>> From Boston, Massachusetts, it's the Cube covering WTG Transform 2019. Brought to you by Winslow Technology Group. >> Welcome back. I'm Stu Miniman, and we're here at WTG Transform 2019. Happy to welcome to the program first time guest, Marty Sanders who's the Chief Security Services Officer at Arctic Wolf. Marty, thanks so much for joining us. >> Thank you, Stu. >> All right Arctic Wolf's a partner, but before we get there, I have to say welcome back. >> Thank you, thank you. >> Because you're familiar with this event quite well. You have a background at Compellent, which of course we were just talking to Scott Winslow. It's where his company started. Just give our audience a little bit thumbnail of your background. >> Perfect. So yeah, Scott and I go back a long time. We actually started back working together at Zylotech back in the late 90's. After we left Zylotech, we actually went to Compellent. We started building Compellent back in 2002. As a company we wanted to start a new philosophy. Really sit down with customers prior to actually releasing products. So we actually built a customer council. We started that in Minneapolis, and then what we wanted to do is take it to the next level. We wanted to replicate that out to other parts of the country, and the first person we called was Scott. We started to do it with Scott, and started back in 2004. Had the first meeting here at the Commonwealth, actually with a handful of customers, and now it's grown into this. So it's unbelievable what he's done with the company. And when I look at what he does, he provides a tremendous amount of value to the customers and just sells them exactly what they want. But what they need as well. >> Yeah we always know when certain segments of the market that degree of separation, you look on LinkedIn is like, one and a half. >> Absolutely. >> Everybody knows each other. We all run around some of the same circles. So bring us up to speed. Arctic Wolf. I believe you're the first person we've had on from the company. So give us a little bit kind of the who and the what and the why. >> Perfect. ^- [Stu] Of Arctic Wolf. >> And again thank you very much for inviting us out for this as well. Yeah Arctic Wolf has been around since 2012. Started off in the SOC as a service. Obviously, in that small-medium business, they didn't have the capabilities to do a lot of the security work. Actually, Brian NeSmith, our CEO, started the company with his other founder Kim Tremblay. They worked at Blue Coat, they understood the security world. But understood that there was a big hole in that space, in that small-medium enterprise business. So they were actually way ahead of their time. I mean you look at from 2012 to 2015, it was a little bit slow growth. But now you start to look at where we're at, and the adoption of that, having a SOC as a service 7 by 24, hasn't been adopted very well. >> Yeah, I thought it was rather telling, actually in the keynote this morning, some people were asking about security, and they're like, wait, if I do this hybrid cloud stuff, how does that work? And I'm like, yeah I go to too many events. It's like, I have ingrained in my system now security is everyone's problem. There is no such thing as a moat. You assume that they are going to get in, so therefore I need to build at every level of the stack. I need to get in. But I'm an industry watcher. ^- [Marty] Yep. >> The people that are doing, what's their mindset, what's workin' well for them? Is security heightened? How's Arctic Wolf going? >> And you want to take that premise. I mean, one of the things that we do is we actually assign a concierge security team to that customer. So we want to be that extension of their environment. I mean, in fact, as we started to talk to some of the clients that we have here, they're repeating the words, what they feel like. My team is part of their team. And it makes it so much easier. So you're not dealing with somebody fresh every time that you call in. If you have any type of event that validates that there's somebody trying to break in. You want to have that person that understands your environment. Understands exactly where you've been. Making sure that you're up to speed on their network, all their ingress/egress points that they can come into. So it makes it so much easier if you have that consistent face that you're dealing with. >> Okay. Marty, is there a typical customer of Arctic Wolf? Where do you fit in the WTG? Their customer base? >> Yeah, I mean, that's a great question. I mean, when you look at where we really fit is, the first questions that we want to ask is do you have a security team? Do you have it 7 by 24? I mean, that's where we really want to make sure that we're augmenting that. I mean, when you look at a lot of the companies they might have that office admin that became the IT person, that became the security person. What we want to do is make sure that we're providing the true level of high security for those companies 7 by 24. Because obviously the bad guys know that there's going to be a hole after hours or whatever it's going to be. So that's when they want to go in. So we want to make sure that we're covering that. So Scott and his clients are kind of in that medium to small-medium business, moving up into the small enterprise, and it fits really well with them. >> Yeah, so you're saying most of them don't have an entire security SWAT team. >> Exactly. ^- Waiting 7 by 24, to do that. Walk us through maybe if you have a customer example or kind of a genericized version that you can share. What does an engagement look like from when they first plug in to when they're fully engaged? >> Perfect. So typically what we do is we actually once the deal is closed what we want to do is sit down with the customer and understand exactly all their different applications, all their environments. Understand all their ingress/egress points that they have coming in. We want to make sure that we're maximizing coverage. And what we want to do is triangulate anything that comes into that. Understand all the attack vectors that the bad guys may try to come in. So it takes us about 30 days to go through all of that. So once we get them onboarded, we assign that concierge security team. Going to be a senior and a less-senior person dedicated to that team. And basically they're going to go through and review that environment, make sure that they understand all the different applications. Is it Office 365? Any cloud apps that we need to hook up to it? All the different servers to make sure we're getting all that information. We want to provide more quiet service. We don't want to be, anytime someone knocks on the door, we don't want to be calling, Little Red Hen-type stories. We want to make sure that anything that we actually report on is going to be actionable for those customers. So that's that trusted confidante, that's where we build that strong relationship rather than sending out a note and retracting it as a false positive or anything like that. >> Okay. And Marty, I heard you mentioned some SAS applications and their infrastructure environment. Is public cloud included in that also? >> Absolutely. And what we want to do is make sure that we understand, like you said. And like Joe and Rick went through and talked about. There's going to be that private and public cloud. We want to make sure that we're capturing everything internally, but also if you're using those SAS applications on the outside, whatever they may be, we want to make sure that we're capturing all that information so that we can help with that. >> Okay. And billing. Is there multi-year commitments? Or how does the financial piece of this work? >> It can be MRR. I mean, we're going to go through on a monthly basis and we'd like to get at least a year commitment. It can be something that they sign up for a couple of months or they sign up for a year and pay monthly whatever they need to do. But typically what we want to do is provide that level of service and when you think about it, if you were to go out and buy a security team to cover 7 by 24, it's at least a minimum of six, seven people to do that. So when you look at the price point, we want to be less than that. We want to provide that high level of value. When you think about a single team going out and trying to do something, the typical threat is it has been in their environment for at least 100 days before they notice it. What we want to do is get it down to minutes. We want to make sure that any threat that's coming in we're notifying on it immediately. We want to make sure that we're going to capture all those things. >> All right. So Marty, when I talk to the big enterprises, security it's not only top of mind it's often a board-level discussion. When you come down to kind of the mid-size to small companies, where does security fit in their overall pictures? What are some of the biggest things on their mind? >> So it's very interesting. When you start to think about it, one of the things that is challenging, you look at some of the places that were having the greatest adoption rates are those companies that have the biggest threats. You look at where the money is. You look in the healthcare environments. The smaller healthcare. Or you look at the legal side of things. I mean, people know where there's money and where they need to have that data. So when you look at it, it's becoming a higher topic and it's becoming every conversation. And we don't like to say that the conversation gets highlighted after a breach or whatever it's going to be, but it does. I mean, and we'll be in the middle of some discussions and you'll hear about somebody that just got hit in a similar environment. And that's how then it gets brought up. >> Oh, boy. Sounds almost all the discussion is data is the new oil. >> Yes. Well those bad actors out there know where the oil is. >> Absolutely >> And therefore that's a security risk for them. >> Absolutely. And I mean the thing that you look at is, you hear about where some of the Atlanta, and some of the other cities that were hit. I mean they go after the localities and the municipalities of making sure that they're going after. And they know that they're going to pay very quickly because of how incredibly important that data is to do that. And even some of the sitting talking to some of the customers here today. Manufacturing, you know? Just the ability to go in and steal the IP that they have to make their business a little bit unique. That's where the people are concentrating because they want to take that and find that uniqueness in that business. >> All right. Marty, want to give you the final word. WTG Transform 2019. Talk about the partnership, talk about the customers and final takeaways. >> So the partnership, I mean, obviously Scott and I have known each other for a long time. The entire sales team and I know Scott. Rick Gowan actually was a customer of ours at Travelers Insurance. Scott hires great people, great employees. They partner. They take care of their customers better than anybody that I know. I mean, I just love the passion. In fact, some of the customers that we started with back in 2004 are still here. Still using the same products. But they continue to look at what provides the most value for them. >> All right. Marty Sanders the CSSO of Arctic Wolf, thanks so much for joining us. ^- Thank you, Stu. >> And appreciate all the updates. >> Thank you. All right. Full day of coverage here in the shadow of Fenway Park, Boston, Massachusetts. The East Coast team's home game as we like to say. I'm Stu Miniman. Thanks so much for watching the Cube. (gentle techno music)

from Boston Massachusetts it's the cube covering Activia 2019 data-driven to you by Activia welcome to Boston everybody this is Dave Volante and I'm here with stupid man finally still in our hometown you're watching the cube the leader in live tech coverage we're covering actifi Oh data-driven hashtag data-driven 19 activity it was a company that is focus started focused on copy data management they sort of popularized the term the I the concept the idea of data virtualization there's big data digital transformation all the buzz it's kind of been a tailwind for the company and we followed them quite closely over the years poly st. Claire is here she's the CEO of the state of Massachusetts that's chief of ditch and chief data officer Holly thanks for coming on the Q thanks for having me so it's kind of rare that somebody shares the title of chief digital officer of chief data officer I think it's rare right now I think that would change you think it will change I think those two roles will come together I just think data fuels our digital world and it both creates the content and also monitors how we're doing and it's just inevitably I think either they're gonna be joined at the hip or it's gonna be the same person that's interesting I always thought the chief data officer sort of emerged from this wonky back-office role data quality of this careful the word walking okay well yeah let's talk about that but the chief digital officer is kind of the mover the shaker has a little marketing genius but but okay so you see those two roles coming together that maybe makes sense because why because there's there some tension in a lot of organizations between those two roles well I think the challenge with the way that sometimes people think about data is they think about it's only a technical process data is actually very creative and you also have to tell a story in order to be good with it it's the same thing as marketing but it's just a little bit of a different hue a different type of audience a different type of pace there's a technical component to the data work but I'm looking at my organization that I'm surrounded by additional technical folks CTO CSO privacy officer CIO so we have a lot of supports that might take away some of those roles are scrunched in under the data officer or the digital so I used to turn wonky before it kind of triggered you a little bit but but you're a modeler you're a data scientist your development programmer right no but I know enough to I know enough to read code and get in trouble okay so you can direct coders and you have data scientists working for you yeah right so you've got that entire organization underneath you and your your mission is blank fill in the blank so our mission is to use the best information technology to ensure that every users experience with the Commonwealth is fast easy and wicked awesome awesome Holly our team just got back from a very large public sector event down in DC and digging into you know how our agency is doing with you know cloud force initiatives how are they doing the city environments you were state of Massachusetts and you know rolled out that that first chief data if you keep dipped officer gets a little bit of insight inside how Massachusetts doing with these latest waves of innovation uh well you know we have our legacy systems and as our opportunities come up to improve those systems our reinvest in them we are taking a step forward to cloud we're not so dogmatic that it's cloud only but it's definitely cloud when it's appropriate I do think we'll always have some on-prem services but really when it's possible whether it's a staff service off-the-shelf or it's a cloud environment to make sense than we are moving to that in your keynote this morning you you talked about something called data minimalism yeah and wonder if you could explain that for audience because for the longest time it's been well you want to hoard all the data you want to get all the data and you know what do you do with it how do you manage you right right I mean data's only as good as your ability to use it and I often find that we're ingesting all this data and we don't really know what to do with it or really rather our business leaders and decision-makers can't quite figure out how to connect that to the mission or to act properly interrogate the data to get the information they want and so this idea is an idea that's sort of coming a little bit out of Europe and or some of the other trends we see around some cyber security and hacking worlds and the idea is this actually came from fjords Digital Trends for 2019 is data minimalism the idea is that you strongly connect your business objectives to the data collection program that you have you don't just collect data until you're sure that it supports your objectives so you know one of the things that I also talked about in the keynote was not just data minimalism but doing a try test iterate approach we often collect data hoping to see that we can create a change I think we need to prove that we can create the change before we do a widespread scalable data collection program because often we collect data and you still can't see what you're doing has an effect within the data the signals too strong or too too weak or you're asking the wrong question of the data or it's the wrong plectra collection of the technique and that's largely driven from a sort of privacy a privacy privacy the reality of how costly sometimes the kennedys but you know storage of data is cheap but the actual reality of moving it and saving it and knowing where it is and accessing it later that takes time and energy of your of your actual people so I think it's just important for us to think carefully about a resource in government we have a little less resources sometimes in the private sector so we're very strategic on what we do and so I think we need to really think about the data we use if the pendulum swings remember back to the days of you know 2006 the Federal Rules of Civil Procedure said okay you got to keep electronic records for whatever seven years of depending on industry and people said okay let's get rid of it as soon as we can data was viewed as a liability and then of course all the big data height we've talked about a little bit in your in your speech everybody said I could collect everything throw it into a data Lake and we all know those became data swamps so do you feel like the pendulum is swinging and there's maybe a little balance are we reaching an equilibrium is it going to be a you know hard shift back to data as a liability what are your thoughts well I think isn't with any trend there's always a little bit of a pendulum swing as we're learning it's with it with the equilibrium is equilibrium is I think that's a great word I think the piece that I neglected to mention is the relationship to the consumer trust you know for us in government we have to have the trust of our constituents we do have a higher bar than public sector in terms of handling data in a way that's respectful of individuals privacy and their security of their data and so I think to the extent that we are able to lend transparency and show the utility and the data we're using and that will gain the trust of our users or customers but if we continue to do things behind the scenes and not be overt about it I think then that can cause more problems I think we face is organizations to ask ourselves is having more data worth the sort of vulnerability introduces and the possible liability of trust of our of our customers when you betray to test over your customers it's really hard to replace that and so you know to a certain extent I think we should be more deliberate about our data and earn the trust of our customers okay how how does Massachusetts look at the boundary of data between the public sector and the private sector I've talked to you know some states where you know we're helping business off parking by giving you know new mobile apps access to that information you talked a little bit about health care you know I've done interviews with the massive macleod initiative here locally how do you look at that balance of sharing I think it is a real balance you know I don't think we do very much of it yet and we certainly don't share data that were not allowed to by law and we have very strict laws here in Massachusetts the stricter at the ten most states and so I think it's very strategic when we do share data we are looking for opportunities when we can when I talk about demand driven data I look forward to opening the conversation a little bit to ask people what data are they looking for to ask businesses and different institutions we have throughout the Commonwealth what data would help you do your job better and grow our economy and our jobs and I think that's a conversation we need to have over time to figure out what the right balances someday it'll be easier for us to share than others and some will never be able to share the first data scientist I've ever met is somebody I interviewed the amazing Hilary Mason and she said something that I want to circle back to something you said in your talk if she said the hardest part of my job or one of the hardest parts is people come to me with data and and it's the most valuable thing I can do is show them which questions to ask and you have talked about well what's a lot of times you don't know what questions to ask until you look at the data or vice versa what comes first the chicken or the egg what's your experience pin well I do think we need to be driven by the business objectives and goals it doesn't mean there's not an iterative process in there somewhere but you know data wonks we can we can just throw data all day long and still might not give you the answer there forward but I think it's really important for us to be driven by the business and I think executives don't know how to ask the questions of the data they don't know how to interrogate it or honestly more realistically we don't have a date of actually answers the question they want to know so we often have to use proxies for that information but I do think if there's an iterative after you get to a starting point so I do think knowing what the business question is first I know you gotta go but I want to ask your last question bring it back to the state where both Massachusetts residents and your services it sounds like you're picking off some some good wins with a through the fast ROI I mean you mentioned you know driver's license renewals etc how about procurement has procurement been a challenge from the state standpoint you are you looking at sort of the digital process and how to streamline procurement that is a conversation that the secretary what is currently in and I think it's a good one I don't think we have any any solutions yet but I think we have a lot of the issues that were struggling with but we're not alone all public sectors struggling with this type of procurement question so we're working on it all right last question there's quick thoughts on you know what you've seen here I know you're in and out but data-driven yeah it's a great theme it's a really exciting agenda there's people for all these different organizations and approaches to data-driven you know from movie executives and casting to era it's just really exciting to see the program it's Nate Claire thanks so much I'm coming on the queue thank you great to meet you okay keep it right there everybody we'll be back with our next guest right after this short break well the cube is here at data-driven day one special coverage we'll be right back

>> I'm Stu Miniman with theCUBE. And we're here at the Winslow Technology Group Dell EMC User Group and happy to have another user here at the event, Wayne Dunn, who's the SVP and CTO of HarborOne Bank. Wayne's, thanks so much for joining me. >> Happy to be here. >> All right, Wayne, tell us a little bit about HarborOne Bank, your role there, how long you've been there, what you work on. >> Sure, HarborOne Bank is the largest state-chartered cooperative bank in New England. I've been there about ten years in my role as senior vice president and chief technology officer. I'm responsible for all of the on-premise technology, as well as managing our hosted solutions that provide services to our customers. >> Yeah, I think back. I'm not a native New Englander, but when I moved up here, all the banks I belonged to eventually got merged into megabanks and things like that. So talk about yours. >> We actually started as a credit union. We're almost 100 years old, actually. We started as Brockton Credit Union and became HarborOne Credit Union. And then back three years ago, we became a bank. >> Okay. >> And now we're actually publicly traded on the NASDAQ. That happened a couple of years ago. >> Well, congratulations. >> Thank you. >> That's excellent. So the financial industry, undercompliance issues... >> Tremendous. >> Security is a major concern. You've been there ten years. Give us a little look back. What do you think about what you do today versus even five years ago? >> Sure. Going back five years ago, the main mission was really just to deliver those services to our customer. Of course, security was already a big part of what we did in terms of protecting customer information. But given what's happening in the cyber security realm these days, it's become a full-time job just focusing on cyber security, alone, and information security. It's a major part of what we do. >> Yeah, so it's interesting. I've talked to some very large financial institutions and they're like, "We're becoming software companies." And I was at the Amazon Show. There's a very large, well-known bank that gave away the Alexa Dots and they're doing skill sets. What's the role of technology in your company? How does all this digital transformation impact you? >> Really, it's providing a new level of service in the digital domain to customers that aren't traditional go-to-the-branch customers. We do have a large part of our customer base still wants to go into that branch, they have a personal relationship with that banker. But as you can imagine, we have younger customers that, they really just want that same level of service, but they want it provided through mobile banking, online banking. And they expect, as I said, that same level of service. So really the challenge today is to provide that level of service through our mobile application. And one of the nice things about the way technology has evolved is that in the past, only large financial institutions could provide the types of services that you see. Whereas today, because of the way technology's progressed, we've been able to provide that same level of service, those same types of technologies. And again, the examples are mobile banking with mobile deposit, or being able to instant issue a debit card for our customers in any one of our branch locations. >> Yeah, Wayne, can you give us... What's the dynamic between the business and the technology in your organization? >> Before I came to HarborOne Bank, I was in the consulting world in the technology consulting world. And one of the approaches I always took, as many people do in that world, is you need to have the business' stakeholders, they need to have ownership whenever you do any technology project. You can't do technology for technology's sake. It has to serve a business goal, a business mission. And I brought that same approach to HarborOne. So at HarborOne, when we approach technology, it's all of the stakeholders at the table, there's a business purpose for what we do, and the business, as well as the technologists, are driving the implementation, whatever it may be. And again, a good example of that is when we started to introduce our paperless account-opening process. We had people from our operations division, our retail division, as well as my technology division, sitting in a room and really going through what that meant. The interesting thing about the process was it became a process where it wasn't just about online account opening and instant issuing a debit card, it was about, "Hey, now that we look at this technology, we actually can use this technology to do account maintenance. Or we can take the paper processes we used to do, and we can change those over to an electronic process." So it really is always a collaborative effort with the business and with my technology group. >> Yeah Wayne, what brings you to this event? >> Well, first of all, the Winslow Group has been a big partner of HarborOne for many, many years. In fact, we were one of the first organizations that rolled out the Compellent SAN technology with them. One of the things I always try to do, along with my team, is to get out and explore, not only what's happening with technology that we use in terms of the road map, it's also about learning about new technologies and what we might be able to leverage as an organization to improve customer service. Right now, it's about taking a hybrid approach between on-prem and hosted solutions. That's something that we're really exploring in order to become more nimble, in order to be able to provide the support the business needs at any given time without having to ramp up or do a tremendous expenditure in terms of on-premise technology. So really, we're taking a look at how can we blend our solutions with hosted solutions to provide a better level of service. >> Yeah, so Wayne, understand, public cloud sounds like it isn't too much in the picture for you. But the service-provided hosted model, what do you look for? >> Mostly private cloud >> What are the challenges? >> And again, the challenges are really not so much around being able to provide the application or the support that we need. It truly is more around security, information security. As you know, here in Massachusetts, we have the Massachusetts data security laws. And any company that we deal with in terms of being a hosted provider, whether they're in the Commonwealth of Massachusetts or somewhere else in the country, they still need to assure us they comply with that same level of security when we deal with them. It's around making sure that they have the same protections, the same level of business continuity and data recovery, things of that nature. So those are the things we have to look for in a cloud provider. >> Yeah Wayne, I'm curious, as a CTO, how do things like, really, the digitization of money impact what you're doing. I think not only things like blockchain, but these days I know I'm using my phone to purchase things more. Cash seems way less in use. So what is that impact? >> And again, we're providing a lot of those technologies that allow you to do that. Our biggest challenge is that a lot of our competitors aren't banks. >> I know. >> They're not regulated the same way we are. So they have more flexibility in terms of, not only how they can market, but how they provide these services. So really it's more, the challenge is really in the competition. And technologies allow that as well, so. >> Alright Wayne, really appreciate you sharing what's happening in your business and how technology is impacting that. Loved digging in with all the practitioners here at the user group where they're learning from their peers. This is a WTG Dell EMC User Group and you're watching theCUBE.