than we're going right now, but yes. Ultimately, you're correct. That would be the ultimate-- >> So no legacy baggage, 1960's Telco. >> No >> We're talking about immobile, in Africa for instance, there's more mobile penetration than anything else. That's what they got. >> Yes. >> So every country is their own sovereign kind of architecture? >> Yes >> Are you guys looking at it from a global perspective or regional? >> Global, so we think that, I mean, this is, this thing should be mobile native, location aware, and the alert should go out to multiple parties. And the phone number is your identifier in this system, but it's effectively an IP based system, really, so you're right. We have to balance that against privacies, so you get to decide who is on your alert grid, right? So you have to emphatically say, yes my friends, family and neighbors, and the subscription services, and if available, these official services. >> So Blockchain can solve the immutability privacy issue? >> Yes. >> The decentralized nature of network effect is a dynamic that people look for in good deals or good architecture. That's in place. >> Yes. >> People have a social graph, interest graphs connections. So the analog world is going digital. I mean, the old days was, is there a doctor in the house? But you were limited by how far you could yell. >> Right. >> So here you're saying literally, if you connect properly, the users in charge are their, their data. >> Yeah. >> They can dictate what they want to connect to, where, is that kind of how it works, is it peer to peer? >> Yeah, it's sort of peer to peer. I mean, a lot of people think, a lot of people mishear me a little bit and think that when you press that button, the alert goes out to everybody that's nearby, right? So total strangers that may or may not be trustworthy are suddenly coming, that's not what I'm saying. That is not what we're doing because we don't want to accidentally summon Jack the Ripper, like that's, you don't want to make a bad situation worse, right? So, you explicitly invite people into your protection grid, we call them guardians, hence, Guardian Circle, that would be your guardian circle. And you can have an unlimited number of them, so six, 6000, however many friends you have. Then we will also feature paid subscription services where you will be able to subscribe to, like, your local EMT collective, or your local license and bonded arms security, or if you're in a remote corner of the world, you could subscribe to the guy with a truck, who could run you down the mountain, right? When you're having medical problems. So it's going to vary depending on where you are in the world. We're also working with the Women's Safety Xprize, we're a partner, we're the backend of that prize. Which is an IoT device contest to make a panic button device, right? So when you push the panic button, what happens? It goes into Guardian Circle. >> So how does token economics fit into this? So I'm getting why it's tokenizable, How does it work mechanically? Do I buy tokens for safety? Is it like, I mean, take us through some of the use cases. >> Yeah sure, so there's five different ways in which we use the token. The first one is, obviously, to create the, to buy emergency response subscriptions. Now we're going to allow you, or provide a way for you to, as a consumer, just swipe your credit card in the app, and in the background you'll be purchase Guardium tokens, right? And it'll re-up every month if you don't have enough in, it'll be that sort of thing. So you might not even really be conscious of the fact that you're using cryptocurrency. If you are, there's a wallet that'll allow you to just use the cryptocurrency manually, the way you do any, any right now, right? >> And. >> So there's that. >> Okay so continue. >> Yep, the second thing we're going to do, we think that giving will be a big behavior in our universe, so you're going to be able to send Guardium directly to a beneficiary in the developing world. And what's cool about that is it doesn't go through a governments, a bank, or an organization. So remember Red Cross in Haiti? Can't happen here, and we're going to go even further than that, down the road, you're going to be able to track every dollar that you donated as easily as a FedEx, right? >> So you are creating a direct relationship between people who might want to help people and then a direct access for resources for the user. >> Correct. >> And so that's the primary, kind of a two >> That's one major flywheel. >> major flywheels going on. >> Just like people sponsor a child, safety is one of the biggest problems in the world. In fact, some people say, this guy named, Greg Hahn, who says it's the number one problem in the world that all other problems flow from the fact that people in the developing world aren't safe. Why don't they have water? Cause they're not safe. Why don't they have education? Cause they're not safe. Lawlessness has to be solved first. >> Trust is a huge part of this too. >> Yeah. >> So how do I set this up, where are you guys in the system, is there a product up and running, how do people get involved with your project? Take a minute to share that. >> Sure, so we have apps released today and they're distributed world-wide on IOS, Android, and Alexa. We also have an open API that lets anyone plug any alert device into our grid, obviously we have to, we want to know who you are first, but basically everyone is welcome. And so, and then our token sales site is at Guardium, Guardium.co. >> G, Guard, ium, Guardium. >> Yes, Guardium. >> And then Guardian Circle? >> Correct. >> Guardium with the m and the end of the token. What's the plan, what are you guys, how much have you raised, what's the story? Yeah, so we're selling ten million dollars worth of tokens, which represents 30% overall, 33% overall. We have a 100 million tokens in the sys, that, that's it, that will ever be distributed. It's on the NEO Blockchain, so we are, we are, we're sort of different from a lot of other folks. We're one of the very first western, we're not the first but we're one of the firsts. >> NEO has a good reputation of high performance. >> Yes >> Is that one of the considerations you had for them? >> Yeah, without a doubt. I mean, we deal in emergencies, so our tolerance for things like CryptoKitty swamping the network is very low. So yeah, so we liked what NEO had to say in a lot of ways because of that. >> I interviewed the CryptoKitties at Polycon, interesting story. It's a Pokemon moment for the internet stare. Well congratulations Mark, what's next for you guys, get through the sale, how's the team makeup look, what's going on with the company? >> Yeah, get through, I mean, definitely get through the sale is the biggest thing right now. We're a small team of, like about five people, plus some contractors. The next big thing that we have on our agenda is we're going out to India in four weeks to actually test the Xprize IoT panic button devices on the streets of Mumbai, so Guardian Circle plus device. >> Intense environment a lot of people there. >> Yeah. >> So let's talk about you. What is your background that got you here, or was there an itch you were scratching? Why this time, also the way to attract a lot of alph entrepreneurs, this is a disruptive time, but why Mark Jeffrey's, why now, why Guradian Circle, what's the passion behind it? >> So, well I started life as an engineer, but I won't bore you with all my adventures up until this moment. But in 2013, I became very interested in Bitcoin, wrote a book called, Bitcoin Explained Simply. Got the book, got the little crazy thoughts in my head. >> You're an author, speaker >> Right, same thing. >> distinguished influencer. (laughs) >> So that was sort of how that side began. In 2014, I basically, my girlfriend at the time had a stroke, she's fine, but at the time she was all alone. And she was on the floor of her garage, and I took her to the hospital, brought her back, and afterwards, I realized, she was alone for about a half an hour, if this had been a real stroke, this could have been very serious, she could have died, she could have been paralyzed. And she was drowning in help, there were about seven people who were either driving by or nearby while this was going on, within a 1000 yards. And she had no way to get to them. >> Yeah, yeah, a personal example of what you're doing. >> And I also realized, the other component was, all the help, I didn't know six, five of the other six people, they're her friends, they're not mine. But during her emergency, all of us need to be sharing location and in communication with each other immediately. And the importance of that just cannot be overstated in emergencies, seconds count. And so putting instant communications so that we can coordinate a response is the second-half of the problem. I initially did not intend to build an app. I went looking for this app and what I discovered was there are a ton of panic button apps, but all of them neglected solving the second-half of the problem, which is organizing the response. >> Yeah. >> And getting people on, in the same-- >> Mobilizing resources. >> Yeah, getting everyone into a war room without requiring them to know each other ahead of time, that was the big thing, no one had thought of that, so. >> It's like rolling up services when you need it instantly. It's like a compiler. >> It's at hawk services. >> You know, compile everything >> Yes, exactly. >> at real time assembly. >> Real time assembly, yeah >> Operating system. (laughs) >> that's exactly, it's great. That's actually a really good way to put it, yeah. >> No, but this is also pretty important, so it was a great personal example, thanks for sharing that personal story. But you know, there's a avalanches, whether you're a skier, it's people who go rock climbing, there's all kinds of use cases where a mountain biker is missing, all kinds of-- >> Remote locations are really big ones. >> I'm scuba diving, where are people, where were they last? So a lot of this is, are location based, and no one knows what the situation is, so the alerting is only one step to the value chain. >> It is, but I think, sorry you have a question. >> No, no, I was going to ask you, where does it go from there? >> Well I think, I think there are a lot of, I think safety check-ins, I think there's other things that we can do, but the one thing that, the one lesson that I've seen again, and again, and again, and again is that the companies that fail invariably, oh, the companies that don't focus always fail. So you got to pick one thing and be the best in the world at that one thing. And the emergency situation is our one thing, and that's big enough. >> Well, I think you have a great opportunity and we'll splint through the, as the evolution of this market grows, it's kind of a moving train, but the value promises is legit. I was talking to Fred Krueger, your friend and colleague in the business, it's a marketplace of these days, so it's money and marketplaces, in your case it's safety, marketplace. I could envision a day with your services where I publish and subscribe to services, I got in a catalog. >> Yes. >> Hey, I know my risks, everyone knows what they do in vanity, or risk factors whether you're jumping out of an airplane, or double black diamond skier. I would love to go to Lake Tahoe, or a mountain, or a place like this, and saying, I'm going to take some chances, here's what I'm going to subscribe to. >> (laughs) You're going to have to subscribe to some extra tokens while you're there. >> I would use Guardium. It could be more, I'm just brainstorming, thinking out loud, but I mean, that's the kind of web services framework you could bring. >> That's exactly right. >> Is that they way you guys are thinking about it? >> I do, I do, I'm so focused on this sort of food and shelter stage of our life right now. >> Yeah, get an ICO done. So yeah, we've got tons of all those ideas written done but we're not quite there yet, but when we get there, great ideas, absolutely. >> Well the use cases are changing because the peoples expectations are changing and now technology can meet these cases. So I'm seeing a lot of social entrepreneurship being done that are coming in through a funding vehicles that never would have got funded on venture capital funding. >> Totally correct. >> Whether it's battered women applications, human trafficking, safety apps, stuff that can make money, not be a kazillion, billion dollar business, but really change society and makeup. >> You've hit the nail on the head. There are a lot of Blockchain companies or ICO companies, this stuff, the venture guys, would never fund it because their model doesn't allow for it. They have, all these things have to be Facebook potentially, or they just have no tolerance for it. >> And the philanthropy world is not incented on economics, and also when the project loses its grant or funding the stack just gets thrown away. >> So this allows for sustainability for mission-based investing and developing. Slowly, I see societal entrepreneurship categorically going to boom from this wave. >> Yeah, totally agree. >> Across the board. >> The world will become a better place, we'll have better companies. >> Mark Jeffery, Guardian Circle, co-founder and CEO. This is theCUBE's exclusive coverage here on the ground in Puerto, Rico for Blockchain Unbound. A lot of great stuff here, a lot of great start-ups, investors, of course theCUBE. 2018 will be covering all the shows. I'm John Furrier, thanks for watching.

(upbeat music) >> Hello, welcome to theCUBE's presentation with Unstoppable Domains. It's a showcase we're featuring all the best content in Web 3 and with unstoppable showcase, I'm John Furrier, your host of theCUBE. We got a great guest here, Matt Mickiewicz who's the Chief Revenue Officer of Unstoppable Domains. Matt, welcome to the showcase, appreciate it. >> Thank you for having me. >> So the theme of this segment is the potential of the Web 3 marketplace with Unstoppable Domains. You're the Chief Revenue Officer, you guys have a very interesting concept that's going extremely well, congratulations. But you're using NFTs for access and domains, Of course through the metaverse is huge. People want their own domains, but it's not just like real estate in the sense of a website. It's bigger than that it's a lot going on. So take us through what is the value proposition and what is the product? >> Absolutely, so for the past 20 years, most of us have been interacting on the internet using usernames issued to us by big corporations like Facebook, Google, Twitter, TikTok, Snapchat, et cetera. Whenever we get these usernames for free it's because we and our data are the product. As some of the recent leaks in the media have shown incentive individual in companies are not always aligned. And most importantly individuals are not in control of their own digital identity and the data, which means they can economically benefit from the value they create online. Think of Twitter as a two-sided marketplace with 0% revenue share back to its creators. We're now having in the creator economy and we believe that individuals should see the economic rewards of what they do and create online. That's what we are trying to do in** support of domains is provide user own and control identity to four and a half billion internet users. >> It's interesting to see change that's happening with Web3 and just in cultural terms, users are expecting to be part of the creator the personality of the company, there's this almost this intermediation of the middle man whether it's an ad network or a gatekeeper of any kind people going direct, right? So if I'm an artist, I can go direct to my fans. >> Exactly, so Web3 really shifts the power away from a aggregators. Aggregators and marketplaces have been some of the best business models for the last 20 years onto the internet. But Web3 is going to dramatically change all over the next decade. Bring more power back in the hands of consumers. >> What type of companies do you guys work with and partner with that we see out there? Give us some examples of the kinds of companies you're doing business with end partnering with. >> Yeah, so let's talk about use cases first actually. Was the big use case that we identified initially for NFT domain names was around cryptocurrency transfers. Anyone who's ever bought cryptocurrency and tried to transfer it between accounts or wallets is familiar with these awkwardly long hexa decimal strings of random numbers and letters, or even if you make a single type of money is lost forever. That's a pretty scary experience that exists today. That 2 trillion asset dollar as a class with 250 million users. So the first set of partners that we worked on integrating with, we're actually crypto wallets and exchanges. So we will allow users to do is replace all their long hexa decimal wallet addresses with a single human readable name, like John.NFT or MattMickiewicz.crypto to allow for simple crypto transfers. >> And how do the exchange work with you guys on that is it a plugin, is it co-locating code together? What's the relationship between exchanges and Unstoppable Domains? >> Yeah, absolutely great question. So exchanges actually have to do a little bit of engineering list to work with us and they can do that by either using our resolution libraries or using one of our APIs in order to look up an Unstoppable Domain and figure out all the wallet addresses that's associated with that name. So today we work with dozens of the world's top exchanges and wallets ranging from OKX to Coinbase wallet, to Trust wallet, to bread wallet, and many many others. >> I got to ask you on the wallet side, is that a requirement in terms of having specific code and are the wallets that you work well with? Explain the wallet dynamic between Unstoppable Domains and wallets. >> Yeah, so wallets all have this huge usability problem for their users because every single cryptocurrency held by every single one of their users has a different hexadecimal wallet address. And once again every user is subject to the same human fallacies and errors where if they make a single type their money can be lost forever. So what we enable these wallets to do is to make crypto transfer simple and less scary than the current status quo by giving the users an Unstoppable name that they can use to attach to all the wallet addresses on the back end. So companies like Trust Wallet for example, which has 10 million user or Coinbase Wallet. When you go to the crypto transfer fields, there you can just type in an unstoppable name It'll correctly route the currency to the right person, to the right wallet, without any chance for human error. >> When these big waves coming out I got to ask this question, 'cause a lot of people in the mainstream are getting into it now. It reminds me of the web wave that hit the big thing was how many people are coming online, was one of the key metrics and how many web pages are being developed was another metric, which meant that people were building out webpages. And it's hard to look back and think, wow, that was actually a KPI. So internet users and webpages where the two proxies 'cause then search engines came out and everything else happened. So I got to ask you, there are people watching, they're seeing it on commercials on TV, they're seeing it everywhere stadiums are named after crypto companies. So, the bottom line is people want to know how NFT domains take the fear out of working with crypto and sending crypto. >> Yeah, absolutely, so imagine we had to navigate the web using IP addresses rather than typing in Google.com. You'd have to type in a random string of numbers that you'd had to memorize. That would be super painful for users and internet wouldn't have gotten to where it is today with almost 5 billion people online. The history of computer networks we have human readable naming systems built on top in every single instance, it's almost crazy that we got to a $2 trillion asset class with 250 million users worldwide. 13 years after the Satoshi white paper, without a human readable naming system other Unstoppable Domains in a few of our competitors, that's a fundamental problem that we need to solve in order to go from 250 million crypto users in 2022 to 5 billion crypto users a decade from now. >> And just to point out, not to look back and maybe make a correlation but I will, if you look at the naming system of DNS, what it did to IP addresses, that's one major innovation that enabled the web. Then you look at what keyword navigation has done on top of DNS, what that did for the industry, and that basically birthed Google keywords basically ads. So that's trillions and trillions of dollars. Again, now shifting to you guys, is that how you see it? Obviously it's decentralized, so what's different? Okay, I get, so if you compare here Google was successful, keyword advertising industry for the last of 25 years or 20 years. >> What's different now is? >> yeah >> Yeah, what's different now is the technology inflection points. So Blockchains have evolved to a point where they enable high throughput high transaction volume and true decentralized ownership. The NFTs standard, which is only a couple years old, has taken off massively around trading of profile pictures like CryptoPunks and the Bored Apes Yacht Club where the use cases extend much more than just a cool JPEG that goes up in value two or three X year over year. There is a true use case here around ownership of identity ownership over data, a decentralized login authentication and permission data sharing. One of the sad things that happened on the internet the last decade really was, that the platforms built out have now allowed developers to build on top of them in a trustless comissionless way. Developers who built applications on top of them, the early monopolies in the last decade, got the rules changed on them. APIs cut off, new fees instituted. That's not going to happen in Web3 because all permission list. Once an NFT is minted, it's custody in a user's own wallet, we cannot take the way it will continue to exist in eternity, regardless of what happens to Unstoppable Domains, which gives developers a lot more confidence in building new products for the Web3 identity standard that we're building out. >> You know what's amazing is that's a whole another generational shift. I've always been a big fan of abstractions when innovation is needed when there are problems that need to be solved, messes to be cleaned up, a good abstraction layer on top of new architecture is really, really phenomenal. I guess the key question for I have for you is, theCUBE we have all this video where's our NFT how should we implement NFTs? >> There's a couple different ways you could think about it, you could do proof of attendance protocol NFTs, which are really interesting way for users to show that they were at particular event. So just in the same way that people collect T-shirts from conferences, people will be collecting NFTs to show they were attending in person cultural moments or that they were part of an event online or offline. You could do NFTs for our employees to show that they were at your company during certain periods of the company's growth. So think of replacing their resume with a cryptographically secure resume like this on the Blockchain and perpetuity. Now more than half of all resumes contain lies, which is a pretty gnarly problem as a hiring manager that we constantly have to sort through. There's where that this can impact that side of the market as well. >> That's awesome, and I think this is a use case for everything we appreciate that. And of course we can have the most favorite cube moments, it can be a cube host NFT at Board Apes out there. Why not have a board cube host going on and then.. >> We're an auction for charity and OpenSea. >> All right, great stuff, now let's get into some of the cool tech nerd stuff, which is really the login piece which I think is fascinating. The having NFTs be a login mechanism is another great innovation, okay. So this is cool, 'cause it's like think of it as one click NFTs, if you will. What's the response been on this login with Unstoppable for that product? What's some of the use cases, can you get some examples of the momentum intraction? >> Yeah, absolutely, so we launched a product less than 90 days ago and we already have 90 committed or integrated partners live today with a login product. And this replaces login with Google, login with Facebook with a way that it's user owned and user controlled. And over time people will be attaching additional information back to their NFT domain name, such as their reputation, their history, things they've done online and be able to permission to share that with applications that they interact with in order to gain rewards. Once you own all of your data, and you can choose who you shared with . Companies will incentivize you to share data. For example, imagine you just buy a new house and you have 3000 square feet to furnish. If you could tell that fact and prove it, to a company like Wayfair, would they be incentivized to give you discounts? We're spending 10, 20, $30,000 and you'll do all of your purchasing there rather than spread across other e-commerce retailers. For sure they would, but right now when you go to that website, you're just another random email address. They have no idea who you are, what you've done, what your credit score is, whether you're a new house buyer or not. But if you could permission to share that using a log and installable product, I mean the web would just be much much different. >> And I think one of the things too, as these, I call them analog old school companies, old guard companies as referred to in theCUBE talk here. But we always call that old guard as the people who aren't innovating. You could think about companies having more community too, because if you have more sharing and you have this marketplace concept and you have these new dynamics of how people are working together, sharing will provide more or transparency but yet security on identity. Therefore things are going to be happening organically. That's a community dynamic what's your view on that? And what's your reaction. >> Communities are such an important part of Web3 and the cryptos ecosystem in general. People are very tightly knit, they all support each other. There there's a huge amount of collaboration in this space because we're all trying to onboard the next billion users into the ecosystem. And we know we have some fundamental challenges and problems to solve, whether it's complex wallet addresses, whether it's the lack of portable data sharing, whether it's just simple education, right? I'm sure, tens of million of people have gone to crypto for the first time during this year's Super Bowl based on some of those awesome ads they ran. >> Yeah, love the QR code, that's a direct response. I remember when the QR codes been around for a long time. I remember in the late 90's, it was a device at red QR code that did navigation to a webpage. So I mean, QR codes are super cool, great way to get, and we all using it too with the pandemic to ordering food. So I think QR codes are here to stay, in fact, we should have a QR code on all of our images here on the screen too. So we'll work on that, but I got to ask you on the project side, now let's get into the devs and kind of the applications, the users that are adopting unstoppable and this new way of things. Why are they gravitating towards this login concept? Can you give some examples and give some color commentary to why are these D-application, distributed application, dApps guys and gals programming with you guys? >> Yeah, they all believe that the potential for what we're trying to create around user own controlled identity. Where the only company in the market right now with a product that's live and working today. There's been a lot of promises made, and we're the first ones to actually delivered. So companies like Cook Finance for example, are seeing the benefit of being able to have their users, go through a simple process to check in and authenticate into the application using your NFT domain name rather than having to create an email address and password combination as a login, which inevitably leads to problems such as lost passwords, password resets, all those fun things that we used to deal with on a daily basis. >> Okay, so now I got to ask you the kind of partnerships you guys are looking at doing. I can only imagine the old school days you had a registry and you had registrars, you had a sales mechanism. I noticed you guys are selling NFT kind of like domain names on your website. Is that a kind of a current situation, is that going to be ongoing? How do you envision your business model evolving and what kind of partnerships do you see coming along? >> Yeah, absolutely, so we're working with a lot of different companies from browsers to exchanges, to wallets, to individual NFT projects, to more recently even exploring partnership opportunities with fashion brands for example. Monetarily, market is moving so so fast. And what we're trying to essentially do here is create the standard naming system for Web3. So a big part of that for us will be working with partners like blockchain.com and with Circle, who's behind the USDC coin on creating registry such as .blockchain and .coin and making those available to tens of millions and ultimately hundreds of millions and billions of users worldwide. We want an Unstoppable domain name to be the first asset that every user in crypto gets even before they buy their Bitcoin, Ethereum or Dogecoin. >> It makes a lot of sense to abstract the way the long hexa desal stream we all know, that we all write down, put in a safe, hopefully we don't forget about it. I always say, make sure you tell someone where your address is. So in case something happens, you don't lose all that crypto. All good stuff. I got to ask this the question around the ecosystem. Okay, can you share your view and vision of either yourself or the company when you have this kind of new market, you have all kinds of, we meant the web was a good example, right? Web pages, you need to web develop and tools. You had HTML by hand, then you had all these tools. So you had tools and platforms and things kind of came well grew together. How is the Web3 stakeholder ecosystem space evolving? What are some of the white spaces? What are some of the clearly defined areas that are developing? >> Yeah, I mean, we've seen explosion in new smart contract blockchains in the past couple of years, actually going live, which is really interesting because they support a huge number of different use cases, different trade offs on each. We recently partnered and moved over a primary infrastructure to Polygon, which is a leading EVM compatible smart chain, which allows us to provide free gas fees to users for minting and managing their domain name. So we're trying to move all obstacles around user adoption. Here you'll need to have Ethereum in your wallet in order to be an Unstoppable Domains customer or user, you don't have to worry about paying transaction fees every time you want to update the wallet addresses associated with your domain name. We want to make this really big and accessible for everybody. And that means driving down costs as much as possible. >> Yeah, it's a whole nother wave. It's a wave that's built on the shoulders of others. It's a shift in infrastructure, new capabilities, new applications. I think it's a great thing you guys do in the naming system, makes a lot of sense. It abstraction layer creates that ease of use, it simplifies things, makes things easier. I mean was the promise of these abstraction layer. Final question, if I want to get involved, say we want to do a CUBE NFT with Unstoppable, how do we work with you? How do we engage? Can you give a quick plug on what companies can do to engage with you guys on a business level? >> Yeah, absolutely, so we're looking to partner with wallet exchanges, browsers and companies who are in the crypto space already and realize they have a huge problem around usability with crypto transfers and wallet addresses. Additionally, we're looking to partner with decentralized applications as well as Web2 companies who perhaps want to offer logging with Unstoppable domain functionality. In addition to, or in replacement of the login with Google and login with Facebook buttons that we all know and love. And we're looking to work with fashion brands and companies in the sports sector who perhaps want to claim their Unstoppable name, free of charge from us. I might add in order to use that on Twitter or in other marketing materials that they may have out there in the world to signal that they're not only forward looking, but that they're supportive of this huge waves that we're all riding at the moment. >> Matt, great insight, chief revenue officer, Unstoppable Domains. Thanks for coming on the showcase, theCUBE and Unstoppable Domains share in the insights. Thanks for coming on. >> Thank you. >> Okay, this CUBE's coverage here with the Unstoppable Domain showcase. I'm John Furrier, your host, thanks for watching. (upbeat music)

>> Hi, my name is Andy Clemenko. I'm a Senior Solutions Engineer at StackRox. Thanks for joining us today for my talk on labels, labels, labels. Obviously, you can reach me at all the socials. Before we get started, I like to point you to my GitHub repo, you can go to andyc.info/dc20, and it'll take you to my GitHub page where I've got all of this documentation, socials. Before we get started, I like to point you to my GitHub repo, you can go to andyc.info/dc20, (upbeat music) >> Hi, my name is Andy Clemenko. I'm a Senior Solutions Engineer at StackRox. Thanks for joining us today for my talk on labels, labels, labels. Obviously, you can reach me at all the socials. Before we get started, I like to point you to my GitHub repo, you can go to andyc.info/dc20, and it'll take you to my GitHub page where I've got all of this documentation, I've got the Keynote file there. YAMLs, I've got Dockerfiles, Compose files, all that good stuff. If you want to follow along, great, if not go back and review later, kind of fun. So let me tell you a little bit about myself. I am a former DOD contractor. This is my seventh DockerCon. I've spoken, I had the pleasure to speak at a few of them, one even in Europe. I was even a Docker employee for quite a number of years, providing solutions to the federal government and customers around containers and all things Docker. So I've been doing this a little while. One of the things that I always found interesting was the lack of understanding around labels. So why labels, right? Well, as a former DOD contractor, I had built out a large registry. And the question I constantly got was, where did this image come from? How did you get it? What's in it? Where did it come from? How did it get here? And one of the things we did to kind of alleviate some of those questions was we established a baseline set of labels. Labels really are designed to provide as much metadata around the image as possible. I ask everyone in attendance, when was the last time you pulled an image and had 100% confidence, you knew what was inside it, where it was built, how it was built, when it was built, you probably didn't, right? The last thing we obviously want is a container fire, like our image on the screen. And one kind of interesting way we can kind of prevent that is through the use of labels. We can use labels to address security, address some of the simplicity on how to run these images. So think of it, kind of like self documenting, Think of it also as an audit trail, image provenance, things like that. These are some interesting concepts that we can definitely mandate as we move forward. What is a label, right? Specifically what is the Schema? It's just a key-value. All right? It's any key and pretty much any value. What if we could dump in all kinds of information? What if we could encode things and store it in there? And I've got a fun little demo to show you about that. Let's start off with some of the simple keys, right? Author, date, description, version. Some of the basic information around the image. That would be pretty useful, right? What about specific labels for CI? What about a, where's the version control? Where's the source, right? Whether it's Git, whether it's GitLab, whether it's GitHub, whether it's Gitosis, right? Even SPN, who cares? Where are the source files that built, where's the Docker file that built this image? What's the commit number? That might be interesting in terms of tracking the resulting image to a person or to a commit, hopefully then to a person. How is it built? What if you wanted to play with it and do a git clone of the repo and then build the Docker file on your own? Having a label specifically dedicated on how to build this image might be interesting for development work. Where it was built, and obviously what build number, right? These kind of all, not only talk about continuous integration, CI but also start to talk about security. Specifically what server built it. The version control number, the version number, the commit number, again, how it was built. What's the specific build number? What was that job number in, say, Jenkins or GitLab? What if we could take it a step further? What if we could actually apply policy enforcement in the build pipeline, looking specifically for some of these specific labels? I've got a good example of, in my demo of a policy enforcement. So let's look at some sample labels. Now originally, this idea came out of label-schema.org. And then it was a modified to opencontainers, org.opencontainers.image. There is a link in my GitHub page that links to the full reference. But these are some of the labels that I like to use, just as kind of like a standardization. So obviously, Author's, an email address, so now the image is attributable to a person, that's always kind of good for security and reliability. Where's the source? Where's the version control that has the source, the Docker file and all the assets? How it was built, build number, build server the commit, we talked about, when it was created, a simple description. A fun one I like adding in is the healthZendpoint. Now obviously, the health check directive should be in the Docker file. But if you've got other systems that want to ping your applications, why not declare it and make it queryable? Image version, obviously, that's simple declarative And then a title. And then I've got the two fun ones. Remember, I talked about what if we could encode some fun things? Hypothetically, what if we could encode the Compose file of how to build the stack in the first image itself? And conversely the Kubernetes? Well, actually, you can and I have a demo to show you how to kind of take advantage of that. So how do we create labels? And really creating labels as a function of build time okay? You can't really add labels to an image after the fact. The way you do add labels is either through the Docker file, which I'm a big fan of, because it's declarative. It's in version control. It's kind of irrefutable, especially if you're tracking that commit number in a label. You can extend it from being a static kind of declaration to more a dynamic with build arguments. And I can show you, I'll show you in a little while how you can use a build argument at build time to pass in that variable. And then obviously, if you did it by hand, you could do a docker build--label key equals value. I'm not a big fan of the third one, I love the first one and obviously the second one. Being dynamic we can take advantage of some of the variables coming out of version control. Or I should say, some of the variables coming out of our CI system. And that way, it self documents effectively at build time, which is kind of cool. How do we view labels? Well, there's two major ways to view labels. The first one is obviously a docker pull and docker inspect. You can pull the image locally, you can inspect it, you can obviously, it's going to output as JSON. So you going to use something like JQ to crack it open and look at the individual labels. Another one which I found recently was Skopeo from Red Hat. This allows you to actually query the registry server. So you don't even have to pull the image initially. This can be really useful if you're on a really small development workstation, and you're trying to talk to a Kubernetes cluster and wanting to deploy apps kind of in a very simple manner. Okay? And this was that use case, right? Using Kubernetes, the Kubernetes demo. One of the interesting things about this is that you can base64 encode almost anything, push it in as text into a label and then base64 decode it, and then use it. So in this case, in my demo, I'll show you how we can actually use a kubectl apply piped from the base64 decode from the label itself from skopeo talking to the registry. And what's interesting about this kind of technique is you don't need to store Helm charts. You don't need to learn another language for your declarative automation, right? You don't need all this extra levels of abstraction inherently, if you use it as a label with a kubectl apply, It's just built in. It's kind of like the kiss approach to a certain extent. It does require some encoding when you actually build the image, but to me, it doesn't seem that hard. Okay, let's take a look at a demo. And what I'm going to do for my demo, before we actually get started is here's my repo. Here's a, let me actually go to the actual full repo. So here's the repo, right? And I've got my Jenkins pipeline 'cause I'm using Jenkins for this demo. And in my demo flask, I've got the Docker file. I've got my compose and my Kubernetes YAML. So let's take a look at the Docker file, right? So it's a simple Alpine image. The org statements are the build time arguments that are passed in. Label, so again, I'm using the org.opencontainers.image.blank, for most of them. There's a typo there. Let's see if you can find it, I'll show you it later. My source, build date, build number, commit. Build number and get commit are derived from the Jenkins itself, which is nice. I can just take advantage of existing URLs. I don't have to create anything crazy. And again, I've got my actual Docker build command. Now this is just a label on how to build it. And then here's my simple Python, APK upgrade, remove the package manager, kind of some security stuff, health check getting Python through, okay? Let's take a look at the Jenkins pipeline real quick. So here is my Jenkins pipeline and I have four major stages, four stages, I have built. And here in build, what I do is I actually do the Git clone. And then I do my docker build. From there, I actually tell the Jenkins StackRox plugin. So that's what I'm using for my security scanning. So go ahead and scan, basically, I'm staging it to scan the image. I'm pushing it to Hub, okay? Where I can see the, basically I'm pushing the image up to Hub so such that my StackRox security scanner can go ahead and scan the image. I'm kicking off the scan itself. And then if everything's successful, I'm pushing it to prod. Now what I'm doing is I'm just using the same image with two tags, pre-prod and prod. This is not exactly ideal, in your environment, you probably want to use separate registries and non-prod and a production registry, but for demonstration purposes, I think this is okay. So let's go over to my Jenkins and I've got a deliberate failure. And I'll show you why there's a reason for that. And let's go down. Let's look at my, so I have a StackRox report. Let's look at my report. And it says image required, required image label alert, right? Request that the maintainer, add the required label to the image, so we're missing a label, okay? One of the things we can do is let's flip over, and let's look at Skopeo. Right? I'm going to do this just the easy way. So instead of looking at org.zdocker, opencontainers.image.authors. Okay, see here it says build signature? That was the typo, we didn't actually pass in. So if we go back to our repo, we didn't pass in the the build time argument, we just passed in the word. So let's fix that real quick. That's the Docker file. Let's go ahead and put our dollar sign in their. First day with the fingers you going to love it. And let's go ahead and commit that. Okay? So now that that's committed, we can go back to Jenkins, and we can actually do another build. And there's number 12. And as you can see, I've been playing with this for a little bit today. And while that's running, come on, we can go ahead and look at the Console output. Okay, so there's our image. And again, look at all the build arguments that we're passing into the build statement. So we're passing in the date and the date gets derived on the command line. With the build arguments, there's the base64 encoded of the Compose file. Here's the base64 encoding of the Kubernetes YAML. We do the build. And then let's go down to the bottom layer exists and successful. So here's where we can see no system policy violations profound marking stack regimes security plugin, build step as successful, okay? So we're actually able to do policy enforcement that that image exists, that that label sorry, exists in the image. And again, we can look at the security report and there's no policy violations and no vulnerabilities. So that's pretty good for security, right? We can now enforce and mandate use of certain labels within our images. And let's flip back over to Skopeo, and let's go ahead and look at it. So we're looking at the prod version again. And there's it is in my email address. And that validated that that was valid for that policy. So that's kind of cool. Now, let's take it a step further. What if, let's go ahead and take a look at all of the image, all the labels for a second, let me remove the dash org, make it pretty. Okay? So we have all of our image labels. Again, author's build, commit number, look at the commit number. It was built today build number 12. We saw that right? Delete, build 12. So that's kind of cool dynamic labels. Name, healthz, right? But what we're looking for is we're going to look at the org.zdockerketers label. So let's go look at the label real quick. Okay, well that doesn't really help us because it's encoded but let's base64 dash D, let's decode it. And I need to put the dash r in there 'cause it doesn't like, there we go. So there's my Kubernetes YAML. So why can't we simply kubectl apply dash f? Let's just apply it from standard end. So now we've actually used that label. From the image that we've queried with skopeo, from a remote registry to deploy locally to our Kubernetes cluster. So let's go ahead and look everything's up and running, perfect. So what does that look like, right? So luckily, I'm using traefik for Ingress 'cause I love it. And I've got an object in my Kubernetes YAML called flask.doctor.life. That's my Ingress object for traefik. I can go to flask.docker.life. And I can hit refresh. Obviously, I'm not a very good web designer 'cause the background image in the text. We can go ahead and refresh it a couple times we've got Redis storing a hit counter. We can see that our server name is roundrobing. Okay? That's kind of cool. So let's kind of recap a little bit about my demo environment. So my demo environment, I'm using DigitalOcean, Ubuntu 19.10 Vms. I'm using K3s instead of full Kubernetes either full Rancher, full Open Shift or Docker Enterprise. I think K3s has some really interesting advantages on the development side and it's kind of intended for IoT but it works really well and it deploys super easy. I'm using traefik for Ingress. I love traefik. I may or may not be a traefik ambassador. I'm using Jenkins for CI. And I'm using StackRox for image scanning and policy enforcement. One of the things to think about though, especially in terms of labels is none of this demo stack is required. You can be in any cloud, you can be in CentOs, you can be in any Kubernetes. You can even be in swarm, if you wanted to, or Docker compose. Any Ingress, any CI system, Jenkins, circle, GitLab, it doesn't matter. And pretty much any scanning. One of the things that I think is kind of nice about at least StackRox is that we do a lot more than just image scanning, right? With the policy enforcement things like that. I guess that's kind of a shameless plug. But again, any of this stack is completely replaceable, with any comparative product in that category. So I'd like to, again, point you guys to the andyc.infodc20, that's take you right to the GitHub repo. You can reach out to me at any of the socials @clemenko or andy@stackrox.com. And thank you for attending. I hope you learned something fun about labels. And hopefully you guys can standardize labels in your organization and really kind of take your images and the image provenance to a new level. Thanks for watching. (upbeat music) >> Narrator: Live from Las Vegas It's theCUBE. Covering AWS re:Invent 2019. Brought to you by Amazon Web Services and Intel along with it's ecosystem partners. >> Okay, welcome back everyone theCUBE's live coverage of AWS re:Invent 2019. This is theCUBE's 7th year covering Amazon re:Invent. It's their 8th year of the conference. I want to just shout out to Intel for their sponsorship for these two amazing sets. Without their support we wouldn't be able to bring our mission of great content to you. I'm John Furrier. Stu Miniman. We're here with the chief of AWS, the chief executive officer Andy Jassy. Tech athlete in and of himself three hour Keynotes. Welcome to theCUBE again, great to see you. >> Great to be here, thanks for having me guys. >> Congratulations on a great show a lot of great buzz. >> Andy: Thank you. >> A lot of good stuff. Your Keynote was phenomenal. You get right into it, you giddy up right into it as you say, three hours, thirty announcements. You guys do a lot, but what I liked, the new addition, the last year and this year is the band; house band. They're pretty good. >> Andy: They're good right? >> They hit the queen notes, so that keeps it balanced. So we're going to work on getting a band for theCUBE. >> Awesome. >> So if I have to ask you, what's your walk up song, what would it be? >> There's so many choices, it depends on what kind of mood I'm in. But, uh, maybe Times Like These by the Foo Fighters. >> John: Alright. >> These are unusual times right now. >> Foo Fighters playing at the Amazon Intersect Show. >> Yes they are. >> Good plug Andy. >> Headlining. >> Very clever >> Always getting a good plug in there. >> My very favorite band. Well congratulations on the Intersect you got a lot going on. Intersect is a music festival, I'll get to that in a second But, I think the big news for me is two things, obviously we had a one-on-one exclusive interview and you laid out, essentially what looks like was going to be your Keynote, and it was. Transformation- >> Andy: Thank you for the practice. (Laughter) >> John: I'm glad to practice, use me anytime. >> Yeah. >> And I like to appreciate the comments on Jedi on the record, that was great. But I think the transformation story's a very real one, but the NFL news you guys just announced, to me, was so much fun and relevant. You had the Commissioner of NFL on stage with you talking about a strategic partnership. That is as top down, aggressive goal as you could get to have Rodger Goodell fly to a tech conference to sit with you and then bring his team talk about the deal. >> Well, ya know, we've been partners with the NFL for a while with the Next Gen Stats that they use on all their telecasts and one of the things I really like about Roger is that he's very curious and very interested in technology and the first couple times I spoke with him he asked me so many questions about ways the NFL might be able to use the Cloud and digital transformation to transform their various experiences and he's always said if you have a creative idea or something you think that could change the world for us, just call me he said or text me or email me and I'll call you back within 24 hours. And so, we've spent the better part of the last year talking about a lot of really interesting, strategic ways that they can evolve their experience both for fans, as well as their players and the Player Health and Safety Initiative, it's so important in sports and particularly important with the NFL given the nature of the sport and they've always had a focus on it, but what you can do with computer vision and machine learning algorithms and then building a digital athlete which is really like a digital twin of each athlete so you understand, what does it look like when they're healthy and compare that when it looks like they may not be healthy and be able to simulate all kinds of different combinations of player hits and angles and different plays so that you could try to predict injuries and predict the right equipment you need before there's a problem can be really transformational so we're super excited about it. >> Did you guys come up with the idea or was it a collaboration between them? >> It was really a collaboration. I mean they, look, they are very focused on players safety and health and it's a big deal for their- you know, they have two main constituents the players and fans and they care deeply about the players and it's a-it's a hard problem in a sport like Football, I mean, you watch it. >> Yeah, and I got to say it does point out the use cases of what you guys are promoting heavily at the show here of the SageMaker Studio, which was a big part of your Keynote, where they have all this data. >> Andy: Right. >> And they're data hoarders, they hoard data but the manual process of going through the data was a killer problem. This is consistent with a lot of the enterprises that are out there, they have more data than they even know. So this seems to be a big part of the strategy. How do you get the customers to actually wake up to the fact that they got all this data and how do you tie that together? >> I think in almost every company they know they have a lot of data. And there are always pockets of people who want to do something with it. But, when you're going to make these really big leaps forward; these transformations, the things like Volkswagen is doing where they're reinventing their factories and their manufacturing process or the NFL where they're going to radically transform how they do players uh, health and safety. It starts top down and if the senior leader isn't convicted about wanting to take that leap forward and trying something different and organizing the data differently and organizing the team differently and using machine learning and getting help from us and building algorithms and building some muscle inside the company it just doesn't happen because it's not in the normal machinery of what most companies do. And so it always, almost always, starts top down. Sometimes it can be the Commissioner or CEO sometimes it can be the CIO but it has to be senior level conviction or it doesn't get off the ground. >> And the business model impact has to be real. For NFL, they know concussions, hurting their youth pipe-lining, this is a huge issue for them. This is their business model. >> They lose even more players to lower extremity injuries. And so just the notion of trying to be able to predict injuries and, you know, the impact it can have on rules and the impact it can have on the equipment they use, it's a huge game changer when they look at the next 10 to 20 years. >> Alright, love geeking out on the NFL but Andy, you know- >> No more NFL talk? >> Off camera how about we talk? >> Nobody talks about the Giants being 2 and 10. >> Stu: We're both Patriots fans here. >> People bring up the undefeated season. >> So Andy- >> Everybody's a Patriot's fan now. (Laughter) >> It's fascinating to watch uh, you and your three hour uh, Keynote, uh Werner in his you know, architectural discussion, really showed how AWS is really extending its reach, you know, it's not just a place. For a few years people have been talking about you know, Cloud is an operational model its not a destination or a location but, I felt it really was laid out is you talked about Breadth and Depth and Werner really talked about you know, Architectural differentiation. People talk about Cloud, but there are very-there are a lot of differences between the vision for where things are going. Help us understand why, I mean, Amazon's vision is still a bit different from what other people talk about where this whole Cloud expansion, journey, put ever what tag or label you want on it but you know, the control plane and the technology that you're building and where you see that going. >> Well I think that, we've talked about this a couple times we have two macro types of customers. We have those that really want to get at the low level building blocks and stitch them together creatively however they see fit to create whatever's in their-in their heads. And then we have the second segment of customers that say look, I'm willing to give up some of that flexibility in exchange for getting 80% of the way there much faster. In an abstraction that's different from those low level building blocks. And both segments of builders we want to serve and serve well and so we've built very significant offerings in both areas. I think when you look at microservices um, you know, some of it has to do with the fact that we have this very strongly held belief born out of several years of Amazon where you know, the first 7 or 8 years of Amazon's consumer business we basically jumbled together all of the parts of our technology in moving really quickly and when we wanted to move quickly where you had to impact multiple internal development teams it was so long because it was this big ball, this big monolithic piece. And we got religion about that in trying to move faster in the consumer business and having to tease those pieces apart. And it really was a lot of impetus behind conceiving AWS where it was these low level, very flexible building blocks that6 don't try and make all the decisions for customers they get to make them themselves. And some of the microservices that you saw Werner talking about just, you know, for instance, what we-what we did with Nitro or even what we did with Firecracker those are very much about us relentlessly working to continue to uh, tease apart the different components. And even things that look like low level building blocks over time, you build more and more features and all of the sudden you realize they have a lot of things that are combined together that you wished weren't that slow you down and so, Nitro was a completely re imagining of our Hypervisor and Virtualization layer to allow us, both to let customers have better performance but also to let us move faster and have a better security story for our customers. >> I got to ask you the question around transformation because I think that all points, all the data points, you got all the references, Goldman Sachs on stage at the Keynote, Cerner, I mean healthcare just is an amazing example because I mean, that's demonstrating real value there there's no excuse. I talked to someone who wouldn't be named last night, in and around the area said, the CIA has a cost bar like this a cost-a budget like this but the demand for mission based apps is going up exponentially, so there's need for the Cloud. And so, you see more and more of that. What is your top down, aggressive goals to fill that solution base because you're also a very transformational thinker; what is your-what is your aggressive top down goals for your organization because you're serving a market with trillions of dollars of spend that's shifting, that's on the table. >> Yeah. >> A lot of competition now sees it too, they're going to go after it. But at the end of the day you have customers that have a demand for things, apps. >> Andy: Yeah. >> And not a lot of budget increase at the same time. This is a huge dynamic. >> Yeah. >> John: What's your goals? >> You know I think that at a high level our top down aggressive goals are that we want every single customer who uses our platform to have an outstanding customer experience. And we want that outstanding customer experience in part is that their operational performance and their security are outstanding, but also that it allows them to build, uh, build projects and initiatives that change their customer experience and allow them to be a sustainable successful business over a long period of time. And then, we also really want to be the technology infrastructure platform under all the applications that people build. And we're realistic, we know that you know, the market segments we address with infrastructure, software, hardware, and data center services globally are trillions of dollars in the long term and it won't only be us, but we have that goal of wanting to serve every application and that requires not just the security operational premise but also a lot of functionality and a lot of capability. We have by far the most amount of capability out there and yet I would tell you, we have 3 to 5 years of items on our roadmap that customers want us to add. And that's just what we know today. >> And Andy, underneath the covers you've been going through some transformation. When we talked a couple of years ago, about how serverless is impacting things I've heard that that's actually, in many ways, glue behind the two pizza teams to work between organizations. Talk about how the internal transformations are happening. How that impacts your discussions with customers that are going through that transformation. >> Well, I mean, there's a lot of- a lot of the technology we build comes from things that we're doing ourselves you know? And that we're learning ourselves. It's kind of how we started thinking about microservices, serverless too, we saw the need, you know, we would have we would build all these functions that when some kind of object came into an object store we would spin up, compute, all those tasks would take like, 3 or 4 hundred milliseconds then we'd spin it back down and yet, we'd have to keep a cluster up in multiple availability zones because we needed that fault tolerance and it was- we just said this is wasteful and, that's part of how we came up with Lambda and you know, when we were thinking about Lambda people understandably said, well if we build Lambda and we build this serverless adventure in computing a lot of people were keeping clusters of instances aren't going to use them anymore it's going to lead to less absolute revenue for us. But we, we have learned this lesson over the last 20 years at Amazon which is, if it's something that's good for customers you're much better off cannibalizing yourself and doing the right thing for customers and being part of shaping something. And I think if you look at the history of technology you always build things and people say well, that's going to cannibalize this and people are going to spend less money, what really ends up happening is they spend less money per unit of compute but it allows them to do so much more that they ultimately, long term, end up being more significant customers. >> I mean, you are like beating the drum all the time. Customers, what they say, we encompass the roadmap, I got that you guys have that playbook down, that's been really successful for you. >> Andy: Yeah. >> Two years ago you told me machine learning was really important to you because your customers told you. What's the next traunch of importance for customers? What's on top of mind now, as you, look at- >> Andy: Yeah. >> This re:Invent kind of coming to a close, Replay's tonight, you had conversations, you're a tech athlete, you're running around, doing speeches, talking to customers. What's that next hill from if it's machine learning today- >> There's so much I mean, (weird background noise) >> It's not a soup question (Laughter) And I think we're still in the very early days of machine learning it's not like most companies have mastered it yet even though they're using it much more then they did in the past. But, you know, I think machine learning for sure I think the Edge for sure, I think that um, we're optimistic about Quantum Computing even though I think it'll be a few years before it's really broadly useful. We're very um, enthusiastic about robotics. I think the amount of functions that are going to be done by these- >> Yeah. >> robotic applications are much more expansive than people realize. It doesn't mean humans won't have jobs, they're just going to work on things that are more value added. We're believers in augmented virtual reality, we're big believers in what's going to happen with Voice. And I'm also uh, I think sometimes people get bored you know, I think you're even bored with machine learning already >> Not yet. >> People get bored with the things you've heard about but, I think just what we've done with the Chips you know, in terms of giving people 40% better price performance in the latest generation of X86 processors. It's pretty unbelievable in the difference in what people are going to be able to do. Or just look at big data I mean, big data, we haven't gotten through big data where people have totally solved it. The amount of data that companies want to store, process, analyze, is exponentially larger than it was a few years ago and it will, I think, exponentially increase again in the next few years. You need different tools and services. >> Well I think we're not bored with machine learning we're excited to get started because we have all this data from the video and you guys got SageMaker. >> Andy: Yeah. >> We call it the stairway to machine learning heaven. >> Andy: Yeah. >> You start with the data, move up, knock- >> You guys are very sophisticated with what you do with technology and machine learning and there's so much I mean, we're just kind of, again, in such early innings. And I think that, it was so- before SageMaker, it was so hard for everyday developers and data scientists to build models but the combination of SageMaker and what's happened with thousands of companies standardizing on it the last two years, plus now SageMaker studio, giant leap forward. >> Well, we hope to use the data to transform our experience with our audience. And we're on Amazon Cloud so we really appreciate that. >> Andy: Yeah. >> And appreciate your support- >> Andy: Yeah, of course. >> John: With Amazon and get that machine learning going a little faster for us, that would be better. >> If you have requests I'm interested, yeah. >> So Andy, you talked about that you've got the customers that are builders and the customers that need simplification. Traditionally when you get into the, you know, the heart of the majority of adoption of something you really need to simplify that environment. But when I think about the successful enterprise of the future, they need to be builders. how'l I normally would've said enterprise want to pay for solutions because they don't have the skill set but, if they're going to succeed in this new economy they need to go through that transformation >> Andy: Yeah. >> That you talk to, so, I mean, are we in just a total new era when we look back will this be different than some of these previous waves? >> It's a really good question Stu, and I don't think there's a simple answer to it. I think that a lot of enterprises in some ways, I think wish that they could just skip the low level building blocks and only operate at that higher level abstraction. That's why people were so excited by things like, SageMaker, or CodeGuru, or Kendra, or Contact Lens, these are all services that allow them to just send us data and then run it on our models and get back the answers. But I think one of the big trends that we see with enterprises is that they are taking more and more of their development in house and they are wanting to operate more and more like startups. I think that they admire what companies like AirBnB and Pintrest and Slack and Robinhood and a whole bunch of those companies, Stripe, have done and so when, you know, I think you go through these phases and eras where there are waves of success at different companies and then others want to follow that success and replicate it. And so, we see more and more enterprises saying we need to take back a lot of that development in house. And as they do that, and as they add more developers those developers in most cases like to deal with the building blocks. And they have a lot of ideas on how they can creatively stich them together. >> Yeah, on that point, I want to just quickly ask you on Amazon versus other Clouds because you made a comment to me in our interview about how hard it is to provide a service to other people. And it's hard to have a service that you're using yourself and turn that around and the most quoted line of my story was, the compression algorithm- there's no compression algorithm for experience. Which to me, is the diseconomies of scale for taking shortcuts. >> Andy: Yeah. And so I think this is a really interesting point, just add some color commentary because I think this is a fundamental difference between AWS and others because you guys have a trajectory over the years of serving, at scale, customers wherever they are, whatever they want to do, now you got microservices. >> Yeah. >> John: It's even more complex. That's hard. >> Yeah. >> John: Talk about that. >> I think there are a few elements to that notion of there's no compression algorithm for experience and I think the first thing to know about AWS which is different is, we just come from a different heritage and a different background. We ran a business for a long time that was our sole business that was a consumer retail business that was very low margin. And so, we had to operate at very large scale given how many people were using us but also, we had to run infrastructure services deep in the stack, compute storage and database, and reliable scalable data centers at very low cost and margins. And so, when you look at our business it actually, today, I mean its, its a higher margin business in our retail business, its a lower margin business in software companies but at real scale, it's a high volume, relatively low margin business. And the way that you have to operate to be successful with those businesses and the things you have to think about and that DNA come from the type of operators we have to be in our consumer retail business. And there's nobody else in our space that does that. So, you know, the way that we think about costs, the way we think about innovation in the data center, um, and I also think the way that we operate services and how long we've been operating services as a company its a very different mindset than operating package software. Then you look at when uh, you think about some of the uh, issues in very large scale Cloud, you can't learn some of those lessons until you get to different elbows of the curve and scale. And so what I was telling you is, its really different to run your own platform for your own users where you get to tell them exactly how its going to be done. But that's not the way the real world works. I mean, we have millions of external customers who use us from every imaginable country and location whenever they want, without any warning, for lots of different use cases, and they have lots of design patterns and we don't get to tell them what to do. And so operating a Cloud like that, at a scale that's several times larger than the next few providers combined is a very different endeavor and a very different operating rigor. >> Well you got to keep raising the bar you guys do a great job, really impressed again. Another tsunami of announcements. In fact, you had to spill the beans earlier with Quantum the day before the event. Tight schedule. I got to ask you about the musical festival because, I think this is a very cool innovation. It's the inaugural Intersect conference. >> Yes. >> John: Which is not part of Replay, >> Yes. >> John: Which is the concert tonight. Its a whole new thing, big music act, you're a big music buff, your daughter's an artist. Why did you do this? What's the purpose? What's your goal? >> Yeah, it's an experiment. I think that what's happened is that re:Invent has gotten so big, we have 65 thousand people here, that to do the party, which we do every year, its like a 35-40 thousand person concert now. Which means you have to have a location that has multiple stages and, you know, we thought about it last year and when we were watching it and we said, we're kind of throwing, like, a 4 hour music festival right now. There's multiple stages, and its quite expensive to set up that set for a party and we said well, maybe we don't have to spend all that money for 4 hours and then rip it apart because actually the rent to keep those locations for another two days is much smaller than the cost of actually building multiple stages and so we thought we would try it this year. We're very passionate about music as a business and I think we-I think our customers feel like we've thrown a pretty good music party the last few years and we thought we would try it at a larger scale as an experiment. And if you look at the economics- >> At the headliners real quick. >> The Foo Fighters are headlining on Saturday night, Anderson Paak and the Free Nationals, Brandi Carlile, Shawn Mullins, um, Willy Porter, its a good set. Friday night its Beck and Kacey Musgraves so it's a really great set of um, about thirty artists and we're hopeful that if we can build a great experience that people will want to attend that we can do it at scale and it might be something that both pays for itself and maybe, helps pay for re:Invent too overtime and you know, I think that we're also thinking about it as not just a music concert and festival the reason we named it Intersect is that we want an intersection of music genres and people and ethnicities and age groups and art and technology all there together and this will be the first year we try it, its an experiment and we're really excited about it. >> Well I'm gone, congratulations on all your success and I want to thank you we've been 7 years here at re:Invent we've been documenting the history. You got two sets now, one set upstairs. So appreciate you. >> theCUBE is part of re:Invent, you know, you guys really are apart of the event and we really appreciate your coming here and I know people appreciate the content you create as well. >> And we just launched CUBE365 on Amazon Marketplace built on AWS so thanks for letting us- >> Very cool >> John: Build on the platform. appreciate it. >> Thanks for having me guys, I appreciate it. >> Andy Jassy the CEO of AWS here inside theCUBE, it's our 7th year covering and documenting the thunderous innovation that Amazon's doing they're really doing amazing work building out the new technologies here in the Cloud computing world. I'm John Furrier, Stu Miniman, be right back with more after this short break. (Outro music)

>> Hi, my name is Andy Clemenko. I'm a Senior Solutions Engineer at StackRox. Thanks for joining us today for my talk on labels, labels, labels. Obviously, you can reach me at all the socials. Before we get started, I like to point you to my GitHub repo, you can go to andyc.info/dc20, and it'll take you to my GitHub page where I've got all of this documentation, I've got the Keynote file there. YAMLs, I've got Dockerfiles, Compose files, all that good stuff. If you want to follow along, great, if not go back and review later, kind of fun. So let me tell you a little bit about myself. I am a former DOD contractor. This is my seventh DockerCon. I've spoken, I had the pleasure to speak at a few of them, one even in Europe. I was even a Docker employee for quite a number of years, providing solutions to the federal government and customers around containers and all things Docker. So I've been doing this a little while. One of the things that I always found interesting was the lack of understanding around labels. So why labels, right? Well, as a former DOD contractor, I had built out a large registry. And the question I constantly got was, where did this image come from? How did you get it? What's in it? Where did it come from? How did it get here? And one of the things we did to kind of alleviate some of those questions was we established a baseline set of labels. Labels really are designed to provide as much metadata around the image as possible. I ask everyone in attendance, when was the last time you pulled an image and had 100% confidence, you knew what was inside it, where it was built, how it was built, when it was built, you probably didn't, right? The last thing we obviously want is a container fire, like our image on the screen. And one kind of interesting way we can kind of prevent that is through the use of labels. We can use labels to address security, address some of the simplicity on how to run these images. So think of it, kind of like self documenting, Think of it also as an audit trail, image provenance, things like that. These are some interesting concepts that we can definitely mandate as we move forward. What is a label, right? Specifically what is the Schema? It's just a key-value. All right? It's any key and pretty much any value. What if we could dump in all kinds of information? What if we could encode things and store it in there? And I've got a fun little demo to show you about that. Let's start off with some of the simple keys, right? Author, date, description, version. Some of the basic information around the image. That would be pretty useful, right? What about specific labels for CI? What about a, where's the version control? Where's the source, right? Whether it's Git, whether it's GitLab, whether it's GitHub, whether it's Gitosis, right? Even SPN, who cares? Where are the source files that built, where's the Docker file that built this image? What's the commit number? That might be interesting in terms of tracking the resulting image to a person or to a commit, hopefully then to a person. How is it built? What if you wanted to play with it and do a git clone of the repo and then build the Docker file on your own? Having a label specifically dedicated on how to build this image might be interesting for development work. Where it was built, and obviously what build number, right? These kind of all, not only talk about continuous integration, CI but also start to talk about security. Specifically what server built it. The version control number, the version number, the commit number, again, how it was built. What's the specific build number? What was that job number in, say, Jenkins or GitLab? What if we could take it a step further? What if we could actually apply policy enforcement in the build pipeline, looking specifically for some of these specific labels? I've got a good example of, in my demo of a policy enforcement. So let's look at some sample labels. Now originally, this idea came out of label-schema.org. And then it was a modified to opencontainers, org.opencontainers.image. There is a link in my GitHub page that links to the full reference. But these are some of the labels that I like to use, just as kind of like a standardization. So obviously, Author's, an email address, so now the image is attributable to a person, that's always kind of good for security and reliability. Where's the source? Where's the version control that has the source, the Docker file and all the assets? How it was built, build number, build server the commit, we talked about, when it was created, a simple description. A fun one I like adding in is the healthZendpoint. Now obviously, the health check directive should be in the Docker file. But if you've got other systems that want to ping your applications, why not declare it and make it queryable? Image version, obviously, that's simple declarative And then a title. And then I've got the two fun ones. Remember, I talked about what if we could encode some fun things? Hypothetically, what if we could encode the Compose file of how to build the stack in the first image itself? And conversely the Kubernetes? Well, actually, you can and I have a demo to show you how to kind of take advantage of that. So how do we create labels? And really creating labels as a function of build time okay? You can't really add labels to an image after the fact. The way you do add labels is either through the Docker file, which I'm a big fan of, because it's declarative. It's in version control. It's kind of irrefutable, especially if you're tracking that commit number in a label. You can extend it from being a static kind of declaration to more a dynamic with build arguments. And I can show you, I'll show you in a little while how you can use a build argument at build time to pass in that variable. And then obviously, if you did it by hand, you could do a docker build--label key equals value. I'm not a big fan of the third one, I love the first one and obviously the second one. Being dynamic we can take advantage of some of the variables coming out of version control. Or I should say, some of the variables coming out of our CI system. And that way, it self documents effectively at build time, which is kind of cool. How do we view labels? Well, there's two major ways to view labels. The first one is obviously a docker pull and docker inspect. You can pull the image locally, you can inspect it, you can obviously, it's going to output as JSON. So you going to use something like JQ to crack it open and look at the individual labels. Another one which I found recently was Skopeo from Red Hat. This allows you to actually query the registry server. So you don't even have to pull the image initially. This can be really useful if you're on a really small development workstation, and you're trying to talk to a Kubernetes cluster and wanting to deploy apps kind of in a very simple manner. Okay? And this was that use case, right? Using Kubernetes, the Kubernetes demo. One of the interesting things about this is that you can base64 encode almost anything, push it in as text into a label and then base64 decode it, and then use it. So in this case, in my demo, I'll show you how we can actually use a kubectl apply piped from the base64 decode from the label itself from skopeo talking to the registry. And what's interesting about this kind of technique is you don't need to store Helm charts. You don't need to learn another language for your declarative automation, right? You don't need all this extra levels of abstraction inherently, if you use it as a label with a kubectl apply, It's just built in. It's kind of like the kiss approach to a certain extent. It does require some encoding when you actually build the image, but to me, it doesn't seem that hard. Okay, let's take a look at a demo. And what I'm going to do for my demo, before we actually get started is here's my repo. Here's a, let me actually go to the actual full repo. So here's the repo, right? And I've got my Jenkins pipeline 'cause I'm using Jenkins for this demo. And in my demo flask, I've got the Docker file. I've got my compose and my Kubernetes YAML. So let's take a look at the Docker file, right? So it's a simple Alpine image. The org statements are the build time arguments that are passed in. Label, so again, I'm using the org.opencontainers.image.blank, for most of them. There's a typo there. Let's see if you can find it, I'll show you it later. My source, build date, build number, commit. Build number and get commit are derived from the Jenkins itself, which is nice. I can just take advantage of existing URLs. I don't have to create anything crazy. And again, I've got my actual Docker build command. Now this is just a label on how to build it. And then here's my simple Python, APK upgrade, remove the package manager, kind of some security stuff, health check getting Python through, okay? Let's take a look at the Jenkins pipeline real quick. So here is my Jenkins pipeline and I have four major stages, four stages, I have built. And here in build, what I do is I actually do the Git clone. And then I do my docker build. From there, I actually tell the Jenkins StackRox plugin. So that's what I'm using for my security scanning. So go ahead and scan, basically, I'm staging it to scan the image. I'm pushing it to Hub, okay? Where I can see the, basically I'm pushing the image up to Hub so such that my StackRox security scanner can go ahead and scan the image. I'm kicking off the scan itself. And then if everything's successful, I'm pushing it to prod. Now what I'm doing is I'm just using the same image with two tags, pre-prod and prod. This is not exactly ideal, in your environment, you probably want to use separate registries and non-prod and a production registry, but for demonstration purposes, I think this is okay. So let's go over to my Jenkins and I've got a deliberate failure. And I'll show you why there's a reason for that. And let's go down. Let's look at my, so I have a StackRox report. Let's look at my report. And it says image required, required image label alert, right? Request that the maintainer, add the required label to the image, so we're missing a label, okay? One of the things we can do is let's flip over, and let's look at Skopeo. Right? I'm going to do this just the easy way. So instead of looking at org.zdocker, opencontainers.image.authors. Okay, see here it says build signature? That was the typo, we didn't actually pass in. So if we go back to our repo, we didn't pass in the the build time argument, we just passed in the word. So let's fix that real quick. That's the Docker file. Let's go ahead and put our dollar sign in their. First day with the fingers you going to love it. And let's go ahead and commit that. Okay? So now that that's committed, we can go back to Jenkins, and we can actually do another build. And there's number 12. And as you can see, I've been playing with this for a little bit today. And while that's running, come on, we can go ahead and look at the Console output. Okay, so there's our image. And again, look at all the build arguments that we're passing into the build statement. So we're passing in the date and the date gets derived on the command line. With the build arguments, there's the base64 encoded of the Compose file. Here's the base64 encoding of the Kubernetes YAML. We do the build. And then let's go down to the bottom layer exists and successful. So here's where we can see no system policy violations profound marking stack regimes security plugin, build step as successful, okay? So we're actually able to do policy enforcement that that image exists, that that label sorry, exists in the image. And again, we can look at the security report and there's no policy violations and no vulnerabilities. So that's pretty good for security, right? We can now enforce and mandate use of certain labels within our images. And let's flip back over to Skopeo, and let's go ahead and look at it. So we're looking at the prod version again. And there's it is in my email address. And that validated that that was valid for that policy. So that's kind of cool. Now, let's take it a step further. What if, let's go ahead and take a look at all of the image, all the labels for a second, let me remove the dash org, make it pretty. Okay? So we have all of our image labels. Again, author's build, commit number, look at the commit number. It was built today build number 12. We saw that right? Delete, build 12. So that's kind of cool dynamic labels. Name, healthz, right? But what we're looking for is we're going to look at the org.zdockerketers label. So let's go look at the label real quick. Okay, well that doesn't really help us because it's encoded but let's base64 dash D, let's decode it. And I need to put the dash r in there 'cause it doesn't like, there we go. So there's my Kubernetes YAML. So why can't we simply kubectl apply dash f? Let's just apply it from standard end. So now we've actually used that label. From the image that we've queried with skopeo, from a remote registry to deploy locally to our Kubernetes cluster. So let's go ahead and look everything's up and running, perfect. So what does that look like, right? So luckily, I'm using traefik for Ingress 'cause I love it. And I've got an object in my Kubernetes YAML called flask.doctor.life. That's my Ingress object for traefik. I can go to flask.docker.life. And I can hit refresh. Obviously, I'm not a very good web designer 'cause the background image in the text. We can go ahead and refresh it a couple times we've got Redis storing a hit counter. We can see that our server name is roundrobing. Okay? That's kind of cool. So let's kind of recap a little bit about my demo environment. So my demo environment, I'm using DigitalOcean, Ubuntu 19.10 Vms. I'm using K3s instead of full Kubernetes either full Rancher, full Open Shift or Docker Enterprise. I think K3s has some really interesting advantages on the development side and it's kind of intended for IoT but it works really well and it deploys super easy. I'm using traefik for Ingress. I love traefik. I may or may not be a traefik ambassador. I'm using Jenkins for CI. And I'm using StackRox for image scanning and policy enforcement. One of the things to think about though, especially in terms of labels is none of this demo stack is required. You can be in any cloud, you can be in CentOs, you can be in any Kubernetes. You can even be in swarm, if you wanted to, or Docker compose. Any Ingress, any CI system, Jenkins, circle, GitLab, it doesn't matter. And pretty much any scanning. One of the things that I think is kind of nice about at least StackRox is that we do a lot more than just image scanning, right? With the policy enforcement things like that. I guess that's kind of a shameless plug. But again, any of this stack is completely replaceable, with any comparative product in that category. So I'd like to, again, point you guys to the andyc.infodc20, that's take you right to the GitHub repo. You can reach out to me at any of the socials @clemenko or andy@stackrox.com. And thank you for attending. I hope you learned something fun about labels. And hopefully you guys can standardize labels in your organization and really kind of take your images and the image provenance to a new level. Thanks for watching. (upbeat music)

>> Narrator: From the CUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is The CUBE Conversation. >> Everyone, welcome to the special CUBE Conversation here. In the CUBES Palo Alto studios, I'm John Furrier, your host with a great story here to tell and a great story with Bob Russell, the CEO of the CTA group, also known as the Community Technology Alliance. Great story, very relevant in this time and has to involve data and technologies for good. So, Bob, thanks for spending the time to join me today. Thanks for remote dialing in or internetting in thank you. >> My pleasure, great to be with you. >> You guys have a really great mission with the Community Technology Alliance. Also known as the CTA group, which is you guys go by, take a minute to explain the firm and what you guys do coz I think this is a high impact story for this community just in general, but now more than ever, it's great story. Can you take a minute to explain? >> Thank you. We're a San Jose based nonprofit and we were founded in 1991 to provide the technology needed to support the work to end homelessness in a number of California communities and counties, primarily by providing data collection and reporting tools for agencies that were receiving federal funding to house the homeless. Several years ago, as we were looking at the data, we realized that we needed to expand our focus to not only include the homeless, but to include what's called homeless prevention. And homeless prevention is providing services to those who are not homeless, but who are at risk of becoming homeless, or those that are living in poverty and do not have enough money to pay the mortgage or pay their rent and so they too are at risk of becoming homeless. Because what the data is showing is that once you become homeless, it can be difficult, it can be time consuming, and it can take a long time for you to secure new housing. So if you can help people who are on the cusp of becoming homeless, that is, that's a wonderful thing. Keeping people from becoming homeless in the first place is one of the most effective tools in fighting homelessness in the Bay Area and throughout the United States. That expanded focus meant we really, we needed to rethink how best to leverage technology in order to help agencies communities, both in homelessness and homeless prevention. And so we focused on three different components or three tools. The first one was creating data integration tool, so that agencies that are using multiple systems, can integrate their data into a single source of truth, they can quickly communicate and exchange data with one another in order to identify how best to help people in need in their communities. The second thing that we did was we created a mobile app so that you could collect data out of your closed or your proprietary system, upload that data later to your system, or to this, to a central data warehouse. And then also, you could use this data that once we pulled your data in from multiple data systems and created a single source of truth, you could actually view that unified data. And the third tool we developed was a reporting and analytics tool, so that you could quickly visualize your data, look at overall trends and determine what measures are most effective in helping people to remain housed or to help people who are homeless to secure housing as quickly as possible. So that's our story in a nutshell, John. >> Yeah, one of the famous CUBE alumni Jeff Hammerbacher, founder of Cloudera, one said in the CUBE. This is 10 years ago, and he came from Facebook and then he said, our bright minds in the industry are working on data science so that people click on and add. And that really kind of became a rallying point in the computer science industry, because this is really a data driven strategy, you guys are taking this proactive, it's not reactive, which is still got it's own challenges. So, you know, using data for good, there's some reality there. It's like collective intelligence or predictive analytics or a recommendation engine for services to be delivered. So Love it. Love this story, I think is super important. It's not going to go away it's only going to get stronger and better. But I got to ask you with that, what are some of the challenges with the current environment for social services? Because, you mentioned legacy, legacy systems. Well, this legacy a process too. I can only imagine the challenges, what are some of those challenges in the current environment? >> Yes, yeah, there are many challenges, but I'd like to focus in on two. The first is agencies aren't network, their systems are not network. And so agency A cannot exchange and communicate with agency B. And so what happens in most communities is that if someone's in need, whether it's an individual or a family, odds are they're going to multiple agencies to secure all the different services that they need. And because agencies are not networked, it can be very difficult to secure services. If you're a need, you can end up spending a lot of time going from agency to agency, asking what's available, and seeing that if you're eligible for services. So one of the challenges that we were asked to overcome by, you know, talking to various agencies and communities is can you allow us to continue to use our current systems, but can you figure out a way for our systems to communicate and exchange critical data with one another, and the second reason or challenge is tied to first, most agencies have multiple funding sources in order to provide the services that they provide. And many of those funding sources will say to an agency in exchange for us giving you funding, you must use this system to collect data and to report out. And so what happens is a single agency can have multiple data systems that either, that just simply cannot communicate with one another. And so this creates inefficiencies. And this means that resources that would be going to a client, a family and an individual has to be redirected to doing multiple data entry and administering multiple systems. And so before we built any of our tools, we spent a good chunk of time talking to these various stakeholders in the homeless and poverty arena going, what are your primary pain points? These were the two that stood out for us. In how we could use technology to help these agencies get a more unified view of what's going on in their community and what works. >> How has any of the systematic changes affected you coz the networking piece is huge. When we see this play out in data driven businesses, obvious ones are cybersecurity, the more data the better, coz you got a machine learning is a lot of things there. The other problem I want to get your thoughts on is just the idea of not just not being networked, but the data silos. So the data silos are out there, and sometimes they're not talking to each other, even if they are connected. >> So if you're homeless or at risk of becoming homeless, odds are you're going to need multiple services to help you. It's very rare that an agency has all the services that you need so that you end up being helped by multiple services. Each one of those service, each one of those agencies, ends up being a data silo. And so you do not get a complete picture of in your community of how what are the various services that you are providing this client, and which services are most rapidly helping that client move either into housing or into self sufficiency. So agencies are very much aware that they have data silos out there, but they simply do not have the expertise or the time or the resources to manually take all of that data and try to come up with a single spreadsheet that tells 'em everything. >> On the role of data, I've seen you mentioned the users, you mentioned an app, can you just share some anecdotal examples of kind of where it's working and challenges and opportunities you guys are doubling down on because, I mean, this is a really important point, because if you look at our society at large today, the ability to deliver services, whether it's education, homelessness, poverty, it's all kind of interconnected, all has the same almost systematic kind of functional role, right you got to, identify services, needs, match them to funding and or people and move in real time or as contextually relevant as possible. If you do that, right, you're on the front end, not the back end of reacting to it. Can you give some examples? >> Yeah, I'm thinking of a young woman. I mean, this is, for me, this has been a powerful story for our organization in helping us to understand the human impact that data silos can have. So this is, in one of our communities there was a young woman with, who was recently divorced with a young son who became sick. And so she went to the hospital to secure treatment for her child, the hospital, the clinic was able to help her. But when she asked about are there agencies out there are there services out there that can help me with financial assistance can help me with getting food and finding a stable housing? They told her no, we can't help you we're clinic, but we can point you to a shelter. Well, by the time she got to that shelter, they were full for the night. So she had no place for her and her son to stay. And so what happens is she ended up spending the night out on the street. And then she spent the next week looking for, you know food bank, so she'd get food. Going to various agencies to find out, you know do you have any available housing, do you have any financial assistance and she was coming up against, you know obstacle, one obstacle over another. So if you're homeless and you don't have a car, and you know, think about anyone in the Bay Area, how difficult it is to get around if you don't have a vehicle or someone who can provide you with it, with a transportation. Her life changed and I yeah, her life changed when she ended up at a homeless encampment. And a what's called an outreach worker, went to that outreach, that encampment with our tools, with our mobile app. And this outreach worker met up with this young woman and said, how can I help you? And she, this woman explained, look, I need a place to stay for the night. I need food for my child, can you helped me? But what she did was she took her tablet open, opened up our mobile app and found yes, there is a nearby shelter that has space available. Let me get you into that shelter as soon as possible. She also alerted the case managers at that shelter that this is what the woman needs. Can you provide that assistance to her as soon as we get her to the shelter? And so what happened was instead of wandering around the community, trying to find help, because of this timely encounter between this young woman and his outreach worker, this outreach worker was able to get this woman and her child into a temporary shelter an emergency shelter for the night. And then over time, helped her secure her own apartment with financial assistance, and also the other services that she needed. And for me, that is the essence of what we're trying to do here is simply remove the barriers for you to.. The essence, what happened here was this woman was able to quickly determine through the help of an agency, what's currently available, and then connect her to those appropriate agencies to get the services that she needed. And so I have told this story many times it still gets me that it's, this is the beauty of technology. This is how you can leverage technology and help someone in need. For me it's just amazing what you can do with the right. Yes, with the right technology. >> It's such a powerful story coz it also not only illustrates the personal needs that they were met. But it also illustrates the scale of how data and the contextually relevant need at that time having the right thing happen at the right time, when it needs to happen, can scale. So it's not, it's not a one off. This is how technology can work. So I think this is a great indicator of things to come. And I think this is going to be playing out more and that is the role of data and people. This has been a fundamental dynamics, not just about machines anymore. It's the human and the data interaction. This is becoming a huge thing. Can you share your thoughts on the role of people because audiences want to get involved you seeing a much more mission driven, culture evolving quickly. People want to have an impact. >> Right. Oh, yeah, data plays a fundamental role. Best way, what helps me to understand just how fundamental that role is that what data does is it creates a narrative on the past and current experiences of people in need. In other words, data tells a story. And whether that person is homeless or at risk of becoming homeless or living in poverty, that narrative becomes a powerful tool for agencies. And it, when you take that narrative because you've been able to harness technology, create that narrative. What you can do with that narrative, is you can coordinate available services to those in need. And as, you know the story of this young woman, you can also rightly reduce the wait times and the time that someone says I have this need until you connect them with that available service. That narrative also helps you to improve your programs and services. You can look at what's working, what's not working, and make the necessary changes so that you can end up helping more people. It improves access to programs and services, instead of someone going by bus, or however I'm trying to go from one end of town to the other. Imagine if you could go to a public library, for example. And as a person in need, you could log in and go, you could tell your story, interesting data and say, help me to find the services that I need. >> Yeah. >> The other thing is that it reduces inefficiencies. Many agencies are spending considerable amount of time in duplicate data entry in order to make sure that they're collecting the data and all the different systems that they need. And then I think another key thing that data plays a fundamental role is that you can take your data as an agency, as a community and you can tell your story to policy leaders and to funders and say look, if there is how you can support us in order to provide effective homeless and poverty alleviation solutions, so again the idea that-- >> Yeah that's a key point right there, that's I mean, the key point is, you look at people process technology, which is like the, overused cliche of digital transformation very relevant by the way, the process piece is kind of taking that same track as you saw the internet technologies, change marketing and advertising, performance based, show me the clicks. If you think about what you just said, that's really what's going on here is you can actually have performance based programs with specific deliverables, if I can do this, would you do more? And the answer is you can measure it with data. This is really the magic of this. It's a new way of doing things. And again, this is not going to go away. And I think stakeholders can hold people's feet to the fire for performance based results, because the data is there if you strive to do a good mission. If the systems are in place, you can measure it. >> Thanks for that question John. Three (background noise drowns out other sounds) come to mind. First, many organizations now financially match the donations made by their employees that they make to nonprofit. So I would say that check with your HR department and see if they have a matching program. And if they do, what happens then is that for every dollar that you give to that agency, your organization, the company that you work for, will match that, and so your money will go further. These same pro... These same Corporate Social Responsibility programs, not only will match your donations, but the other thing that they will do is they will sometime arrange, sometimes workout opportunities to volunteer at very various nonprofits. And so you can also check with your organization to see if they do that. A second possibility is that you connect with groups such as the Full Circle Fund. There are other groups out there, but I'm most familiar with the Full Circle Fund. And it is a San Francisco based nonprofit that leverages your time and your resources and intellectual capital to help out with nonprofits throughout the Bay Area. So whether it is that you're looking to volunteer coding or development skills, or you're looking for some way to find out what's going on in the Bay Community, and how can I help. Full Circle Fund would be a great resource. And again, there are other nonprofits like them out there as well. The third thing is, if you know of an agency in your area, a goodwill, united way, a habitat for humanity, give them a call or check on their website to see what volunteer, positions they have available or what they're looking for. And if it looks like a good match, give them a call and have that conversation. Those are three things that immediately came to mind for me John about if he wanted to help out, how could you? >> Well, certainly it's important mission. I really appreciate, Bob, what you're doing and your team, Bob Russell, the CEO of CTA group, also known as the Community Technology Alliance. Really putting technology into practice, to help the services get to the folks that matter, the homelessness and the folks in poverty, on the edge of poverty. It really is an example of how you can solve some of these systematic problems with performance base. If you follow the data, follow the money, follow the services, it all can work in real time. And that's a good example. So thank you so much for what you do. And great mission. Thank you for your time. >> Thank you, and thank you for having me. >> Okay I'm the CUBE. I'm John Furrier, covering all the stories here while we're still programming here in the CUBE studios with our quarantine crew. Bob Russell, the CEO of CTA group, out with a great story. Check it out and get involved. I'm John Furrier, The CUBE. Thanks for watching (bright upbeat music)

[Music] [Music] [Applause] [Music] me [Music] [Applause] [Music] [Music] so [Music] [Music] [Applause] [Music] so [Applause] [Music] [Applause] [Music] [Music] me [Applause] [Music] [Music] [Music] [Music] [Applause] [Music] [Music] [Applause] so [Music] [Music] [Music] [Music] so [Applause] [Music] so [Applause] [Music] [Applause] [Music] [Music] um [Applause] [Music] [Music] [Music] [Music] [Applause] [Music] so so [Applause] so [Music] so welcome to cyber security insights we're excited to talk to you today about some of the key developments in the cyber security area let me start off by saying you know security's always been a board room topic boards care about it but right now it's actually getting even more important given what's happening covered 19 given the risk the world faces the fact that 70 percent of the workforce is now really working from home at vmware we have all of our employees working for we made that a mandate not just required but we're taking a cautious approach as to how they come back that's the reality of many of our customers but the bad guys are not staying still 148 increase in ransomware during this time they're just looking for every way to take advantage of innocent people working at home and then we've seen 52 percent increase of all attacks in the march time frame targeting the financial sector so it's very important that you we have a different approach to security because our belief is the security industry has been broken uh you'll see on this chart 5000 odd vendors 15 or 20 different categories and it's often i described like going to a doctor to stay healthy and she tells you you've got to take 5 000 tablets and you fall off your chest and that's just not possible you know so how do you prevent staying having 5000 tablets taking 5000 tablets to stay healthy you eat your vegetables your fruit your proteins drink your water you make it part of your hygiene and that's what needs to happen in security we've got to move away from this bolted on approach siloed approach where you've got you know various differences feels like even 5000 tablets 5000 security tools are all kind of like healthcare deem themselves very important and also from security that's just focused on threats and the new approach needs to be one that's more built-in intrinsically part of the platform like making a part of your diet more unified as opposed to just siloed across all of the key pillars of security and a lot more context-centric rather than just threat centric to do this we've been looking at kind of the value proposition of vmware we're you know about a 10.8 billion dollar company and have played across these three or four layers off being a digital foundation for the world any cloud any app any device with intrinsic security you've seen this from us several uh over the last several years what we've sought to do is layer into that diagram five or six important control points in security that we think are going to be super important to make security intrinsic let's start off on the bottom right corner of this with network security we think a new approach for network security means that if you look at data center networking or firewalls or load balancing or sd-wan what is a 30 billion dollar opportunity a new approach you know could be one way you could have in one platform all of those capabilities in something that's more software-defined that's what we've been doing uh in with nsx a platform some customers call us sort of the tesla of networking because we're taking a somewhat you know traditional hardware-defined approach to networking and building a more software-defined networking stack for security much the same way a tesla is building a software-defined car if you go to the left-hand side you see kind of the endpoints but it's two different forms of endpoint an endpoint that's on the client side near the device a laptop tablet a phone or a endpoint that's closer to the server a workload or a container and in both areas we believe we have an opposition proposition to really be the best uh security solution for endpoint and workload security identity we think there's a tremendous opportunity to be the best solution that not just some ourselves but also partners with the best of breed players for example um octa or azure active directory in cloud security we're going to do a lot ourselves for example cloud security posture management but we're also going to partner with the likes of well web gateways and and proxies like z scale or netscope and then analytics is the big kahuna because the more data that you have the more equipped you are to prevent breaches and what we believe here is this notion of what the analysts are now calling xdr collecting telemetry from all of these control points which we have exposure to network endpoint workload identity cloud and having one big data lake where you reason over this with a variety of behavioral and ai algorithms and then provide the best way by which you can protect customers from possible future security events this is something we well best because we actually collecting the most telemetry of anybody from disparate different sources and you're gonna only see this increase so vmware's proposition uh as you look at this we today have a billion dollar security business i know you're gonna listen to that and say wow where did that come from some customers call us one of the best kept uh security secrets in the industry uh a significant about that comes from network security a growing part of it now comes from endpoint security we think the opportunity is to take that billion dollar business it's about 20 000 odd customers and double or triple that by really focusing in these five or six control points you're going to see us build the best products in each of these categories but one that's intrinsic and also works between them in ways that are incredible let me give you a couple examples with carbon black we're going to make it agentless on the server side with vsphere nobody else can do that we're going to do that and you're going to see that very soon with carbon black we're going to make it unified with workspace 1 on the console so you have a unified approach there on both the console and the agent something that you also start seeing from us very soon these are things that nobody else in users can do network security you're going to see from one platform data center networking load balancing firewalls and sd-wan beautiful security-centric networking story so this is the approach for folks and now i think as we listen to several of the thought leaders and analysts you're going to hear them get into this story in more detail thank you very much let's continue in this show cyber security insights and now we'd like to explore the unified approach of security and i.t how do you unify them as a foundation for success our special guest today is chris sherman who's senior analyst at forrester and a pretty renowned security uh researcher and thought leader himself chris welcome to the show great to be here with you sanjay you know i'm sitting here in my living room in cleveland ohio as we uh ride down the curve right fighting off a cabin fever and staying healthy hope you're doing the same chris i'm doing well but listen i look at your beautiful looking um you know i can't confess that my background is my natural i've got a virtual background is that actually your living room or is that a virtual background it is this is my living room we built the house last year and it's also my little private iot lab because you know i'm a huge nerd and i love my devices we've been you know kind of a big fan of a lot of the forester research zero trust security you mentioned your research and iot uh i.t security and i'd like to explore this a little further with you chris i'm a big fan of your research read a lot of your stuff uh but let's kind of focus in you know clearly in this time having security strategy and i.t strategy be together in this current climate many organizations have had to pivot uh due to covert 19. you know one example is employees having to work at home which raises a whole host of cyber security issues and you know having reviewed the research results it makes them i think even more relevant the need for security and i.t to join forces i believe right now to defeating the cyber criminals during the pandemic um so that we don't have this risk and quite frankly you know we've been finding the risk is even higher because the bad guys aren't sleeping uh even if there's a crisis going on so maybe you can tell us a little bit more about this research and your findings absolutely yeah so you know i think the genesis of this research really started with a conversation i had with some of your team members back in november uh we talked about you know the high level of friction between these two teams right between i.t and security and frankly the lack of support that a lot of the existing tools in the market really have for you know integrating the two and when you look across the industry there really aren't a whole lot of resources for buyers or you know technology strategists that you know want to understand these dynamics and you know this is really what led to vmware commissioning forester to uh you know this past february to survey over 1400 security and it ops decision makers across the globe we really wanted to probe those dynamics right you know what's holding companies back from eliminating this friction right this really was actually the largest sample size of any commissioned study that i've been a part of here at forester and it really led to some excellent results and and data as you know from the uh published research i'm looking forward to to reading them and knowing more about it and you know i think if you think about the research and uh you know there's a shift in security driving alignment and collaboration security and it's you know kind of the top initiative we see in the next 12 months uh maybe even tell us about why the relationship between these security and id teams um you know are important whys have been strained across both you know all three of people process and technology yeah i mean so i team security really are two sides of the same coin right but unfortunately their teams have struggled to work well together for many years according to our survey date it's gotten to the point where 83 of both team staff report a negative relationship between the two it's very unfortunate but there are many reasons for this you know many reasons for this friction especially with the vp director and manager roles between the security and the ite teams you know at a high level most of this is driven by the fact that security and i.t have differing priorities right our data backs us up you know you have i.t on one side that's focused on technology efficiency and uptime and from our conversations with it staff it's clear you know they view security as philosophically opposite you know to this right often as roadblocks to accomplishing their goals and then on the other side security's top priority is as you'd expect responding to security events and incidents and preventing compromises and this difference in priorities is the source of a lot of friction also both security and i.t staff are really unhappy with the technology that the tools specifically that they're using or the security tools the c cios and csos you know that we talked to all had the same complaint they have too many disjointed tools in fact the average across our study was 27 security products on average in each organization and even the most established security solutions like take firewalls for example you know it caused some serious angst right we found that only 52 percent of respondents felt that their firewalls were satisfactory in terms of the performance and the security uh efficacy i think you know listen a couple of points i'll point point out from what you talked about that resonate deeply with us one is when you talked about uh i don't know it was 25 or 27 odd tools i'd be surprised the number of csos i talked to who say it's in the dozens one i think i always sort of keep a record for the number of tools i've heard one tell me it was like 100 different security tools i asked you know him was there a hundred different consoles so it's just the number of tools and consoles uh the other one that you resonated with me was even in one of the more mature areas like firewalls you would have thought oh people are really happy there we find the same level of dissatisfaction with people saying listen traditional hardware-based approaches appliance-based approaches lots of policy way way too complicated um now let's talk a little bit about staffing i think it's it's you know listen at the end of the day security is a team sport it does depend on products and processes and technology but there's also people and you know we security teams are understaffed they're increasingly dealing with a complex portfolio of these non-integrated products how uh is this impacting teams and what can companies you do as you advise them to reduce complexity from the plethora of different products that are often point products today well you're right right finding and training the right item security staff is really critical to the success of the respective teams unfortunately this continues to be a major pain point right across the whole industry in fact 64 of the security teams that we surveyed and 53 of the it teams reported they're understaffed but yeah i mean amid this global pandemic when most organizations are focused on surviving and you know maybe keeping the lights on or i guess in this case maybe the vpn's running right and getting by with limited resources and protecting an increasingly remote workforce it's much more difficult to collaborate and work together across teams but our data showed that one of the major results of this you know the formation of communication silos you know teams aren't communicating enough right they're they're communicating within their or organization designed for their particular use case right with very little integration and collaboration across those silos and you know this is where tools could help right most of the time though they the tools actually just reflect or amplify those silos by reinforcing the division right between the two teams ultimately organizations may be looking for technologies that can support the needs of both it and security right this will help alleviate any tension that might arise over things like competition over limited resources right ideally once the teams come together and agree on goals as well as objectives and and measures of success for that matter right they can address their technology stack inherent complexity wisely said listen the security attacks are becoming more sophisticated uh organizations are considering now i think the approach as you've described is a unified strategy to address these critical issues uh can you tell us more about how you've seen these unified approaches to security strategy being effective well so i mean it seems like we've been talking about unifying the tools and strategies by you know i.t ops and security for years right but it's only been recently that we've seen the two sides really demonstrate any appetite to actually do so unfortunately most of the tools again right on the market are focused on one or the other and integrations are only starting to really accelerate to the point where our true unified vision is even possible this not only aligns teams under common goals right having a common tool set but it also aligns workflows between those two teams and helps foster collaboration uh listen uh you mentioned a couple of these these examples are really good for people to kind of grop you know in this have you uh outside of these exams or any other sort of tangible results uh that you think companies can expect uh as they bring together their security and id strategies and make them more unified what are the results from your research you think customers can expect to gain yeah there are several other you know clear benefits right that we identified in this research right the benefits to unifying the tech stacks between it ops and security our research showed that companies with a unified strategy reported fewer security incidents fewer data breaches which makes sense right given how critical endpoint configuration and overall i.t hygiene is to the security posture of an organization also you know building security capabilities directly into the it infrastructure helps to motivate non-security staff to take some ownership right over basic security fundamentals and this all helps speed right this this increases the speed to you know both detect new threats and uh respond once they're you know identified you know time to containment right this was also validated by our survey data a common strategy really can empower both to you know mitigate risk ensure continuous compliance and improve you know their threat response uh workflows you know between the two teams really companies need to find tools that meet the needs of both teams and at the end of the day as you pointed out security is a team sport right we all benefit from working together to protect the business and its employees right from malicious actors especially in these difficult times that's great chris thank you for uh your research um um so i just encourage all of you are listening um if you want to um you know get chris's research um you know go to this url on the screen here and you'll be able to download it uh we're excited about it i mean listen you know personally when i watch it teams and security teams sometimes sort of spar each other um you know i i i think that increasingly whether the security team reports under the cio sometimes that's the case sometimes security teams report into the chief legal officer or they report maybe into the cfo wherever reporting structures are only you have to build a team sport because there's aspect of this that's policy aspects of this that are technology there are aspects of this that are people uh thank you for this research chris as always i'm a fan of uh the stuff as are all of we and what you're right so it's always good to be able to see more this is also much of the other extended uh forest to work like zero trust that have become kind of the things that i've seen now becoming more pervasive in the industry so thank you all for listening to this uh and we hope we'll continue to serve you in the course of this program cyber security insights with more insights like this it's my pleasure right now to also continue this uh cyber security insights series now with a wonderful interview um with the head of security and infrastructure at circle k suzanne hall um i've had a chance to briefly meet her prior to this and she's got an incredible vision of how infrastructure security comes together uh in the context of retail so i'm looking forward to the discussion suzanne thank you for joining us today thanks sanjay glad to be here great hey listen maybe i'll start with um you know circle okay some folks may know you in the locality in the areas where they shop or whatever have you but many folks around the country may not and we're assuming there'll be a very large audience watching this tell us a little bit about the company what you guys do uh what's your vision and how are you serving uh customers and consumers oh terrific oh well yeah so circle k uh many people do not realize it's actually a canadian-owned company we are a global uh convenience and fuel service organization uh with with offices all across north america uh large part of northern europe um and with franchises in a large part of asia as well we're the second largest convenience store company in the world and the 11th largest retailer we yeah we acquired circle k the brand um back in the early 2000's and uh our goals right now over the next five years are to try and double in size um which is a pretty aggressive goal goal considering uh our organization which really is taking a you know 60 billion dollar organization and trying to double that in the next five years so wish us luck let's focus now a little bit more on the infrastructure and security part of it um it's interesting that you own both as you think about those areas um you know how are they linked together and what have you been doing to tie uh infrastructure topics and security topics which are often you know you have a ciso and then a cto owns infrastructure in your case you own both and i think it's a classic way in which you know we're trying to kind of get traditional it teams the security work world to go you're living it then you're breathing and you're implementing your team uh how is it working out and how are you making it work yeah oh sorry it was actually a key part of me being attracted to the to this world i've been here about 18 months um i really feel for certain organizations culturally if you can make it work where security operations can function together um it really empowers your security team to move things quickly and it also gives me the opportunity to take ultimately super scarce resources from the security side and build uh more security acumen within my network teams and my hosting teams and my infra um so that i get actually really smart technologists that also get security collaborating with really great security folks that also get technology there's a lot of synergies that i that i get from that from combining these two organizations and where circle k was before i got here you know we we um did need to rapidly mature a lot of our security program um because it had just um grown uh i think the organization grew beyond the competencies of the security team before i got here and so by having both sides of that house i was really able to move things quickly um kind of i don't have to i don't have to uh negotiate between the network team and the hosting team the security team because they all report up to me and i get i get to pick who wins all the time so it works really well i'd love to talk to you but just cover it it's on on everybody's mind it's changed transformed how we all work you and i are doing this interview work from home uh if we were doing it in different concerts i have to come to you or come to us we have done this in the studio together or in an event um and certainly it's you know kind of changing the ways in which we work and family life and so on and so forth but how is it changing your business how is it changing your i.t organization uh and how have you had to adapt to um you know this time that we're sheltering place work at home yeah well it's really it's changed everything for us as i'm sure for for most of your of your clients as well um you know obviously serp okay being convenience we are uh on the front lines we are open across the globe we may have some small stores that may get closed for periodic periods of time or maybe some shortened hours but we've got convenience workers and gas station workers working around the globe through coven so we've had to change how the stores look and feel um we've had to rapidly deploy things like curbside delivery to really adjust to uh customers um wants and expectations and then we've had to take the entire back office and put people working at home which was not our culture um before this all happened and we had to do that almost like in watching a wave go across the globe as it started uh offices started closing in northern europe first uh and then and then all the way through to ireland and then and then obviously the east coast and canada and all the way through to the west coast so um we actually had a very short period of time to create a remote working uh operation um luckily enough um we had some really talented folks we put a couple different solutions in place and uh within two weeks or so we were able to get everybody working remotely that could work remotely and then that really empowered us to support all those operations folks that needed to get things like plexiglass into the stores hand sanitizers into the stores masks uh um into the stores uh to serve our customers and to serve our staff i'd like to move on um then to the um the kind of the context of this infrastructure and i.t workers and security work i.t teams and security teams working better together one of the things we find often and we did some research with forester that where companies performed well and had great you know security prevention practices breaches places where i t and security work well together and traditionally often csos uh may be separate from the infrastructure team sometimes csos don't even report into ci support elsewhere and that can be uh not intensely so sometimes intentionally but often just a silo or a warring mentality you're good evidence now where you're bringing these together let's talk a little away from technology for a second and the people process collaboration how have you been able to bring these cultures together so that they work together for the common good of either cost saving protection whatever have you yeah you know um and so i've had the benefit of being a cso and a cio and a couple different organizations and also i was in i was in consulting for many years i worked for a big four uh from a letter of cyber practice with one of the big four firms and i'll tell you cyber programs uh move fast forward best when there's a couple of key elements in place and the first one is you have to have shared goals anytime that the cyber team is trying to implement something um in that the network team isn't on board with or the network team picked a tool they don't want to implement the tool that the cyber team is as um and has selected i mean that's that's always a recipe for failure so somehow you have to really work on aligned goals and i do that even though i own the infrastructure teams and the security teams um nobody's successful if we're not all successful together and really focusing on what does success look like for for each one of the each one of our areas and look sometimes you know we do have to take some uh educated risks in the environment you know for responding to things quickly but we also don't take we don't um let those risks sort of linger and and never get remediated right so we really work together to make sure that any new risks that we're taking on we have a focus on how we're going to mitigate that and we hold ourselves accountable and um and the network team is equally accountable for responding to security events as a security team is the key element i also say to my security teams is when you're working with production operations teams and and folks you've got to have skin in the game you've got to recognize that they're trying to keep systems up and running 24 7 you know for the operations of the organization right so we can take credit cards and cash in the stores and make the sales and deliver the goods and services when we need to if the security team isn't seen as fully on board with that mission and that um that responsibility then there's there's a non-equity sort of relationship going on between the two different teams so you really need to bring them all together and make sure that everybody um understands supports each other's wins and goals it's awesome that you've been a cio and a ciso and you've seen all of these in various different companies i'm sure maybe in smaller bigger wherever have you so you're able to really relate to that uh i find the csos i talk to uh most of my relationships in the years past have been with cfos and cios uh i set myself a personal goal this year as we started getting more into security as i've been shaping that strategy of the company to meet a thousand cesars i was 15 years ago at symantec and most of the csos i know are retired and moved on so uh it's a good new way of my understanding and i find as i talk to them so refreshing the ones who are strategic like yourself uh have had tremendous experience in id or are also owned them and are able to paint a vision that's very collaborative as to as opposed to ones who don't then are also able to strategically bring teams together so it's really good to to see that i'd like to kind of just work a little bit more into security because i mean your strategy plays into the reason we're quite carbon black um and you i have some obviously you know knowledge and investment vmware but i'm listening as i was listening to prior to getting on to this you know program together you're probably doing more with carbon black which is awesome i mean it'll probably strengthen our relationship with vmware too and of course but we can talk a little bit about that what's been your history carbon black why you picked them and where do you see that going on the endpoint security um and then i'll talk a little bit about how we're trying to try that into infrastructure too yeah so um so my relationship with carbon black goes back to uh almost right after i first arrived at circle k um obviously i know uh from having come from consulting a number of different uh tools and products out there um although carbon black always had a really good reputation and strength and um i went to carbon black pretty early on and said you know here's my here's my situation i've got a little bit of carbon black and a little bit of other things in different places i really want to standardize on a single tool i really want to get to a better visibility of my overall network and of my of my risks and ultimately i want to have a single pane of glass but um that you know i've got folks working from an eyes on 24 7. um you know carbon black hands a table really quickly and had a great vision uh for how they could get us uh standardized across some different versions that we had um and when i said okay i want to do this in six weeks or fewer um they didn't say we can't make that happen um i think a lot of people on my team wish that they'd said that we can't make that happen but um but now we were able to really rather quickly um deploy and and get up to speed across all of our stores across all of our networks all of our you know we're a very distributed organization i've got offices all across north america and europe um and uh and we were able to in six weeks get get standardized and get things up and running and i had gained great visibility uh in that and i'm a big believer when looking at all sorts of tools whether they're input tools or security tools that you know you can tell whether or not you've picked the right solution if it's fit for purpose relatively quickly if it feels like it's too hard to implement if it just feels like it's you're not getting the value out of out of something in a relatively quick period of time you really do need to look at whether or not the tool you're looking at is fit for purpose in your environment and i would say the carbon black team and the carbon black tool that made it really easy for us and um you know it's giving us great visibility we have been able to uh detect and respond to a number of different instances you know retail is a very uh high threat high target industry these days um so it's been it's been super helpful in us defending um circle k in our environment and with 130 000 employees i suspect your number of endpoints are in the tens of thousands on the client side and probably just as many in terms of server-side endpoints right so your your kind of surface area of potential endpoints is pretty large oh indeed and you know but you know you have over 15 000 stores every store has multiple point of sale systems and at multiple uh computers laptops tablets devices um and that's and that's even before i go out into the uh what we call the forecourt which is where the gas dispensers and pumps are so yeah it's very complex well listen we look forward to that journey together part of what she has talked about here is a key part to our vision uh folks listening to this is to basically bring together security to make it key parts of the infrastructure both in the endpoint the network and the cloud thank you for your partnership i look forward to getting to know you and your team better um thank you also for all you're doing to serve the community during these tough times especially those workers at circle key that are the front line in the stores we appreciate you tremendously and we look forward to continuing this dialogue thank you very much thank you thank you everybody for watching this cyber security insight segments titled security as a team sport we talked about the shift in security and how security is moving to a shared responsibility model in this team sport in this segment we also discussed the benefits of a consolidated security and an i.t strategy that allows for fewer breaches and a faster response to security incidents as key benefits that have implemented a common strategy for those who have done this i encourage all of you to watch this part two of cyber security insights the securities of dual mission and we will have two security leaders discussing how security helps not only protect but help drives the business forward thank you all for watching this segment [Music] you

>>from San Francisco. It's the Cube covering. Get lab commit 2020 Brought to you by get lab. >>Welcome back. I'm Stew Minutemen, and this is get lab Commit 2020 here in San Francisco. Happy to welcome to the program. First time guests and TN Who is the co founder and CEO of Matter Most in. Nice to meet you. >>Thanks. Thanks for having me. >>Alright. S O. I always love. When you get the founders, we go back to a little bit of the why. And just from our little bit of conversation, there is a connection with get lab. You have relationships, Syd, Who's the co founder and CEO of get lab? So bring us back and tell us a little bit about that. >>Yeah, thanks. So I'm you know, I'm ex Microsoft. So I came from collaboration for many years there. And then, you know what I did after Microsoft's I started my own started a sort of video game company was backed by Y Combinator and, you know, we had were doing 85. Game engine is very, very fun on. We ran the entire company off of a messaging product. Misses, You know, a little while ago and it happens that messing product got bought by a big company and that got kind neglected. It started crashing and lose data. We were super unhappy. We tried to export and they wouldn't let us export. We had 26 gigs of all information. And when we stop paying our subscription, they would pay one less for our own information. So, you know, very unhappy. And we're like, holy cats. Like what? I'm gonna d'oh! And rather than go to another platform, we actually realized about 10 million hours of people running messaging and video games. Well, why don't we kind of build this ourselves? So we kind of build a little prototype, started using ourselves internally and because, you know, Sid was this a 2015 and said was out of my Combinator, We were y commoner would invent and we started talking. I was showing him what we built and sits like. You should open source that. And he had this really compelling reason. He's like, Well, if you open source it and people like it, you can always close source it again because it's a prototype. But if you open source, it and no one cares. You should stop doing what you do. And he was great. Kind of send me like this email with all the things you need to dio to run open source business. And it was just wonderful. And it just it is a start taking off. We started getting these wonderful, amazing enterprise customers that really saw what mattered most was at the very beginning, which was You know, some people call us open source slack, but what it really is, it's a collaborates, a collaboration platform for real Time Dev ops and it release. For people who are regulated, it's gonna offer flexibility and on Prem deployment and a lot of security and customization. So that's kind of we started and get lab is we kind of started Farley. We started following get labs footsteps and you'll find today with get lab is we're we're bundled with the omnibus. So all you have to do is put what your own would you like matter most on one. Get lab reconfigure and europe running. >>Yeah, I love that. That story would love you to tease out a little bit when you hear you know, open source. You know, communications and secure might not be things that people would necessarily all put together. So help us understand a little bit the underlying architecture. This isn't just, you know, isn't messaging it, Z how is it different from things that people would be familiar with? >>Yeah, that's a great question. So how do you get more secure with open source products? And the one thing look at, I'll just give you one example. Is mobility right? So, in mobile today, if you're pushing them, if you're setting a push notification to an Iowa, sir. An android device, It has a route through, like Google or Android. Right? And whatever app that you're using to send those notifications they're going to see you're going to see your notifications. They have to, right? So you just get encryption all that stuff in order to send to Google and Andrew, you have to send it on encrypted. And you know these applications are not there, not yours. They're owned by another organization. So how do you make that private how to make it secure? So with open source communication, you get the source code. It's an extreme case like we have you know, perhaps you can views, and it's really simple in turnkey. But in the if you want to go in the full privacy, most security you have the full source code. APS. You have the full source code to the system, including what pushes the messages to your APS, and you can compiling with your own certificates. And you can set up a system where you actually have complete privacy and no third party can actually get your information. And why enterprises in many cases want that extreme privacy is because when you're doing incident response and you have information about a vulnerability or breach that could really upset many, many critical systems. If that information leaked out, you really can't. Many people don't want ever to touch 1/3 party. So that's one example of how open source lets you have that privacy and security, because you because you control everything >>all right, what we threw a little bit the speeds and feeds. How many employees do you have? How many did you share? How many customers you have, where you are with funding? >>So where we are funding is, you know, last year we announced a 20 million Siri's A and A 50 million Siri's be who went from about 40 folks the beginning the aired about 100 a t end of the year. We got over 1000 people that contribute to matter most, and what you'll find is what you'll find is every sort of get lab on the bus installations. Gonna have a matter most is gonna have the ability to sort of turn on matter most so very broad reach. It's sort of like one step away. There's lots of customers. You can see it. Get lab commit that are running matter. Most get lab together, so customers are going to include Hey, there's the I T K and Agriculture that's got six times faster deployments running. Get lab in Madame's together, you've got world line. It's got 3000 people in the system, so you've got a lot of so we're growing really quickly. And there's a lot of opportunity working with Get lab to bring get lab into mobile into sort of real times. Dev up scenarios. >>Definitely One of the themes we hear the at the show is that get labs really enabling the remote workforce, especially when you talk about the developers. It sounds like that's very much in line with what matters most is doing. >>Absolutely. Madam Mrs Moat. First, I don't actually know. We're probably in 20 plus countries, and it's it's a remote team. So we use use matter most to collaborate, and we use videoconferencing and issue tracking across a bunch of different systems. And, yeah, it's just it's remote. First, it's how it's how we work. It's very natural. >>Yeah, it just give us a little bit of the inside. How do you make sure, as a CEO that you, you know, have the culture and getting everyone on the same page when many of them, you know, you're not seeing them regularly? Some of them you've probably never met in person, so >>that's a great question. So how do you sort of maintain that culture 11? The concert that get lips pioneered is a continent boring solutions, and it's something that we've taken on as well. What's the most boring solution to preserve culture and to scale? And it's really do what get labs doing right? So get love's hand, looked up. Get lab dot com. We've got handbook that matter most dot com. It's really writing down all the things that how we operate, what our culture is and what are values are so that every person that onboard is gonna get the same experience, right? And then what happens is people think that if you're building, you're gonna have stronger culture because, you know, sort of like, you know, absorbing things. What actually happens is it's this little broken telephone and starts echoing out, and it's opposed to going one source of truth. It's everyone's interpretation. We have a handbook and you're forced to write things down. It's a very unnatural act, and when you force people to write things down, then you get that consistency and every we can go to a source of truth and say, like, This is the way we operate. >>2019 was an interesting year for open source. There were certain companies that were changing their models as toe how they do things. You started it open source to be able to get, you know, direct feedback. But how do you position and talk to people about you know, the role of open source on still being ableto have a business around that >>so open source is, I think there's a generation of open source cos there's three ways you can really make money from open source, right? You can host software, you can provide support, and service is where you can do licensing, which is an open core model. When you see his categories of companies like allowed, you see categories like elastic like Hash corporate Terra Form involved with Get Lab that have chosen the open core model. And this is really becoming sort of a standard on what we do is we fall that standard, and we know that it supports public companies and supports companies with hyper growth like get Lab. So it's a very it's becoming a model that I'm actually quite familiar to the market, and what we see is this this sort of generation, this sort of movement of okay, there was operating systems Windows Circle. Now there's now there's more servers running Lennix than Windows Server. On Azure, you seen virtual ization technology. You've seen databases all sort of go the open source way and we see that it's a natural progression of collaboration. So it's really like we believe collaboration will go the open source way we believe leading the way to do that is through open core because you can generate a sustainable, scalable business that's going to give enterprises the confidence to invest in the right platform. >>All right, in what's on deck for matter most in 2020. >>It's really we would definitely want to work with. Get lab a lot more. We really want to go from this concept of concurrent Dev ops that get labs really champion to say Real time de Bob's. So we've got Dev ops in the world that's taking months and weeks of cycle times. And bring that down to minutes. We want to take you know, all your processes that take hours and take it down to seconds. So what really people, developers air sort of clamoring for a lot is like, Well, how do we get these if I'm regulated if I have a lot of customization needs? If I'm on premise, if I'm in a private network, how do I get to mobile? How do I get quicker interactions on? We really want to support that with instant response with deficit cock use cases and with really having a complete solution that could go from all your infrastructure in your data center, too. You know, that really important person walking through the airport. And that's that's how you speed cycle times and make Deb sec cops available anywhere. And you do it securely and in do it privately. >>All right, thanks so much for meeting with us. And great to hear about matter most. >>Well, thank you. Still >>all right. Be sure to check out the cube dot net for all the coverage that we will have throughout 2020 I'm still minimum. And thanks for watching the cue.

(electronic music) >> Announcer: From the Computer Museum in Mountain View, California, it's theCUBE covering ACG Silicon Valley GROW! Awards. Brought to you by ACG Silicon Valley. >> Welcome back everybody, Jeff Frick here with theCUBE. We're at the Computer History Museum in Mountain View, California, for the 14th Annual Association of Corporate Growth Silicon Valley GROW! Awards. We've been here for a couple of years now, and it's a big event, 300 people coming in to talk about an ecosystem of helping other companies grow. And we're excited to have the new CEO, Drue Freeman. Drew, great to meet you. >> Thanks Jeff, pleasure to be here. >> So you've been here two months, I think. What attracted you to the opportunity? >> It's kind of an exciting organization, actually. I've been working with ACG Silicon Valley for a little while now doing some programming with them around autonomous driving and the connected car. And I got to know my predecessor, Sally Pera, through that and through the course of discussions-- She's a wonderful salesperson, she kind of sucked me into the role and here I am. >> Jeff Frick: What is the mission, for people that aren't familiar with ACG? >> Essentially what we are is an organization that's dedicated towards providing networking opportunities, education opportunities, programming for C-Level executives, and other senior-level executives at companies to help them develop their career and also grow their businesses. >> Like you said, Sally's been at it for 13 years, she's stepping out of the role, which opened up the opportunity for you. What's your charter now, as you take the baton from Sally? Fresh enthusiasm, fresh energy, fresh face. What are you excited about? >> Of course, it sounds silly, but to take things to the next level, whatever that means, to try to identify a vision for the organization, going forward. Maybe find some new areas to develop content around. Attract some sponsors in the technology domain, and bring content that will maybe continue the Thought Leadership area. We are recognized as a Thought Leadership within the community here in Silicon Valley, and also within the greater ACG community. But we want to really kind of notch that up a little bit. We're bringing in some university sponsorship now and really looking at some of the leading edge areas that Silicon Valley is on the tip of the spear of, essentially, globally, for innovation. We want to make sure that we're putting that content out really to our community. >> Right. And this is the GROW! Awards, this is an awards banquet, a celebration tonight, but you guys do a number of different types of events throughout the year. What are some of the formats of the different ways that people can get involved? >> The one that most people are aware of is our keynote panels because those are open to a larger audience. Typically we get about 100 people there at these events. We bring in a panel of experts and we have a discussion on some topic that's quite current at the moment. But we also have a Public Board Circle, where people who are on public boards of publicly traded companies will have a discussion within that smaller group of people about relevant topics. We have a C-Suite Circle, where C-Level executives come together. We bring in outside experts that will come in and talk about things like economic trends or whatever the current issues are, and then they have a robust discussion around that topic. We have an MNA Circle. We also have an accelerator environment, where we have younger companies, sometimes start-ups, sometimes mid-market companies, where we bring in some experts that kind of help them pop the hood and look at what some of the strategic issues are that they might be facing, et cetera. >> Okay, so that's all great, but let's talk about the stuff I know you're passionate about and is so fun right now, that's autonomous vehicles. It's a really crazy time in the industry. You've got changes in the players. You've got changes in the propulsion. You've got changes in the ownership structure. You've got so many changes happening in the autonomous vehicle space and all the ecosystem around it. I'd just love to get your impressions. You've been playing in that space for a long time, in the automotive space, but to see the changes really accelerate driven in a large part, obviously, by Tesla and Elon Musk. And we're here at the Computer History Museum. They've got that great little display over there with the Google cars. Which they now weigh more and they have to keep changing them out because it went from the little bug-looking thing, now they're driving the vans. I'd love to get your impressions as to the speed, some surprises, not surprises, as we see this autonomous vehicle trend coming down the pipe. >> Technology is evolving at a remarkable speed. That's being driven largely by the availability of increased processing power. You need to address the data bandwidth power, as well. You've got to move a lot of different data around the car to address this technology. And that's really pushing the envelope of what cars can do. The industry itself still needs to make sure they can bring that to the market in a way that the market will accept. That people in Main Street, USA, or Main Street, Europe, or Main Street, Asia are going to be comfortable driving in. Car ownership is going to change a little bit, especially in urban areas. People may not choose to buy a car in the urban areas. They might choose to do carsharing. But in the Midwest, I think car ownership is still going to be a key element, and it's not clear yet how ready people are to have a self-driving car as part of their own ownership. The technology, while we can demonstrate it works, still needs to be demonstrated that it works in a way that makes people feel comfortable. And so, I think there's still a lot of innovation to be done in the software, in the AI, the machine learning, that makes people feel comfortable with that. And there's a lot of great companies working on that. I'm amazed every day at the companies developing not only the sensors and things that enable the perception of the vehicle to improve, but also the AI around that. But honestly, I think the roll-out in-- Making it available to you and I on the street it's going to be a lot slower than I think a lot of us have been thinking about for a while. >> Yeah. The trust issue is so interesting to me. 'Cause on one hand, people do have to have some trust and we've talked to Phantom Auto and some other companies that are trying to kind of insert a person back in at some point in time to help with that trust. On the other hand, you have people driving the Teslas especially, or at least that's the ones we hear the most about, that's a level two assist that people are treating like a level five fully autonomous vehicle. And unfortunately, there's been some fatalities and they're not level five vehicles. So it's really two opposite extremes, that we see people and their interaction with these things. They want it to be fully autonomous today, and it's not but people are treating them that way. It's weird. >> Yeah, and I think that's one of the risks, right? I think level three is one area where I really think you probably will not see a lot of. I think level four, where you can basically have fully autonomous but in a geo-fenced area, will I think be the first area that really takes off. So on campuses, in maybe urban areas that are fenced off from other vehicles. I think you will see that develop first. I don't think mixed-mode traffic where you have a lot of vehicles where they're fully autonomous but you're going to expect the driver to be paying attention all the time and willing to take over the vehicle at any minute. I don't think that works. The human brain doesn't work that way. >> No, it doesn't work. It's funny, we were at a Ford event, and it was a press event so they had the sample driver guy ready to go, and they had a guy sitting in the right seat with a laptop, checking things out. And this poor guy in the left seat, he had his hands half an inch from the wheel on both side, just completely alert and ready to go. You couldn't do this for more than fifteen minutes or twenty minutes. It was the worst of all worlds for this poor guy. It is going to be interesting, that intermediate phase, and it's going to be complicated, but it's clearly coming at an incredible rate of speed. >> Right. Exactly. And then you also have to manage-- How do you manage the traffic when you have mixed mode, when you have human-driven vehicles combined with autonomous vehicles? How do the autonomous vehicles react to the human-driven vehicles and how do the humans react to autonomous-driven vehicles? And we haven't really figured that out yet. >> Right, and then there's all the other law of unintended consequences with, what do you do with the parking structures? I think curb management is an interesting thing that's really been highlighted lately in San Francisco with all the electric scooters that are now littering the sidewalks, which nobody ever really thought about when they rolled out hundreds and hundreds, if not thousands of these scooters all over San Fransisco. Good opportunities and crazy times ahead. >> And that's the beauty of this, right? All of these things actually create opportunities, you just have to stick with it and look at solutions, and there's no shortage of really talented, creative people to go address these opportunities. And it is so fun to be involved in it right now. >> Alright, Drue, well congrats on your new position, and we look forward to watching ACGSV evolve. >> Thank you very much. >> Alright, he's Drue Freeman and I'm Jeff Frick. You're watching theCUBE from the 14th Annual GROW! Awards. Thanks for watching. (upbeat electronic music)

>> Announcer: Live from Nassau in the Bahamas, it's theCUBE! Covering Polycon 18. Brought to you by Polymath. >> Hello, and welcome back, we're live here in the Bahamas for Polycon 18. This is a cryptocurrency tokenization event. It's really about the future of work, future of infrastructure, and all of the top entrepreneurs and investors are here, I'm John Furrier, Dave Vellante, this is CUBE coverage, our next guest is Mike Bucella who's a partner at BlockTower. Progressive, a hedge fund, doing amazing work. Really putting the stake in the ground. Making investments, and taking a new model of finance, taking some old school techniques, applying to the new school. Mike, welcome, thanks for coming on theCUBE. >> Thank you for having me. >> We were just talking before we came on that you're from Goldman, your team has some expertise, what is the, what's the philosophy of the landscape now? As the young guns look at this landscape, it reminds me that the old days, the PC generation, everyone was poo-pooing the PC generation. Oh, they're just toys, you'd hear that from DAC guys. This shit's working, >> Yeah. >> I mean, isn't it? >> Yeah, so it's interesting. You know, when I first delved into cryptocurrencies I would say probably 90 plus percent of market participants didn't exist that do today. And when you go from old-world finance to new-world, you kind of get this little skeptical look from people. And that was last year, and now simply, six months later, you know, its obviously taken a massive leap forward both from adoption from the broad investment community, institutions, some of the large old-world players in the broker dealer community who are all kind of dipping their toes in this space as well. So, it's certainly grown quite a bit in the last year. >> I mean, there's two reactions to crypto, and one is, in token economics, it's, that's the future, I'm all in, I'm long on the game, and then the other half is, man there's a bunch of scams out there. I mean, I get two reactions from really smart people. The risk-conservative ones, or risk-management oriented it's all about scams in there, it's going to implode, to go take that hill, I'm long on bitcoin and blockchaining. >> Yeah, I mean, as with any new technology and new industry there are going to be bad actors in the space, but you kind of try and, try and bifurcate the community and understand who is actually driving the technology forward, right? Because, you know, I very much appreciate what the technology represents, I am part idealist but I am also part capitalist and realist where I understand the reality of the situation where I am right now. There are, there is a lot of inflated valuation on the market, there are a lot of players in the space who shouldn't necessarily be operating in this particular area, but see the allure of capital markets. But I think, you know, as the investment management area grows, you're going to continue to see a bit more, I guess diligence on the behalf of the investors looking at particular projects and understanding the risks associated with those. >> I was talking with Dave last night, I heard your, some of your hallway conversation when we were bantering last night at the VideoCoin event, and throughout the evening. You have a philosophy, and most successful investors have a risk-management view. Can you share your thoughts on that? Because I think, there's a way to do it, and there's a way to be a pro. >> Yeah. >> You've got your pros. What's the pro tip for you guys? As you talk to investors and say, "Hey young people coming up or seasoned investors, "here's the pro-tip on risk." >> Sure, and as we sit in a conference like this, an amazing regulated token conference, registered token conference, and anchor capital, and you know, any other conference you sit in, if you take a step back, and kind of put yourself in the broad community again, you have to understand that this market is not without its risks. You have to understand that investing in cryptocurrencies takes on an enormous amount of volatility and risk that you need to solve for. Right? So, as you're investing across your entire portfolio, you have to think of crypto as this sleeve as an allocation of your risk capital. And within that, it's going to be one of the most volatile, most cyclical asset classes you're going to invest in. So, you need to, I guess, you want to gingerly approach it, and you want to account for that risk in some way. And as, as fund managers, you should also be accounting for that risk as well. We can talk a bit more about, you know, looking at ICOs versus looking at the broad publicly-listed cryptocurrencies but there are very different risks associated with each one of those underlying investments. >> What's the risk that scares you the most? >> That's a good question. I continuously ask myself, what could crater this market? What could completely degrade network value, and cause the downside, which is absolute zero in this space. I had said for a long time, globally-regulated coordination of market participants, they can't regulate the tokens, or the technology, they can regulate participants, which could degrade valid network. I would have to say, that continues to be the biggest risk although, I think we're seeing, with Clayton and Giancarlo's recent testimony that, you know, the U.S. is looking to be helpful. They want, they're looking to stop a lot of the bad actors in this space, but they're looking to be helpful for the broader community. >> There was a competitive imperative. I mean, I would think. But there's got to be, presumably, there's an investment premise, that's not just, you know, short-term, I'm going to buy low sell high. What is that fundamental investment premise which presumably, you're optimistic about? >> I think you got to approach it from many different angles. Right? When you think about investing in cryptocurrencies more broadly, you should think about it in different types of exposures. Passive exposure, right? So where you have, you know, a small piece of your portfolio with the highest expected return in tokens that you think will generate the most value over time. Store of value, privacy coins, base-level protocols, like, you know, obviously a big Canadian network here, Ethereum, was created out of a group in Toronto. Then you think about the next level, which is more B.C. oriented. So, you know, folks who are investing in early-stage products. The next Ethereum, the next Bitcoin. Something that will displace the leaders, the incumbents of the current market. You can think about more risk-managed approach. Folks who are actively managing this space. To both take advantage of an inefficient mason market, which the likes of which many of us have never seen in a long time, from the traditional asset world. And then you think about private investments and things like exchanges, mining operations, the entire ecosystem. There's a lot of private equity opportunity as well. So you kind of want to diversify your exposures amongst those levels of the ecosystem. >> So those inefficient markets are the ones that are most likely to get disrupted, right? Everybody talks about, you know, banking, >> Yep. >> As, as one of the potential areas where blockchain, I'm just going to drive through, but generally speaking the banking industry hasn't been radically disrupted, as we all talk about it. >> Yeah. >> People are kind of expecting it. What are the inefficiencies you see, and what makes banking sort of right for disruption, and why hasn't it been more disruptive? Is it 'cause of the regulations, the risks associated with that? >> Sure, so, you know, banks do have large working groups looking at blockchain and how it can be implanted into their business. I think as large banks do, they're taking their time and doing a lot of diligence before implementing anything. That's not to say they haven't been investing in the space. You can look at, you know, Goldman Sachs, invested in Circle in its early days. Circle's one of the largest OTC dealers in cryptocurrencies. Circle recently purchased Poloniex, one of the larger exchanges in the U.S. And so, they have their toehold position in this space, and they'll be gathering information and data to understand exactly how it could potentially disrupt their existing businesses, and how they can evolve and become more, I guess, more disruptive in the ecosystem as well. >> I want to get your reaction to some feedback we've been hearing. And we've been commenting on it, on theCUBE here, and on the shows, you see a pattern emerging in ICOs. Certainly, we have enough data to see kind of what people have been doing. Certainly, the FCC has been helping. The FCC has been with the utility, kind of poo-pooing the utility. >> Sure. >> This shift, to security-ized tokens is a great thing. >> Yep. >> Makes the paperwork go faster, it's all about board, these vehicles that people are used to. But now you start to see companies are basically startups doing a big land grab, raising obscene amounts of capitals by startup standards, I mean, you go to venture capital, you raise a series A, and you don't have a product, you get five. >> Yeah. >> Maybe 10 if you got a rockstar team. >> Sure. >> Here, you're raising 50 to 100 million with no product. >> Mhm. >> So you got startups. >> Mhm. >> And then you got the other end of the spectrum, complete pivots. I mean, we're all running out of business, throw the hail Mary! Let's raise 50 million! And then you got the growing companies that are right for token economics. >> Yes. >> So, to me, everyone is focusing on those growth areas versus the pivots and the startups, because those got to be nurtured, board meetings, have to make decisions. >> Right. >> That's like a nightmare! >> Yep. >> I mean, not a nightmare, it's hard, it's hard as hell. >> Yep. >> So what's your thought, your reactions? Do you agree with that? Any commentary and reaction to that? >> I think cryptocurrencies, or digital assets, represent an opportunity for the very early stage projects, who have very smart technology teams, right? And guys just want to focus on the code and development but aren't the types of folks who can go out and raise capital and have the dozen, two dozen, three dozen VC meetings where they have board presentations, and they have to, you know, present their, the full-scope of what their project is going to be. These are guys who, who really are, their time is much better well-spent coding. >> Coding! >> And developing their project. And, I think cryptocurrencies, and what we're seeing here at the conference and the ecosystem are surrounding it helps smart individuals with good projects tap into the funding markets, right? >> So you're saying community is the new benchmark for operation, operating the startup, because that makes sense. Why spend my time going through all these hurdles and hoops, when I can just go to the community for feedback? >> Exactly. >> And governance. >> Right. >> Okay. >> Mike, can you talk about, just from the company's perspective, you always hear, well, that's a bad route because the FCC's going to regulate that, or it falls under some umbrella of regulation, so here's how to get around that, but. At the end of the day, I mean, why not? Why not absorb those, you know, adhere to those regulations? I mean, is it just the cost of doing business? Pay 100 grand a year for an audit? What are you seeing as the logical alternatives for companies? >> Sure. So there is a very lengthy process to doing a traditional listing in an IPO. Or, you know, for some folks, it's a matter of selling equity on their cap table, >> Dave: Right. >> Versus selling a token that's unassociated with any of the capital structure. >> Sure. >> You know, I think, I think regulated, or regulated tokens, right? So, what the future of this business will be are necessary, because-- >> Dave: Sure, it's inevitable, right? >> It's inevitable, right, and I think, for this market to achieve the scale that it needs to, you need to have a framework in place for a large institutional participation. And I don't think you're going to be able to get there without some sort of regulatory framework. >> You need guardrails, but you can't over, overtax the institutional investors. >> Yeah. >> You got to let, I mean the FCC is doing that. They're not, they're not clamping down, they're just kind of sending signals. >> Right, right. And the FCC is doing it, I think, in the right way. >> Yeah. >> Where they're saying, listen, we're going to, we're going to do our diligence in the space. We're going to understand exactly what the token economics are, why you decided to list the utility token, and why you went through an ICO process versus an airdrop. There- >> Airdrops are interesting. >> Right. >> Talk about that, I mean how does that view? >> Well, I mean now, obviously, that's come into play quite a bit, and people are debating whether or not they want to be doing the traditional ICO process or the airdrop. The airdrop, obviously there's a lot less economics associated with that, in terms of the capital raise. But, you know, I would say, again, I think what the regulatory indicis are trying to focus on is, for those, like we just said-- >> What to look at. >> Why exactly have you gone through a token process versus going the traditional route? >> That's interesting. So, I mean, I mentioned tax. Tax consequences is a big thing that's slowing things down a bit, and I won't say it's coming to a screeching halt, but, it's causing people to take pause, because, you know, I'm slinging APIs around, I got Bitcoin over here, I got Integrative Wallet selling Litecoin, and cross over the top is another currency, and all taxable. >> Yep. >> So like, you guys have done hedge funds before as pros. Coming into this new market, how cautious are you of that, and is the industry doing its thing? Are people going to go out of business because they misfired on their allocations? Or, I mean, there's a lot of nuances of being a fund. >> Yeah, I think, I think the biggest mistake you can make as a fund manager in this space, is not taking the most conservative approach to regulatory issues, taxation issues, and operational issues, like security. I think you want to take a hard line, you want to have both your outsourced service providers, and you also want to be in touch with some of the largest accounting firms in the world who have large working groups in this space, right? The big four accounting firms are obviously doing a ton of work here. And you want to constantly take in new information, and be prepared for what the next iteration of tax policy could be. >> Frame what you look for in an investment, and what you say, you don't walk, you run from that investment. What are the parameters? >> So I mean, I'd say broadly speaking, I don't want to touch on BlockTower-specific, but broadly speaking, you know, there's many different ways you can attack the markets, right? There's, you know I said, you can kind of squeeze the orange in eight different ways. And like I said earlier about the different types of underlying exposures, right? Passive, PC, active. Those are the ways you think about it from an investor's standpoint. As a fund manager, it's much different, right? You are managing assets on behalf of an individual, and you are their exposure to the market. Hopefully, you are one of their exposures to the market, as I think any responsible investor in this space should think about it in a sort of cross-list of risk. >> Come March 16th, Bitcoin will go up! That's the prediction. Pay taxes, and then back on the saddle. (mumbling) Mike, BlockTower Capital, congratulations, great firm. Really put the stake in the ground, you're seeing institutional money coming in, that is a great sign for a healthy ecosystem. A lot more work to do, thanks for sharing your insights here in theCUBE. Be back with more live coverage after this short break. I'm John Furrier, Dave Vellante, thanks for watching theCUBE. (electronic music)

>> Announcer: Live from Barcelona, Spain, it's theCUBE, covering Cisco Live 2018, brought to you by Cisco, Veen and theCUBE's ecosystem partners. (upbeat electronic music) >> Hey, welcome back, everyone, to our live coverage from theCUBE here in Barcelona, Spain, for exclusive coverage of Cisco Live 2018 in Europe. I'm John Furrier, cofounder and cohost of theCUBE, with my cohost this week, Stu Miniman. Been to many events also, senior analyst at wikibon.com. Stu and I have been breaking down all the action here in the DevNet zone. And we have with us here as our guest, Ashley Roach, who is a principal engineer and evangelist with Cisco. DevNet himself, has full view of what's going on. Welcome to theCUBE. >> Hey, thanks for having me. Appreciate it. >> Good to see you again. We covered DevNet Create, which was really our first foray into what DevNet was doing outside of the Cisco ecosystem, bringing that cloud-native developer into the Cisco fold. Here, it's the Cisco show where all the Cisco ecosystem and your customers are growing into the cloud and programming with DevNet. So congratulations, it's been phenomenal. It's been one of the top stories we've been covering as DevNet has just been explosive. >> Oh, thanks a lot. It's been a lot of hard work. >> People have been learning, they're coding, they're being inspired, and they're connecting, It's a very sharing culture. Props to you guys and the team. Well done. >> Ashley: Appreciate it. >> So what is DevNet? I mean, this is a cultural shift. We've been reporting on theCUBE all year and last year. But really this year, end of last year, we started really putting the stake in the ground saying we are going to see a renaissance in software development. Linux foundations, reporting that there's going to be exponential growth in code and open-source. You seeing that you can create intellectual property with only 10% of the energy codewise, 90% using open-source. They call that the code sandwich. Again, this is just data that they're sharing, but it points to the bigger trend. Developers are becoming the important part of the equation, and the integration of the stack from network to application, are working together. And again, proof point's there, things like Kubernetes, containers, have obviously been out there for a long time. You're starting to see the visibility for developers. >> Right. >> John: You're at Cisco, you're in the middle of all this. You're seeing one side of the camp and the other. >> Ashley: Yeah. >> What's your view? >> Yeah, I think that's a good, it captures a lot of the dynamics that are going on right now in the environments. And I mean, for me, I come at this from an application developer standpoint. I actually, when I joined Cisco, I was not a hardware guy at all (laughs) Frankly, I'm not even now. I'm much more oriented towards software, and so when we've seen, though, sort of the power of the underlying infrastructure that gets married up to some of these overlay systems like Kubernetes and containers, more and more of the infrastructure on one hand is getting abstracted, which you might think, oh, uh oh. Like, that's a problem. But in reality, the infrastructure still needs to be there, right? You can't run your serverless function out of thin air. >> John: Yeah. >> At least not yet. >> John: It's truly not serverless. There's servers somewhere. >> Yeah, exactly. So, you know, those are the funny jokes that we like to have in the industry, right? But at the same time, you want to think like, okay, well I'm writing my application, I'm a developer. I don't want to know about infrastructure. My whole job is I don't care about that. But there is information and utility in the data that you can get from the infrastructure because at some point, your application will fail. You may have some bugs, and yeah, Kubernetes may kill your container and bring up another one. But you still need to de-bug that issue, and so yeah, you can get tracking, you can get analytics. But also, you can get that stuff from that infrastructure that's underlying it. And so, like one of the presentations I'm doing tomorrow, I wrote just kind of a proof of concept sample app where it's a Spring Boot app that has a built-in health check capability. It ties into APIC-EM and or DNA Center and uses that information that's available about the network. So maybe it's your, from your firewall to your application, you can run a path trace and just have that happen every five minutes or something like that, or check the health of an entire environment every, you know, so often. And then your application can resolve issues or have just data about it so that we can keep moving. >> Yeah, actually, you know, I love that comment you talked, you know, you're not a hardware person, and that's okay. >> Ashley: Right. >> And there's lots of people here at the Cisco show that aren't. That's a change from just a few years ago. How is that dynamic changing? You know, I remember for a few years I was arguing like every networking person needs to become a coder and there's, you know, push back and people are scared and what's going to happen to my job and can I learn that skill set? >> Ashley: Right. >> The bar for entry seems pretty low these days but how do we translate some of those languages? >> Yeah, I think that perception of say, an ops person becoming a programmer, it's not really the right mindset. >> Right. >> There's a couple mindsets, though, that are important. So one of the things we're trying to do is foster the DevOps culture somewhat. And to do that, an ops person has to understand and have empathy for the problems that exist on the application side and vice versa. So for us, we're just trying to education people in that vein. >> John: Yeah. >> But all of the infrastructure is now also automatable and you don't have to automate at low level. You can automate it with things like Ansible, which is a bit more accessible for people that haven't been programming for a long time. So, you know, I think those are the things that we see and that we're trying to encourage within our community and just broadly speaking, I would say, in the industry. >> You brought up empathy, interesting. Because this is a cultural shift, right? So this mindset, this cultural DNA, you have to have empathy. But it's kind of like the Venn diagram. Empathy is one circle. >> Ashley: Mhm. >> Feasibility is another and viability is the other, right? >> Ashley: Mhm. >> So it's always in context to what you can get done, right? So you guys at DevNet have a good view of the development environment. What are some of the challenges and what are the opportunities for folks in the Cisco ecosystem to get their hands dirty, get down and dirty with the tech-- >> Ashley: Oh, yeah. >> Where they can do feasible, viable projects that are possible. Well, seeing Python certainly is one approach. Great for data wrangling, but you know, you got Node.js out there, has been a great language. >> Ashley: Yep. >> App guys are doing Node.js because of JavaScript in server-side. >> Ashley: Yep. >> You got a lot of IO that sounds like a network service mindset. Is there things that you see going on around that what's possible and what's kind of moonshot like projects and where should people start? >> Well, I think, again, kind of going to this historical point of view, it used to be you had one programming book and you're sitting there, you know, late at night copying code from that. And maybe it came with a CD and you could download, you know, your sample code onto your hard drive. And then, you know, you'd be sitting there flipping back and forth and then you hit an issue. You're like, I don't know what to do. Maybe you're trying to teach yourself. I don't have any friends that are programmers. I mean, today, with, I built the vast amount of resources that are available online. You know, like, we have our DevNet Learning Labs. And so that's the set of tutorials that we've provided, but that's not the only thing out there. You've got Code School, Codeacademy. You've got the loops out there. I mean, shoot, MIT, Stanford, they're all putting their courseware in open-source. So the universe of educational material for people to understand this stuff and get started is really, really awesome now. And then also, it's easier than ever, I think,. to actually code because you're, again, like code is becoming more and more abstract at higher level languages. So Python, Node.js, those are still kind of low level, but there are packages on top of those, you know, middleware and Node.js, to build a web server. You get Express or sales or whatever, and then you're kind of off to the races. Like Spring Boot is crazy. It used to be Spring was a bit of a pain in the butt with, you know-- >> Yeah. >> Ashley: All the dependency, injection and everything. But with Spring Boot, now you just add, you know, a dependency, and you've got an entire web framework or an authorization framework or whatever. And that was like, I was pretty blown away when I started seeing-- >> So it's a lot easier. >> It's, yeah, it's just a lot easier. Things are more curated. You have certain stacks. You know, it used to be LAMP stack, now you got ELK stack for data things, you got, you know, and so on. So the universe is wide open for a lot of people to program today. >> So Ashley, love the training angles that you talked about there. But what I bring to mind, a little bit orthogonal to what we've been talking about here-- >> Ashley: Ooh, good programmer buzzword there. >> But one that John and I have been asking about, you mentioned open-source. >> Yes. >> So obviously, things like Spring, lot of things you mentioned are open-source. >> Yes. >> But what about Cisco's, you know, involvement in the community, giving back to open-source. What's the philosophical, you know, viewpoint-- >> Yeah. >> From Cisco's standpoint? >> Yeah, we're active in open-source. We're big contributors to OpenStack, for example. You know, we've got some of, we've created like a CNI module for Kubernetes called Contiv. And so that's in open-source. We, you know, in DevNet, we publish tons of things in open-source, just code samples and you know, example projects and so on. Cisco's actually a big contributor to the Linux kernel, so it's a long legacy of open-source at Cisco. So it's part of our culture. >> So there's no restrictions on everybody going on GitHub, throwing their stuff in, being part of the communities-- >> There's certainly restrictions. Yeah, we have processes that we're supposed to follow. I mean, we got to protect the intellectual property when we need to. I mean, it's the way it is for working at a company. But at the same time, you know, there is viable processes if it makes business sense to open-source things. >> I mean, the line John's used, you know, for the last year or so, is GitHub, that's people's resumes these days. >> Yeah, absolutely. >> So we want to make sure, what I'm saying is it sounds like the ecosystem at Cisco, friendly for the developers to come in, participate. You got a business to run, obviously. Legal keeps their eye on stuff, but you know, Cisco's out there. We saw it in the container ecosystem, OpenStack-- >> Ashley: Yes. >> Stu: Kubernetes, Linux, absolutely-- >> Yeah. >> Stu: Not just even in networking but beyond that. See a lot of Cisco out there, so-- >> Yeah, great. >> So my question for you, personal question. If you could talk to your 22 year old self right now-- >> Ashley: Oh, wow, yeah. >> You're high school, actually, you're college or college graduate, what would you say to yourself knowing what you know now? 'Cause this is a really interesting point. I mean, at my age, we used to build stuff straight up from the bottom of the stack to the top, and it was a lot of heavy lifting. Now you're really kind of getting into some engineering here and then some composite Lego block kind of thinking where these frameworks could just snap together. Sometimes (mumbles) But it's a lot cooler now. I mean, I wish I was 22. What would you say to your 22 year old self out there? What would you advise yourself? What would you say to yourself? >> Where's my smoking jacket? (John laughs) Yeah, so, I mean, I was a liberal arts undergrad and I did take computer programming classes. So I did a couple courses in C toward the end of my time in university, and that's because I've always been interested in technical, you know, in programming and stuff. But I think probably I would have maybe stayed another year to try to maybe get an actual CS degree. So that might be one thing, I think the other-- >> John: What would you jump on today if you saw all of this awesome code, open-source? I mean, like, it's like open bar in the coding party. I mean-- >> Yeah, it's overwhelming. >> It's so many things to jump on and-- >> You know, obviously, joking, I should say blockchain and machine learning and AI, right? But actually, I would say the machine learning and AI stuff is probably a good, interesting, you know, wave of technology, yeah. >> I just want to, you know, we're talking about your 22 year old self. How about your kids? >> Ashley: Yeah. >> You're working with your kids, checking out your GitHub on there. So, you know, maybe share, you know, younger people. You know, how do they get involved? In the keynote yesterday, it was, you know, jobs of the future. >> Right, well, yeah. For my kids, I have two daughters. And so, I try to encourage them to at least be familiar with coding. I've tried to teach them Linux some, but we've done programming classes, but it's kind of hard sometimes to get them interested in something like programming, to be honest. So some of it's trying to be creative problem solvers, trying to craft that sort of attitude, you know. So that then, when they do get the opportunity to do some programming, that they'll be interested about it. >> I mean, the young kids love gaming. Gaming's a good way to get people in. >> Yep. >> VR is now an interesting-- >> I mean, Minecraft and Sims, those are the two that my oldest daughter loves. I mean, the thing I remember that's the funniest was when you know, of course, this was when we all got computers back in the day and we did keyboards, right, in order to do stuff. So I got the first iPad when it came out and I brought it home and my daughter, who was, I think, six or eight at the time, she's like, "Cool, I understand this." Like automatically understood it. But then, she went to the TV and it had icons on it. So she walked up to the TV and tried to do that, and I was like, "Oh, that's funny." Like her mental model is this. >> Yeah. >> Where our mental model was that and so on earlier on. >> My oldest son says, "Dad, search engine is so your generation," (Ashley laughs) Not even email, like search, Google search. >> Yeah, the digital, it's like the digital native thing. On the other hand, we actually are fairly restrictive about like cell phone and mobile because it's a lot. That sort of thing. They really, really are going to face some interesting, I don't know, social, you know, the social things that you have in high school and middle school now multiplied and amplified through all that. We're sort of cautious, too, as parents, you know. >> Lot of societal issues to deal with. Alright, now getting back to DevNet here, I want to get your thoughts because we had a big setup here. One of the things that the folks people can't see on camera is we're in the DevNet zone. You see behind us, but there's everywhere else around. It's really the big story at Cisco Live and has been for awhile. Every year it gets bigger. It's like, it keeps growing in interest. What do you guys show here? What's the purpose? Give a little quick, take a minute to explain the DevNet approach this year-- >> Okay. >> John: And how it's different-- >> Yeah. >> John: And how you guys take this going forward. >> So the DevNet zone, philosophically, we tried to have the experiential. We don't want people to come in here and get death by PowerPoint of hey, check out this awesome new product that we created. You know, that kind of thing. >> Yeah. >> Instead, we want people to come in and have the opportunity to sit down, either by themselves or with a friend or, you know, with one of us to be able to work through sort of tutorials so that we have this area of the Learning Labs or learn about the DevNet sandbox. That's another area that we have where that is a sort of try it out, live, always-on, cloud service that we provide for anyone. We also have, of course, examples of example use cases. So we have some IOT and collaboration use cases that we're demonstrating in the new APIs that have come out of those products that you wouldn't think may be necessarily, oh, collaboration and IOT really are connected. But in fact, you know, ultimately you need to get a human involved when you have exceptions. And in a lot of cases like for edge compute scenarios, it's exception oriented. So when we, the example that we have here is we have a truck that's sitting on a handcrafted scale that's like a raspberry pie thing that one of our evangelists, Casey Bleeker, made. And it's putting, you know, analog data into our container that's running on an edge device. And when an exception occurs when the scale has this truck on it with too many stones in the back, then it triggers an alert. It creates a team room for people to come and escalate and discuss. It'll make a phone call automatically to the truck driver and pull people together to deal with that situation. But then, additionally, we have a new room capabilities with like, our telepresence systems. And that has face identification, not like from identifying the user standpoint, but it knows it can count how many people are in the room, for example. So if you combine that sort of IOT capability with this collaboration unit that's going to already be there, you're getting kind of a win-win of that infrastructure in the rooms. >> Ashley, talked about there's so many different things going on there, what's exciting you the most? Where are you seeing the most people, you know, gravitating around? >> Yeah, in the DevNet zone in general? >> Well, it can be here or in general, yeah. >> Well, I think one thing in the DevNet zone, we also have a white hat black hat challenge. So that's been very, very popular. What we're doing is demonstrating using, you know, off the shelf hacker tools, how vulnerable some IOT devices are to give people. It's kind of a you've heard about it, now experience it and do it yourself to see how easy it really is. And then see, of course, how our solutions can help you mitigate those problems. So that's, you know, IOT security is a big concern, I think, in general, and so I think that's an exciting spot for people-- >> So hands-on learning, very people-oriented, very open-- >> Yes, yep. >> The motto I love, I'm reading on the thing there, learn code, inspire, connect. So learn, toe in the water, connect-- >> Ashley: Yes. >> Share. >> Yeah. >> Mentor, collaborate. >> The other thing that we're sort of soft launching, I guess, is we have a new application developer site on DevNet, and so-- >> John: What's the URL? >> It is developer.cisco.com/site/app-dev. >> John: Okay, that's good. Memorize that, quiz later. >> Yeah. >> That's long, just search. >> Yeah, right, right. >> Hey, Alexa. >> Right, so, but with that, we're trying to make it easier for people to understand the use cases for what kinds of applications they can build using our technology. So indoor location, using kind of doing maps and heat maps and building that kind of scenario, for example. >> Awesome. >> Ashley: Through T-Mobile and video and such. >> As you are evangelizing your engine on the engineering side, what's the plans going forward? Post-event, obviously, you've got Cisco Live in Orlando this year, it's in 2018. >> Ashley: Yeah, we have-- >> But you guys got a lot of these going on, you got a lot of digital content. What's the outreach plan? Where should people expect to see you guys? Share the going forward plan. >> Yeah, I wish I knew where everyone was going to be. So thankfully, on the website-- >> They're on the internet! >> We have an events calendar, so I would definitely encourage you to look there if you're interested in connecting with one of us. We have the Cisco Live in Melbourne then Orlando. We also have DevNet Create in April and that's in Mountain View, I think, Bay Area. So would love to have people come out to that, and kind of the theme of that last year, which was the inaugural one, continues this year, which is where apps need infrastructure. So we want to kind of continue this conversation about DevOps, how, you know, applications and infrastructure-- >> John: Yeah. >> Can benefit each other. >> And just for the folks watching, theCUBE was at the inaugural DevNet Create. We'll be there again, we'll also be in Orlando. And again, this is important, we'll end on this point. I'd like you to take a minute to explain the difference between DevNet and DevNet Create because this is really interesting. I like the way you guys are doing this. It's really open, but it's pretty transparent. So share the difference between DevNet and DevNet Create. >> Yeah, so DevNet is our developer program, and so that's a website-- >> Before Cisco and-- >> It's Cisco, it's oriented towards those things. DevNet Create is more about forming a community to solve these problems about applications and infrastructure. So that intersection, whether you call it DevOps, whether you call it I don't know what, potatoes and you know, something. Something in there, you know, there is this fluid spot where applications are looking more like infrastructure, infrastructure is starting to look more like applications. So what does that mean and how do we explore that together to, you know-- >> We call it cloud-native. >> Ashley: Yeah. >> It's a set of developers who just, like you, don't really want to get involved in network but love it to be more magical. >> Right. >> Right? And Cisco folks love Cisco because they're in that world, right? So-- >> Yes. >> To me, it's really interesting you guys do that. Congratulations. >> Yeah, thanks. And it's not just for Cisco people, right? So Cisco Live and DevNet Zone is that. For Create, it's actually the inverse. We encourage people from the community to come and check it out as opposed to the-- >> John: Props to you guys, great stuff. Cisco, DevNet Zone is where theCUBE is. Of course DevNet Create is going to be outside of the Cisco ecosystem. Connecting the two is really the key. We're living in a world, global connected devices, connected people, that's the mission of Cisco. Love that vision, but of course, we're theCUBE, bringing you the live content here in Barcelona. All, of course, is available online, youtube.com/siliconangle. Of course, thecube.net is our new site. Check it out. I'm John Furrier with Stu Miniman. More live coverage coming from Barcelona with theCUBE after this short break. (upbeat electronic music)

>> Narrator: Live from Austin, Texas, it's theCUBE, covering KubeCon and CloudNativeCon 2017, brought to you by Red Hat, the Linux Foundation, and theCUBE's ecosystem partners. >> Okay, welcome back, everyone. This is theCUBE's exclusive coverage live here in Austin, Texas for the CNCF's two conferences, CloudNativeCon, which was yesterday, and two days, today and tomorrow, KubeCon for Kubernetes' conference. This is theCUBE, of course, from SiliconANGLE Media. I'm John Furrier with my cohost, Stu Miniman. Our next guest, Dan Kohn, is the executive director of the CNCF, the man who put it all together. Congratulations. Welcome back to theCUBE. Good to see you. >> Oh, absolutely. Thrilled to have you guys back here again. >> So you kind of doing a victory lap here now, high fiving each other? >> Dan: Great hugs. >> John: Great event. >> Laughing: I'm glad it's a good event, and I am hearing fantastic feedback that folks are thrilled to be here. But we sort of describe this moment for the organization and the community as being the end of the beginning. >> John: Yeah. >> Where we now have all the major cloud vendors, all of the biggest enterprise software companies. We have a core group of 14 projects anchored by Kubernetes, but tons and tons of work in front of us. >> And tons of success, so I'm just going to read a couple of highlights from yesterday. There's a lot today. Baidu joins the CNCF, a lot of scaling production application examples, 31 new silver end-user members joined, Alibaba Cloud update to platinum, CoreDNS 1.0, Containerd, Fluentd, Jaeger, tons of news. Obviously, we've been pumping out the coverage. Today, again, more and more great goodness. But really interesting is that you guys have put a frame around this community to allow it to grow, to fertilize the open source vibe, which is all cloud but yet scaled. And you put up a slide I want to get your reaction to that I thought was compelling yesterday during your keynote. It was the flywheel, circle, and it said projects, products, profit. >> Dan: Right. >> And not that you're promoting profit, but you're not hiding the ball, either, saying, hey, you know what? There's a lot of commercial interest in cloud, obviously. We saw AWS' success last week. And that is if you create good products in this community framework, there's profit to be had. >> Right. So first of all, I should admit to plagiarizing that slide from Linux Foundation Executive Director Jim Zemlin. >> And similarly, I think you can look at a lot of aspects... >> It's an open source feature. >> Dan: Yes. >> Free for you to use. >> John: Right. >> Similarly, I think there's a lot of ways in which Kubernetes is trying to build on the success of Linux. And Jim even describes Kubernetes as the Linux of the cloud. >> John: Yeah. >> Stu: Yeah. >> John: That's a good point. >> Dan, one of the things we've been talking around Kubernetes is you talk about scale. >> Dan: Right. >> Talk about scale of the CNCF. You have 4 to 14 projects. People are a little worried when you get all the vendors around here and there's all these projects. It's a foundation thing, it's going to go off the rails. >> Dan: Yeah. >> Customers aren't going to have a voice. How do we make sure we kind of learn from some of the things that other projects have had challenges with in the past? >> And I think that's our advantage, which is the great thing about coming later than some of the other foundations, is we can look at where they had successes and where they had issues. And our aspiration for CNCF is to get to go make entirely new mistakes rather than replicating some of the issues that have come before. And so really from the beginning of CNCF, we had a somewhat unusual and frankly a little bit cumbersome charter where I describe it at times as a three-ring circus. We have a governing board made up of the vendors that are putting a lot of money into the community, but they don't get to run the projects and they don't even get to pick the projects. Instead, they appoint six of the nine members of an independent technical oversight committee, kind of like the Supreme Court. And then we have a third group in the end-user community that I'm thrilled to say is now up to 28 members in it. They appoint one of those folks. We finally got that working. We have Sam Lambert, the director of infrastructure at GitHub, who has just made a huge commitment to Kubernetes and is moving all their infrastructure over into it. Those seven appoint the last two. And so that body, and they just had their public meeting a couple hours ago. They feel very strongly about their independence, about their reputation, that they're trying to make very good judgments based on what they're seeing in the marketplace. >> That's interesting, the three-ring circle. I like how you put it. But let's talk about the end-user piece because I think that's critical. One of the things we were commenting earlier from the Lyft folks was you have a lot of end users who have built some large-scale systems out of their own sheer necessity. >> Dan: Definitely. >> And that is now being donated in. We saw Kubernetes come in with, you shepherded beautifully, went from Google, but you've got Lyft donating an amazing product convoy. >> This first convoy has a huge amount of excitement. And what was fun was, actually, on the same stage that they contributed back in LA in September, Uber contributed a separate project. Now, unlike Uber and Lyft, the two projects are in no way competitive- >> John: Yeah. >> Like Jaeger is really fantastic tracing one. But what they have in common is that they're companies that have had to grow from nothing to extremely high scale and then had problems that they solved. And they wanted to share that expertise with us. >> I want to get your thoughts on this. Because we've been speculating, on theCUBE, we've been kind of thinking, an editorial, but just that this is all good business. Now, that's pretty obvious, right? You're starting to see this kind of contribution, the gifts that keep on giving. These are significant code. >> Dan: Yeah. >> Not like, okay, let's start a little group and huddle and build something organically. You have real goodness coming in from Google, Uber, Lyft, and there's a million others. >> Dan: Right. >> How is that changing the game? Certainly accelerating it. That's really bringing goods to the table. >> Right. I think the whole... >> You have to manage it. >> Well, and for what it's worth, I don't actually manage the projects. And so we do provide a set of services- >> John: The community? >> -to them and we help them, we market them. But one of the unusual aspects of CNCF is that the projects do actually manage themselves. A little bit of guidance from the TOC, but we really are unusual in that sense. And that's one of the reasons the projects have been... >> And what's interesting is, to connect the dots, though, one step further, you're talking about a commercial entity donating massive intellectual property in the open for all the goodness of everyone else. But yet that flywheel is continuing. They're still using it. So it is inherently commercial dynamic. >> Right. And back to that circle, I think really the underlying concept is that companies agree that sharing key parts of their infrastructure has a huge amount of value to the whole ecosystem, to each other. And then they're absolutely eager to compete above that. And so you can look at it with the public clouds where we have now Amazon, Microsoft, Google, Alibaba, IBM, Oracle all at the table. They are absolutely fierce competitors. But they're saying that this specific software infrastructure layer isn't the area that they want to compete. They want to compete on all the value-added services, customer service, et cetera. >> Dan, I wonder if you can speak to how CNCF connects to some of the broader communities out there. Things like Kata containers got announced coming out of the OpenStack group. You've got a serverless track happening here, kind of extends some of where Kubernetes is going. How does CNCF fit into the broader... >> Sure. And it's definitely the case that all the innovation out there cannot happen in CNCF. Most obviously, everything that we do, almost everything depends on Linux. And so that's our parent organization, the Linux Foundation. But we've had a good collaboration with Jonathan Bryce from OverStack. They have two booths on the floor here at the show. And we've spoken to Clear Containers and RunV, the two predecessors in the past. But the part that I'm particularly pleased with for Kata containers is that it is an OCI-compliant runtime, that's another sister organization, and is really designed to work well for Kubernetes. And then they can pitch that and let the market go decide which container runtimes they find the most valuable. >> Obviously a lot of traction here in terms of the sentiment around service meshes and pluggable lock-in textures. That's been very cool. But security came up. So I want to get your thoughts around security, obviously storage and these older models around how to deal with storage and networking. Obviously, always in the action. >> Yeah. >> But security is top of mind for everyone. How is that being addressed? You know, talk is out there... >> Sure. I mean our philosophy on this is that moving to cloud-native and particularly the continuous integration and continuous development that goes along with that is the most important step that you can do to help secure your infrastructure. And Equifax is the example everyone always brings up. But there was a case where they were using known insecure software and they didn't have the processes up to place where instead of doing quarterly updates or monthly updates, you want to be doing dozens of updates per day. And a cloud-native infrastructure allows you to do that. >> What's next for you? Because you've got great traction with both community response, and the community has been absolutely amazing, the quality of people, level has been great, but also at the funding sponsors. You've got a lot of people that are involved. What's next? What happens next? What do you envision happening? What's the plan, and then how do you view that evolving? >> Well, I hate to fall into the buzzword implosion here, but if you go back to the crossing the chasm metaphor, I think we're still very much just in the early adopter phase. 2018 could very well be the moment that we jump over to the early majority. And I do feel like this whole community now has the velocity to do that and that we're on track for it. But as that happens, there's just far, far more people who need to be educated so they understand the projects and the options and how to work with them. And then hopefully they go from just being consumers of these technologies to contributors and that we can welcome them into our community and hopefully get the advantage of their expertise as well. >> I want to get your thoughts on a comment that Stu and I were talking about. Stu, you and I were talking about the notion of value creation above the stack, and then how Kubernetes, although some could say being commoditized, but it's also creating value because with that consistency of Kubernetes, you can now create value. So we believe, and I want to get your reaction to this, because we think a whole new ecosystem dynamic will emerge of a new kind of ecosystem. And if this new app developer combined with software engineering, which is really going on, you're talking about the cloud, the app developers will just build in value, that value creation will be rewarded. That's where monetization will be happening. >> And if I could build off that... >> John: Yeah. >> Dan, I loved one of your opening comments. You quoted, "exciting times for boring infrastructure, "maybe too exciting." So this week we've been teasing out there's a lot of work to make that infrastructure boring. You've got everybody on this floor, the CNCF board, lots of new projects making that. Where the action is and what this is going to create is that application monetization and the speed and agility of being able to create these cool new cloud-native applications out there. So it's interesting dynamic, spans broad pieces of this, layers of the stack there. >> Yeah. Well, I will point out that there was an odd level of unanimity of just a ton of different leaders in the community, in keynotes from Craig McLuckie and Chen Goldberg and others where they all agree that Kubernetes is not by any means the ultimate answer or the final answer. I think everybody now expects to see Kubernetes as a core aspect of the infrastructure for software for the next decade or more. But there's a belief that there's a whole ton of value that needs to be added above it, particularly to try and show for a regular application developer who just has a PHP app or no-GS microservices or anything else what's the easiest way to go from having a piece of software and deploying it effectively. >> Dan, so it's interesting. You watch the people on the outside. They're like, oh, look at Kubernetes. They're all holding hands and saying Kumbaya. We know there's some spirited debates that happen- >> Dan: Definitely. >> In the code, some projects that are sometimes competing up there. Why has the community come together, and where are some of the areas that we still need to work on and improve to help customers going forward? >> And again, I think they have the big advantage of having watched other communities that didn't value community and consensus and the ability to work through their issues. And so thankfully, we just have a ton of really capable engineers who also have some of those social or personal qualities that they care about working these things out. And to date, at least, I think most of those disagreements have been settled pretty amicably and in a positive direction. I think there's still huge swathes of this space that are still up in the air. Storage is an obvious one where there's a ton of work going on in a storage working group of CNCF. Serverless is another where I think everyone agrees that the application deployment model of AWS Lambda is really exciting and has things that people should replicate and should be brought over to Kubernetes. But how that should happen, what the software is, et cetera, there's still, in fact, we have our first serverless track today here at KubeCon where several different competing approaches are all talking about what they'd like to do. >> Awesome stuff. And you also announced some dates for next year, December 11 and 13 in Seattle. >> Dan: Yes. >> Okay. >> Dan: That's a year from now. >> November 14 and 15 in Shanghai. >> Now, you and I met in Hangzhou in the lobby, which was just amazing. But I certainly am hoping to convince you to go back to China with us. This will be our first event... >> I got a three-year visa. >> Good, yeah, that's the exactly right one. But this will be our first event in China, which I think is just a huge opportunity. We now have Baidu, Tencent, Huawai, ZTE, a number of startups. There's just so much excitement for this space over there that we're really excited to satisfy. >> Stu: And Copenhagen in May. >> And that's the last one. Thank you. May 2 to 4 in Copenhagen, and we're really excited for the event, to bring it to Europe and the rest of the world. >> Okay. So you've been working like a dog, you've been working hard. I've seen you in China. It's serendipitous. But it's not without being mentioned that this has been great effort by your team and the Linux Foundation and Jim and the whole team. But congratulations. Are you having a pinch me moment? I know it's too early to do a victory lap. >> But you've got to be pretty excited. >> Yeah. It really has been a great thing for the foundation that we sort of accomplished many of our 2018 and 2019 goals this year. But I'm sure we're going to find plenty of stuff to do next year. >> And your goal for the next 6 to 12 months, what's on your top three to-do's, continue the momentum? Share your API for... >> Yeah. What's great is that we really have plenty of members. We'd always like to add new ones and serve the ones we have better. But right now, the focus is really about providing better services to our projects. All of them feel overworked. They would love help on documentation, on marketing, on messaging about it, and some of them need help with testing development and other things. So that's really what we're buckling down on. >> Great community are going to test them, being here on the ground, personally present at creation. And I was standing there with J.J. and Lew Tucker, OpenStack three years ago, talking about Kubernetes. We were kind of ripping. We couldn't have imagined, then, obviously, they bolted it on last year with your event. Now second year here, huge community... >> But you have 4,100 folks here, is more than the previous four events combined. >> Yeah, awesome. >> So it really is exciting. >> TheCUBE, always on the ground. And sometimes the squirrel finds a nut. We found a cloud-native foundation, part of the Linux Foundation. CNCF, Cloud-Native Compute Foundation, really a new, growing, and relevant community for cloud and a new way to do software and reimagine the future from software engineering to full application development, a new way. This is theCUBE's coverage, and we are here live in Austin. More live coverage after this short break. We'll be right back. [Techno Music]

(uplifting music) >> Welcome everyone to CUBEConversation here in Palo Alto, California, theCUBE Studios, I'm John Furrier, the co-host of theCUBE and co-founder of SiliconANGLE Media. Our next guest is Mike Kail, the CTO of Cybric, a security company industry veteran, welcome, good to see you. Glad we got you, get some time, your time today. >> No, absolutely John, thanks for having me. >> Yeah, so you've been through -- seen a lot of growth in the waves. The big web scale, and now as we go full cloud and hybrid cloud, private cloud and public cloud, whole new paradigm shift on security. Many have Dave Velante ask Pat Gelsinger many times, do we need a security do over? The general consensus from everyone is, yes. (laughing) We need a do over. What's the state of the market with security right now as people scratch their head, they've been throwing the kitchen sink at everything, but yet, the attacks are still up. That's not good, so what's the solution? What's going on? >> I mean I think a level set like we've talked about the definition of insanity is doing the same thing over and over, and in security for sure, we've been doing the same thing. We have firewalls, nextgen firewalls, endpoint, you know, product X, product Y, this has got a better algorithm. Has anything really helped? I think in this post Equifax world, and now post SEC world, things are not getting better. We need to step back, and I think we need to really think about how do we bring security assurance into the assembly and delivery of applications, and move it back into the code as well, which is our thesis on shifting left and embedding security into the SDLC. I think there needs to be some design thinking around security as well. Today it's like this fear, uncertainty, and doubt -- it's sold on fear, and that bad things are happening. Let's bring the conversation into visibility. >> I mean, there's so many different lifecycles you've mentioned is really key, and I think I want to just drill down on that because the observation, I'll get your reaction on this, is security shouldn't be a cost center, security should be tied to core objectives of a company, should be reporting to the board, C-level type access should be invested in. At the same time, the architecture of security, not just organizationally funded, cloud and datacenter need to be looked at holistically. There's no one product. So that means okay, one, that's the customer viewpoint, but then you got to actually put the software out there. So, what's your reaction to that trend of security being not actually part of the IT department whether it is or not is irrelevant, it's more of, how it's viewed. Are you staffing properly? How are you staffing? Is it a cost center, or is it tied to an objective? Does it have free reign to set up policies, standards, et cetera? What's your thoughts on this? >> I think, and I've talked about this recently, the technology is there. The culture is lagging behind. Security's always been -- >> Culture is lagging or not? >> Is lagging. Security is traditionally been kind of this -- Like IT was in the past, pre-DevOps culture, security is the Department of No. Coming in and not thinking about driving business revenue and outcome, but pointing fingers and accusing people and yelling at people. It creates this contentious environment, and there needs to be collaboration around, like, how do we drive the business forward with security assurance not insurance? The latter is not helping. >> So, that's a good point, I want to drill down on DevOps, you mentioned DevOps, that's -- you and I have talked about this before at events. DevOps movement has happened. It's happening, and continuing to happen at scale. DevOps is pretty much on the agenda, make it happen. But, it's hard to get DevOps going when there's so much push on application development, so, you have old school transitional application development now with DevOps, and then you got pressure for security. It seems to be a lot on the plate of executives and staffs to balance all of that. So how do you roll up the best security into a DevOps culture, in your opinion? >> I think you have to start embedding security into the DevOps culture and the software development lifecycle, and create this collaborative culture of DevSecOps. >> What is DevSecOps? >> It's making -- you think about the core tenents of DevOps being collaboration, automation, measurement, and sharing. Security needs to take that same approach. So instead of adding or bolting on security at the end of your development and delivery cycle, let's bring it in and find defects early on from what we talk about, from code commit, to build, to delivery, and correlate across all of those instead of these disparate tasks and manual tasks that are done today. >> Where are we on this? First, by the way, I agree with you, I love that idea, because you're bringing agility concepts to security. How far -- what's the progress on this relative to the industry adoption? Is it kind of pioneering right now stage, is it a small group of people, remember, go back to 2008, you remember, the cloud was a clouderati, was a hand full of people. I would go to San Francisco, there'd be six of us. Then NGR would come on, then there's Heroku, then there's like Rackspace, and then Amazon was still kind of rising up. It feels like DevOps, DevSecOps, is beyond that, I mean, where is the progress? >> I think out in the real world, especially outside of Silicon Valley, it's still really early days. People are trying to understand, but as we were chatting about before the show, I feel like in the past few months there's definitely momentum gaining rapidly. I think with conferences like DevSecCon, Security Boulevard coming out from Alan Schimmel and his team, like there's building more and more awareness, and we're been trying to drive it as well. So I think it's like the early days of cloud. You'll see that, "Okay, there's a bunch of -- okay I don't think this is a real thing", and now people are like, "Okay, now I need to do it, I don't want to be the next Equifax, or large breach. So how do I bring security in without being heavy handed." >> Interesting you mentioned Equifax, I mean our reporting soon to be showing, will demonstrate that a lot what's been reported is actually not what really happened at this. They've been sucked dry 10 times over, and that the state actors involved as a franchise in all of this, it's beyond -- Amazing how complicated this -- these hacks are, so how does a company, prepare against the coordination at that level - I mean, it's massive, I mean, someone dropped the ball on the VPN side, but I mean, clearly, they were out-maneuvered, outfoxed if you will. >> Well, I mean I think it has to come from the top, like security has to stop being quote unquote important, and become a priority. Not the number one priority, but you have to think about it with respect to business risk. And Equifax aside, a lot of companies just have poor hygiene. They don't practice good security hygiene across all of the attack vectors. If you look at now, the rise of the developer, Docker containers, moving to cloud, mobile, there's all of these ways in, and the hackers only have to be right once. We on the defensive side, have to be right all the time. >> Hygiene is a great term, but if it's also maybe even more than that. It's like they just need an IQ as well, so you got to have, you've got this growth in Kubernetes, you got containers, you got a lot going on at layer four and above in the stack, that are opportunities as you said, the tech's out there. So, again, back to the organizational mindset, because this is where DevOps really kind of kicked ass, you had an organizational mindset, then you had showcases, people built their own stuff. You go back to the early pioneers, you were involved with a few of them, Facebook built their own stuff, because they had to. >> Mike: Yeah, there was nothing else. >> There was nothing else, so they had to build it. Now a lot of the successes in the web scale days were examples of that. So is that a similar paradigm, are people building their own, are you guys working with one, is that right? How should people think about how to look for use cases, how should they look for successes, who's doing anything? Can you point to any examples of that's kickass DevSecOps? >> I mean, obviously I'm biased, but I think -- >> (laughing) >> the Cybric platform is really trying to take all of the different disparate tools and hyperconverge them onto an automation orchestration platform. Now you can be at all parts of the SDLC, and give the CIO and CSO visibility. I think the visibility aspect with the move to cloud and containers, and Kubernetes, and you name your favorite technology, there's a lack of visibility. You can't secure what you don't know about. >> Take a minute to talk about Cybric for a minute, 'cause you brought up the product, I want to just double down on that. What do you guys do, what's the product, just give a quick one minute, two minutes, update on for the folks on what you guys do. >> Sure, so we're a cloud security as a service platform, so it's delivered SAS, that has a policy driven framework to automate code and application security testing and scanning from code commit, to build assembly, to application delivery, and correlate that testing and the results and provide you, your business resiliency. So we talk about internal rate of detection, internal rate of remediation, and if you can narrow that window, you become much more resilient. >> Alright, so, let me give you an example. Just throw this out since we're here. A little test here -- Test your security mojo here. I go to China. I happen to bring my phone and my Mac, I connect to the -- oh, free Wifi! Boom, I get a certificate, my phone updates from Apple, I think I'm on a free WiFi network, it's a certificate from China, I get the certificate here, they read all my mail while I'm over there, but I'm not done, I come home. And I go back to the enterprise. How do you guys help me, the company identify that I'm now infected at maybe the firmware level or you know, I mean, that's -- what people are talking about all the time right now. You're smiling, he's like, yeah that happens. >> First of all, I would never let you leave to go to a country like that without a burner phone and a burner laptop, but not take -- and don't log into anything, don't connect to anything. >> Is that -- >> It's about building awareness, so I -- >> Hold on in all seriousness that's essentially best practice in your opinion? Not to have your laptop in China, is that the thing? >> Yeah, I don't think, you're not going to be safe. Like, there's so many ways to subvert you, whether you accidentally connect to public WiFi, you join the wrong network, somebody steals your laptop, I mean, there's just all the -- there's a lot of things that bad things that can happen, and not much upside for you. >> Okay, so now back to the enterprise, so I get back in, what kind of security -- how do you guys look at that, so if you're doing agile or DevSecOps, Is there software that does that, is it the methodology, is there mechanisms, how do companies think through some basic things like that, that entry point? Because then that becomes an insider threat from a backdoor. >> Right, so I think you have to have this continuous scanning approach. The days of doing append test on your application once a quarter, meanwhile hackers are doing it continuously behind the scenes, you have to close that chasm. But I think we need to start early on and build awareness to developers. One reporter used the anaology, it's like spell check from Microsoft Word. Now as I'm committing code, I can run a scan and say okay you have this vulnerability, here's how to go remediate it, and you do that, and we don't impact velocity. >> So you have to be on top of a lot of things. But that also is into the team's approach. What is the product that you guys have? Is it software, is it -- a box, how do you guys -- what's the business model for Cybric? >> We're software that overlays into the SDLC, and we plug in at this keypoints of the SDLC. So committing into your code repo, such as GitHub or BitBucket, at the artifact build stage, so Jenkins, Travis Circle -- >> So you're at the binary level? >> Yeah. >> Okay. >> So there we look for open source and third party library and do source code composition of the artifact. Now you make sure that you're not vulnerable to Apache Struts, you have updated and patched to the latest version. Then pre-delivery, we replicate your application environment, and aggressively scan for the OWASP Top 10. So SQL injection, cross site scripting -- >> Yeah. >> And alert you, and allow you to play offense. So we now remediate the vulnerability before it's ever exposed to production. >> Where are you guys winning, give some examples of when someone needs to get you guys in, is it a full on transformational thing, can I come in and engage with Cybric immediately in little kind of POCs, what's the normal use case that you guys are engaging with companies on? >> It really depends where you are in your company with this whole DevOps, DevSecOps migration, but we're agnostic to the methodology in your environments, so we can start at the far right, and just do AppSec scanning, we can start at the middle of the build, at the left, code, or all of that. There's this notion of I have to be ready for security, you don't have to be ready. We help you -- The hardest part is getting started, and we help you get started. You'll see a blog post or an article from us say, "Stop the fudge, just get started." That's how you have to approach this. This paralysis that exists has to end. >> That's not what the paralysis thing -- Pretend I'm a customer for a second, Mike, I'm burnt out, I got a gun to my head every day, I come in, I got every single security vendor lining up begging for my attention, why should I pay attention to you? What's in it for me? How do you answer that? >> So first of all, you know, what do you want to achieve? What is your current state? Where are your code repos, where are your application deployments, what are you doing today? How do we make that a continuous process? It's understanding the environment, having some situational awareness and a bit of EQ. Instead of going in and pounding on them with a product. >> Do you guys then go in and train my staff, I'm trying to think what's the commitment from me, what do I need to do? >> It's -- our policies are very simple, you define a target which is your source repo, your build system, or your application, you define the tool or integration you want to run, so I want to run Metasploit against my application, I want to do it every hour, and I want to be notified via a Slack Channel notification. >> That sounds really easy to implement. It sounds -- >> It's four steps. Literally a POC takes 15 minutes to onboard. >> So what's the outcome, what's some of the successes you've had after a POC? It sounds complicated but it really the methodology really is more of a mindset for the organization, so I love the DevOps angle on that, but okay, I can get in, I kick the tires, I do the four steps, I go, "Oh this is awesome." What happens next, what normally goes on? >> What often happens in the past is you run a test and you're inundated with results, it's -- you know, there's critical warnings, some informational, and some like blood red ones. But you don't know where to start on prioritizing them. We've normalized the output of all these tools so now you know where exactly to start. What are the important vulnerabilities to start with, and go down, versus throwing this over the fence to dev, and upsetting them, and having a contentious conversation. So we implicitly foster the collaborative nature of DevSecOps. >> Cool. So competition. Who do you guys compete with, how do you guys -- Who do you run into the field against, what are customers looking at that would compare to you guys that people could think about? >> I think our biggest competition to be honest is the companies that want to -- that tried to do that themselves. The DIYs are not invented here. I mean, we've talked to a couple companies, they've tried to do this for two years, and they failed, and, you know, outside of us trying to sell something, like, is that really in your company's best interest to have a team dedicated to building this platform. I think there's a couple other big companies out there that do part of it, but like we architected this from the ground up to be unique and somewhat differentiated in very crowded security market. >> What's your general advice, you know, a friend comes to you, CIO friend, hey Mike, you know dude, bottom line, what's going on with security? How do you -- what's your view of the landscape right now because it certainly is noisy, again like I said, the number of software tools, and billions of hundreds of billions of dollars being spent according to Gardner, yet the exploits are still up, so it's not like having any effect. (laughing) Someone's winning. So if there's more tools, either something's -- tools are ineffective or there's just more volume on attacks, probably both, but -- You go, Oh my God, there's nothing really going on here. There's no innovation. What's the landscape look like, how do you describe that in kind of simple terms and less security landscape? Crazy out of control chaotic, I mean, what's -- >> I mean, if you go to RSA and walk the floor, it's like all of the same buzzwords got exploded, and there's no real solutions that address the near -- like we talked about, I said earlier, the definition of insanity is doing the same thing over and over, we keep deploying the same products and having the same results, and not being more secure. I think there needs to be a rationalization process. You can't just go buy tools and expect them to solve all of your problems. You have to have a strategic framework instead of a tactical approach. >> Alright, so I'll say to you, as another example, I got IoT on my agenda, I got a lot of industrial equipment, that's now going to connect to the IP network, used to go to some of it's own proprietary backhaul, but now I'm on the IP network. Mike, how does this play into that? Obviously it's going to open up some more surface area for attacks, how do you guys work with that? >> I think it goes back to that having this continuous security scanning, if you have all of these IoT devices, you have to know how they're operating. You can't just send a bunch of log data to your SIM and try to extract that signal from the noise and overwhelm your security operation center. How do you run that through the kind of of a, let's call it map reduce for lack of a better term, to extract that signal from the noise and find out is this device talking to this one, is that correct, or is this anomalous? But it has to be continuous, that cannot be periodic. >> Obviously data is important, my final question to end the segment is, the role of data and the role of DevOps is impactive to the security practice. What's the reality, where are we? First inning, second inning? Data obviously important, comment on that, and then DevOps impact to security. Obviously you see momentum. What's your thoughts? >> I don't think we've got out of the dugout yet, to start the first inning -- >> (laughing) >> Which is exciting in some ways if you're a start-up. Or depressing if you're an enterprise. But we have to take a different approach going back to how we started this conversation. The current approaches aren't working. We have to think differently about this. >> Okay, so we're in the early innings, I'm a pioneer, an early adopter, because I'm desperate or I really want to be progressive, why am I calling Cybric? >> I think because you want -- you understand that security needs to be more of a priority, you want to shift that left, and find defects and vulnerabilities early on in your product -- Lifecycle. If you're a head of product, wouldn't you want to have some security assurance before I delay your delivery date because the security team comes in and finds a bunch of vulnerabilities the day before your launch. >> So security as a service as you said. Mike Kail with Cybric, CTO, bringing his expert opinion here into theCUBEConversation here at Palo Alto, I'm John Furrier, thanks for watching. (upbeat music)

>> Male Voiceover: Live from Stanford University, it's The Cube covering the Women in Data Science Conference 2017. >> Hi, welcome back to The Cube, I'm Lisa Martin and we are live at Stanford University at the second annual Women in Data Science Technical Conference. It's a one day event here, incredibly inspiring morning we've had. We're joined by Janet George, who is the chief data scientist at Western Digital. Janet, welcome to the show. >> Thank you very much. >> You're a speaker at-- >> Very happy to be here. >> We're very happy to have you. You're a speaker at this event and we want to talk about what you're going to be talking about. Industrialized data science. What is that? >> Industrialized data science is mostly about how data science is applied in the industry. It's less about more research work, but it's more about practical application of industry use cases in which we actually apply machine learning and artificial intelligence. >> What are some of the use cases at Western Digital for that application? >> One of the use case that we use is, we are in the business of creating new technology nodes and for creating new technology nodes we actually create a lot of data. And with that data, we actually look at, can we understand pattern recognition at very large scale? We're talking millions of wafers. Can we understand memory holes? The shape, the type, the curvature, circularity, radius, can we detect these patterns at scale? And then how can we detect if the memory hole is warped or deformed and how can we have machine learning do that for us? We also look at things like correlations during the manufacturing process. Strong correlations, weak correlations, and we try to figure out interactions between different correlations. >> Fantastic. So if we look at big data, it's probably applicable across every industry. How has it helped to transform Western Digital, that's been an institution here in Silicon Valley for a while? >> We in Western Digital we move mountains of data. That's just part of our job, right? And so we are the leaders in storage technology, people store data in Western Digital products, and so data's inherently very familiar to us. We actually deal with data on a regular basis. And now we've started confronting our data with data science. And we started confronting our data with machine learning because we are very aware that artificial intelligence, machine learning can bring a different value to that data. We can look at the insides, we can develop intelligence about how we build our storage products. What we do with our storage. Failure analysis is a huge area for us. So we're really tapping into our data to figure out how can we make artificial intelligence and machine learning ingrained in the way we do work. >> So from a cultural perspective, you've really done a lot to evolve the culture of Western Digital to apply the learnings, to improve the values that you deliver to all of your customers. >> Yes, believe it or not, we've become a data-driven company. That's amazing, because we've invested in our own data, and we've said "Hey, if we are going to store the world's data, we need to lead, from a data perspective" and so we've sort of embraced machine learning and artificial intelligence. We've embraced new algorithms, technologies that's out there we can tap into to look at our data. >> So from a machine learning, human perspective, in storage manufacturing, is there still a dependence on human insight where storage manufacturing devices are concerned, or are you seeing the machine learning really, in this case, take more of a lead? >> No, I think humans play a huge role, right? Because these are domain experts. We're talking about Ph.D.'s in material science and device physics areas so what I see is the augmentation between machine learning and humans, and the domain experts. Domain experts will not be able to scale. When the scale of wafer production becomes very large. So let's talk about 3 million wafers. How is a machine going to physically look at all the failure patterns on those wafers? We're not going to be able to scale just having domain expertise. But taking our core domain expertise and using that as training data to build intelligence models that can inform the domain expert and be smart and come up with all the ideas, that's where we want to be. >> Excellent. So you talked a little bit about the manufacturing process. Who are some of the other constituents that you collaborate with as chief data scientist at Western Digital that are demanding access to data, marketing, etcetera, what are some of those key collaborators for your group? >> Many of our marketing department, as well as our customer service department, we also have collaborations going on with universities, but one of the things we found out was when a drive fails, and it goes to our customer, it's much better for us to figure out the failure. So we've started modeling out all the customer returns that we've received, and look at that and see "How can we predict the life cycle of our storage?" And get to those return possibilities or potential issues before it lands in the hands of customers. >> That's excellent. >> So that's one area we've been focusing quite a bit on, to look at the whole life cycle of failures. >> You also talked about collaborating with universities. Share a little bit about that in terms of, is there a program for internships for example? How are you helping to shape the next generation of computer scientists? >> We are very strongly embedded in universities. We usually have a very good internship program. Six to eight weeks, to 12 weeks in the summer, the interns come in. Ours is a little different where we treat our interns as real value add. They come in, and they're given a hypothesis, or problem domain that they need to go after. And within six to eight weeks, and they have access to tremendous amounts of data, so they get to play with all this industry data that they would never get to play with. They can quickly bring their academic background, or their academic learning to that data. We also take really hard research-ended problems or further out problems and we collaborate with universities on that, especially Stanford University, we've been doing great collaborations with them. I'm super encouraged with Feliz's work on computer vision, and we've been looking into things around deep neural networks. This is an area of great passion for me. I think the cognitive computing space is just started to open up and we have a lot to learn from neural networks and how they work and where the value can be added. >> Looking at, just want to explore the internship topic for a second. And we're at the second annual Women in Data Science Conference. There's a lot of young minds here, not just here in person, but in many cities across the globe. What are you seeing with some of the interns that come in? Are they confident enough to say "I'm getting access to real world data I wouldn't have access to in school", are they confident to play around with that, test out a hypothesis and fail? Or do they fear, "I need to get this right right away, this is my career at stake?" >> It's an interesting dichotomy because they have a really short time frame. That's an issue because of the time frame, and they have to quickly discover. Failing fast and learning fast is part of data science and I really think that we have to get to that point where we're really comfortable with failure, and the learning we get from the failure. Remember the light bulb was invented with 99% negative knowledge, so we have to get to that negative knowledge and treat that as learning. So we encourage a culture, we encourage a style of different learning cycles so we say, "What did we learn in the first learning cycle?" "What discoveries, what hypothesis did we figure out in the first learning cycle, which will then prepare our second learning cycle?" And we don't see it as a one-stop, rather more iterative form of work. Also with the internships, I think sometimes it's really essential to have critical thinking. And so the interns get that environment to learn critical thinking in the industry space. >> Tell us about, from a skills perspective, these are, you can share with us, presumably young people studying computer science, maybe engineering topics, what are some of the traditional data science skills that you think are still absolutely there? Maybe it's a hybrid of a hacker and someone who's got, great statistician background. What about the creative side and the ability to communicate? What's your ideal data scientist today? What are the embodiments of those? >> So this is a fantastic question, because I've been thinking about this a lot. I think the ideal data scientist is at the intersection of three circles. The first circle is really somebody who's very comfortable with data, mathematics, statistics, machine learning, that sort of thing. The second circle is in the intersection of implementation, engineering, computer science, electrical engineering, those backgrounds where they've had discipline. They understand that they can take complex math or complex algorithms and then actually implement them to get business value out of them. And the third circle is around business acumen, program management, critical thinking, really going deeper, asking the questions, explaining the results, very complex charts. The ability to visualize that data and understand the trends in that data. So it's the intersection of these very diverse disciplines, and somebody who has deep critical thinking and never gives up. (laughs) >> That's a great one, that never gives up. But looking at it, in that way, have you seen this, we're really here at a revolution, right? Have you seen that data science traditionalist role evolve into these three, the intersection of these three elements? >> Yeah, traditionally, if you did a lot of computer science, or you did a lot of math, you'd be considered a great data scientist. But if you don't have that business acumen, how do you look at the critical problems? How do you communicate what you found? How do you communicate that what you found actually matters in the scheme of things? Sometimes people talk about anomalies, and I always say "is the anomaly structured enough that I need to care about?" Is it systematic? Why should I care about this anomaly? Why is it different from an alert? If you have modeled all the behaviors, and you understand that this is a different anomaly than I've normally seen, and you must care about it. So you need to have business acumen to ask the right business questions and understand why that matters. >> So your background in computer science, your bachelor's Ph.D.? >> Bachelor's and master's in computer science, mathematics, and statistics, so I've got a combination of all of those and then my business experience comes from being in the field. >> Lisa: I was going to ask you that, how did you get that business acumen? Sounds like it was by in-field training, basically on-the-job? >> It was in the industry, it was on-the-job, I put myself in positions where I've had great opportunities and tackled great business problems that I had to go out and solve, very unique set of business problems that I had to dig deep into figuring out what the solutions were, and so then gained the experience from that. >> So going back to Western Digital, how you're leveraging data science to really evolve the company. You talked about the cultural evolution there, which we both were mentioning off-camera, is quite a feat because it's very challenging. Data from many angles, security, usage, is a board level, boardroom conversation. I'd love to understand, and you also talked about collaboration, so talk to us a little bit about how, and some of the ways, tangible ways, that data science and your team have helped evolve Western Digital. Improving products, improving services, improving revenue. >> I think of it as when an algorithm or a machine learning model is smart, it cannot be a threat. There's a difference between being smart and being a threat. It's smart when it actually provides value. It's a threat when it takes away or does something you would be wanting to do, and here I see that initially there's a lot of fear in the industry, and I think the fear is related to "oh, here's a new technology," and we've seen technologies come in and disrupt in a major way. And machine learning will make a lot of disruptions in the industry for sure. But I think that will cause a shift, or a change. Look at our phone industry, and how much the phone industry has gone through. We never complain that the smart phone is smarter than us. (laughs) We love the fact that the smartphone can show us maps and it can send us in the right, of course, it sends us in the wrong direction sometimes, most of the time it's pretty good. We've grown to rely on our cell phones. We've grown to rely on the smartness. I look at when technology becomes your partner, when technology becomes your ally, and when it actually becomes useful to you, there is a shift in culture. We start by saying "how do we earn the value of the humans?" How can machine learning, how can the algorithms we built, actually show you the difference? How can it come up with things you didn't see? How can it discover new things for you that will create a wow factor for you? And when it does create a wow factor for you, you will want more of it, so it's more, to me, it's most an intent-based progress, in terms of a culture change. You can't push any new technology on people. People will be reluctant to adapt. The only way you can, that people adopt to new technologies is when they the value of the technology instantly and then they become believers. It's a very grassroots-level change, if you will. >> For the foreseeable future, that from a fear perspective and maybe job security, that at least in the storage and manufacturing industry, people aren't going to be replaced by machines. You think it's going to maybe live together for a very long, long time? >> I totally agree. I think that it's going to augment the humans for a long, long time. I think that we will get over our fear, we worry that the humans, I think humans are incredibly powerful. We give way too little credit to ourselves. I think we have huge creative capacity. Machines do have processing capacity, they have very large scale processing capacity, and humans and machines can augment each other. I do believe that the time when we had computers and we relied on our computers for data processing. We're going to rely on computers for machine learning. We're going to get smarter, so we don't have to do all the automation and the daily grind of stuff. If you can predict, and that prediction can help you, and you can feed that prediction model some learning mechanism by reinforced learning or reading or ranking. Look at spam industry. We just taught the Spam-a-Guccis to become so good at catching spam, and we don't worry about the fact that they do the cleansing of that level of data for us and so we'll get to that stage first, and then we'll get better and better and better. I think humans have a natural tendency to step up, they always do. We've always, through many generations, we have always stepped up higher than where we were before, so this is going to make us step up further. We're going to demand more, we're going to invent more, we're going to create more. But it's not going to be, I don't see it as a real threat. The places where I see it as a threat is when the data has bias, or the data is manipulated, which exists even without machine learning. >> I love though, that the analogy that you're making is as technology is evolving, it's kind of a natural catalyst >> Janet: It is a natural catalyst. >> For us humans to evolve and learn and progress and that's a great cycle that you're-- >> Yeah, imagine how we did farming ten years ago, twenty years ago. Imagine how we drive our cars today than we did many years ago. Imagine the role of maps in our lives. Imagine the role of autonomous cars. This is a natural progression of the human race, that's how I see it, and you can see the younger, young people now are so natural for them, technology is so natural for them. They can tweet, and swipe, and that's the natural progression of the human race. I don't think we can stop that, I think we have to embrace that it's a gift. >> That's a great message, embracing it. It is a gift. Well, we wish you the best of luck this year at Western Digital, and thank you for inspiring us and probably many that are here and those that are watching the livestream. Janet George, thanks so much for being on The Cube. >> Thank you. >> Thank you for watching The Cube. We are again live from the second annual Women in Data Science conference at Stanford, I'm Lisa Martin, don't go away. We'll be right back. (upbeat electronic music)

>> Narrator: Live from San Jose, California in the heart of silicon valley, it's theCUBE! Covering QuickBooks Connect 2016. Sponsored by Intuit QuickBooks. Now here are your hosts Jeff Frick and John Walls. >> Welcome back to San Jose, California. We continue here on theCUBE our coverage of QuickBooks Connect 2016. Of course theCube is the flagship broadcast here on SiliconANGLE TV where we extract the signal from the noise and I tell you what, with our next guest, we have a lot of signal to bring you. Scott Cook, the founder and the chairman of the executive committee at Intuit. Scott, thank you for being with us. We really appreciate the time and have been looking forward to this for quite some time once we knew you were going to be on theCube. It's good to have you. >> Good to be here. >> Let's talk about just first off, look at where you are now, right? 30-some odd years. It's been quite a ride I would assume for you. >> Yeah, it started, you know Tom and I got together and then there were two of us and then we eventually had seven of us in a basement. Well they called it the garden level. But the only part of the garden you could see would be the roots and the gophers. (laughter) And then we hit bad times and the things ... We just couldn't get money. We couldn't get sales so we shrunk down to four people. Couldn't pay salaries. It was pretty ugly. And from that, to look at 5,000 people here today. 8,000 employees in the company. When I started the biggest PC software company was 160 employees, and they were huge! Oh these giants! (laughter) >> How do I manage all this? >> Yeah, yeah. >> Well a quote that we've heard a couple of times today. We heard on the keynote stage. About the corporate philosophy of we fall in love with your problems, not our solutions. And is that the driving force you think? I mean, why you've made it through 33 years? >> I think yeah. Yeah, I actually think that's pretty important not just to the success of Intuit and QuickBooks and Mint and TurboTax, but to business in general. My theory is what great entrepreneurs do is they find the intersection of two circles. So think of a Venn diagram and the intersection. One circle is what are people's biggest, most important unsolved problems? Not the problems that are already solved by someone else. Find the ones that aren't solved yet. And then look for the ones that we can solve. Cause you can't solve everything. But look where we can apply the best technologies in the world. What's in that intersection? And focus there. >> And in some of the research to get ready for this. You've talked about really focusing on the important stuff. You gave a great example in that Khan Academy talk about there's really only 1 1/2 things that you should really be focusing on to really move the ship forward. And that was a very great insight. >> Yeah, you know all of of us have the desire to do too many things. You get groups. You've got 10 people in a room, they each have their ideas and it's tempting to shoot at too many targets. And those 10 targets are not of equal importance. You got to go through and kind of rigorously and be disciplined and say what's the 1 1/2 most important? And stay relentlessly focused on that. >> And then how is your role changed? As time has passed and you're no longer the CEO. Now you're chairman head of the executive board. How have you kind of learned to still keep your hands on it but in kind of a little bit more of a distant role? >> Well, first of all, thank goodness for leaders like Brad Smith, Sasan Goodarzi who heads up our small business group, that's really the host of this show. Thank goodness for great leaders like that. So my role's changed a ton. I work really on two areas now which is strategy and coaching our entrepreneurs. So strategy over to Brad and our other leaders. I'm trying to help our leaders see the future and make the big strategic calls. What's really most important? How do we know? And then work with our entrepreneurs. We're a collection of entrepreneurs basically. We've got a couple hundred entrepreneurial projects going on inside the company at any one time. And each one of those is like a little startup. I mean, they've got a customer in mind. They've got a problem they're trying to solve to improve people's lives so fundamentally. And there are challenges. So helping grow our entrepreneurs and then grow the culture around them to allow great entrepreneurs to invent things to change the world and do that from within Intuit with a huge reach to be able to get the inventions out in the hands of millions. And change the lives of tens of millions of people. >> So, over the course of the run of the company, they haven't all been home runs. >> Scott: Oh yeah. >> Right. So how have you learned from those swings and misses? And applied them to the small businesses that you're serving? Who are swinging and missing on a regular basis and you're trying to narrow that margin, right? Trying to make them more successful. >> Scott: Yeah. >> So what did you learn you think maybe through your attempts about that culture of trying basically. >> I think maybe the most important thing really dovetails with what you just said. Early on, when the company was, before we even had our first product out, we'd build a version of it and then we would bring in test audiences of it and have them test it to see if they could figure it out without us saying anything. And they couldn't. So then we'd redesign it and then we'd test again. And then we'd redesign it and test again. Over time kind of lost some of that dedication to running experiments. And it became whose opinion? And you'd build, and it was the loudest opinion in the room. Or the boss' opinion. And that produced a number of failures. Things that just didn't work. Customers didn't buy it. Or they bought it and it didn't it didn't produce the desired effect when they bought it. So the thing I've learned about life and companies is to set up a culture where you make decisions based on fast cheap experiments. That very thing you were talking about. If you got an idea, figure out, okay, what's a leap of faith assumption, let's go try it. And don't debate it. Try it. And then we learned from trying. Oh, a bunch of those don't work. And then we learned from the things. Why didn't it work? And that teaches us something we didn't know before. That maybe the fulcrum, the pivot, to a new idea. And some of those do work or most of it worked. But other pieces didn't. And we learned by doing. Not by debating in a conference room. So to set up your company so that people throughout the company can take their idea and run the experiment. That produces great entrepreneurs and great learning. A continuous stream of learning. I guess the learning begins when you first get real people trying your idea for real. >> Let me follow up. Cause the other thing you talk about is that often comes from the youngest and the newest employees. Which is completely antithesis to a kind of hierarchical structure. Where these are the people that you should be listening and giving them the opportunity within this comfortable framework to do these experiments. >> Absolutely. Sometimes the very freshest ideas come from the people farthest from the boss. Newest in the company. Closest to the customer. But typically in a hierarchy, whose got the least clout? Whose ideas are the least listened to? It'd be the new person, the young person. >> Jeff: Right. >> And so part of the genius of running a company of decision by experiment is that everyone's ideas can be run as an experiment. The boss' idea. The CEO's idea. And the person that's new. We should be testing each of those. Except in a crisis where you got to make snap decisions. And hopefully those aren't very often. You should run the company so that each good idea can be tested, regardless of where it comes from. And then the great thing is, then you get the best ideas from all your folks and they learn from doing. If their idea doesn't work, now they learn from that. Ooh, okay. I thought it was going to do X, it did Y. Why? What didn't I know? That's where learning comes from. Learning doesn't tend to come from the successes, learning comes from the things that didn't work. >> So, I think we've all seen good executives. How they operate. They hire good people, right? That's ... You have a vision and then you hire people who surround that and amplify that vision. So when you're looking for people or when you've been looking for people to work with you. What's that common thread? Or what are the traits that you've looked for the most to think that's a good fit? Or this is the person that I want on my team. In order to carry on this vision to where it's expanded to where it is today. >> Let me break that into two buckets. There are a set of things which are unique to particular career paths. So certain things from engineers might be different than certain things from a salesperson or a marketer or a finance person. So let's set that aside. Let's cover the commonalities. I think there's a few things. When you think about the people you've most loved working with or for. There are people who are great creative problem solvers. Instead of seeing a problem or barrier and giving up or being unglued by it. Can figure out okay, how're we going to solve that problem? And then there's people who are there to serve. Where it's not all about them. I've got a thing that I tell our folks that others won't care how much you know until they first know how much you care. So if one of our speakers today said it. If your first job is to serve yourself you're not going to go very far. Because who wants to work with someone who's self serving? Who wants to buy from a company that's only looking after its own front P&L? Job one is you got to serve who you're serving. The customer or the person of the company who you serve. So we look for people who are really motivated by the outside to try to do right by the customer. I think you look for people who are achievement oriented. Who get stuff done. Who make things happen. Do you want to work with somebody who always needs to be dragged along? No. You want to work with somebody who's pulling you along. Who's getting a lot done. So you go, wow, that person gets a lot done. So I think those are pretty core. Solve the creative problems. Have the passion and energy to serve, do what's right for the customer. And then get a lot done. >> And then you've talked about the curse of success. And avoiding the curse of success. And you guys have done that, obviously. So what are the kind of the lessons to say fresh? This started as a checkbook register and now the future of payments and mobile and the options are just tremendous. Bitcoin, who knows where that's going. So, as the future keeps evolving, how do you stay fresh? How do you keep the team fresh? How do you not rest on your laurels even though you have 5,000 fans walking around San Jose convention center today? >> This is a real challenge for companies. Because success turns organizations. It makes them dumb and slow. It's tempting, the thing I would avoid is it's tempting to look at your achievements. To look through the rear view mirror. And look at boy, how much we've achieved. But that only makes you self satisfied. In fact, with an organization you need to do the opposite. Look to where we want to be. Look to where we should be. And we're here. And then say, well shoot we are not very far. So for example, and I define these in customer terms. For example, we started our first product helped somebody manage a checkbook and pay bills. If you look at it really, the problem of paying bills has gotten worse. It used to be all bills came in the mail. So you had a little physical reminder. Some come in the mail, some you get by e-mail with invoices from some people. Some you go online and find a website. You pay some at a bank website. Maybe you go to the biller, you pay some. You write checks for some. It's much harder now. We have not actually got to the point. When our nirvana is you never worry about a bill. And you're never late. And you're never overdraft. The overdraft rate in the country is around 30% of households have a late payment during the year from which they get fees. And the overdraft rates, the overdraft charges can be $30, $35. We have not solved that yet. We got to look and say with all that we've done, that's what we should have done. So we've got a team working on that right now. Because we got re-focused on it. So we'll be coming out in December with stuff in there. Look at tax. Tax many people would say is one of our best businesses. And it is. Look at all we've achieved. But, look at the reality. People are still spending a lot of time on tax. Who wants to be spending time typing stuff into tax software? Does anybody? (laughter) No. There's not an accountant, there's not a consumer. We haven't solved that yet guys. There are still a hundred million people in the country typing stuff in to systems to do taxes every February, March and April. That's where we want to be. Is ultimately there is no typing in. All that information you have that goes in your tax return goes in automatically. And if you're an accountant, it all goes in for your clients automatically. So that you can focus on the high level stuff and not the drudgery. So, viewed from the lens of really what life should be. What's our aspiration? Our ideal? Keep people focused on that. And it sure has helped motivate us. I mean, we should be finding a lot of money for small businesses. And we're launching, announcing today ways that we help small businesses find more money. We should be eliminating the drudgery of running a small business. Nobody wants to do the book work. Instead, they want to do what they love to do in business. It could be working with clients. It could be the craft of doing the business. It could be selling new business. Every business person has something they love to do. And it's not doing the books. And that yet, people still have to do it. We want to have it on your phone so you don't have to do the books. It's done automatically. And you got a question, boop boop, there's the answer. >> So you mentioned the phone. Is that the next big growth opportunity? Mobile this is top priority with so many different sectors right now. >> Yeah, yeah. It's the growth today. In fact, every new feature and new benefit that Sasan Goodarzi showed today in his keynote address. Every one of 'em, he showed it on a mobile phone. Every one. It's the fastest growing. TurboTax the great consumer business. It's the fastest growing platform by far. So yeah, if you can take stuff off a desktop and put it so automatically that you can just get on your phone, say, okay, yep, do it. >> Right, right. >> Yeah, so that's where we're aiming a lot of our innovation. And these are amazing platforms. A simple example, the fastest growing form of employment in the United States and in fact, in the world is self employed. Where you think of an Uber driver or someone like that. People who work as consultants, contractors, they work for themselves. They've got to keep track of all their business expenses. Or they lose that money on their tax returns. Money out of their pocket. They got to keep track of every individual business expense which of course, they co-mingle with their personal checking, personal credit card. And they got to keep track of every mile they drive for business. And keep it separate with contemporaneous records that the IRS requires with the starting odometer reading, the ending odometer reading, and the destination and what it was for. Well you can imagine that's such a pain in the butt. So many independent business people, freelancers fail. Or they do some but not others. And that's money right out of their pocket. Thousands of dollars they don't get. They should get that they deserve. So we've devised and a team really creative work, QuickBooks Self Employed. It sits on your phone in your pocket. It reads what's coming from your bank and your credit cards and anytime you're stopped at a stop light or you've got two minutes before a meeting starts. You can go through and say oh, that was a business expense, business, business. That was personal, personal. It's that fast. And then you get complete records for your taxes. Oh then mileage. There's lots of software out there that'll track your mileage but it does by pinging the GPS. GPS takes battery. You ping the GPS all day long, what happens? Zhoom. >> Goodbye phone. >> Bye bye phone. So it's worthless. Our guys we launched that. Quickly found out that people stopped using it because it drained their battery just like everyone else. So, three clever engineers. Together with a couple others came up with a really clever idea which we've patented now. And it tracks your location without pinging your GPS all day long. So it doesn't drain your battery. So now you had complete records. It can detect when you're driving and where you started, where you finished. How many miles. Keeps perfect record, just as the IRS requires. And then you just have to tell it which are business, which are personal. And then it learns. Which one are business trips. So that over time, it knows when you're driving on business and you don't have to do anything. You get complete tax records. We've got businesses using it who get on average $7,000 of tax deductions. $7,000 of tax deductions. Because of the way it tracks. >> And you're taking advantage of the platform. You're taking advantage of the accelerometer. >> Yes. >> More importantly I think. The thing about mobile that most people don't maybe consciously think of is the way we interact with it as you said is little bits of time here, there, and everywhere. >> Scott: Yes. >> It's not the sit down thing. But I think what I think is most exciting about this show is it's a lot of talk about technology. But at the end of the day, it's really more about business. And small business. And small medium size business. And getting business done. >> Scott: Yes. >> And letting people do those dreams like the gal that was on the keynote. >> Scott: Yes. >> Letting her build her company and her franchise. And not have to worry about am I getting all the right deductions. >> That's right. I think the technology is the enabler. But it's all to enable what? What are we trying to deliver? And you saw it, in the kind of lead of slides. We're trying to fuel the success of small business. This is all about success. The technology's an enabler but that's not the center, the star of the show. The star of the show are small businesses and how they succeed. And how the suite of things that hundreds of developers and hundreds of software entrepreneurs who all build for the QuickBooks ecosystem. The new methods, and new ways to drive small business success. And at the end of the day, we don't measure ourselves with software. We measure ourselves with how much more money did we make small businesses? How much time did we save them so they could do what they love? How did we help them grow their business? Running a small business is a, and I know from starting Intuit, it absorbs who you are. You identify with that business. It is your representation to the world. To your spouse, to your in-laws. And if that business is successful, it's something about you that's irreplaceably positive. If that business is struggling, it strikes to the core. I mean, you feel bad. You look bad. So helping businesses succeed. And move them from mediocrity to success is such a home run for the psychology of this growing part of our economy. For each individual, it's your report card on yourself. And we can help make those report cards much better. That's our mission. That's how we're going to change the world so, so dramatically. People can't imagine going back. >> I'd say that you've already changed it dramatically. And it is exciting to hear about the next steps but this whole blend of strategy and execution and culture you're being commended for. It's just a great example of all those factors coming together and make great things happen for a lot of people around the globe so congratulations for that and thank you for being with us Scott. We appreciate the time here on theCube. >> Jeff, John thank you very much. This was a pleasure. >> Jeff: Thank you. >> You bet. Back with more from San Jose in just a bit. You're watching theCube here on SiliconANGLE TV. (techno music)