(upbeat music) >> Live from San Francisco. It's theCUBE covering RSA Conference 2019, brought to you by Forescout. >> Hey welcome back everybody. Jeff Frick here with theCUBE. We're at RSA North America at the newly opened and finally finished Moscone Center. We're here in the Forescout booth, excited to be here. And we've got our next guest who's been coming to this show for a long, long time. He's Dan Burns, the CEO of Optiv. Dan, great to see you. >> Great to see you too, Jeff. Appreciate you having me on the show. >> So you said this is your 23rd RSA. >> Yeah, somewhere right around there. It's got to be and I don't think I've missed any in between. I've missed some Black Hats in there now and again but RSA is just one of those that that I feel like you got to go to. >> Right, right, so obviously the landscape has changed dramatically so we won't go all the way back 23 years. But in the last couple of years as things have really accelerated with the internet and IoT and OT and all these connected devices, autonomous cars. From a threat perspective and from where you sit in the captain's seat, what are you seeing? What are your, kind of your impressions? How are you helping people navigate this? >> Yeah I appreciate that question, Jeff. So it has changed dramatically. There's no doubt about it. So I got into security in 1996. And that was a long time ago so it's really in the infancy of security. And back in '96 when I remember really studying what security was, and by the way back then it was called information security. Now it's cyber security. But it was really straightforward and simple. There were probably two or three threats and vulnerabilities out there right? Some of the early on one so that's one part of the equation. The second part there were probably two or three regulations and standards out there. No more than that. And then when you went over to kind of the third part of the triad and you talk about vendors and technology there were maybe five or six right? You have McAfee, you have Check Point and you had some of the early, early stage companies that were really addressing kind of simplistic things, right? >> Right. >> Firewalling, URL filtering and things like that. And now you fast-forward to today and it's night and day, so much different. So today when we talk about threats and vulnerabilities there are hundreds of millions, if not billions, of threats and vulnerabilities. Number one, big problem. Number two, regulations standards. There's hundreds of them globally. And number three when you look at our great technology partners here and I think there's probably about 3,500 technology partners here on the floor today. Night and day >> Right. >> Nigh and day from '96 to 2019. And that's created a lot of issues, right? A lot of issues which I'm happy to talk about. >> Yeah, complexity and but you've been a great quote of one of the other things I saw doing the research for this interview. You talked about rationalization >> Yeah. >> and how does a CSO rationalize the world in which you just described because they can't hire their way out of it. They can't buy their way out of it. And at some point you're going to have to make trade-off decisions 'cause you can't use all the company's resources just for security. At the same time, you don't want to be in the cover of the Wall Street Journal tomorrow because you have a big breach that you just discovered. >> Yeah >> How do you help >> it's a balancing act >> How do you help them figure this, navigate these choppy waters? >> Yeah so we think Optiv is in a prime space to do that and place to do that. No doubt about it. So let's talk about the complexity that's out there. Now you look at the landscape. You look at the 25, 35 hundred different technology companies out there today. And when we talk to a typical client and we ask a question. How many vendors, how many OEMs do you have to deal with on an annual basis and the response, of course, depending on the size of the organization but let's just take your average small, mid-sized, enterprise client, the response is somewhere between 75 and 90 partners. And then of course we've got shot on our face. >> Just on the security side? >> Just on the security >> That's not counting all their CRM and all their >> That's not IT, that's not anything. That is just to solve >> 75? >> and build their own security programs. And the next response we get from them is we can't do it, we just can't do it. We spend about 90% of our time acting as if I'm the CSO right now, 90 plus percent of our time working with all of these wonderful, great technologies and partners just to establish those relationships and make sure we're going the right things by them and then by us. And so given this complexity in the marketplace, everything that's going on, it's just a prime scenario for what we call ourselves is a global cyber security solutions integrator, right? Being able to, for a lack of a better term, be the gatekeeper for our clients and help them navigate this complexity that's out there in the space. And so the value that we bring, I talk about it in terms of an equation, right? We're all mathematical in nature, typically people in cyber and so when I think about cyber, I think about equations. And the first equation I think abut is a very simplistic one. It's people, it's process and technology. And you need equal focus on all three of those parts of the equation to truly balance things in a matter where you're building a very effective security program. And historically CSOs have really leaned towards the technology side of that equation. >> Right. And now what we're seeing is a balance like we've got to worry about people, right? We've got to find people with that intelligence and knowledge and know-how and wherewithal, right? And we've got to find companies that have that process expertise, the processes, a means to an end. How do I get to a certain outcome? And so what we bring is the people process and technology. All sides of the equation with the ability in masses to help clients plan, build and run their entire security program or parts of it. >> So how, how is it changed with a couple things like cloud computing. >> Yeah. >> So now I'm sure the bad guys use the cloud just like the good guys use the cloud. So the type of scale and resources that they can bring to bear are significantly higher. Just the pure quantity of and variability using AI and machine learning and as we saw in the election really kind of simple Facebook targeting methods that most marketers use, that work at REI to get you to buy a sleeping bag if you looked at tents on your last way in. So how is the role of AI and machine learning now going to impact this balance? And then of course the other thing is all we see is so many open security jobs. You just can't hire enough people. They're just not there. So that's a whole kind of different level of pressure on the CSO. >> Yeah definitely no doubt about it. And there are few companies that can truly build that have enough budget to address cyber on their own. And those today are typically the large financial right? They're typically given massive budgets. >> Right. >> They have massive teams and they're able to minimize the partnerships and really handle a lot of their own stuff internally and go out for special things. But you look at the typical company, small, mid, even some of the large enterprise companies. No, they can't find the resources. They can't get the budget. They can't address everything. And to your point around digital transformation and what's going on in the world there. And that's probably what continues to support 3,500 technology companies out here. >> Right. >> Right? It's the continuous change >> Right. >> That we see in the industry every single day and of course cloud is one of the most recent transformations and obviously a real one which opens up other threat factors and other scenarios that create new vulnerabilities, and new threats and so that the problem just keeps getting bigger exponentially >> So you come in for another 20 years? Is that what you're saying? (laughing) >> How you're, come for another 20 years. I think though eventually, Jeff, I can remember I kind of poke fun at this a little bit. I can remember I think it was Palo Alto, there was a first company that said, hey we're a platform company. And I think that started happening whatever, it was roughly seven years ago. We're a platform company. And I can remember so many people kind of pooh-poohing that. Right, you're not a, nobody's a platform company. Fair enough, fair enough back then. But I'm going to say, fast-forward to today and that's what it's going to happen, have to happen in this industry, Jeff. >> Right, right. >> Eventually we will have to have some large platform companies that can address multiple things within a client's environment, right? And then there will always be the need to to fill gaps with some of the other great new emerging technologies out there so maybe we won't have 3,500 vendors in ten years. Maybe it's 2,000 so there will be consolidation. There will be the platform play >> Right. >> that happens. >> But then you have the addition of public cloud, right? So now a lot of, a lot of infrastructures, they've got some stuff in public cloud. They still have some stuff on their data center, right? So this is kind of hybrid world. Then you add the IoT thing and the OT connectivity back to the IT which is relatively new. So now if you've got this whole other threat factors that you never had to deal with before at all. It's the machines down on the factory floor. You had been pumping out widgets for a long time that are suddenly connected the infrastructure. So the environment that you're trying to apply security to is really evolving at a crazy pace. >> That is, it's a great industry to be in. (Jeff laughs) Every day I wake up, pitch myself I think all our guys do. >> Right. >> What's amazing, I don't see that slowing down, right? So I think that's why some of that balance continues to be there in the future. One of the things that we're seeing in our industry is companies really trying to take this inside-out approach as opposed to this outside-in approach. And I'll tell you the difference. The outside-in approach is it's all of this chaos, right? It's all the chaos that's behind us and we see it right here. It's everybody telling you what you need >> Right. >> and you build it, you building a security program around what's being fed to you externally as opposed to really taking a step back looking at your organization understanding what your company's initiatives and priorities are, right? And your own company's vision, mission and strategy. And I tell people all the time, I don't care if they're part of our company or any company, first thing you should do is understand the vision and the mission and the strategy of the organization you work for. And so that's part of the inside-out approach. Understanding what your company is trying to accomplish and is a security practitioner really wrapping your arms in your mind around that and supporting those initiatives and aligning your security initiatives to the business initiatives >> Right. >> And then doing it through a risk management type of program and feeding that risk management dashboard and information directly to the board >> Right. >> So. >> So I'm curious how the how you approach the kind of the changes now we have state-sponsored attackers. And how, what they're trying to get and why they're trying to get it has maybe changed and the value equation on your assets, that clearly some assets are super valuable and for some information and some things that are kind of classical but now we're seeing different motivations, political motivations, other types of motivations. So they're probably attacking different repositories of data that you maybe didn't think carry that type of value. Are you seeing >> Yeah. >> kind of a change in that both in the way the attacks are executed and what they're trying to get and the value they're trying to extract then just kind of a classic commercial ransomware or I'm just going to grab some money out of your account. >> Yeah I think, I think you are right. And it kind of goes back to the earlier part of the conversation, the number of devices that the attackers can attack are almost infinite right? >> Right. And especially with the edge right? With IoT it's created this thing we call the edge. Devices on street lights. Devices on meters. Devices here, devices there. >> Right, right. >> So the number of devices they can go for is ever increasing, right? which continues to support the need >> Right. and the cause that we all are a part of. And in the ways they're going to do that is going to change as well. There's no question about it. Yeah, so we've seen different ways of doing it. Yes there's no question about it. Back to the state-sponsored it's kind of stuff the way I look at cyber and probably one of my biggest personal concerns is I think about us, people and family right? We all have family is that cyber and ultimately cyber warfare has created this levity, or equalness in terms of countries, right? Where a country like the U.S. or Russia or somebody with massive resources around physical weapons are now no longer necessarily as powerful as they were. So brevity it's just created this field, leveling playing field. So countries like North Korea, countries like Afghanistan and others have a new opportunity to create a pretty bad situation. >> Right, right. And we haven't seen cyber warfare quote and unquote yet. We would call it something a little because they haven't really used it as a mass weapon of destruction but the threat of that being there >> Right. is creating a more of a even playing field. >> Right. >> And that's one of my biggest concerns like what's the next step there. >> Right, and the other thing is really the financial implications. If you don't do it right, it's beyond being embarrassed on the Wall Street Journal. But right GDPR regulations went into place last year. It's now the California data privacy law that's coming into place. >> Yeah. >> People are calling it kind of the GDPR of California. And that may take more of a national footprint as time moves on. It's weird on one hand we're kind of desensitized 'cause there's so many data breaches right? You can't keep track. We don't actually flip past that page on the wall. >> I can't keep track. But on the other hand there is this kind of this renewed, kind of consumer protection of my data that's now being codified into law with significant penalties. So I wonder how that plays into your kind of risk portfolio strategy of deciding how much to invest. How much you need to put into this effort because if you get in trouble, it's expensive. >> Yeah it is. So can be and it will be and it will get even more expensive. And we're still waiting for the lawmakers to levy some pretty heavy fines. We've seen a few but I think there's going to be more and I think you do have to pay more attention to regulations and compliance. But I think it is a balancing act. Back to our inside-out approach that I was talking about. A lot of companies when PCI came out, as you know, Jeff, a lot of companies were guiding their security program by PCI specifically >> Right. >> and only, and that's a very outside-in approach, right? That's not really accounting for the assets that you were talking about earlier. Not all of them. >> Right. >> Some of them. And so I think that's a great point, right? As a CSO, the first thing you've got to understand is what are your assets? What are you trying to protect? >> Right. And our friends here at Forescout do a great job of giving you the visualization of your network, understanding what your assets are. And then I think the next step is placing a dollar value on that. And not many people do that, right. They're, oh here's my assets. >> You're paying >> This one's kind of important >> This one's kind of important. But to get buy-in from the rest of your organization, you need to force the conversation with your counterparts, with your CFO, with your CMO, with anyone who's a partial owner of those assets >> Right. and make them put a dollar amount on. How much do you think that the data on the server is worth? How much do you think the data on this server, how much do you think, and inventory that is part of the asset inventory. And then I think you've got a much better argument as it relates to getting budget and getting buy-in. >> Right. >> Getting buy-in. And I see it a lot where CSOs tend to be, most tend to be a little bit introverted right? >> Right. >> They'd rather hang out there on the second floor and be there with their team. Take a look at the latest threats. Take a look at what's going on, with their (coughs) logs and their data and trying to solve really critical problems. But my recommendations to CSOs is man, build tight relationships across the entire organization and get out there, be out there, be visible. Get buy-in. Do lunch and learns on why cyber is so critical and how our employees can help us on this journey. >> Right, right. Dan you trip into a whole other category that we'll have to leave for next time which is, what is the value of that data 'cause I think that's changed quite a bit over the last little while. But thanks for taking a few minutes >> Absolutely, Jeff. and hopefully have a good 23rd RSA. >> Thank you very much. >> All right. >> I appreciate it. >> He's Dan, I'm Jeff. You're watching theCUBE. We're at RSA in North America at Moscone at the Forescout booth. Thanks for watching. See you next time. (upbeat music)

>>from around the globe. It's the Cube with coverage of Yukon and Cloud. Native Con North America 2020 Virtual brought to you by Red Hat The Cloud Native Computing Foundation and Ecosystem >>Partners Everyone welcome back to the cubes. Coverage of Coop con Cloud, native con North America 2020. Normally the Cuba's in person. But like the EU event, this is gonna be a remote virtual event. This is the Cube virtual. We are the Cube Virtual. This is a keynote and show review with our analysts and hosts Lisa Martin, GOP Scar and myself. Guys, welcome to the program. Lisa, Great to see you. You great to see you remotely. Thanks for coming on. >>Always great to be part of the Cuban acute virtual keeping us connected. >>So Coop Con Cloud Native cons November and I remember in 2016 the first Coop Con. That's when Hillary Clinton got defeated by Trump. And now this year the election's passed this time and, uh, Biden the winner. So, you know, election more good vibes this year in the community because everyone was kind of sad last time. So if you remember the first Cube con, it was in Seattle during that time, so that was important to kinda reminisce on. That other thing I want to bring up to you guys is the somber news of the passing of Dan Con who was the executive director of C N C F. He passed a few weeks ago on his home. It was illness and great legend. So we're gonna call that out, and there are thoughts and prayers. Go with the families. Condolences to his wife and kids. So what? I'm say, Dan. Godspeed. Funny dance story, Lisa. Yo, piece that I always always pronounce his name wrong on the queue was like, John, it's con, not Cohen. Okay. All right, Dan, Good to see you. Sorry, but a great guy friend to everyone And super great human being. So rest in peace. Okay. Que con, I >>think the big thing. >>This you wanna get your thoughts, you have to start with you, C and C F. What are they up to? Obviously remote. It's been a terrible year with the pandemic and all the disruptions on DCI change your thoughts on where they are now, this year. >>So you know, it's funny, even though it's remote. Even though reaching people, it's become harder. Uh, you know, we all have to deal with this from our you know, our living room, our office at home. But still, the C in C F is doing what it's been doing for a little while now. So instead of focusing on the technology part of RT world, there are focusing on you know, the community side of it. So they're fighting for inclusivity. They're fighting for diversity, for resilience in terms off their community. And they are really working on making the open source community more accessible, both for end user companies. A swell as offer developers thio enter the space, have their contribution and, you know, make sure that everyone can reap the full benefits off these open source products. >>You know, we talked to Priyanka Sharma and Stephen Augustus, and this was a big theme. There's there's been there's been a lot of engagement online, obviously, even though they have a remote platform, some people are thrilled with it. Some aren't. No one's ever happy these days. It's on the Web. It's always difficult, but the community been activated and a lot more diversity. I covered the big story around. You know, Master slave. The terminology now is gonna go main, you know, terminology and how that's gonna be safer. Also for diversity stem women in tech, This >>has been >>a big theme. I'd love to get your thoughts on that, because I think that's been a very positive thing. Uh, Lisa, you and I have been talking about this for years on the Cube around this diversity peace. What's your thoughts as well, like to get both your reactions on where this directions going. >>Yeah. You know, I think there's a number of things that have been catalyzed this year by the challenges that we've been through and the diversity pushed into the spotlight again. The spotlight is different, and it's really causing change for good. I think it's opening people's minds and perspective, as is, I think, this entire time, you know, it's for events like Yukon and all the other events that were normally getting a lot of airline miles for John and you were not getting. We're sitting at home with our in home studios, but at the same time, the engagement is increasing in every event, I imagine that the great Q. Khan and cognitive community that Dan Cohen has built is on Lee getting bigger and stronger, even though folks are physically separated. That's been just been my observation and something I felt from everything show I've covered every interview I've done that diversity is being raised now to a visibility level that we haven't seen in terms of a catalyzing action. >>You your reaction, Thio. >>No, I completely agree. And I want to add to that where you know, just like Lisa said. You know, we used to fly to these events. We were privileged and lucky to to be there to have the opportunity. But because everything is now digital and virtual, it opens the community up to so many other people who, for whatever reason, weren't able to join in person but are able to join virtually indigenously. So I think you know, even though there's a lot of downsides Thio to this pandemic, this is one of the, you know, the small nuggets of off seeing the sea NCF community opening up to a broader audience. >>Yeah, and that's a great point. You know, we aren't getting the airline miles we're getting Certainly the zoom and the cube mileage remote Lisa, because what's interesting you're saying is is that you know, we're getting more action with him coming in, doing some or hosting yourself, um, Eliana Gesu as well, Others. But we can get people more because remember, the people aren't we're not trying, but so aren't other people that were coming the big names, but also the fresh voices, the new names, names? We don't know yet. I think that's what we're seeing with the remote interviews is that it's one click away from being on the Cube now. So cute. Virtual is 24 73 65 we're gonna continue to do that. I think this is gonna change the makeup of the engagement in the conversation because you're gonna have mawr participation that's going to be highly accelerated. But also, these new voices are gonna bring a positive change. It might upset the hierarchy a little bit in the working groups at the top you, But you know they're open. I mean, I talked with Stephen Augustus. He's totally cool with this Chris, and I check is the same way he's like, Hey, bring on more people. This is the >>This is >>the vibe of the of the Lennox foundations always been. >>It's always been that way. And, you know, going back Teoh to the early open source events in Europe that I went to you. I started doing that as a teenager 15 years ago, and the vibe, you know, hasn't necessarily changed. The makeup of the audience certainly has changed right from it, being dominated by white males. It's totally opened up. And, you know, if we see that happening with the C N C F now as well, I think that's for you know, for the better. I think, um, our community, the i t community in the open source community need that resilience. Need all of those different perspectives from all of you know, different kinds of people from different walks of life with different histories. And I think that only makes the community stronger and more viable in the long run. I >>agree it's that >>open source needs. >>Sorry, it's not thought diversity that I think we're seeing even more now again. Just my perspective is just that the light that this challenging time is shining on, exposing things that are really opportunities and it's I think it's imperative to look at it in that way. But that thought diversity just opens up so many more opportunities that folks that are maybe a little bit more tunnel visioned aren't thinking of. But for businesses, thio and people Thio thrive and move forward and learn from this we need to be able Thio, take into consideration other concepts, other perspectives as we learn and grow. >>Yeah, that's a good point. You know, It was giving a a shout out to Dan Conn. And when I heard the news, I put a clip. One of my favorite clips over the interviews was really me kind of congratulating him on the success of C and C. I think it was, like two years ago or maybe last year. I forget, Um, but I >>was a >>critic of it ever initially, and I was publicly on the record on the Cube. Lisa, you remember, uh, with Stew, who's now having a great new career? Red hat Still and I were arguing, and I was saying, Stew, I think this is gonna fail, because if c. N. C F doesn't balance the end user peace with the logos that we're coming because remember, you about four years ago. It was like a NASCAR logo. Farmers like you know, it's like, you know, everything was like sponsored by Google this and then Amazon came in. You look at the sponsor list. It was like It's the who's who and cloud and now cloud native. It was the industry the entire industry was like, stacked up against reinvent. This is before Amazon made their move. I mean, uh, as your maid, they're moving for Google. Cloud kind of got their footing. So is essentially coop con against a W s. And I said, That's gonna fail, and I had to eat my words, and I did. It was rightfully so, But the balance, the balance between end user projects and vendor was very successful. And that's still plays out today. Lisa. This is important now because you said pandemic de ecosystem still needs to thrive, but there's no face to face anymore. >>What's the >>challenge? What's the opportunity there? I wanna put you on the spot. >>Sure. No, I think I think it's both challenging and opportunistic. I tend to look at it more from an opportunistic view. I think that it forced a lot of us, Even people like myself who worked from home a lot before, when I wasn't traveling for my marketing company or the Cube. You can really have very personal interactions. The people on Zoom and I found that it's connecting people in a deeper way than you even would get in the office. That's something that I actually really appreciate, how it has been an opportunity to really kind of expand relationships or toe open new doors that wouldn't be there if we were able to be studying together physically in person. And it's obviously changing. You know, all the vendors that we work with. It's very different to engage an audience when you are on Lee on camera, and it's something that, as we know, is we work with folks who haven't done it before. That's one of the things that I think a lot of the C suite I talked to Mrs is that opportunity Thio. You know, be on a stage and and be able to show your body language and your energy with your customers and your partners and your employees. But I actually do think that there is what we're doing through Zoom and and all these virtual platforms like the Cube virtual is well, we're opening up doors for a more intimate way that I think the conversations are more authentic. You know, people are have, like, three year old Discover occurs and they're running in the room when they're screaming behind that. That's how things are today. We're learning toe work with that, but we're also seeing people in a more human >>way. Containers Mitch, mainstream and shifting, left the role of security this year. What's your >>take? So I mean, if we're talking about security and nothing else, I think we're at a point where you know, the C N C. F has become mainstream. Its most popular products have become mainstream. Um, because if we're talking about security, there's, you know, not a lot left. And I say that with, you know, a little bit of sarcasm. I don't mean to offend anyone, but if I did, uh, I do apologize, but, you know, security. Even though it is super important again, it means that we have, you know, moved on from talking about kubernetes and and container Management, or we've moved on from storage. Um, it means that the technology part of the C N. C. F. Like the hard work has been done for 80%. We're now into the 20% where we're kind of, you know, dotting the I's and and making sure that we cover all of the bases. And so one of the news sandbox sandbox projects that has been accepted, I think, today even eyes certain Manager Thio to manage certificates Uh, you know, at scale, um, in an automated fashion. And I think that's, you know, 11 prime example of how security is becoming the theme and kind of the conversation at Yukon this year where, you know, we're again seeing that maturity come into play with even with sandbox projects now being able to help customers help end users with, you know, certificates which is, you know, in in the the macro picture a very specific, a very niche thing to be able to solve with open source software. But for every company, this is one of those vital, you know, kind of boilerplate security measures so that the, um the customer and all of their infrastructure remains safe. >>I think you what You're kind of really articulate, and there is the evolution of CNC off much to John Surprises. You said you thought in the very beginning that this wasn't gonna take off. It has. Clearly, Dan Cohen's left a great legacy there. But we're seeing the evolution of that. I do know John. Wanna ask because you did a lot of the interviews here. We've been talking for, what, nine months now on the Cube Virtual about the acceleration of transformation, of every business to go from that. Okay, how do we do this work in this in this weird environment? Keep the lights on. How do we actually be successful and actually become a thriving business? As things go forward, what are some of the things that you heard from the guests regarding? Kobe has an accelerator. >>Well, I think I think a couple of things. Good. Good question. I think it ranges. Right. So the new They had some news that they're trying to announce. Obviously, new survey certifications, K a security certification, new new tech radar support, diversity stats. You know, the normal stuff they do in the event, they gotta get the word out. So that was one thing I heard, but on the overall macro trend. You know, we saw the covert impact, and no >>one's >>afraid of it there. I mean, I think, you know, part of the legacy of these tech communities is they've been online. They're they're used to being online. So it's not a new thing. So I don't think that the work environment has been that much of a disruption to the people in the in the core community. Linux Foundation, for instance, had a great shot with Chris and a sticker on this. He's the CTO. He's been the CEO, brought a senior roles. Um, in fact, they're they're creating a template around C N C f. And then they're announced The Finn Finn Ops Foundation. Uh, Jr store meant, um, is an executive director. That's part of the new foundation. It's a practitioner community. So I think, um, teasing out the conversation is you're gonna see a template model of the C N. C f. Where you're going to see how groups work together. I think what cove? It has definitely shown in some of the things that you guys were saying around how people are gonna be more engaged, more diversity, more access. I >>think you're >>gonna start to see new social constructs emerge around distinct user groups. And I think this Finn ops Foundation is a tell sign around how groups of people going to start together, whether they're cube host coming together on Cube fans and cube alumni. I mean, let me think about the alumni that have been on the Cube. Lisa, you know Tim Hopkins, Sarah Novotny. Chelsie Hightower. Um, Dan Burns, Craig MK Lucky. I mean, we've had everybody on that's now Captain of the industry. So, um, way had capital one we've had, uh, you know, lift on. I mean, it's becoming a really tight knit. Everyone knows each other, and I think now they realize that they have a lot of, uh, power to infect change. And so when you're trying to affect change, um, that's a good thing, and people are pumped about. So I think the big focus was, um, CNC have a successful again. It's there's there's a somber note around Dan cons passing, but I think he had already moved on to a new position. So he was already passed the baton to management, But he did leave a mark, but I think there's Priyanka Sharma. She's doing a great job. People are upbeat and I think the theme is kubernetes. It happened. It's went next level, then it's going next level again and I think that's kind of what people really aren't saying is kind of the public secret, which is okay, this thing's going mainstream. Now you're gonna start to see it in, in, In commercial deployments. You're gonna start to see it scale into organizations. And that's not the cool kids or the Emerging Dev ops crowd. That's I t. So you know you know it's gonna happen is like, Hey, you know, I'm a nice guy, our developer. What is this? It has toe work. Well, that's the big I think I think people weren't talking about That's the most important story. >>I think another element to that John is the cultural shift. You know, we were talking when we talk about Dev ops who was think about speed and I talked to some folks who said, You know, it's it has to be the I T. Cultures on the business cultures coming together in a meaningful way to collaborate in a very new way. Thankfully, we have the technology to enable us to collaborate. But I think that's been another underlying thing that I've heard a lot through recent times. Is that that facilitator of of cultural change, which is always hard to dio? And there's a bit of a catalyst here for organizations to not just keep the lights on. But to be successful, going forward and and and find new ways of delighting their customers, >>we'll get the final word. I just want to say my big take away to the show is and we'll go down the line. I'll start Lisa in Europe, you could go is the usage of cloud and multi cloud is here. Everyone sees that. I think there's a financial aspect going on with security. You're gonna be tied in. I think you see new sets of services coming built on the foundation of the C N C F. But cloud and multi cloud is here. Multi cloud meeting edges. Well, that is definitely on everyone's radar. That was a big theme throughout the interview, so we'll see more of that. Lisa, your takeaways. >>Yeah, I would agree with that. And I think one of the biggest things that I hear consistently is the opportunities that have been uncovered, the the collaboration becoming tighter and folks having the opportunity to engage more with events like Coop Con and C and C F. Because of this virtual shift, I think there's only ah lot of positive things that we're going to stay to come. >>Yep. Yeah, my point of view is I mean, open source is validated completely right? It's a viable model to build around software. On the one hand, on the other hand, the C and C s role in making that open source community broadly accessible and inclusive is, I think, the biggest win Thio look back at at the last year. >>Well, I'm super excited for moving on to the next event. It's been great pleasure. Lisa. You you guys are great co host Virtual Cube. Thanks for participating. And we'll see you next time. Thank you. Okay, that's the cubes. Coverage of Coop con 2020 cloud Native con Virtual This the cube Virtual. We are the cube. Virtual. Thanks for watching

>> live from Boston, Massachusetts. It's the Cube covering AWS reinforce 2019. Brought to you by Amazon Web service is and its ecosystem partners. >> Okay, welcome back. It was two cubes. Live coverage in Boston, Massachusetts, for Amazon Web services reinforces A W s, his first inaugural conference around security, cloud security and all the benefits of security vendors of bringing. We're here with a man who runs the marketplace and more. Dave McCann Cube, alumni vice president of migration, marketplace and control surfaces. That's a new tail you were that you have here since the last time we talked. Lots changed. Give us the update. Welcome to the Cube. >> Great to be back, ma'am. Believe it's seven months of every event. >> Feels like this. Seven years. You know, you've got a lot new things happening. >> We do >> explain. You have new responsibility. You got the marketplace, which we talked about a great product solutions. What else do you have? >> So we've obviously been expanding our service portfolio, right? So either us is launching. New service is all the time. We have a set of service is a road in the migration of software. So I run. No, the immigration Service's team and interesting. We were sitting in Boston, and that's actually headquartered 800 yards down the road. So there's a set of surfaces around the tools to help you as a CEO. Move your applications onto the clothes. Marketplace is obviously where we want you to find short where you need to buy. And then once you get into the topic of governance, we had one product called Service Catalog and reinvent. We announced a new product. That was a preview called Control. Yesterday we went to G A full availability off control, Terror and Control term service catalog together are in the government space, but we're calling them control service is because it's around controlling the access off teams to particular resources. So that's control service. >> What people moving into the cloud and give us a sense of the the workload. I know you see everything but any patterns that you can see a >> lot of patterns and merging and migration, and they are very industry specific. But there are some common patterns, so you know we're doing migrations and frozen companies were weighed and professional service is run by. Todd Weatherby is engaged in hundreds of those migrations. But we also have no over 70 partners that we've certified of migration partners. Migration partners are doing three times as many migrations as our old professional service is. Team are doing so in collection. There's a lot going on there, one of the common patterns. First of all, everybody is moved a Web development other websites have done. They're all running on the AWS know what they're doing is they're modernizing new applications. So the building in Europe or bring enough over moving onto containers. So it was a lie that ran on a sever server on. As they move into the clothes, they're gonna reshape the throw away. Some of the court brief the court up into micro service is on. Deploy out, Let's see on E. C s, which is continuing. There's a lot of application organization, and then on the migration side, we're seeing applications clearly were migrating a lost a lot of ASAP. So the big partners like Deloitte and Accenture are doing a C P migrations, and we've done a lot of ASAP migrations. And then there are other business applications are being moved with particular software vendors. You know there's a company here in Boston called Pegasystems. They do a world leading workflow platform. We've worked with Pagan, and we have migrated loss of paga warped floors in dozens of paying customers up on the float. >> You innovated on the marketplace, which is where people buy so they can contract with software. So now you got moving to the cloud, buying on the cloud, consuming the cloud and then governing it and managing that aspect all under one cohesive unit. That's you. Is that good? >> Yeah, it's a good way to think about it. It's a san of engineering teams with Coleman purpose for the customer. So you know, one of the things we do AWS is we innovate a lot, and then we organize the engineering teams around a common customer needs. So we said, above all of the computer stories service is on. We pay attention to the application layer. We described the application, So if you think of a migration service is says, I've actually got a service called Discovery, I crawl over your servers and I find what you have way. Then what we do is we have a tool that says, Are you gonna bring and move the till. So you have to build a business case. We just bought a company in Canada called TSA Logic. They had a Super Two for building a business case that said, what would this absolutely running with either of us. >> So is the need of the business case. What's the courtney that you guys have focused on? What was that? >> So, interestingly, we run more Windows Server and the clothes when Microsoft. So you actually have to business keys here. So many windows servers are running on print. What does it look like when a run on either the U. S. And T s so logic? Really good, too. And we find our customers using it. That says, Here's your own prim Windows server configuration with an app on run the mortal What would it look like when it runs on AWS? >> But why would you just do that with a spreadsheet? What? What is the T s so logic do that you couldn't do especially >> well? First of all, you want to make a simple too Somebody has to go run a spreadsheet. They've turned it into a tool that a business years Ercan used a sales person you could use on. They've built on top of a database. So it's got a rich set of choices. You are richer than you put in. A special with a U IE is intuitive, and you're gonna learn it in 20 minutes. I'm not gonna have you made up >> this date in their best practice things like that that you can draw a library >> of what's going down, and it keeps the data store of all the ones we've done. So we're turning that into two. Were giving Old Toller solution architect. >> Well, you got a good thing going on with the marketplace. Good to see you wrapping around those needs there. I gotta ask for the marketplace. Just give us the latest stats. How many subscriptions air in the marketplace these days? What's the overall number in the marketplace? It's >> pretty exciting. Way decided just at San Francisco to announce that we now have over 1,000,000 active subscriptions in the marketplace, which is a main boggling number on its own 1,000,000 subscriptions. Ice of Scrape. Within those subscriptions, we've got over 240 foes and active accounts, you know, and the audience doors you could be an enterprise with 100 cases and in an enterprise. What we typically see is that there are seven or eight teams that are buying or using software, so we'll have seven or eight accounts that have the right to subscribe. So you could be a one team and you're in another team you're buying B I tools. You're buying security tools. So those accounts on what? We're announcing the show for the first time ever. Its security is we have over 100,000 security subscriptions. That's a while. That's a big number. Some companies only have 100 customers, and the market, please. Our customers are switched on 100,000 security. So >> many product listings is that roughly it's just security security. At 300 >> there's over 100 listings. Thing is a product with a price okay on a vendor could be Let's see Paolo off networks or crowdstrike or trains or semantic or McAfee or a brand new company like Twist located of Israel. These companies might have one offer or 20 offers, so we have over 800 offers from over 300. Vendors were having new vendors every week. >> That's the next question. How many security app developers are eyes? Do you have over 300? 300? Okay. About 100. Anyway, I heard >> this morning from Gartner that they believe that are over 1000 security vendors. So I'm only 30% done. I got a little work >> tonight. How >> do you >> govern all this stuff? I was a customer. Sort of Make sure that they're in compliance. >> Great question. Steven Smith yesterday was talking about governance once she moved things on the clothes. It's very elastic. You could be running it today, not running a tomato, running it in I d running in Sydney. So it's easy to fire up running everywhere. So how did the governance team of a company nor watch running where you know, you get into tagging, everything has to be tagged. Everything has to have a cord attached to it. And then you do want to control who gets to use what I may have bought about a cuter appliance. But I don't know that I gave you rates to use it, right, so we could have border on behalf of the company. But I need to grant you access. So we launched a couple of years ago. Service catalog is our first governance to and yesterday we went into full release over new to call the control tower. >> Right. What you announced way reinvents >> preview. And yesterday we went to Jenny. What control does is it Natural Owes me to set up a set of accounts. So if you think of it, your development team, you've got David Kay and tested and the product ain't your brand new to the company. I'm a little worried. What, you're going to get up. You >> don't want to give him the keys to the kingdom, >> so I'm actually going to grant you access to a set of resources, and then I'm gonna apply some rules, or what we call God reels is your brand. You you haven't read my manual, you're in the company. So I'm gonna put a set of God reels on you to make sure that you follow our guide length >> Just training. And so is pressing the wrong button, that kind of thing. So I gotta ask you I mean, on the buying side consumption. I heard you say in a talk upstairs on Monday. You have a buyer, buyer, lead, engineering teams and cellar Let engineering, which tells me that you got a lot of innovation going on the marketplace. So the results are obviously they mention the listings. But one of the trends that's here security conference and it was proper is ecosystems importance in monetization. So back in the old days, Channel partners were a big part of the old computer industry. You're essentially going direct with service listings, which is great. How does that help the channel? Is there sinking around channel as a buyer opportunity? How do you How does that work with the market? Is what your thinking around the relationship between the scale of a simplicity and efficiency, the marketplace with the relationships the channel partners may have with their customers? And how do you bridge that together? What's the thinking >> you've overstayed? Been around a long time? >> Uh, so you have 90 Sydney? Well, the channels have been modernizes the nineties. You think about a >> long time. It's really interesting when we conceived Market please candidly. Way didn't put the channel in marketplace, and in retrospect, that was a miss. Our customers are big customers or small customers. Trust some of the resellers. Some resellers operates surely on price. Some resellers bring a lot of knowledge, even the biggest of the global 2000 Fortune 100. They have a prepared advisor. Let's take a company record. You often got 700 security engineers that are blue chip companies in America trusts or they buy the software the adoptive recommends. So mark it, please really didn't accommodate for Let's Pick another One in Europe, it would be computer center. So in the last two years we've dedicated the data separate engineering team were actually opened up. A team in a different city on their sole customer is a reseller. And so we launch this thing called Consulting Partner Private offer. And so now you're Palo. Also, for your trained, you can authorize active or serious or s h I to be the re sailor at this corporation, and they can actually negotiate the price, which is what a role resellers do. They negotiate price in terms, so we've actually true reseller >> write software for fulfillment through the marketplace. Four partners which are now customers to you now so that they could wrap service is because that's something we talk to. People in the Channel number one conversation is we love the cloud. But how do I make money and that is Service is right. They all want to wrap Service's around, So okay, you guys are delivering this. Is that my getting that right? You guys are riding a direct link in tow marketplace for partners, and they could wrap service is around there, >> will you? Seeing two things? First of all, yes. We're lowering the resale of to sell the software for absolutely. So you re sailor, you can quote software you build rebuild for you so that I become the billing partner for a serious or a billing partner for active on active can use marketplace to fulfill clothes software for their customers. Dan Burns to see you about pretty happy. You crossed the line into a second scenario, which is condone burns attached. Service is on. Clearly, that's a use case we hear usually would we hear use cases way end up through feeling that a little, little not a use case I have enabled, but we've done >> what you're working on It. We've had what the customer. How does the reseller get into the marketplace? What kind of requirements are there. Is it? Is it different than some of your other partners, or is it sort of a similar framework? >> They have to become an approved resale or so First of all, they have to be in a peon partner. I mean, we work tightly with a p N e p M screens partners for AWS. So Josh Hoffman's team Terry Wise, his team, whole part of team screen. The reseller we would only work with resellers are screened and approved by the PM Wants the AP en approved way have no set up a dedicated program team. They work with a reseller with trained them what's involved. Ultimately, however, the relationship is between Splunk in a tree sailor, a five and a three sailor named after a tree sailor or Paulo trend or Croat straight. So it's up to the I S V to tail us that hey, computer centers my reseller. I don't control that relationship. A fulfillment agent you crow strike to save resellers, and I simply have to meet that work so that I get the end customer happy. >> So your enabler in that instance, that's really no, I'm >> really an engine, even team for everybody engineer for the Iast way, engineer for the buyer. And they have to engineer for the re. So >> you have your hands in a lot of the action because you're in the middle of all this marketplace and you must do a lot of planning. I gotta ask you the question and this comes up. That kind of put on my learning all the Amazon lingo covering reinvent for eight years and covering all the different events. So you gotta raise the bar, which is an internal. You keep innovating. Andy Jassy always sucks about removing the undifferentiated heavy lifting. So what is the undifferentiated heavy lifting that you're working toe automate for your customers? >> Great questions. Right now there's probably three. We'll see what the buyer friction is, and then we'll talk about what the sale of friction is. The buyer frustration that is, undifferentiated. Heavy lifting is the interestingly, it's the team process around choosing software. So a couple of customers were on stage yesterday right on those big institutions talked about security software. But in order for an institution to buy that software, there are five groups involved. Security director is choosing the vendor, but procurement has to be involved. Andre. No procurement. We can't be left out the bit. So yesterday we did. The integration to Cooper is a procurement system. So that friction is by subscribing marketplace tied round. Match it with appeal because the p O is what goes on the ledgers with the company. A purchase order. So that has to be a match in purchase order for the marketplace subscription. And then engineers don't Tidwell engineers to always remember you didn't tag it. Hi, this finance nowhere being spent. So we're doing work on working service catalog to do more tagging. And so the buyer wants good tagging procurement integrated. So we're working on a walk slow between marketplace service catalog for procurement. >> Tiring. So you've kind of eliminated procurement or are eliminating procurement as a potential blocker, they use another. Actually, we won't be >> apart for leading procurement. VPs want their V piece of engineering to be happy. >> This is legal. Next. Actually, Greek question. We actually tackled >> legal. First, we did something called Enterprise Code tracked and our customer advisory board Two years ago, one of our buyers, one of our customers, said we're gonna be 100 vendors to deploy it. We're not doing 100 tracks. We've only got one lawyer, You know, 6000 engineers and one lawyer. Well, lawyers, good cord is quickly. So we've created a standard contract. It take stain to persuade legal cause at risk. So we've got a whole bunch of corporations adopting enterprise contract, and we're up to over 75 companies adopting enterprise contract. But legal is apartment >> so modernizing the procurement, a key goal >> procurement, legal, security, engineering. And then the next one is I t finance. So if you think of our budgets on their course teams on AWS, everything needs to be can become visible in either of US budgets. And everything has become visible in course exporter. So we have to call the rate tags. >> I heard a stat that 6,000,000 After moving to the cloud in the next 6,000,000 3 to 5 years, security as a focus reinforces not a summit. It's branded as a W s reinforce, just like reinvents. Same kind of five year for security. What's your impression of the show so far? No, you've been highly active speaking, doing briefing started a customer's burn, the midnight oil with partners and customers What's that? What's your vibe of the show? What's your takeaway? What's the most important thing happening here? What's your what's your summary? >> So I always think you get the truth in the booth. Cut to the chase. I made a customer last night from a major media company who we all know who's in Los Angeles. His comment was weeks, either. These expectations wasn't she wanted to come because he goes to reinvent. Why am I coming to Boston in June? Because I'm gonna go to reinvent November on this. The rates of security for a major media company last night basically said, I love the love. The subject matter, right? It's so security centric. He actually ended up bringing a bunch of people from his team on, and he loves the topics in the stations. The other thing he loved was everybody. Here is insecurity, reinvent. There's lots of people from what's the functions, But everybody here is a security professional. So that was the director of security for a media company. He was at an event talking to one of the suppliers, the marketplace. I asked this president of a very well known security vendor and I said. So what's your reaction to reinforce? And he said, Frankly, when you guys told me it was coming, we didn't really want the bother. It's the end of the quarter. It's a busy time of year. It's another event, he said. I am sure glad we came on. He was standing talking to these VP of marketing, saying, We want to bring more people, make sure, So he's overjoyed. His His comment was, when I go to Rio event 50,000 people but only 5% of their own security. I can't reinforce everybody's insecurity >> in Houston in 2020. Any inside US tow? Why Houston? I have no clue what I actually think >> is really smart about the Vineyard, and this is what a customer said Last night. I met a customer from Connecticut who isn't a load to travel far. They don't get to go to reinvent in Vegas. I think what we did when we came to Boston way tapped into all the states that could drive. So there are people here who don't get to go to reinvent. I think when we go to Houston, we're going to get a whole bunch of takes its customers. Yeah, you don't get a flight to Vegas. So I think it's really good for the customer that people who don't get budget to travel >> makes sense on dry kind of a geographic beograd. The world >> if we're expanding the customers that can learn. So from an education point of view, we're just increase the audience that we're teaching. Great, >> Dave. Great to have you on. Thanks for the insights and congratulations on the new responsibility as you get more coz and around marketplace been very successful. 1,000,000 subscriptions. That's good stuff again. They were >> you reinvented and >> a couple of months, Seven days? What? We're excited. I love covering the growth of the clouds. Certainly cloud security of his own conference. Dave McCann, Vice president Marketplace Migration and Control Service is controlled cattle up. How they how you how you move contract and governed applications in the future. All gonna be happening online. Cloud Mr. Q coverage from Boston. They just reinforced. We right back with more after this short break