>> From Cambridge, Massachusetts, it's The Cube, covering MIT Chief data Officer and Information Quality Symposium 2019. Brought to you by SiliconANGLE Media. >> Welcome back to Cambridge, everybody. We're here at Tang building at MIT for the MIT CDOIQ Conference. This is the 13th annual MIT CDOIQ. It started as a information quality conference and grew through the big data era, the Chief Data Officer emerged and now it's sort of a combination of those roles. That governance role, the Chief Data Officer role. Critical for organizations for quality and data initiatives, leading digital transformations ans the like. I'm Dave Vallante with my cohost Paul Gillin, you're watching The Cube, the leader in tech coverage. Mark Chrisco is here, the deputy, sorry, Principle Deputy Director for Enterprise Information at the Department of Defense. Good to see you again, thanks for coming on. >> Oh, thank you for having me. >> So, Principle Deputy Director Enterprise Information, what do you do? >> I do data. I do acquisition data. I'm the person in charge of lining the acquisition data for the programs for the Under Secretary and the components so a strong partnership with the army, navy, and air force to enable the department and the services to execute their programs better, more efficiently, and be efficient in the data management. >> What is acquisition data? >> So acquisition data generally can be considered best in the shorthand of cost schedule performance data. When a program is born, you have to manage, you have to be sure it's resourced, you're reporting up to congress, you need to be sure you have insight into the programs. And finally, sometimes you have to make decisions on those programs. So, cost schedule performance is a good shorthand for it. >> So kind of the key metrics and performance metrics around those initiatives. And how much of that is how you present that data? The visualization of it. Is that part of your role or is that, sort of, another part of the organization you partner with, or? >> Well, if you think about it, the visualization can take many forms beyond that. So a good part of the role is finding the authoritative trusted source of that data, making sure it's accurate so we don't spend time disagreeing on different data sets on cost schedule performance. The major programs are tremendously complex and large and involve and awful lot of data in the a buildup to a point where you can look at that. It's just not about visualizing, it's about having governed authoritative data that is, frankly, trustworthy that you can can go operate in. >> What are some of the challenges of getting good quality data? >> Well, I think part of the challenge was having a common lexicon across the department and the services. And as I said, the partnership with the services had been key in helping define and creating a semantic data model for the department that we can use. So we can have agreement on what it would mean when we were using it and collecting it. The services have thrown all in and, in their perspective, have extended that data model down through their components to their programs so they can better manage the programs because the programs are executed at a service level, not at an OSD level. >> Can you make that real? I mean, is there an example you can give us of what you mean by a common semantic model? >> So for cost schedule, let's take a very simple one, program identification. Having a key number for that, having a long name, a short name, and having just the general description of that, were in various states amongst the systems. We've had decades where, however the system was configured, configured it the way they wanted to. It was largely not governed and then trying to bring those data sets together were just impossible to do. So even with just program identification. Since the majority of the programs and numbers are executed at a service level, we worked really hard to get the common words and meanings across all the programs. >> So it's a governance exercise the? >> Yeah. It is certainly a governance exercise. I think about it as not so much as, in the IT world or the data world will call it governance, it's leadership. Let's settle on some common semantics here that we can all live with and go forward and do that. Because clearly there's needs for other pieces of data that we may or may not have but establishing a core set of common meanings across the department has proven very valuable. >> What are some of the key data challenges that the DOD faces? And how is your role helping address them? >> Well in our case, and I'm certain there's a myriad of data choices across the department. In our place it was clarity in and the governance of this. Many of the pieces of data were required by statute, law, police, or regulation. We came out of eras where data was the piece of a report and not really considered data. And we had to lead our ways to beyond the report to saying, "No, we're really "talking about key data management." So we've been at this for a few years and working with the services, that has been a challenge. I think we're at the part where we've established the common semantics for the department to go forward with that. And one of the challenges that I think is the access and dissemination of knowing what you can share and when you can share it. Because Michael Candolim said earlier that the data in mosaic, sometimes you really need to worry about it from our perspective. Is too much publicly available or should we protect on behalf of the government? >> That's a challenge. Is the are challenge in terms of, I'm sure there is but I wonder if you can describe it or maybe talk about how you might have solved it, maybe it's not a big deal, but you got to serve the mission of the organization. >> Absolutely. >> That's, like, number one. But at the same time, you've got stakeholders and they're powerful politicians and they have needs and there's transparency requirements, there are laws. They're not always aligned, those two directives, are they? >> No, thank goodness I don't have to deal with misalignments of those. We try to speak in the truth of here's the data and the decisions across the organization of our reports still go to congress, they go to congress on an annual basis through the selected acquisition report. And, you know, we are better understanding what we need to protect and how to advice congress on what should be protected and why. I would not say that's an easy proposition. The demands for those data come from the GAO, come from congress, come from the Inspector General and having to navigate that requires good access and dissemination controls and knowing why. We've sponsored some research though the RAND organization to help us look and understand why you have got to protect it and what policies, rules, and regulations are. And all those reports have been public so we could be sure that people would understand what it is. We're coming out of an era where data was not considered as it is today where reports were easily stamped with a little rubber stamp but data now moves at the velocities of milliseconds not as the velocity of reports. So we really took a comprehensive look at that. How do you manage data in a world where it is data and it is on infrastructures like data models. >> So, the future of war. Everybody talks about cyber as the future of war. There's a lot of data associated with that. How does that change what you guys do? Or does it? >> Well, I think from an acquisition perspective, you would think, you know. In that discussion that you just presented us, we're micro in that. We're equipping and acquiring through acquisitions. What we've done is we make sure that our data is shareable, you know? Open I, API structures. Having our data models. Letting the war fighters have our data so they could better understand where information is here. Letting other communities to better help that. By us doing our jobs where we sit, we can contribute to their missions and we've aways been every sharing in that. >> Is technology evolving to the point where, let's assume you could dial back 10 or 15 years and you had the nirvana of data quality. We know how fast technology is changing but is it changing as an enabler to really leverage that quality of data in ways that you might not have even envision 10 or 15 years ago? >> I think technology is. I think a lot of this is not in tools, it's now in technique and management practices. I think many of us find ourselves rethinking of how to do this now that you have data, now that you have tools that you can get them. How can you adopt better and faster? That requires a cultural change to organization. In some cases it requires more advanced skills, in other cases it requires you to think differently about the problems. I always like to consider that we, at some point, thought about it as a process-driven organization. Step one to step two to step three. Now process is ubiquitous because data becomes ubiquitous and you could refactor your processes and decisions much more efficiently and effectively. >> What are some of the information quality problems you have to wrestle with? >> Well, in our case, by setting a definite semantic meaning, we kicked the quality problems to those who provide the authoritative data. And if they had a quality problem, we said, "Here's your data. "We're going to now use it." So it spurs, it changes the model of them ensuring the quality of those who own the data. And by working with the services, they've worked down through their data issues and have used us a bit as the foil for cleaning up their data errors that they have from different inputs. And I like to think about it as flipping the model of saying, "It's not my job to drive quality, "it's my job to drive clarity, "it's their job to drive the quality into the system." >> Let's talk about this event. So, you guys are long-time contributors to the event. Mark, have you been here since the beginning? Or close to it? >> Um... About halfway through I think. >> When the focus was primarily on information quality? >> Yes. >> Was it CDOIQ at the time or was it IQ? >> It was the very beginnings of CDOIQ. It was right before it became CDOIQ. >> Early part of this decade? >> Yes. >> Okay. >> It was Information Quality Symposium originally, is that was attracted you to it? >> Well, yes, I was interested in it because I think there were two things that drew my interest. One, a colleague had told me about it and we were just starting the data journey at that point. And it was talking about information quality and it was out of a business school in the MIT slenton side of the house. And coming from a business perspective, it was not just the providence of IT, I wanted to learn form others because I sit on the business side of the equation. Not a pure IT-ist or technology. And I came here to learn. I've never stopped learning through my entire journey here. >> What have you learned this week? >> Well, there's an awful lot I learned. I think it's been... This space is evolving so rapidly with the law, policy, and regulation. Establishing the CDOs, establishing the roles, getting hear from the CDOs, getting to hear from visions, hear from Michael Conlan and hear from others in the federal agencies. Having them up here and being able to collaborate and talk to them. Also hearing from the technology people, the people that're bringing solutions to the table. And then, I always say this is a bit like group therapy here because many of us have similar problems, we have different start and end points and learning from each other has proven to be very valuable. From the hallway conversations to hearing somebody and seeing how they thought about the products, seeing how commercial industry has implemented data management. And you have a lot of similarity of focus of people dealing with trying to bring data to bring value to the organizations and understanding their transformations, it's proven invaluable. >> Well, what did the appointment of the DOD's first CDO last year, what statement did that make to the organization? >> That data's important. Data are important. And having a CDO in that and, when Micheal came on board, we shared some lessons learned and we were thinking about how to do that, you know? As I said, I function in a, arguably a silo of the institution is the acquisition data. But we were copying CDO homework so it helped in my mind that we can go across to somebody else that would understand and could understand what we're trying to do and help us. And I think it becomes, the CDO community has always been very sharing and collaborative and I hold that true with Micheal today. >> It's kind of the ethos of this event. I mean, obviously you guys have been heavily involved. We've always been thrilled to cover this. I think we started in 2013 and we've seen it grow, it's kind of fire marshal full now. We got to get to a new facility, I understand. >> Fire marshal full. >> Next year. So that's congratulations to all the success. >> Yeah, I think it's important and we've now seen, you know, you hear it, you can read it in every newspaper, every channel out there, that data are important. And what's more important than the factor of governance and the factor of bringing safety and security to the nation? >> I do feel like a lot in, certainly in commercial world, I don't know if it applies in the government, but a lot of these AI projects are moving really fast. Especially in Silicon Valley, there's this move fast and break things mentality. And I think that's part of why you're seeing some of these big tech companies struggle right now because they're moving fast and they're breaking things without the governance injected and many CDOs are not heavily involved in some of these skunk works projects and it's almost like they're bolting on governance which has never been a great formula for success in areas like governance and compliance and security. You know, the philosophy of designing it in has tangible benefits. I wonder if you could comment on that? >> Yeah, I can talk about it as we think about it in our space and it may be limited. AI is a bit high on the hype curve as you might imagine right now, and the question would be is can it solve a problem that you have? Well, you just can't buy a piece of software or a methodology and have it solve a problem if you don't know what problem you're trying to solve and you wouldn't understand the answer when it gave it to you. And I think we have to raise our data intellectualism across the organization to better work with these products because they certainly represent utility but it's not like you give it with no fences on either side or you open up your aperture to find basic solution on this. How you move forward with it is your workforce has got to be in tune with that, you have to understand some of the data, at least the basics, and particularly with products when you get the machine learning AI deep learning, the models are going to be moving so fast that you have to intellectually understand them because you'll never be able to go all the way back and stubby pencil back to an answer. And if you don't have the skills and the math and the understanding of how these things are put together, it may not bring the value that they can bring to us. >> Mark, thanks very much for coming on The Cube. >> Thank you very much. >> Great to see you again and appreciate all the work you guys both do for the community. All right. And thank you for watching. We'll be right back with our next guest right after this short break. You're watching The Cube from MIT CDOIQ.

(upbeat music) >> From Cambridge, Massachusetts, it's the CUBE. Covering MIT Chief Data Officer and Information Quality Symposium 2019. Brought to you by SiliconANGLE Media. (upbeat music) >> Welcome back to MIT in Cambridge Massachusetts everybody you're watching the CUBE the leader in live tech coverage. We go out to the events and extract the signal from the noise we hear at the MIT CDOIQ. It's the MIT Chief Data Officer event the 13th annual event. The CUBE started covering this show in 2013. I'm Dave Vellante with Paul Gillin, my co-host, and Michael Conlin is here as the chief data officer of the Department of Defense, Michael welcome, thank you for coming on. >> Thank you, it's a pleasure to be here. >> So the DoD is, I think it's the largest organization in the world, what does the chief data officer of the DoD do on a day to day basis? >> A range of things because we have a range of challenges at the Department of Defense. We are the single largest organization on the planet. We have the greatest scope and scale and complexity. We have the most dangerous competitors of anybody on the planet, it's not a trivial issue for us. So, I've a range of challenges. Challenges around, how do I lift the overall performance of the department using data effectively? How do I help executives make better decisions faster, using more recent, more common data? More common enterprise data is the expression we use. How do I help them become more sophisticated consumers of data and especially data analytics? And, how do we get to the point where, I can compare performance over here with performance over there, on a common basis? And compared to commercial benchmark? Which is now an expectation for us, and ask are we doing this as well as we should, right across the patch? Knowing, that all that data comes from multiple different places to start with. So we have to overcome all those differences and provide that department wide view. That's the essence of the role. And now with the recent passage of the Foundations for Evidenced-Based Policymaking Act, there are a number of additional expectations that go on top of that, but this is ultimately about improving affordability and performance of the department. >> So overall performance of the organization... >> Overall performance. >> ...as well, and maybe that comes from supporting various initiatives, and making sure you're driving performance on that basis as well. >> It does, but our litmus test is are we enabling the National Defense Strategy to succeed? Only reason to touch data is to enable the National Defense Strategy to be more successful than without it. And so we're always measuring ourselves against that. But it is, can we objectively say we're performing better? Can we objectively say that we are more affordable? In terms of the way we support the National Defense Strategy. >> I'm curious about your motivations for taking on this assignment because your background, as I see, is primarily in the private sector. A year ago you joined the US Department of Defense. A huge set of issues that you're tackling now, why'd you do it? >> So I am a capitalist, like most Americans, and I'm a serial entrepreneur. This was my first opportunity to serve government. And when I looked at it, knowing that I could directly support national defense, knowing that I could make a direct meaningful contribution, let me exercise that spirit of patriotism that many of us have, but we just not found ourselves an opportunity. When this opportunity came along I just couldn't say no to it. There's so much to be done and so much appetite for improvement that I just couldn't walk away for this. Now I've to tell you, when you start you take an oath of office to protect and defend the constitution. I don't know, it's maybe a paragraph or maybe it's two paragraphs. It felt like it took an hour to choke it out, because I was suddenly struck with all of this emotion. >> The gravity of what you were doing. >> Yeah, the gravity of what I'm doing. And that was just a reinforcement of the choice I'd already made, obviously right. But the chance to be the first chief data officer of the entire Department of Defense, just an enormous privilege. The chance to bring commercial sector best practices in and really lift the game of the department, again enormous privilege. There's so many people who could do this, probably better than me. The fact that I got the opportunity I just couldn't say no. Just too important, to many places I could see that we could make things better. I think anybody with a patriotic bone in their body would of jumped at the opportunity. >> That's awesome, I love that congratulations on getting that role and seemingly thrive in it. A big part of preserving that capitalist belief, defending the constitution and the American way, it sounds corny, but... >> It's real. >> I'm a patriot as well, is security. And security and data are intertwined. And just the whole future of warfare is dramatically changing. Can you talk about in a format like this, security, you're thinking on that, the department's thinking on that from a CDO's perspective? >> So as you know we have a number of swimlanes within the department and security is very clear swimlane, it's aligned under our chief information officer, but security is everybody's responsibility, of course. Now the longstanding criticism of security people is that they think they best way to secure anything is to permit nobody to touch it. The clear expectation for me as chief data officer is to make sure that information is shared to the right people as rapidly as possible. And, that's a different philosophy. Now I'm really lucky. Lieutenant General Denis Crall our principal cyber advisor, Dana Deasy our CIO, these people understand how important it is to get information in the right place at the right time, make it rapidly available and secure it every step along the way. We embrace the zero trust mantra. And because we embrace the zero trust mantra we're directly concerned with defending the data itself. And as long as we defend the data and the same mechanisms are the mechanisms we use to let people share it, suddenly the tension goes away. Suddenly we all have the same goal. Because the goal is not to prevent use of data, it's to enable use of data in a secure way. So the traditional tension that might be in that place doesn't exist in the department. Very productive, very professional level of collaboration with those folks in this space. Very sophisticated people. >> When we were talking before we went live you mentioned that the DoD has 10,000 plus operational systems... >> That's correct. >> A portfolio of that magnitude just overwhelming, I mean how did you know what to do first when you moved into this job, or did you have a clear mandate when you were hired? >> So I did have a clear mandate when I was hired and luckily that was spelled out. We knew what to do first because we sat down with actual leaders of the department and asked them what their goals were for improving the performance of the department. And everything starts from that conversation. You find those executives that what to improve performance, you understand what those goals are, and what data they need to manage that improvement. And you capture all the critical business questions they need answers to. From that point on they're bought in to everything that happens, right. Because they want those answers to those critical business questions. They have performance targets of their own, this is now aligned with. And so you have the support you need to go down the rest of the path of finding the data, standardizing it, et cetera. In order to deliver the answers to those questions. But it all starts which either the business mission leaders or the warfighting mission leaders who define the steps they're taking to implement the National Defense Strategy. Everything gets lined up against that, you get instant support and you know you're going after the right thing. This is not, an if you build it they will come. This is not, a driftnet the organization try to gather up all the data. This is spear fishing for specific answers to materially important questions, and everything we do is done on that basis. >> We hear Mark Ramsey this morning talk about the... He showed a picture of stove pipes and then he complicated that picture by showing multiple copies within each of those stove pipes, and says this is organizations that we've all lived in. >> That's my organization too. >> So talk about some of those data challenges at the DoD and how you're addressing those, specifically how you're enabling soldiers in the field to get the right data to the field when they need it. >> So what we'll be delicate when we talk about what we do for soldiers in the field. >> Understood, yeah. >> That tends to be sensitive. >> Understand why, sure. >> But all of those dynamics that Mark described in that presentation are present in every large cooperation I've ever served. And that includes the Department of Defense. That heterogeneity and sprawl of IT that what I would refer to, he showed us a hair ball of IT. Every large organization has a hair ball of IT. And data scattered all over the place. We took many of the same steps that he described in terms of organizing and presenting meaningful answers to questions, in almost exactly the same sequence. The challenge as you heard me use the statistics that our CIO's published digital monetization strategies, which calls out that we have roughly 10,000 operational systems. Well, every one of them is different. Every one's put in place by a different group of people at a different time, with a different set of requirements, and a different budget, and a different focus. You know organizational scope. We're just like he showed. We're trying to blend all that in to a common view. So we have to find what's the real authoritative piece of data, cause it's not all of those systems. It's only a subset of those systems. And you have to do all of the mapping and translations, to make the result add up. Otherwise you double count or you miss something. This is work in progress. This will always be a work in progress to any large organization. So I don't want to give you impression it's all sorted. Definitely not all sorted. But, the reality is we're trying to get to the point where people can see the data that's available and that's a requirement by the way under the Foundations Act that we have a data catalog, an authoritative data catalog so people can see it and they have the ability to then request access to that through automation. This is what's critical, you need to be able to request access and have it arbitraged on the basis of whether you should directly have access based on your role, your workflow, et cetera, but it should happen in real time. You don't want to wait weeks, or months, or however long for some paperwork to move around. So this all has to become highly automated. So, what's the data, who can access it under what policy, for what purpose? Our roles and responsibilities? Identity management? All this is a combined set of solutions that we have to put in place. I'm mostly worried about a subset of that. My colleagues in these other swimlanes are working to do the rest. Most people in the department have access to data they need in their space. That hasn't been a problem. The problem is you go from space to space, you have to learn a new set of systems and a new set of techniques for a new set of data formats which means you have to be retrained. That really limits our freedom of maneuver of human beings. In the ideal world you'd be able to move from any job in any part of the department to the same job in another part of the department with no retraining whatsoever. You'd be instantly able to make a contribution. That's what we're trying to get to. So that's a different kind of a challenge, right. How do we get that level of consistency in the user experience, a modern user experience. So that if I'm a real estate manager, or I'm a medical business manager, or I'm a clinical professional, or I'm whatever, I can go from this location in this part of the department to that location in that part and my experience is the same. It's completely modern, and it's completely consistent. No retraining. >> How much of that challenge pie is people, process and technology? How would you split that opportunity? >> Well everything starts for a process perspective. Because if you automate a bad process, you just make more mistakes in less time at greater costs. Obviously that's not the ideal. But the biggest single challenge is people. It's talent, it's culture. Both on the demand side and on the supply side. If fact a lot of what I talked about in my remarks, was the additional changes we need to put in place to bring people into a more modern approach to data, more modern consumption. And look, we have pockets of excellence. And they can hold their own against any team, any place on the planet. But they are pockets of excellence. And what we're trying to do is raise the entire organization's performance. So it's people, people, and people and then the other stuff. But the products, don't care about (laughs). >> We often here about... >> They're going to change in 12 to 18 months. I'm a technologist, I'm hands on. The products are going to change rapidly, I make no emotional commitment to products. But the people that's a different story. >> Well we know that in the commercial world we often hear that cultural resistance is what sabotages modernization efforts. The DoD is sort of the ultimate top-down organization. It is any easier to get buy-in because the culture is sort of command and control oriented? >> It's hard in the DoD, it's not easier in the DoD. Ultimately people respond to their performance incentives. That's the dirty secrets performance incentives, they work every time. So unless you restructure performance measures and incentives for people their behavior's never going to change. They need to see their personal future in the future you're prescribing. And if they don't see it, you're going to get resistance every time. They're going to do what they believe they're incented to do. Making those changes, cascading those performance measures down, has been difficult because much of the decision-making processes in the department have been based on slow-moving systems and slow-moving data. I mean think about it, our budget planning process was created by Robert McNamara, as the Secretary of Defense. It requires you to plan everything for five years. And it takes more than a year to plan a single year's worth of activities, it's slow-moving. And we have regulation, we have legislation, we're a law-abiding organization, we do what we have to do. All of those things slow things down. And there's a culture of expecting macro-level consensus building. Which means everybody feels they can say no. If everybody can say no, then change becomes peanut butter spread across an organization. When you peanut butter spread across something our size and scale, the layer's pretty thin. So we have the same problem that other organizations have. There is clearly a perception of top-down change and if the Secretary or the Deputy Secretary issue an instruction people will obey it. It just takes some time to work it's way down into all the detailed combinations and permutations. Cause you have to make sophisticated decisions now. How am I going to change for my performance measures for that group to that group? And that takes time and energy and thought. There's a natural sort of pipeline effect in this. So there's real tension I think in between this perception of top-down and people will obey the orders their given. But when you're trying to integrate those changes into a board set of policy and process and people, that takes time and energy. >> And as a result the leaders have to be circumspect about the orders they give because they want to see success. They want to make sure that what they say is actually implemented or it reflects poorly on the organization. >> I think that out leaders are absolutely concerned about accomplishing the outcomes that they set out. And I think that they are rightfully determined to get the change as rapidly as possible. I would not expect them to be circumspect. I would anticipate that they would be firm and clear in the direction that they set and they would set aggressive targets because you need aggressive targets to get aggressively changed outcomes. Now. >> But they would have to choose wisely, they can't just fire off orders and expect everything to be done. I would think that they got to really think about what they want to get done, and put all the wood behind the arrow as you... >> I think that they constantly balance all those considerations. I must say, I did not appreciate before I joined the department the extraordinary caliber of leadership we enjoy. We have people with real insight and experience, and high intellectual horsepower making the decisions in the department. We've been blessed with the continuing stream of them at all of the senior ranks. These people could go anywhere, or do anything that they wanted in the economy and they've chosen to be in the department. And they bring enormous intellectual firepower to bear on challenges. >> Well you mentioned the motivation at the top of the segment, that's largely pretty powerful. >> Yeah, oh absolutely. >> I want to ask you, we have to break, but the organizational structure, you talked about the CIO, actually the responsibility for security within the CIO. >> Sure. >> To whom do you report. What's the organization look like? >> So I report to the Chief Management Officer of the Department of Defense. So if you think about the order of precedents, there's the Secretary of Defense, the Deputy Secretary of Defense and third in order is the Chief Management Officer. I report to the Chief Management Officer. >> As does the CIO, is that right? >> As does the CIO, as does the CIO. And actually this is quite typical in large organizations, that you don't have the CDO and the CIO in the same space because the concerns are very different. They have to collaborate but very different concerns. We used to see CDOs reporting to CIOs that's fallen dramatically in terms of the frequency you see that. Cause we now recognize that's just a failure mode. So you don't want to go down that path. The number one most common reporting relationship is actually to a CEO, the chief executive officer, of an organization. It's all about, what executive is driving performance for the organization? That's the person the CDO should report to. And I'm blessed in that I do find myself reporting to the executive driving organizational improvement. For me, that's a critical thing. That would make the difference between whether I could succeed or whether I'm doomed to fail. >> COO would be common too in a commercial organization. >> Yeah, in certain commercial organizations, it's a COO. It just depends on the nature of the business and their maturity with data. But if you're in the... If data's the business, CDO will report to the CEO. There are other organizations where it'll be the COO or CFO, it just depends on the nature of that business. And in our case I'm quite fortunate. >> Well Michael, thank you for, not only the coming to the CUBE but the service you're providing to the country, we really appreciate your insights and... >> It's a pleasure meeting you. >> It's a pleasure meeting you. All right, keep it right there everybody we'll be right back with our next guest. You're watching the CUBE live from MIT CDOIQ, be right back. (upbeat music)

>>from around the globe. It's the Cube covering space and cybersecurity. Symposium 2020 hosted by Cal Poly. Yeah, Lauren, Welcome to the Space and Cybersecurity Symposium 2020 put on by Cal Poly and hosted with Silicon Angle acute here in Palo Alto, California for a virtual conference. Couldn't happen in person this year. I'm John for a year. Host the intersection of space and cybersecurity. I'll see critical topics, great conversations. We got a great guest here to talk about the addressing the cybersecurity workforce gap, and we have a great guest, a feature speaker. Stewart Knox, the undersecretary with California's Labor and Workforce Development Office. Stewart Thanks for joining us today. >>Thank you so much, John. Appreciate your time today and listening to a little bit of our quandaries with making sure that we have the security that's necessary for the state of California and making sure that we have the work force that is necessary for cybersecurity in space. >>Great, I'd love to get started. I got a couple questions for you, but first take a few minutes for an opening statement to set the stage. >>Sure, realizing that in California we lead the nation in much of cybersecurity based on Department of Defense contractors within the Santa California leading the nation with over $160 billion within the industry just here in California alone and having over 800,000 bus workers. Full time employment in the state of California is paramount for us to make sure that we face, um, defense manufacturers approximate 700,000 jobs that are necessary to be filled. There's over 37,000 vacancies that we know of in California, just alone in cybersecurity. And so we look forward to making sure that California Workforce Development Agency is leading the charge to make sure that we have equity in those jobs and that we are also leading in a way that brings good jobs to California and to the people of California, a good education system that is developed in a way that those skills are necessarily met for the for the employers here in California and the nation, >>One of the exciting things about California is obviously look at Silicon Valley, Hewlett Packard in the garage, storied history space. It's been a space state. Many people recognize California. You mentioned defense contractors. It's well rooted with with history, um, just breakthroughs bases, technology companies in California. And now you've got technology. This is the cybersecurity angle. Um, take >>them into >>Gets more commentary to that because that's really notable. And as the workforce changes, these two worlds are coming together, and sometimes they're in the same place. Sometimes they're not. This is super exciting and a new dynamic that's driving opportunities. Could you share, um, some color commentary on that dynamic? >>Absolutely. And you're so correct. I think in California we lead the nation in the way that we developed programs that are companies lead in the nation in so many ways around, uh, cyberspace cybersecurity, Uh, in so many different areas for which in the Silicon Valley is just, uh, such a leader in those companies are good qualified companies to do so. Obviously, one of the places we play a role is to make sure that those companies have a skilled workforce. Andi, also that the security of those, uh, systems are in place for our defense contractors onda For the theater companies, those those outlying entities that are providing such key resource is to those companies are also leading on the cutting edge for the future. Also again realizing that we need to expand our training on skills to make sure that those California companies continue to lead is just, um, a great initiative. And I think through apprenticeship training programs on By looking at our community college systems, I think that we will continue to lead the nation as we move forward. >>You know, we've had many conversations here in this symposium, virtually certainly around. The everyday life of consumer is impacted by space. You know, we get our car service Uber lyft. We have maps. We have all this technology that was born out of defense contracts and r and D that really changed generations and create a lot of great societal value. Okay, now, with space kind of on the next generation is easier to get stuff into space. The security of the systems is now gonna be not only paramount for quality of life, but defending that and the skills are needed in cybersecurity to defend that. And the gap is there. What >>can we >>do to highlight the opportunities for career paths? It used to be the day when you get a mechanical engineering degree or aerospace and you graduated. You go get a job. Not anymore. There's a variety of of of paths career wise. What can we do to highlight this career path? >>Absolutely correct. And I think it starts, you know, k through 12 system on. I know a lot of the work that you know, with this bow and other entities we're doing currently, uh, this is where we need to bring our youth into an age where they're teaching us right as we become older on the uses of technology. But it's also teaching, um, where the levels of those education can take them k through 12. But it's also looking at how the community college system links to that, and then the university system links above and beyond. But it's also engage in our employers. You know, One of the key components, obviously, is the employers player role for which we can start to develop strategies that best meet their needs quickly. I think that's one of the comments we hear the most labor agency is how we don't provide a change as fast as we should, especially in technology. You know, we buy computers today, and they're outdated. Tomorrow it's the same with the technology that's in those computers is that those students are going to be the leaders within that to really develop how those structures are in place. S O. K. Through 12 is probably primary place to start, but also continuing. That passed the K 12 system and I bring up the employers and I bring them up in a way, because many times when we've had conversations with employers around what their skills needs were and how do we develop those better? One of the pieces that of that that I think is really should be recognized that many times they recognized that they wanted a four year degree, potentially or five year, six year degree. But then, when we really looked at the skill sets, someone coming out of the community college system could meet those skill sets. And I think we need to have those conversations to make sure not that they shouldn't be continue their education. They absolutely should. Uh, but how do we get those skill sets built into this into 12 plus the two year plus the four year person? >>You know, I love the democratization of these new skills because again. There's no pattern matching because they weren't around before, right? So you gotta look at the exposure to your point K through 12 exposure. But then there's an exploration piece of whether it's community, college or whatever progression. And sometimes it's nonlinear, right? I mean, people are learning different ways, combining the exposure and the exploration. That's a big topic. Can you share your view on this because this now opens up mawr doors for people choice. You got new avenues. You got online clock and get a cloud computing degree now from Amazon and walk in and help. I could be, you know, security clearance, possibly in in college. So you know you get exposure. Is there certain things you see? Is it early on middle school? And then I'll see the exploration Those air two important concepts. Can you unpack that a little bit exposure and exploration of skills? >>Absolutely. And I think this takes place, you know, not only in in the K 12 because somebody takes place in our community colleges and universities is that that connection with those employers is such a key component that if there's a way we could build in internships where experiences what we call on the job training programs apprenticeship training pre apprenticeship training programs into a design where those students at all levels are getting an exposure to the opportunities within the Space and Cybersecurity Avenue. I think that right there alone will start to solve a problem of having 37 plus 1000 openings at any one time in California. Also, I get that there's there's a burden on employers. Thio do that, and I think that's a piece that we have to acknowledge. And I think that's where education to play a larger role That's a place we had. Labor, Workforce, Development Agency, player role With our apprenticeship training programs are pre apprenticeship training programs. I could go on all day of all of our training programs that we have within the state of California. Many of the list of your partners on this endeavor are partners with Employment Training Panel, which I used to be the director of the Brown administration of um, That program alone does incumbent worker training on DSO. That also is an exposure place where ah worker, maybe, you know, you know, use the old adage of sweeping the floors one day and potentially, you know, running a large portion of the business, you know, within years. But it's that exposure that that employee gets through training programs on band. Acknowledging those skill sets and where their opportunities are, is what's valid and important. I think that's where our students we need to play a larger role in the K 12. That's a really thio Get that pushed out there. >>It's funny here in California you're the robotics clubs in high school or like a varsity sport. You're seeing kids exposed early on with programming. But you know, this whole topic of cybersecurity in space intersection around workforce and the gaps and skills is not just for the young. Certainly the young generations gotta be exposed to the what the careers could be and what the possible jobs and societal impact and contributions what they could be. But also it's people who are already out there. You know, you have retraining re Skilling is plays an important role. I know you guys do a lot of thinking on this is the under secretary. You have to look at this because you know you don't wanna have a label old and antiquated um systems. And then a lot of them are, and they're evolving and they're being modernized by digital transformation. So what does the role of retraining and skill development these programs play? Can you share what you guys are working on in your vision for that? >>Absolutely. That's a great question. And I think that is where we play a large role, obviously in California and with Kobe, 19 is we're faced with today that we've never seen before, at least in my 27 years of running program. Similar Thio, of course, in economic development, we're having such a large number of people displaced currently that it's unprecedented with unemployment rates to where we are. We're really looking at How do we take? And we're also going to see industries not return to the level for which they stood at one point in time. Uh, you know, entertainment industries, restaurants, all the alike, uh, really looking at how do we move people from those jobs that were middle skill jobs, topper skilled jobs? But the pay points maybe weren't great, potentially, and there's an opportunity for us to skill people into jobs that are there today. It may take training, obviously, but we have dollars to do that generally, especially within our K 12 and are que 14 systems and our universities. But we really wanna look at where those skill sets are are at currently. And we want to take people from that point in time where they said today, and try to give them that exposure to your point. Earlier question is, how do we get them exposed to a system for which there are job means that pay well with benefit packages with companies that care about their employees? Because that's what our goal is. >>You know. You know, I don't know if you have some visibility on this or ah opinion, but one observation that I've had and talking to whether it's a commercial or public sector is that with co vid uh, there have been a lot of awareness of the situation. We're adequately prepared. There's, um, readiness. But as everyone kind of deals with it, they're also starting to think about what to do. Post covert as we come out of it, Ah, growth strategy for a company or someone's career, um, people starting to have that on the top of their minds So I have to ask you, Is there anything that you see that they say? Okay, certain areas, maybe not doubling down on other areas. We're gonna double down on because we've seen some best practices on a trajectory of value for coming out of co vid with, you know, well, armed skills or certain things because you because that's what a lot of people are thinking right now. It's probably cyber is I mean, how many jobs are open? So you got well, that that's kind of maybe not something double down on here are areas we see that are working. Can you share your current visibility to that dynamic? >>Absolutely. Another great question. One of the key components that we look at Labor Workforce Development Agency. And so look at industries and growth modes and ones that are in decline boats. Now Kobe has changed that greatly. We were in a growth rate for last 78 years. We saw almost every industry might miss a few. You know that we're all in growth in one way or enough, obviously, that has changed. Our landscape is completely different than we saw 67 months ago. So today we're looking at cybersecurity, obviously with 30 plus 1000 jobs cos we're looking at Defense Department contractor is obviously with federal government contracts. We were looking at the supply chains within those we're looking at. Health care, which has always been one, obviously are large one of our large entities that has has grown over the years. But it's also changed with covered 19. We're looking at the way protective equipment is manufactured in the way that that will continue to grow over time. We're looking at the service industry. I mean, it will come back, but it won't come back the way we've seen it, probably in the past, but where the opportunities that we develop programs that we're making sure that the skill sets of those folks are transferrable to other industries with one of the issues that we face constant labor and were forced moment programs is understanding that over the period of time, especially in today's world again, with technology that people skill sets way, don't see is my Parents Day that you worked at a job for 45 years and you retired out of one job. Potentially, that is, that's been gone for 25 years, but now, at the pace for which we're seeing systems change. This is going to continue to amp up. I will stay youth of today. My 12 year old nephew is in the room next door to me on a classroom right now online. And so you know, there. It's a totally different atmosphere, and he's, you know, enjoying actually being in helping learning from on all online system. I would not have been able to learn that way, but I think we do see through the K Through 12 system where we're moving, um, people's interest will change, and I think that they will start to see things in a different way than we have in the past. They were forced systems. We are an old system been around since the thirties. Some even will say prior to the thirties came out of the Great Depression in some ways, and that system we have to change the way we develop our programs are should not be constant, and it should be an evolving system. >>It's interesting a lot of the conversation between the private and public partnerships and industry. You're seeing an agile mind set where it's a growth mindset. It's also reality based mindset and certainly space kind of forces. This conversation with cyber security of being faster, faster, more relevant, more modern. You mentioned some of those points, and with co vid impact the workforce development, it's certainly going to put a lot of pressure on faster learning. And then you mentioned online learning. This has become a big thing. It's not just putting education online per se. There's new touch points. You know you got APS, you got digital. This digital transformation is also accelerating. How do you guys view the workforce development? Because it's going to be open. It's gonna be evolving. There's new data coming in, and maybe kids don't want to stare at a video conference. Is there some game aspect to it? Is there how do you integrate thes new things that are coming really fast? And it's happening kind of in real time in front of our eyes. So I love to get your thoughts on how you guys see that, because it will certainly impact their ability to compete for jobs and or to itself learn. >>I think one of the key components of California's our innovation right and So I think one of the things that we pride ourselves in California is around that, um that said, that is the piece that I think the Silicon Valley and there's many areas in California that that have done the same, um, or trying to do the same, at least in their economy, is to build in innovation. And I think that's part of the K through 12 system with our with our our state universities and our UCS is to be able to bridge that. I think that you we see that within universities, um, that really instill an innovative approach to teaching but also instill innovation within their students. I'm not sure there yet with our fully with our K 12 system. And I think that's a place that either our community colleges could be a bridge, too, as well. Eso that's one component of workforce development I think that we look at as being a key. A key piece you brought up something that's really interesting to me is when you talk about agile on day, one of the things that even in state government on this, is gonna be shocking to you. But we have not been an agile system, Aziz. Well, I think one of the things that the Newsome administration Governor Newsom's administration has brought is. And when I talk about agile systems, I actually mean agile systems. We've gone from Kobol Systems, which are old and clunky, still operating. But at the same time, we're looking at upgrading all of our systems in a way that even our technology in the state of California should be matching the technology that our great state has within our our state. So, um, there in lies. It's also challenges of finding the qualified staff that we need in the state of California for all of our systems and servers and everything that we have. Um, currently. So you know, not only are we looking at external users, users of labor, workforce development, but we're looking at internal users that the way we redevelop our systems so that we are more agile in two different ways. >>You just got me. I triggered with COBOL. I programmed in the eighties with COBOL is only one credit lab in college. Never touched it again. Thank God. But this. But this >>is the >>benefit of cloud computing. I think this is at the heart, and this is the undertone of the conference and symposium is cloud computing. You can you can actually leverage existing resource is whether there legacy systems because they are running. They're doing a great job, and they do a certain work load extremely well. Doesn't make sense to replace what does a job, but you can integrate it in this. What cloud does this is Opening up? Can mawr more and more capabilities and workloads? This is kind of the space industry is pointing to when they say we need people that can code. And that could solve data problems. Not just a computer scientist, but a large range of people. Creative, um, data, science, everything. How does California's workforce solve the needs of America's space industry? This is because it's a space state. How do you see that? Let your workforce meeting those needs. >>Yeah, I think I think it's an investment. Obviously, it's an investment on our part. It's an investment with our college partners. It's an investment from our K 12 system to make sure that that we are allocating dollars in a way through meeting the demand of industry Onda, we do look at industry specific around there needs. Obviously, there's a large one. We wanna be very receptive and work with our employers and our employee groups to make sure that we need that demand. I think it's putting our money where our mouth is and and designing and working with employer groups to make sure that the training meets their needs. Um, it's also working with our employer groups to make sure that the employees are taken care of. That equity is built within the systems, Um, that we keep people employed in California on their able to afford a home, and they're able to afford a life here in California. But it's also again, and I brought up the innovation component. I think it's building an innovation within systems for which they are employers but are also our incoming employees are incumbent workers. And you brought this up earlier. People that already employed and people that are unemployed currently with the skill set that might match up, is how do we bridge those folks into employment that they maybe have not thought about. We have a whole career network of systems out throughout the city, California with the Americans job Centers of California on day will be working, and they already are working with a lot of dislocated workers on day. One of the key components of that is to really look at how do we, um, take what their current skills that might be and then expose them to a system for which we have 37 plus 1000 job openings to Andi? How do we actually get those books employed? It's paying for potentially through those that local Workforce Innovation Opportunity Act, funding for Americans job centers, um, to pay for some on the job, training it Z to be able to pay for work experiences. It's to be able to pay for internships for students, um, to get that opportunity with our employers and also partner with our employers that they're paying obviously a percentage of that, too. >>You know, one of the things I've observed over my, um, career 54 times around the sun is you know, in the old days when I was in college in school, you had career people have longer jobs, as you mentioned. Not like that anymore. But also I knew someone I'm gonna be in line to get that job, maybe nepotism or things of that nature. Now the jobs have no historical thing or someone worked longer in a job and has more seniority. Ah, >>lot of these >>jobs. Stewart don't HAVA requirements like no one's done them before. So the ability for someone who, um, is jumping in either from any college, there's no riel. It's all level set. It's like complete upside down script here. It's not like, Oh, I went to school. Therefore I get the job you could be Anyone could walk into these careers because the jobs air so new. So it's not where you came from or what school you went to or your nationality or gender. The jobs have been democratized. They're not discriminating against people with skills. So this opens up mawr. How >>do you >>see that? Because this really is an opportunity for this next generation to be more diverse and to be mawr contributed because diversity brings expertise and different perspectives. Your thoughts on that? >>Absolutely. And that was one of the things we welcome. Obviously we want to make sure that that everybody is treated equally and that the employers view everyone as employer employer of choice but an employee of choices. Well, we've also been looking at, as I mentioned before on the COVITZ situation, looking at ways that books that are maybe any stuck in jobs that are don't have a huge career pathway or they don't have a pathway out of poverty. I mean, we have a lot of working for people in the state of California, Um, that may now do to cope and lost their employment. Uh, this, you know, Let's let's turn back to the old, you know? Let's try, eliminate, eliminate, eliminate. How do we take those folks and get them employed into jobs that do have a good career pathway? And it's not about just who you knew or who you might have an in with to get that job. It is based on skills, I think, though that said there we need to have a better way to actually match those jobs up with those employers. And I think those are the long, ongoing conversations with those employer groups to make sure that one that they see those skill sets is valid and important. Um, they're helping design this crew sets with us, eh? So that they do match up and that were quickly matching up those close skills. That so that we're not training people for yesterday skills. >>I think the employer angles super important, but also the educators as well. One of the things that was asked in another question by the gas they they said. She said The real question to ask is, how early do you start exposing the next generation? You mentioned K through 12. Do you have any data or insight into or intuition or best practice of where that insertion point is without exposure? Point is, is that middle school is a elementary, obviously high school. Once you're in high school, you got your training. Wheels are off, you're off to the races. But is there a best practice? What's your thoughts? Stewart On exposure level to these kinds of new cyber and technical careers? >>Sure, absolutely. I I would say kindergarten. We San Bernardino has a program that they've been running for a little bit of time, and they're exposing students K through 12 but really starting in kindergarten. One is the exposure Thio. What a job Looks like Andi actually have. I've gone down to that local area and I've had three opportunity to see you know, second graders in a health care facility, Basically that they have on campus, built in on dear going from one workstation as a second grader, Uh, looking at what those skills would be and what that job would entail from a nurse to a Dr Teoh physician's assistant in really looking at what that is. Um you know, obviously they're not getting the training that the doctor gets, but they are getting the exposure of what that would be. Andi, I think that is amazing. And I think it's the right place to start. Um, it was really interesting because I left. This was pre covet, but I jumped on the plane to come back up north. I was thinking to myself, How do we get this to all school district in California, where we see that opportunity, um, to expose jobs and skill sets to kids throughout the system and develop the skill set so that they do understand that they have an opportunity. >>We're here at Cal Poly Space and Cybersecurity Symposium. We have educators. We have, um, students. We have industry and employers and government together. What's your advice to them all watching and listening about the future of work. Let's work force. What can people do? What do you think you're enabling? What can maybe the private sector help with And what are you trying to do? Can you share your thoughts on that? Because we have a range from the dorm room to the boardroom here at this event. Love to get your thoughts on the workforce development view of this. >>Yeah, absolutely. I think that's the mix. I mean, I think it's going to take industry to lead A in a lot of ways, in terms of understanding what their needs are and what their needs are today and what they will be tomorrow. I think it takes education, toe listen, and to understand and labor and workforce development also listen and understand what those needs will look like. And then how do we move systems? How do we move systems quickly? How do we move systems in a way that meets those needs? How do we, uh, put money into systems where the most need is, but also looking at trends? What is that trend going to look like in two years? What does that train gonna look like in five years. But that's again listening to those employers. Um, it's also the music community based organizations. I think, obviously some of our best students are also linked to CBS. And one way or another, it may be for services. It maybe for, uh, faith based. It may be anything, but I think we also need to bring in the CBS is Well, ah, lot of outreach goes through those systems in conjunction with, but I think that's the key component is to make sure that our employers are heard on. But they sit at the table like you said to the boardroom of understanding, and I think bringing students into that so that they get a true understanding of what that looks like a well, um, is a key piece of this. >>So one of the things I want to bring up with you is maybe a bit more about the research side of it. But, um, John Markoff, who was a former New York Times reporter with author of the book What the Dormouse, said It was a book about the counter culture of the sixties and the computer revolution, and really there was about how government defense spending drove the computer revolution that we now saw with Apple and PC, and then the rest is history in California has really participated. Stanford, uh, Berkeley and the University of California School system and all the education community colleges around it. That moment, the enablement. And now you're seeing space kind of bringing that that are a lot of research coming in and you eat a lot of billionaires putting money in. You got employers playing a role. You have this new focus space systems, cybersecurity, defending and making it open and and not congested and peaceful is going to enable quickly new inflection points for opportunities. E want to get your thoughts on that? Because California is participate in drove these revolutions that created massive value This next wave seems to be coming upon us. >>Yeah, absolutely. And again, Nazis covered again as too much of ah starting point to this. But I think that is also an opportunity to actually, because I think one of the things that we were seeing seven months ago was a skill shortage, and we still see the skills shortage, obviously. But I think a key piece to that is we saw people shortage. Not only was it skills shortage, but we didn't have enough people really to fill positions in addition to and I think that people also felt they were already paying the bills and they were making ends meet and they didn't have the opportunities. Thio get additional skills This again is where we're looking at. You know that our world has changed. It changed in the sixties based on what you're you're just expressing in terms of California leading the way. Let's like California lead the way again in developing a system from which labor, workforce development with our universities are, you know, are amazing universities and community college system and structure of how do we get students back into school? You know, a lot of graduates may already have a degree, but how do they now take a skill so that they already have and develop that further with the idea that they those jobs have changed? Whales have a lot of folks that don't have a degree, and that's okay. But how do we make that connection to a system that may have failed? Ah, lot of our people over the years, um, and our students who didn't make it through the school system. How do we develop in adult training school? How do we develop contract education through our community college system with our employer sets that we developed cohorts within those systems of of workers that have amazing talents and abilities to start to fill these needs? And I think that's the key components of hearing Agency, Labor, Workforce Development Agency. We work with our community. Colleges are UCS in our state universities t develop and figure that piece out, and I think it is our opportunity for the future. >>That's such a great point. I want to call that out This whole opportunity to retrain people that are out there because these air new jobs, I think that's a huge opportunity, and and I hope you keep building and investing in those programs. That's that's really worth calling out. Thank you for doing that. And, yeah, it's a great opportunity. Thes jobs they pay well to cyber security is a good job, and you don't really need to have that classical degree. You can learn pretty quickly if you're smart. So again, great call out there question for you on geography, Um, mentioned co vid we're talking about Covic. Virtualization were virtual with this conference. We couldn't be in person. People are learning virtually, but people are starting to relocate virtually. And so one observation that I have is the space state that California is there space clusters of areas where space people hang out or space spaces and whatnot. Then you got, like, the tech community cybersecurity market. You know, Silicon Valley is a talented in these hubs, and sometimes cyber is not always in the same hubs of space. Maybe Silicon Valley has some space here, Um, and some cyber. But that's not generally the case. This is an opportunity potentially to intersect. What's your thoughts on this? Because this is This is something that we're seeing where your space has historical, you know, geography ease. Now, with borderless communication, the work boat is not so much. You have to move the space area. You know what I'm saying? So okay. What's your thoughts on this? How do you guys look at this? Is on your radar On how you're viewing this this dynamic? >>It's absolute on our radar, Like you said, you know, here we are talking virtually on and, you know, 75% of all of our staff currently in some of our department that 80% of our staff are now virtual. Um you know, seven months ago, uh, we were not were government again being slow move, we quickly transitioned. Obviously, Thio being able to have a tele work capacity. We know employers move probably even quickly, more quickly than we did, but we see that as an opportunity for our rural areas. Are Central Valley are north state um, inland Empire that you're absolutely correct. I mean, if you didn't move to a city or to a location for which these jobs were really housed, um, you didn't have an opportunity like you do today. I think that's a piece that we really need to work with our education partners on of to be able to see how much this has changed. Labor agency absolutely recognizes this. We are investing funding in the Central Valley. We're investing funding in the North State and empire to really look a youth populations of how the new capacity that we have today is gonna be utilized for the future for employers. But we also have to engage our universities around. This is well, but mostly are employers. I know that they're already very well aware. I know that a lot of our large employers with, um, Silicon Valley have already done their doing almost 100% tele work policies. Um, but the affordability toe live in rural areas in California. Also, it enables us to have, ah, way thio make products more affordable is, well, potentially in the future. But we want to keep California businesses healthy and whole in California. Of course, on that's another way we can We can expand and keep California home to our 40 plus million people, >>most to a great, great work. And congratulations for doing such a great job. Keep it up. I gotta ask about the governor. I've been following his career since he's been office. A za political figure. Um, he's progressive. He's cutting edge. He likes toe rock the boat a little bit here and there, but he's also pragmatic. Um, you're starting to see government workers starting to get more of a tech vibe. Um um just curious from your perspective. How does the governor look at? I mean, the old, almost the old guard. But like you know, used to be. You become a lawyer, become a lawmaker Now a tech savvy lawmaker is a premium candidates, a premium person in government, you know, knowing what COBOL is. A start. I mean, these are the things. As we transform and evolve our society, we need thinkers who can figure out which side the streets, self driving cars go on. I mean, who does that? I mean, it's a whole another generation off thinking. How does the Governor how do you see this developing? Because this is the challenge for society. How does California lead? How do you guys talk about the leadership vision of Why California and how will you lead the future? >>Absolutely no governor that I'm aware of that I've been around for 26 27 years of workforce development has led with an innovation background, as this governor has a special around technology and the use of technology. Uh, you know, he's read a book about the use of technology when he was lieutenant governor, and I think it's really important for him that we, as his his staff are also on the leading edge of technology. I brought a badge. I'll systems. Earlier, when I was under the Brown administration, we had moved to where I was at a time employment training panel. We moved to an agile system and deported that one of the first within within the state to do that and coming off of an old legacy system that was an antique. Um, I will say it is challenging. It's challenging on a lot of levels. Mostly the skill sets that are folks have sometimes are not open to a new, agile system to an open source system is also an issue in government. But this governor, absolutely. I mean, he has established three Office of Digital Innovation, which is part of California and department technology, Um, in partnership with and that just shows how much he wants. Thio push our limits to make sure that we are meeting the needs of Californians. But it's also looking at, you know, Silicon Valley being at the heart of our state. How do we best utilize systems that already there? How do we better utilize the talent from those those folks is well, we don't always pay as well as they dio in the state. But we do have great benefit packages. Everybody does eso If anybody's looking for a job, we're always looking for technology. Folks is well on DSO I would say that this governor, absolute leads in terms of making sure that we will be on cutting edge of technology for the nation, >>you know, and, you know, talk about pay. I mean, I know it's expensive to live in some parts of California, but there's a huge young population that wants a mission driven job and serving, um, government for the governments. Awesome. Ah, final parting question for you, Stuart, is, as you look at, um, workforce. Ah, lot of people are passionate about this, and it's, you know, you you can't go anywhere without people saying, You know, we got to do education this way and that way there's an opinion everywhere you go. Cybersecurity is a little bit peaked and focused, but there are people who are paying attention to education. So I have to ask you, what creative ways can people get involved and contribute to workforce development? Whether it's stem underrepresented minorities, people are looking for new, innovative ways to contribute. What advice would you give these people who have the passion to contribute to the next cyber workforce. >>Yeah, I appreciate that question, because I think is one of the key components. But my secretary, Julie Sue, secretary of Labor and Workforce Development Agency, talks about often, and a couple of us always have these conversations around. One is getting people with that passion to work in government one or on. I brought it up community based organizations. I think I think so many times, um, that we didn't work with our CBS to the level of in government we should. This administration is very big on working with CBS and philanthropy groups to make sure that thing engagement those entities are at the highest level. So I would say, You know, students have opportunities. Thio also engage with local CBS and be that mission what their values really drives them towards Andi. That gives them a couple of things to do right. One is to look at what ways that we're helping society in one way or another through the organizations, but it also links them thio their own mission and how they could develop those skills around that. But I think the other piece to that is in a lot of these companies that you are working with and that we work with have their own foundations. So those foundations are amazing. We work with them now, especially in the new administration. More than we ever have, these foundations are really starting to help develop are strategies. My secretary works with a large number of foundations already. Andi, when we do is well in terms of strategy, really looking at, how do we develop young people's attitudes towards the future but also skills towards the future? >>Well, you got a pressure cooker of a job. I know how hard it is. I know you're working hard, appreciate you what you do and and we wish you the best of luck. Thank you for sharing this great insight on workforce development. And you guys working hard. Thank you for what you do. Appreciate it. >>Thank you so much. Thistle's >>three cube coverage and co production of the space and cybersecurity supposed in 2020 Cal Poly. I'm John for with silicon angle dot com and the Cube. Thanks for watching

>>from around the globe. It's the Cube covering >>space and cybersecurity. Symposium 2020 hosted by Cal Poly >>Over On Welcome to this Special virtual conference. The Space and Cybersecurity Symposium 2020 put on by Cal Poly with support from the Cube. I'm John for your host and master of ceremonies. Got a great topic today in this session. Really? The intersection of space and cybersecurity. This topic and this conversation is the cybersecurity workforce development through public and private partnerships. And we've got a great lineup. We have Jeff Armstrong's the president of California Polytechnic State University, also known as Cal Poly Jeffrey. Thanks for jumping on and Bang. Go ahead. The second director of C four s R Division. And he's joining us from the office of the Under Secretary of Defense for the acquisition Sustainment Department of Defense, D O D. And, of course, Steve Jake's executive director, founder, National Security Space Association and managing partner at Bello's. Gentlemen, thank you for joining me for this session. We got an hour conversation. Thanks for coming on. >>Thank you. >>So we got a virtual event here. We've got an hour, have a great conversation and love for you guys do? In opening statement on how you see the development through public and private partnerships around cybersecurity in space, Jeff will start with you. >>Well, thanks very much, John. It's great to be on with all of you. Uh, on behalf Cal Poly Welcome, everyone. Educating the workforce of tomorrow is our mission to Cal Poly. Whether that means traditional undergraduates, master students are increasingly mid career professionals looking toe up, skill or re skill. Our signature pedagogy is learn by doing, which means that our graduates arrive at employers ready Day one with practical skills and experience. We have long thought of ourselves is lucky to be on California's beautiful central Coast. But in recent years, as we have developed closer relationships with Vandenberg Air Force Base, hopefully the future permanent headquarters of the United States Space Command with Vandenberg and other regional partners, we have discovered that our location is even more advantages than we thought. We're just 50 miles away from Vandenberg, a little closer than u C. Santa Barbara, and the base represents the southern border of what we have come to think of as the central coast region. Cal Poly and Vandenberg Air force base have partner to support regional economic development to encourage the development of a commercial spaceport toe advocate for the space Command headquarters coming to Vandenberg and other ventures. These partnerships have been possible because because both parties stand to benefit Vandenberg by securing new streams of revenue, workforce and local supply chain and Cal Poly by helping to grow local jobs for graduates, internship opportunities for students, and research and entrepreneurship opportunities for faculty and staff. Crucially, what's good for Vandenberg Air Force Base and for Cal Poly is also good for the Central Coast and the US, creating new head of household jobs, infrastructure and opportunity. Our goal is that these new jobs bring more diversity and sustainability for the region. This regional economic development has taken on a life of its own, spawning a new nonprofit called Reach, which coordinates development efforts from Vandenberg Air Force Base in the South to camp to Camp Roberts in the North. Another factor that is facilitated our relationship with Vandenberg Air Force Base is that we have some of the same friends. For example, Northrop Grumman has has long been an important defense contractor, an important partner to Cal poly funding scholarships and facilities that have allowed us to stay current with technology in it to attract highly qualified students for whom Cal Poly's costs would otherwise be prohibitive. For almost 20 years north of grimness funded scholarships for Cal Poly students this year, their funding 64 scholarships, some directly in our College of Engineering and most through our Cal Poly Scholars program, Cal Poly Scholars, a support both incoming freshman is transfer students. These air especially important because it allows us to provide additional support and opportunities to a group of students who are mostly first generation, low income and underrepresented and who otherwise might not choose to attend Cal Poly. They also allow us to recruit from partner high schools with large populations of underrepresented minority students, including the Fortune High School in Elk Grove, which we developed a deep and lasting connection. We know that the best work is done by balanced teams that include multiple and diverse perspectives. These scholarships help us achieve that goal, and I'm sure you know Northrop Grumman was recently awarded a very large contract to modernized the U. S. I. C B M Armory with some of the work being done at Vandenberg Air Force Base, thus supporting the local economy and protecting protecting our efforts in space requires partnerships in the digital realm. How Polly is partnered with many private companies, such as AWS. Our partnerships with Amazon Web services has enabled us to train our students with next generation cloud engineering skills, in part through our jointly created digital transformation hub. Another partnership example is among Cal Poly's California Cybersecurity Institute, College of Engineering and the California National Guard. This partnership is focused on preparing a cyber ready workforce by providing faculty and students with a hands on research and learning environment, side by side with military, law enforcement professionals and cyber experts. We also have a long standing partnership with PG and E, most recently focused on workforce development and redevelopment. Many of our graduates do indeed go on to careers in aerospace and defense industry as a rough approximation. More than 4500 Cal Poly graduates list aerospace and defense as their employment sector on linked in, and it's not just our engineers and computer sciences. When I was speaking to our fellow Panelists not too long ago, >>are >>speaking to bang, we learned that Rachel sins, one of our liberal arts arts majors, is working in his office. So shout out to you, Rachel. And then finally, of course, some of our graduates sword extraordinary heights such as Commander Victor Glover, who will be heading to the International space station later this year as I close. All of which is to say that we're deeply committed the workforce, development and redevelopment that we understand the value of public private partnerships and that were eager to find new ways in which to benefit everyone from this further cooperation. So we're committed to the region, the state in the nation and our past efforts in space, cybersecurity and links to our partners at as I indicated, aerospace industry and governmental partners provides a unique position for us to move forward in the interface of space and cybersecurity. Thank you so much, John. >>President, I'm sure thank you very much for the comments and congratulations to Cal Poly for being on the forefront of innovation and really taking a unique progressive. You and wanna tip your hat to you guys over there. Thank you very much for those comments. Appreciate it. Bahng. Department of Defense. Exciting you gotta defend the nation spaces Global. Your opening statement. >>Yes, sir. Thanks, John. Appreciate that day. Thank you, everybody. I'm honored to be this panel along with President Armstrong, Cal Poly in my long longtime friend and colleague Steve Jakes of the National Security Space Association, to discuss a very important topic of cybersecurity workforce development, as President Armstrong alluded to, I'll tell you both of these organizations, Cal Poly and the N S. A have done and continue to do an exceptional job at finding talent, recruiting them in training current and future leaders and technical professionals that we vitally need for our nation's growing space programs. A swell Asare collective National security Earlier today, during Session three high, along with my colleague Chris Hansen discussed space, cyber Security and how the space domain is changing the landscape of future conflicts. I discussed the rapid emergence of commercial space with the proliferations of hundreds, if not thousands, of satellites providing a variety of services, including communications allowing for global Internet connectivity. S one example within the O. D. We continue to look at how we can leverage this opportunity. I'll tell you one of the enabling technologies eyes the use of small satellites, which are inherently cheaper and perhaps more flexible than the traditional bigger systems that we have historically used unemployed for the U. D. Certainly not lost on Me is the fact that Cal Poly Pioneer Cube SATs 2020 some years ago, and they set the standard for the use of these systems today. So they saw the valiant benefit gained way ahead of everybody else, it seems, and Cal Poly's focus on training and education is commendable. I especially impressed by the efforts of another of Steve's I colleague, current CEO Mr Bill Britain, with his high energy push to attract the next generation of innovators. Uh, earlier this year, I had planned on participating in this year's Cyber Innovation Challenge. In June works Cal Poly host California Mill and high school students and challenge them with situations to test their cyber knowledge. I tell you, I wish I had that kind of opportunity when I was a kid. Unfortunately, the pandemic change the plan. Why I truly look forward. Thio feature events such as these Thio participating. Now I want to recognize my good friend Steve Jakes, whom I've known for perhaps too long of a time here over two decades or so, who was in acknowledge space expert and personally, I truly applaud him for having the foresight of years back to form the National Security Space Association to help the entire space enterprise navigate through not only technology but Polly policy issues and challenges and paved the way for operational izing space. Space is our newest horrifying domain. That's not a secret anymore. Uh, and while it is a unique area, it shares a lot of common traits with the other domains such as land, air and sea, obviously all of strategically important to the defense of the United States. In conflict they will need to be. They will all be contested and therefore they all need to be defended. One domain alone will not win future conflicts in a joint operation. We must succeed. All to defending space is critical as critical is defending our other operational domains. Funny space is no longer the sanctuary available only to the government. Increasingly, as I discussed in the previous session, commercial space is taking the lead a lot of different areas, including R and D, A so called new space, so cyber security threat is even more demanding and even more challenging. Three US considers and federal access to and freedom to operate in space vital to advancing security, economic prosperity, prosperity and scientific knowledge of the country. That's making cyberspace an inseparable component. America's financial, social government and political life. We stood up US Space force ah, year ago or so as the newest military service is like the other services. Its mission is to organize, train and equip space forces in order to protect us and allied interest in space and to provide space capabilities to the joint force. Imagine combining that US space force with the U. S. Cyber Command to unify the direction of space and cyberspace operation strengthened U D capabilities and integrate and bolster d o d cyber experience. Now, of course, to enable all of this requires had trained and professional cadre of cyber security experts, combining a good mix of policy as well as high technical skill set much like we're seeing in stem, we need to attract more people to this growing field. Now the D. O. D. Is recognized the importance of the cybersecurity workforce, and we have implemented policies to encourage his growth Back in 2013 the deputy secretary of defense signed the D. O d cyberspace workforce strategy to create a comprehensive, well equipped cyber security team to respond to national security concerns. Now this strategy also created a program that encourages collaboration between the D. O. D and private sector employees. We call this the Cyber Information Technology Exchange program or site up. It's an exchange programs, which is very interesting, in which a private sector employees can naturally work for the D. O. D. In a cyber security position that spans across multiple mission critical areas are important to the d. O. D. A key responsibility of cybersecurity community is military leaders on the related threats and cyber security actions we need to have to defeat these threats. We talk about rapid that position, agile business processes and practices to speed up innovation. Likewise, cybersecurity must keep up with this challenge to cyber security. Needs to be right there with the challenges and changes, and this requires exceptional personnel. We need to attract talent investing the people now to grow a robust cybersecurity, workforce, streets, future. I look forward to the panel discussion, John. Thank you. >>Thank you so much bomb for those comments and you know, new challenges and new opportunities and new possibilities and free freedom Operating space. Critical. Thank you for those comments. Looking forward. Toa chatting further. Steve Jakes, executive director of N. S. S. A Europe opening statement. >>Thank you, John. And echoing bangs thanks to Cal Poly for pulling these this important event together and frankly, for allowing the National Security Space Association be a part of it. Likewise, we on behalf the association delighted and honored Thio be on this panel with President Armstrong along with my friend and colleague Bonneau Glue Mahad Something for you all to know about Bomb. He spent the 1st 20 years of his career in the Air Force doing space programs. He then went into industry for several years and then came back into government to serve. Very few people do that. So bang on behalf of the space community, we thank you for your long life long devotion to service to our nation. We really appreciate that and I also echo a bang shot out to that guy Bill Britain, who has been a long time co conspirator of ours for a long time and you're doing great work there in the cyber program at Cal Poly Bill, keep it up. But professor arms trying to keep a close eye on him. Uh, I would like to offer a little extra context to the great comments made by by President Armstrong and bahng. Uh, in our view, the timing of this conference really could not be any better. Um, we all recently reflected again on that tragic 9 11 surprise attack on our homeland. And it's an appropriate time, we think, to take pause while the percentage of you in the audience here weren't even born or babies then For the most of us, it still feels like yesterday. And moreover, a tragedy like 9 11 has taught us a lot to include to be more vigilant, always keep our collective eyes and ears open to include those quote eyes and ears from space, making sure nothing like this ever happens again. So this conference is a key aspect. Protecting our nation requires we work in a cybersecurity environment at all times. But, you know, the fascinating thing about space systems is we can't see him. No, sir, We see Space launches man there's nothing more invigorating than that. But after launch, they become invisible. So what are they really doing up there? What are they doing to enable our quality of life in the United States and in the world? Well, to illustrate, I'd like to paraphrase elements of an article in Forbes magazine by Bonds and my good friend Chuck Beans. Chuck. It's a space guy, actually had Bonds job a fuse in the Pentagon. He is now chairman and chief strategy officer at York Space Systems, and in his spare time he's chairman of the small satellites. Chuck speaks in words that everyone can understand. So I'd like to give you some of his words out of his article. Uh, they're afraid somewhat. So these are Chuck's words. Let's talk about average Joe and playing Jane. Before heading to the airport for a business trip to New York City, Joe checks the weather forecast informed by Noah's weather satellites to see what pack for the trip. He then calls an uber that space app. Everybody uses it matches riders with drivers via GPS to take into the airport, So Joe has lunch of the airport. Unbeknownst to him, his organic lunch is made with the help of precision farming made possible through optimized irrigation and fertilization, with remote spectral sensing coming from space and GPS on the plane, the pilot navigates around weather, aided by GPS and nose weather satellites. And Joe makes his meeting on time to join his New York colleagues in a video call with a key customer in Singapore made possible by telecommunication satellites. Around to his next meeting, Joe receives notice changing the location of the meeting to another to the other side of town. So he calmly tells Syria to adjust the destination, and his satellite guided Google maps redirects him to the new location. That evening, Joe watches the news broadcast via satellite. The report details a meeting among world leaders discussing the developing crisis in Syria. As it turns out, various forms of quote remotely sensed. Information collected from satellites indicate that yet another band, chemical weapon, may have been used on its own people. Before going to bed, Joe decides to call his parents and congratulate them for their wedding anniversary as they cruise across the Atlantic, made possible again by communications satellites and Joe's parents can enjoy the call without even wondering how it happened the next morning. Back home, Joe's wife, Jane, is involved in a car accident. Her vehicle skids off the road. She's knocked unconscious, but because of her satellite equipped on star system, the crash is detected immediately and first responders show up on the scene. In time, Joe receives the news books. An early trip home sends flowers to his wife as he orders another uber to the airport. Over that 24 hours, Joe and Jane used space system applications for nearly every part of their day. Imagine the consequences if at any point they were somehow denied these services, whether they be by natural causes or a foreign hostility. And each of these satellite applications used in this case were initially developed for military purposes and continue to be, but also have remarkable application on our way of life. Just many people just don't know that. So, ladies and gentlemen, now you know, thanks to chuck beans, well, the United States has a proud heritage being the world's leading space faring nation, dating back to the Eisenhower and Kennedy years. Today we have mature and robust systems operating from space, providing overhead reconnaissance to quote, wash and listen, provide missile warning, communications, positioning, navigation and timing from our GPS system. Much of what you heard in Lieutenant General J. T. Thompson earlier speech. These systems are not only integral to our national security, but also our also to our quality of life is Chuck told us. We simply no longer could live without these systems as a nation and for that matter, as a world. But over the years, adversary like adversaries like China, Russia and other countries have come to realize the value of space systems and are aggressively playing ketchup while also pursuing capabilities that will challenge our systems. As many of you know, in 2000 and seven, China demonstrated it's a set system by actually shooting down is one of its own satellites and has been aggressively developing counter space systems to disrupt hours. So in a heavily congested space environment, our systems are now being contested like never before and will continue to bay well as Bond mentioned, the United States has responded to these changing threats. In addition to adding ways to protect our system, the administration and in Congress recently created the United States Space Force and the operational you United States Space Command, the latter of which you heard President Armstrong and other Californians hope is going to be located. Vandenberg Air Force Base Combined with our intelligence community today, we have focused military and civilian leadership now in space. And that's a very, very good thing. Commence, really. On the industry side, we did create the National Security Space Association devoted solely to supporting the national security Space Enterprise. We're based here in the D C area, but we have arms and legs across the country, and we are loaded with extraordinary talent. In scores of Forman, former government executives, So S s a is joined at the hip with our government customers to serve and to support. We're busy with a multitude of activities underway ranging from a number of thought provoking policy. Papers are recurring space time Webcast supporting Congress's Space Power Caucus and other main serious efforts. Check us out at NSS. A space dot org's One of our strategic priorities in central to today's events is to actively promote and nurture the workforce development. Just like cow calling. We will work with our U. S. Government customers, industry leaders and academia to attract and recruit students to join the space world, whether in government or industry and two assistant mentoring and training as their careers. Progress on that point, we're delighted. Be delighted to be working with Cal Poly as we hopefully will undertake a new pilot program with him very soon. So students stay tuned something I can tell you Space is really cool. While our nation's satellite systems are technical and complex, our nation's government and industry work force is highly diverse, with a combination of engineers, physicists, method and mathematicians, but also with a large non technical expertise as well. Think about how government gets things thes systems designed, manufactured, launching into orbit and operating. They do this via contracts with our aerospace industry, requiring talents across the board from cost estimating cost analysis, budgeting, procurement, legal and many other support. Tasker Integral to the mission. Many thousands of people work in the space workforce tens of billions of dollars every year. This is really cool stuff, no matter what your education background, a great career to be part of. When summary as bang had mentioned Aziz, well, there is a great deal of exciting challenges ahead we will see a new renaissance in space in the years ahead, and in some cases it's already begun. Billionaires like Jeff Bezos, Elon Musk, Sir Richard Richard Branson are in the game, stimulating new ideas in business models, other private investors and start up companies. Space companies are now coming in from all angles. The exponential advancement of technology and microelectronics now allows the potential for a plethora of small SAT systems to possibly replace older satellites the size of a Greyhound bus. It's getting better by the day and central to this conference, cybersecurity is paramount to our nation's critical infrastructure in space. So once again, thanks very much, and I look forward to the further conversation. >>Steve, thank you very much. Space is cool. It's relevant. But it's important, as you pointed out, and you're awesome story about how it impacts our life every day. So I really appreciate that great story. I'm glad you took the time Thio share that you forgot the part about the drone coming over in the crime scene and, you know, mapping it out for you. But that would add that to the story later. Great stuff. My first question is let's get into the conversations because I think this is super important. President Armstrong like you to talk about some of the points that was teased out by Bang and Steve. One in particular is the comment around how military research was important in developing all these capabilities, which is impacting all of our lives. Through that story. It was the military research that has enabled a generation and generation of value for consumers. This is kind of this workforce conversation. There are opportunities now with with research and grants, and this is, ah, funding of innovation that it's highly accelerate. It's happening very quickly. Can you comment on how research and the partnerships to get that funding into the universities is critical? >>Yeah, I really appreciate that And appreciate the comments of my colleagues on it really boils down to me to partnerships, public private partnerships. You mentioned Northrop Grumman, but we have partnerships with Lockie Martin, Boeing, Raytheon Space six JPL, also member of organization called Business Higher Education Forum, which brings together university presidents and CEOs of companies. There's been focused on cybersecurity and data science, and I hope that we can spill into cybersecurity in space but those partnerships in the past have really brought a lot forward at Cal Poly Aziz mentioned we've been involved with Cube set. Uh, we've have some secure work and we want to plan to do more of that in the future. Uh, those partnerships are essential not only for getting the r and d done, but also the students, the faculty, whether masters or undergraduate, can be involved with that work. Uh, they get that real life experience, whether it's on campus or virtually now during Covic or at the location with the partner, whether it may be governmental or our industry. Uh, and then they're even better equipped, uh, to hit the ground running. And of course, we'd love to see even more of our students graduate with clearance so that they could do some of that a secure work as well. So these partnerships are absolutely critical, and it's also in the context of trying to bring the best and the brightest and all demographics of California and the US into this field, uh, to really be successful. So these partnerships are essential, and our goal is to grow them just like I know other colleagues and C. S u and the U C are planning to dio, >>you know, just as my age I've seen I grew up in the eighties, in college and during that systems generation and that the generation before me, they really kind of pioneered the space that spawned the computer revolution. I mean, you look at these key inflection points in our lives. They were really funded through these kinds of real deep research. Bond talk about that because, you know, we're living in an age of cloud. And Bezos was mentioned. Elon Musk. Sir Richard Branson. You got new ideas coming in from the outside. You have an accelerated clock now on terms of the innovation cycles, and so you got to react differently. You guys have programs to go outside >>of >>the Defense Department. How important is this? Because the workforce that air in schools and our folks re skilling are out there and you've been on both sides of the table. So share your thoughts. >>No, thanks, John. Thanks for the opportunity responded. And that's what you hit on the notes back in the eighties, R and D in space especially, was dominated by my government funding. Uh, contracts and so on. But things have changed. As Steve pointed out, A lot of these commercial entities funded by billionaires are coming out of the woodwork funding R and D. So they're taking the lead. So what we can do within the deal, the in government is truly take advantage of the work they've done on. Uh, since they're they're, you know, paving the way to new new approaches and new way of doing things. And I think we can We could certainly learn from that. And leverage off of that saves us money from an R and D standpoint while benefiting from from the product that they deliver, you know, within the O D Talking about workforce development Way have prioritized we have policies now to attract and retain talent. We need I I had the folks do some research and and looks like from a cybersecurity workforce standpoint. A recent study done, I think, last year in 2019 found that the cybersecurity workforce gap in the U. S. Is nearing half a million people, even though it is a growing industry. So the pipeline needs to be strengthened off getting people through, you know, starting young and through college, like assess a professor Armstrong indicated, because we're gonna need them to be in place. Uh, you know, in a period of about maybe a decade or so, Uh, on top of that, of course, is the continuing issue we have with the gap with with stamps students, we can't afford not to have expertise in place to support all the things we're doing within the with the not only deal with the but the commercial side as well. Thank you. >>How's the gap? Get? Get filled. I mean, this is the this is again. You got cybersecurity. I mean, with space. It's a whole another kind of surface area, if you will, in early surface area. But it is. It is an I o t. Device if you think about it. But it does have the same challenges. That's kind of current and and progressive with cybersecurity. Where's the gap Get filled, Steve Or President Armstrong? I mean, how do you solve the problem and address this gap in the workforce? What is some solutions and what approaches do we need to put in place? >>Steve, go ahead. I'll follow up. >>Okay. Thanks. I'll let you correct. May, uh, it's a really good question, and it's the way I would. The way I would approach it is to focus on it holistically and to acknowledge it up front. And it comes with our teaching, etcetera across the board and from from an industry perspective, I mean, we see it. We've gotta have secure systems with everything we do and promoting this and getting students at early ages and mentoring them and throwing internships at them. Eyes is so paramount to the whole the whole cycle, and and that's kind of and it really takes focused attention. And we continue to use the word focus from an NSS, a perspective. We know the challenges that are out there. There are such talented people in the workforce on the government side, but not nearly enough of them. And likewise on industry side. We could use Maura's well, but when you get down to it, you know we can connect dots. You know that the the aspect That's a Professor Armstrong talked about earlier toe where you continue to work partnerships as much as you possibly can. We hope to be a part of that. That network at that ecosystem the will of taking common objectives and working together to kind of make these things happen and to bring the power not just of one or two companies, but our our entire membership to help out >>President >>Trump. Yeah, I would. I would also add it again. It's back to partnerships that I talked about earlier. One of our partners is high schools and schools fortune Margaret Fortune, who worked in a couple of, uh, administrations in California across party lines and education. Their fifth graders all visit Cal Poly and visit our learned by doing lab and you, you've got to get students interested in stem at a early age. We also need the partnerships, the scholarships, the financial aid so the students can graduate with minimal to no debt to really hit the ground running. And that's exacerbated and really stress. Now, with this covert induced recession, California supports higher education at a higher rate than most states in the nation. But that is that has dropped this year or reasons. We all understand, uh, due to Kobe, and so our partnerships, our creativity on making sure that we help those that need the most help financially uh, that's really key, because the gaps air huge eyes. My colleagues indicated, you know, half of half a million jobs and you need to look at the the students that are in the pipeline. We've got to enhance that. Uh, it's the in the placement rates are amazing. Once the students get to a place like Cal Poly or some of our other amazing CSU and UC campuses, uh, placement rates are like 94%. >>Many of our >>engineers, they have jobs lined up a year before they graduate. So it's just gonna take key partnerships working together. Uh, and that continued partnership with government, local, of course, our state of CSU on partners like we have here today, both Stephen Bang So partnerships the thing >>e could add, you know, the collaboration with universities one that we, uh, put a lot of emphasis, and it may not be well known fact, but as an example of national security agencies, uh, National Centers of Academic Excellence in Cyber, the Fast works with over 270 colleges and universities across the United States to educate its 45 future cyber first responders as an example, so that Zatz vibrant and healthy and something that we ought Teoh Teik, banjo >>off. Well, I got the brain trust here on this topic. I want to get your thoughts on this one point. I'd like to define what is a public private partnership because the theme that's coming out of the symposium is the script has been flipped. It's a modern error. Things air accelerated get you got security. So you get all these things kind of happen is a modern approach and you're seeing a digital transformation play out all over the world in business. Andi in the public sector. So >>what is what >>is a modern public private partnership? What does it look like today? Because people are learning differently, Covert has pointed out, which was that we're seeing right now. How people the progressions of knowledge and learning truth. It's all changing. How do you guys view the modern version of public private partnership and some some examples and improve points? Can you can you guys share that? We'll start with the Professor Armstrong. >>Yeah. A zai indicated earlier. We've had on guy could give other examples, but Northup Grumman, uh, they helped us with cyber lab. Many years ago. That is maintained, uh, directly the software, the connection outside its its own unit so that students can learn the hack, they can learn to penetrate defenses, and I know that that has already had some considerations of space. But that's a benefit to both parties. So a good public private partnership has benefits to both entities. Uh, in the common factor for universities with a lot of these partnerships is the is the talent, the talent that is, that is needed, what we've been working on for years of the, you know, that undergraduate or master's or PhD programs. But now it's also spilling into Skilling and re Skilling. As you know, Jobs. Uh, you know, folks were in jobs today that didn't exist two years, three years, five years ago. But it also spills into other aspects that can expand even mawr. We're very fortunate. We have land, there's opportunities. We have one tech part project. We're expanding our tech park. I think we'll see opportunities for that, and it'll it'll be adjusted thio, due to the virtual world that we're all learning more and more about it, which we were in before Cove it. But I also think that that person to person is going to be important. Um, I wanna make sure that I'm driving across the bridge. Or or that that satellites being launched by the engineer that's had at least some in person training, uh, to do that and that experience, especially as a first time freshman coming on a campus, getting that experience expanding and as adult. And we're gonna need those public private partnerships in order to continue to fund those at a level that is at the excellence we need for these stem and engineering fields. >>It's interesting People in technology can work together in these partnerships in a new way. Bank Steve Reaction Thio the modern version of what a public, successful private partnership looks like. >>If I could jump in John, I think, you know, historically, Dodi's has have had, ah, high bar thio, uh, to overcome, if you will, in terms of getting rapid pulling in your company. This is the fault, if you will and not rely heavily in are the usual suspects of vendors and like and I think the deal is done a good job over the last couple of years off trying to reduce the burden on working with us. You know, the Air Force. I think they're pioneering this idea around pitch days where companies come in, do a two hour pitch and immediately notified of a wooden award without having to wait a long time. Thio get feedback on on the quality of the product and so on. So I think we're trying to do our best. Thio strengthen that partnership with companies outside the main group of people that we typically use. >>Steve, any reaction? Comment to add? >>Yeah, I would add a couple of these air. Very excellent thoughts. Uh, it zits about taking a little gamble by coming out of your comfort zone. You know, the world that Bond and Bond lives in and I used to live in in the past has been quite structured. It's really about we know what the threat is. We need to go fix it, will design it says we go make it happen, we'll fly it. Um, life is so much more complicated than that. And so it's it's really to me. I mean, you take you take an example of the pitch days of bond talks about I think I think taking a gamble by attempting to just do a lot of pilot programs, uh, work the trust factor between government folks and the industry folks in academia. Because we are all in this together in a lot of ways, for example. I mean, we just sent the paper to the White House of their requests about, you know, what would we do from a workforce development perspective? And we hope Thio embellish on this over time once the the initiative matures. But we have a piece of it, for example, is the thing we call clear for success getting back Thio Uh, President Armstrong's comments at the collegiate level. You know, high, high, high quality folks are in high demand. So why don't we put together a program they grabbed kids in their their underclass years identifies folks that are interested in doing something like this. Get them scholarships. Um, um, I have a job waiting for them that their contract ID for before they graduate, and when they graduate, they walk with S C I clearance. We believe that could be done so, and that's an example of ways in which the public private partnerships can happen to where you now have a talented kid ready to go on Day one. We think those kind of things can happen. It just gets back down to being focused on specific initiatives, give them giving them a chance and run as many pilot programs as you can like these days. >>That's a great point, E. President. >>I just want to jump in and echo both the bank and Steve's comments. But Steve, that you know your point of, you know, our graduates. We consider them ready Day one. Well, they need to be ready Day one and ready to go secure. We totally support that and and love to follow up offline with you on that. That's that's exciting, uh, and needed very much needed mawr of it. Some of it's happening, but way certainly have been thinking a lot about that and making some plans, >>and that's a great example of good Segway. My next question. This kind of reimagining sees work flows, eyes kind of breaking down the old the old way and bringing in kind of a new way accelerated all kind of new things. There are creative ways to address this workforce issue, and this is the next topic. How can we employ new creative solutions? Because, let's face it, you know, it's not the days of get your engineering degree and and go interview for a job and then get slotted in and get the intern. You know the programs you get you particularly through the system. This is this is multiple disciplines. Cybersecurity points at that. You could be smart and math and have, ah, degree in anthropology and even the best cyber talents on the planet. So this is a new new world. What are some creative approaches that >>you know, we're >>in the workforce >>is quite good, John. One of the things I think that za challenge to us is you know, we got somehow we got me working for with the government, sexy, right? The part of the challenge we have is attracting the right right level of skill sets and personnel. But, you know, we're competing oftentimes with the commercial side, the gaming industry as examples of a big deal. And those are the same talents. We need to support a lot of programs we have in the U. D. So somehow we have to do a better job to Steve's point off, making the work within the U. D within the government something that they would be interested early on. So I tracked him early. I kind of talked about Cal Poly's, uh, challenge program that they were gonna have in June inviting high school kid. We're excited about the whole idea of space and cyber security, and so on those air something. So I think we have to do it. Continue to do what were the course the next several years. >>Awesome. Any other creative approaches that you guys see working or might be on idea, or just a kind of stoked the ideation out their internship. So obviously internships are known, but like there's gotta be new ways. >>I think you can take what Steve was talking about earlier getting students in high school, uh, and aligning them sometimes. Uh, that intern first internship, not just between the freshman sophomore year, but before they inter cal poly per se. And they're they're involved s So I think that's, uh, absolutely key. Getting them involved many other ways. Um, we have an example of of up Skilling a redeveloped work redevelopment here in the Central Coast. PG and e Diablo nuclear plant as going to decommission in around 2020 24. And so we have a ongoing partnership toe work on reposition those employees for for the future. So that's, you know, engineering and beyond. Uh, but think about that just in the manner that you were talking about. So the up skilling and re Skilling uh, on I think that's where you know, we were talking about that Purdue University. Other California universities have been dealing with online programs before cove it and now with co vid uh, so many more faculty or were pushed into that area. There's going to be much more going and talk about workforce development and up Skilling and Re Skilling The amount of training and education of our faculty across the country, uh, in in virtual, uh, and delivery has been huge. So there's always a silver linings in the cloud. >>I want to get your guys thoughts on one final question as we in the in the segment. And we've seen on the commercial side with cloud computing on these highly accelerated environments where you know, SAS business model subscription. That's on the business side. But >>one of The >>things that's clear in this trend is technology, and people work together and technology augments the people components. So I'd love to get your thoughts as we look at the world now we're living in co vid um, Cal Poly. You guys have remote learning Right now. It's a infancy. It's a whole new disruption, if you will, but also an opportunity to enable new ways to collaborate, Right? So if you look at people and technology, can you guys share your view and vision on how communities can be developed? How these digital technologies and people can work together faster to get to the truth or make a discovery higher to build the workforce? These air opportunities? How do you guys view this new digital transformation? >>Well, I think there's there's a huge opportunities and just what we're doing with this symposium. We're filming this on one day, and it's going to stream live, and then the three of us, the four of us, can participate and chat with participants while it's going on. That's amazing. And I appreciate you, John, you bringing that to this this symposium, I think there's more and more that we can do from a Cal poly perspective with our pedagogy. So you know, linked to learn by doing in person will always be important to us. But we see virtual. We see partnerships like this can expand and enhance our ability and minimize the in person time, decrease the time to degree enhanced graduation rate, eliminate opportunity gaps or students that don't have the same advantages. S so I think the technological aspect of this is tremendous. Then on the up Skilling and Re Skilling, where employees air all over, they can be reached virtually then maybe they come to a location or really advanced technology allows them to get hands on virtually, or they come to that location and get it in a hybrid format. Eso I'm I'm very excited about the future and what we can do, and it's gonna be different with every university with every partnership. It's one. Size does not fit all. >>It's so many possibilities. Bond. I could almost imagine a social network that has a verified, you know, secure clearance. I can jump in, have a little cloak of secrecy and collaborate with the d o. D. Possibly in the future. But >>these are the >>kind of kind of crazy ideas that are needed. Are your thoughts on this whole digital transformation cross policy? >>I think technology is gonna be revolutionary here, John. You know, we're focusing lately on what we call digital engineering to quicken the pace off, delivering capability to warfighter. As an example, I think a I machine language all that's gonna have a major play and how we operate in the future. We're embracing five G technologies writing ability Thio zero latency or I o t More automation off the supply chain. That sort of thing, I think, uh, the future ahead of us is is very encouraging. Thing is gonna do a lot for for national defense on certainly the security of the country. >>Steve, your final thoughts. Space systems are systems, and they're connected to other systems that are connected to people. Your thoughts on this digital transformation opportunity >>Such a great question in such a fun, great challenge ahead of us. Um echoing are my colleague's sentiments. I would add to it. You know, a lot of this has I think we should do some focusing on campaigning so that people can feel comfortable to include the Congress to do things a little bit differently. Um, you know, we're not attuned to doing things fast. Uh, but the dramatic You know, the way technology is just going like crazy right now. I think it ties back Thio hoping Thio, convince some of our senior leaders on what I call both sides of the Potomac River that it's worth taking these gamble. We do need to take some of these things very way. And I'm very confident, confident and excited and comfortable. They're just gonna be a great time ahead and all for the better. >>You know, e talk about D. C. Because I'm not a lawyer, and I'm not a political person, but I always say less lawyers, more techies in Congress and Senate. So I was getting job when I say that. Sorry. Presidential. Go ahead. >>Yeah, I know. Just one other point. Uh, and and Steve's alluded to this in bonded as well. I mean, we've got to be less risk averse in these partnerships. That doesn't mean reckless, but we have to be less risk averse. And I would also I have a zoo. You talk about technology. I have to reflect on something that happened in, uh, you both talked a bit about Bill Britton and his impact on Cal Poly and what we're doing. But we were faced a few years ago of replacing a traditional data a data warehouse, data storage data center, and we partner with a W S. And thank goodness we had that in progress on it enhanced our bandwidth on our campus before Cove. It hit on with this partnership with the digital transformation hub. So there is a great example where, uh, we we had that going. That's not something we could have started. Oh, covitz hit. Let's flip that switch. And so we have to be proactive on. We also have thio not be risk averse and do some things differently. Eyes that that is really salvage the experience for for students. Right now, as things are flowing, well, we only have about 12% of our courses in person. Uh, those essential courses, uh, and just grateful for those partnerships that have talked about today. >>Yeah, and it's a shining example of how being agile, continuous operations, these air themes that expand into space and the next workforce needs to be built. Gentlemen, thank you. very much for sharing your insights. I know. Bang, You're gonna go into the defense side of space and your other sessions. Thank you, gentlemen, for your time for great session. Appreciate it. >>Thank you. Thank you. >>Thank you. >>Thank you. Thank you. Thank you all. >>I'm John Furry with the Cube here in Palo Alto, California Covering and hosting with Cal Poly The Space and Cybersecurity Symposium 2020. Thanks for watching.

>> Announcer: From around the globe, it's theCUBE! Covering Space and Cybersecurity Symposium 2020. Hosted by Cal Poly. >> Hello everyone. Welcome to the Space and Cybersecurity Symposium 2020, put on by Cal Poly and hosted with SiliconANGLE theCUBE here in Palo Alto, California for a virtual conference. Couldn't happen in person this year, I'm John Furrier, your host. The intersection of space and cybersecurity, obviously critical topics, great conversations. We've got a great guest here to talk about the addressing the cybersecurity workforce gap. And we have a great guest, and a feature speaker, Stewart Knox, the undersecretary with California's Labor and Workforce Development Office. Stewart, thanks for joining us today. >> Thank you so much, John. I appreciate your time today and listening to a little bit of our quandaries with making sure that we have the security that's necessary for the state of California and making sure that we have the workforce that is necessary for cybersecurity in space. >> Great. I'd love to get started. I've got a couple of questions for you, but first take a few minutes for an opening statement to set the stage. >> Sure, realizing that in California, we lead the nation in much of cybersecurity based on Department of Defense contractors within the state of California, leading the nation with over 160 billion dollars within the industry just here in California alone and having over 800,000 plus workers full time employment in the state of California is paramount for us to make sure that we face defense manufacturers, approximately 700,000 jobs that are necessary to be filled. There's over 37,000 vacancies that we know of in California, just alone in cybersecurity. And so we look forward to making sure that California Workforce Development Agency is leading the charge to make sure that we have equity in those jobs and that we are also leading in a way that brings good jobs to California and to the people of California, a good education system that is developed in a way that those skills are necessarily met for the employers here in California, and the nation. >> One of the exciting things about California is obviously look at Silicon Valley, Hewlett Packard and the garage story, history, space, it's been a space state, many people recognize California. You mentioned defense contractors. It's well rooted with history, just breakthroughs, bases, technology companies in California. And now you've got technology. This is the cybersecurity angle. Take a minute to give some more commentary to that because that's really notable, and as the workforce changes, these two worlds are coming together and sometimes they're in the same place, sometimes they're not. This is super exciting and a new dynamic that's driving opportunities. Could you share some color commentary on that dynamic? >> Absolutely. And you're so correct. I think in California, we lead the nation in the way that we develop programs, that our companies lead in the nation in so many ways around cyberspace, cybersecurity in so many different areas, for which in the Silicon Valley is just such a leader and those companies are good, qualified companies to do so. Obviously one of the places we play a role is to make sure that those companies have a skilled workforce. And also that the security of those systems are in place for our defense contractors and for the feeder companies, those outlying entities that are providing such key resources to those companies are also leading on a cutting edge for the future. Also again, realizing that we need to expand our training and skills to make sure that those California companies continue to lead, is just such a great initiative. And I think through apprenticeship training programs, and looking at our community college systems, I think that we will continue to lead the nation as we move forward. >> You know, we've had many conversations here in this symposium virtually, certainly around the everyday life of a consumer is impacted by space. You know, we get our car service, Uber, Lyft, we have maps, we have all this technology that was born out of defense contracts and R and D that really changed generations and created a lot of great societal value. Okay, now with space kind of going to the next generation, it's easier to get stuff into space. The security of the systems is now going to be not only paramount for quality of life, but defending that, and the skills are needed in cybersecurity to defend that. And the gap is there. What can we do to highlight the opportunities for career paths? It used to be the day where you get a mechanical engineering degree or aerospace and you graduate and you go get a job, not anymore. There's a variety of paths, career-wise. What can we do to highlight this career path? >> Absolutely correct. And I think it starts, you know, K through 12 system. And I know a lot of the work that (indistinct) and other entities are doing currently. This is where we need to bring our youth into an age where they're teaching us, right, as we become older, on the uses of technology, but it's also teaching where the levels of those education can take them, K through 12, but it's also looking at how the community college system links to that. And then the university system links above and beyond, but it's also engaging our employers. You know, one of the key components, obviously as the employers play a role, for which we can start to develop strategies that best meet their needs quickly. I think that's one of the comments we hear the most, at Labor Agency is how we don't provide a change as fast as we should, especially in technology. You know, we buy computers today and they're outdated tomorrow. It's the same with the technology that's in those computers is that those students are going to be the leaders within that to really develop how those structures are in place. So K through 12 is probably our primary place to start, but also continuing that past the K-12 system. And I bring up the employers and I bring them up in a way, because many times when we've had conversations with employers around what their skills needs were and how do we develop those better? One of the pieces of that, that I think really should be recognized, many times they recognize that they wanted a four year degree, potentially, or a five year or six year degree. But then when we really looked at the skillsets, someone coming out of the community college system could meet those skillsets. And I think we need to have those conversations to make sure, not that they shouldn't be continuing their education. They absolutely should. But how do we get those skillsets built into this into a K-12 plus the two year plus the four year person? >> Yeah, I love the democratization of these new skills, because again, there's no pattern matching 'cause they weren't around before, right? So you got to look at the exposure, to your point, K through 12 exposure, but then there's an exploration piece of it, whether it's community college or whatever progression, and sometimes it's nonlinear, right? I mean, people are learning different ways, combining the exposure and the exploration. That's a big topic. Can you share your view on this? Because this now opens up more doors for people, choice, you got new avenues, you got online, I can get a cloud computing degree now from Amazon and walk in and help. I can be, you know, security clearance possibly in college. So, you know, you get exposure. Is there certain things you see, is it early on? Middle school? And then obviously the exploration, those are two important concepts. Can you unpack that a little bit, exposure and exploration of skills? >> Absolutely, and I think this takes place not only in the K-12 system, but it takes place in our community colleges and our four year universities is that, that connection with those employers is such a key component, that if there's a way we could build in internships, work experiences, what we call on the job training programs, apprenticeship training, pre-apprenticeship training programs, into a design where those students at all levels are getting an exposure to the opportunities within the space and cybersecurity avenue. I think that right there alone will start to solve a problem of having 37 plus thousand openings at any one time in California. Also, I get that there's a burden on employers to do that. And I think that's a piece that we have to acknowledge, and I think that's where education can play a larger role. That's a place we at Labor Workforce Development Agency play a role with our apprenticeship training programs, our pre-apprenticeship training programs. I could go on all day of all of our training programs that we have within the state of California. Many of the list of your partners on this endeavor are partners with Employment Training Panel, which I used to be the director of the Brown administration of. That program alone does incumbent worker training. And so that also is an exposure place where a worker may be, you know, I use the old adage of sweeping the floors one day and potentially writing a large portion of the business, within years. But it's that exposure that that employee gets through training programs, and acknowledging those skill sets and where their opportunities are, is what's valid and important. I think that's where our students, we need to play a larger role than the K-12 system, really, to get that pushed out there. >> It's funny, here in California, you were the robotics clubs in high school are like a varsity sport, you're seeing kids exposed early on with programming, but it's, you know, this whole topic of cybersecurity and space intersection around workforce, and the gaps in the skills, it's not just for the young, certainly the young generation's got to be exposed to what the careers could be and what the possible jobs and societal impact and contributions, what they could be, but also it's people who are already out there. You know, you have retraining, re-skilling, this plays an important role. I know you guys do a lot of thinking on this as the undersecretary, you have to look at this because you know, you don't want to have a label "old and antiquated" systems. And a lot of them are, and they're evolving and they're being modernized by digital transformation. So what does the role of retraining and skill development for these programs play? Can you share what you guys are working on and your vision for that? >> Absolutely. That's a great question. 'Cause I think that is where we play a large role, obviously in California and with COVID-19 is we are faced with today that we've never seen before. At least in my 27 years of running programs, similar to all workforce and economic development, we are having such a large number of people displaced currently that it's unprecedented, we've got employment rates to where we are. We're really looking at how do we take, and we're also going to see industries not return to the level for which they stood at one point in time, you know, entertainment industries, restaurants, all of the alike, really looking at how do we move people from those jobs that were middle skill jobs to upper skill jobs, but the pay points maybe weren't great, potentially. And there's an opportunity for us to skill people into jobs that are there today. It may take training, obviously, but we have dollars to do that, generally, especially within our K-12 and our K-14 systems and our universities. But we really want to look at where those skillsets are at, currently. And we want to take people from that point in time where they sit today, and try to give them that exposure to your point earlier question is how do we get them exposed to a system for which there are job with means that pay well, with benefit packages, with companies that care about their employees. 'Cause that's what our goal is. >> You know, I don't know if you have some visibility on this or an opinion, but one of the observations that I've had and talk to whether it's a commercial or public sector, is that with COVID, there's been a lot of awareness of the situation. We're adequately prepared. There's some readiness, but as everyone kind of deals with it, they're also starting to think about what to do post-COVID as we come out of it, a growth strategy for a company or someone's career. People are starting to have that on the top of their minds. So I have to ask you, is there anything that you see that they say, "Okay, certain areas, maybe not doubling down on other areas, we're going to double down on because we've seen some best practices on a trajectory of value for coming out of COVID with, you know, well-armed skills or certain things." 'Cause that's what a lot of people are thinking right now. And certainly cyber is, I mean, how many jobs are open? So you got "Well that that's kind of maybe not something to double down on, here are areas we see that are working." Can you share your current visibility into that dynamic? >> Absolutely. Another great question. One of the key components that we look at at Labor Workforce Development Agency is to look at the industries in growth modes and ones that are in decline modes. Now COVID has changed that greatly. We were in a growth mode for the last seven, eight years. We saw almost every industry, minus a few, that were all in growth in one way or another, but obviously that has changed. Our landscape is completely different than we saw six, seven months ago. So today we're looking at cybersecurity, obviously with 30 plus thousand job openings, we are looking at Defense Department contractors, obviously, with federal government contracts. We are looking at the supply chains within those. We are looking at healthcare, which has always been one of obviously our large, one of our large entities that has grown over the years. But it's also changed with COVID-19. We're looking at the way protective equipment is manufactured and the way that that will continue to grow over time, we're looking at the service industry. I mean, it will come back, but it won't come back the way we've seen it probably in the past, but where are the opportunities that we develop programs that we are making sure that the skill sets of those folks are transferable to other industries. We have one of the issues that we face constantly in Labor and Workforce Development programs is understanding that over the period of time, especially in today's world, again, with technology, that people's skillsets, we don't see as in my parents' day that you worked at a job for 45 years and you retired at one job potentially. That's been gone for 25 years, but now at the pace for which we are seeing systems change, this is going to continue to amp up, and I will say, youth of today, my 12 year old nephew is in the room next door to me, in a classroom right now online. And so, you know, it's a totally different atmosphere and he's enjoying actually being at home and learning from an all online system. I would not have been able to learn that way, but I think we do see through the K through 12 system, the way we're moving, people's interests will change. And I think that they will start to see things in a different way than we have in the past. They were forced systems. We are an old system, been around since the 30s. Some even we'll say prior to the 30s, came out of the Great Depression in some ways. And that system, we have to change the way we develop our programs. It should not be constant and it should be an evolving system. >> It's interesting. A lot of the conversations between the private and public partnerships and industry, you're seeing an agile mindset where it's a growth mindset, it's also a reality-based mindset and certainly space kind of forces this conversation with cybersecurity of being faster, faster, more relevant, more modern. And you mentioned some of those points, and with COVID impact, the workforce development is certainly going to put a lot of pressure on faster learning. And then you mentioned online learning. This has become a big thing. It's not just putting education online per se. There's new touchpoints. You know, you've got apps, you've got digital. This digital transformation is also accelerating. How do you guys view the workforce development? Because it's going to be open. It's going to be evolving. There's new data coming in and maybe kids don't want to stare at a video conference. Is there some game aspect to it? Is there, how do you integrate these new things that are coming really fast, and it's happening kind of in real time in front of our eyes. So I'd love to get your thoughts on how you guys see that because it'll certainly impact their ability to compete for jobs and/or to self-learn. >> Well, I think one of the key components of California is our innovation, right? And so I think one of the things that we pride ourselves in California is around that. That said, that is the piece that I think the Silicon Valley, and then there's many areas in California that have done the same, or tried to do the same, at least in their economy is to build in innovation. And I think that's part of the K through 12 system, with our state universities and our UCs is to be able to bridge that. I think that you, we see that within universities that really instill an innovative approach to teaching, but also instill innovation within their students. I'm not sure we're there yet fully, with our K-12 system, and I think that's a place that either our community colleges could be a bridge to as well. So that's one component of workforce development I think that we look at as being a key piece. You brought up something that's really interesting to me is when you talk about agile, and one of the things that even in state government, this is going to be shocking to you, but we have not been an agile system as well. I think one of the things that the Newsom administration, Governor Newsom's administration has brought is, and when I talk about agile systems, I actually mean agile systems. We've gone from COBOL systems, which are old and clunky, still operating, but at the same time, we're looking at upgrading all of our systems in a way that even in our technology, in the state of California should be matching, the technology that our great state has within our state. So therein lies, it's also challenges of finding the qualified staff that we need in the state of California for all of our systems and servers and everything that we have currently. So, you know, not only are we looking at external users of labor workforce development, but we're looking at internal users, that the way we redevelop our systems so that we are more agile in two different ways. >> You just got me triggered with COBOL. I programmed in the 80s with COBOL, only one credit lab in college. Never touched it again, thank God. But this is the benefit of cloud computing. I think this is at the heart and this is the undertone of the conference and symposium is cloud computing, you can actually leverage existing resources, whether they're legacy systems, because they are running, they're doing a great job and they do a certain workload extremely well. Doesn't make sense to replace if it does a job. You can integrate it and that's what cloud does. This is opening up more and more capabilities and workloads. This is kind of what the space industry is pointing to when they say "We need people that can code and that can solve data problems," not just the computer scientists, but a large range of people, creative, data, science, everything. How does California's workforce solve the needs of America's space industry? This is because it's a space state. How do you see the labor workforce meeting those needs? >> Yeah, I think it's an investment. Obviously it's an investment on our part. It's an investment with our college partners. It's an investment from our K-12 system to make sure that we are allocating dollars in a way through meeting the demand of industry. And we do look at industry-specific around their needs, obviously this is a large one. We want to be very receptive, and work with our employers and our employee groups to make sure that we meet that demand. I think it's putting our money where our mouth is and designing and working with employer groups to make sure that the training meets their needs. It's also working with our employer groups to make sure that the employees are taken care of and that equity is built within the systems, that we keep people employed in California, and they're able to afford a home and they're able to afford a life here in California, but it's also again and I brought up the innovation component. I think it's building an innovation within systems for which they are employers, but are also our incoming employees and our incumbent workers. And you brought those up earlier, people that are already employed and people that are unemployed currently with a skill set that might match up is how do we bridge those folks into employment that they maybe have not thought about? We have a whole career network of systems out throughout The City of California with the America's Job Centers of California, and they will be working, and they already are working with a lot of dislocated workers. And one of the key components of that is to really look at how do we take what their current skillset might be, and then expose them to a system for which we have 37 plus thousand job openings, too, and how do we actually get those folks employed? It's paid for potentially through that local Workforce Innovation and Opportunity Act funding through our America's Job Centers, to pay for some on the job training. It's to be able to pay for work experiences, it's to be able to pay for internships for students to get that opportunity with our employers and also partnering with our employers that they're paying, obviously a percentage of that too. >> You know, one of the things I've observed over my career, 54 times around the sun is, you know, in the old days, when I was in college and school, you had career, people had the longer jobs, as you mentioned it's not like that anymore. But also I knew someone I'm going to to be in line to get that job, maybe nepotism or things of that nature. Now the jobs have no historical thing or someone worked longer in a job and has more seniority. A lot of these jobs, Stewart, don't have requirements, like no one's done them before. So the ability for someone who is jumping in, either from any college, there's no real, it's all level set, it's a complete upside down script here. It's not like, "Oh, I went to school, therefore I get the job." It can be, anyone can walk into these careers because the jobs are so new. So it's not where you came from or what school you went to or your nationality or gender. The jobs have been democratized. They're not discriminating against people with skills. This opens up more. How do you see that? Because this really is an opportunity for this next generation to be more diverse and to be more contributive because diversity brings expertise and different perspectives. Your thoughts on that. >> Absolutely, and that was one of the things we welcome, obviously. We want to make sure that that everybody is treated equally and that the employers view everyone as an employer of choice, but an employee of choice as well. We've also been looking at, as I mentioned before on the COVID situation, looking at ways that folks that are maybe stuck in jobs that don't have a huge career pathway, or they don't have a pathway out of poverty. I mean, we have a lot of working poor people in the state of California that may now due to COVID lost their employment. This, you know, let's turn back to the old adage, let's turn lemons into lemonade. How do we take those folks and get them employed into jobs that do have a good career pathway? And it's not about just who you knew, or who you might have an in with to get that job. It is based on skills. I think though, that said, we need to have a better way to actually match those jobs up with those employers. And I think those are the ongoing conversations with those employer groups to make sure that, one, that they see those skill sets as valid and important. They're helping design those career sets with us so that they do match up and that we're quickly matching up those close skillsets so that we're not training people for yesterday's skills. >> I think the employer angle's super important, but also the educators as well. One of the things that was asked in another question by the guest, they said, she said, the real question to ask is, how early do you start exposing the next generation? You mentioned K through 12, do you have any data or insight into or intuition or best practice of where that insertion point is, that exposure point? Is it middle school? Is it elementary, honestly, high school, once you're in high school, you got your training wheels are off, you're off to the races, but is there a best practice? What's your thoughts, Stewart, on exposure level to these kinds of new cyber and technical careers? >> Sure, absolutely. I would say kindergarten. We, San Bernardino has a program that they've been running for a little bit of time, and they're exposing students K through 12, but really starting in kindergarten. One is the exposure to what a job looks like. And then actually I've gone down to that local area and I've had the opportunity to see, you know, second graders in a healthcare facility, basically, that they have on campus built-in. And they're going from one workstation as a second grader, looking at what those skills would be and what that job would entail from a nurse to a doctor, to a physician's assistant, and really looking at what that is. You know, obviously they're not getting the training that a doctor gets, but they are getting the exposure of what that would be. And I think that is amazing. And I think it's the right place to start. It was really interesting 'cause as I left, this was pre-COVID, but as I jumped on the plane to come back up north, I was thinking to myself, "How do we get this to all school districts in California where we see that opportunity to expose jobs and skill sets to kids throughout the system and develop those skill sets so that they do understand that they have an opportunity?" >> We are here at Cal Poly Space and Cybersecurity Symposium. We have educators, we have students, we have industry and employers and government together. What's your advice to them all watching and listening about the future of work, this workforce, what can people do? What do you think you're enabling? What can maybe the private sector help with and what are you trying to do? Can you share your thoughts on that? Because we have a range from the dorm room to the boardroom here at this event. I'd love to get your thoughts on the workforce development view of this. >> Yeah, absolutely. And I think that's the mix. I mean, I think it's going to take industry to lead, in a lot of ways in terms of understanding what their needs are and what their needs are today and what they will be tomorrow. I think it takes education to listen, and to understand, and labor and workforce development to also listen and understand what those needs will look like. And then how do we move systems? How do we move systems quickly? How do we move systems in a way that meets those needs? How do we put money into systems where the most need is, but also looking at trends? What is that trend going to look like in two years? What is that trend going to look like in five years, (indistinct), again, listening to those employers, it's also listening to the community-based organizations. I think obviously some of our best students are also linked to CBOs in one way or another. It may be for services, it may be for faith-based, it may be anything, but I think we also need to bring in the CBOs as well. A lot of outreach goes through those systems in conjunction with, but I think that's the key component is to make sure that our employers are heard and that they sit at the table, like you said, to the boardroom of understanding, and I think bringing students into that so that they get a true understanding of what that looks like as well, is a key piece of this. >> Stu, one of the things I want to bring up with you is maybe a little bit more about the research side of it, but John Markoff, who was a former New York times reporter, but author of the book, "What the Dormouse Said," it was a book about the counterculture of the 60s and the computer revolution. And really it was about how government defense spending drove the computer revolution that we now saw with Apple and PC. And then the rest is history in California, has really participated, Stanford, the Berkeley, and the University of California school system, and all the education community colleges around it. That moment, the enablement, and now you're seeing space kind of bringing that, a lot of research coming in, need a lot of billionaires putting money in, you've got employers playing a role. You have this new focus, space systems, cybersecurity defending and making it open and, not congested and peaceful, is going to enable quickly, new inflection points for opportunities. I want to get your thoughts on that because California's participated and drove those revolutions, that's created massive value. This next wave seems to be coming upon us. >> Yeah, absolutely. And again, not to use COVID again as too much of a starting point to this, but I think that is also an opportunity to actually, 'cause I think one of the things that we were seeing seven months ago was a skill shortage, and we still see the skill shortage, obviously. But I think a key piece to that is we saw a people shortage. Not only was it skill shortage, but we didn't have enough people really to fill positions in addition, too, and I think that people also felt they were already paying the bills and they were making ends meet and they didn't have the opportunities to get additional skills. This again is where we're looking at, you know, our world has changed. It changed in the 60s based on what you're just expressing in terms of California leading the way. Let's let California lead the way again in developing a system for which labor workforce development with our universities, our amazing universities and community college system structure, of how do we get students back into school? You know, a lot of graduates may already have a degree, but how do they now take a skill set that they already have and develop that further with the idea that those jobs have changed? We also have a lot of folks that don't have a degree, and that's okay, but how do we make that connection to a system that may have failed a lot of our people over the years, and our students who didn't make it through the school system, how do we develop an adult training school? How do we develop contract education through our community college system with our employer sets, that we develop cohorts within the systems of workers that have amazing talents and abilities to start to fill these needs. And I think that's the key components that here at Labor Workforce Development Agency, we work with our community colleges, our UCs and our state universities to develop and figure that piece out. And I think it is our opportunity for the future. >> That's such a great point. I want to call that out, this whole opportunity to retrain people that are out there because these are new jobs. I think that's a huge opportunity and, I hope you keep building and investing in those programs. That's really worth calling out. Thank you for doing that. And yeah, it's a great opportunity to gain these jobs. They pay well, too, cybersecurity's a good job and you don't really need to have that classical degree. You can learn pretty quickly if you're smart. So again, great call out there. A question for you on geography. You mentioned COVID, we're talking about COVID, virtualization, we're virtual with this conference. We couldn't be in person. People are learning virtually, but people are starting to relocate virtually. And so one observation that I have is the space state that California is, there's space clusters of areas where space people hang out, or space spaces and whatnot. Then you got like the tech community, the cybersecurity market, you know, Silicon Valley, you know, the talent is in these hubs. And sometimes cyber's not always in the same hubs as space. Maybe Silicon Valley has some space here, and some cyber, but that's not generally the case. This is an opportunity potentially to intersect. What's your thoughts on this? Because this is something that we're seeing, where space has historical, you know, geographies. Now with borderless communication, the work mode is not so much "You have to move to this space area." You know what I'm saying? So what's your thoughts on this? How do you guys look at, this is on your radar, and how you're viewing this dynamic. >> It's absolutely on our radar. Like you said, you know, here we are, talking virtually, and you know, 75% of all of our staff currently, in some of our departments, it's 80% of our staff, are now virtual. Seven months ago, we were not. Government, again, being slow move, we quickly transitioned, obviously, to being able to have a telework capacity. We know employers moved probably even more quickly than we did, but we see that as an opportunity for our rural areas, our Central Valley, our Northstate, Inland Empire. That you're absolutely correct. I mean, if you didn't move to a city or to a location for which these jobs were really housed, you didn't have an opportunity like you do today. I think that's a piece that we really need to work with our education partners on, to be able to see how much this has changed. Labor Agency absolutely recognizes this. We are investing funding in the Central Valley. We're investing funding in the Northstate and Inland Empire to really look at youth populations, of how the new capacity that we have today is going to be utilized for the future for employers. But we also have to engage our universities around this as well, but mostly our employers. I know that they're already very well aware. I know that a lot of our large employers within Silicon Valley have already done it. They're doing almost 100% telework policies, but the affordability to live in rural areas in California, also enables us to have a way to make products more affordable as well, potentially in the future. But we want to keep California businesses healthy and whole in California, of course. And that's another way we can expand and keep California home to our 40 plus million people. >> Well Stewart, great work and congratulations for doing such a great job. Keep it up. I got to ask you about the governor. I've been following his career since he's been in office as a political figure. He's progressive, he's cutting edge. He likes to rock the boat a little bit here and there, but he's also pragmatic. You're starting to see government workers starting to get more of a tech vibe. Just curious from your perspective, how does the governor look at, I mean, the old, I won't say "old guard," but like, you know, it used to be, you become a lawyer, you become a lawmaker. Now a tech savvy lawmaker is a premium candidate, is a premium person in government. Knowing what COBOL is, is a start. I mean, these are the things that as we transform and evolve our society, we need thinkers who can figure out which side of the streets self driving cars go on. I mean, who does that? It's a whole nother generation of thinking. How does the governor, how do you see this developing? Because this is the challenge for society. How does California lead? How do you guys talk about the leadership vision of why California and how will you lead the future? >> Absolutely. No governor that I'm aware of, and I've been around for 26, 27 years of workforce development, has led with an innovation background as this governor has, especially around technology and the use of technology. You know, he's wrote a book about the use of technology when he was lieutenant governor. And I think it's really important for him that we, as his staff are also on the leading edge of technology. I brought up agile systems earlier. When I was under the Brown administration, we had moved to where I was at the time, Employment Training Panel, we moved to an agile system and deployed that. One of the first within the state to do that and coming off of an old legacy system that was an antique. I will say it is challenging. It's challenging on a lot of levels. Mostly the skill sets that our folks have, sometimes are not open to a new agile system, to an open source system is also an issue in government. But this governor absolutely, I mean, he has established the Office of Digital Innovation, which is part of California Department of Technology, in partnership with, and that just shows how much he wants to push our limits to make sure that we are meeting the needs of Californians. But it's also looking at, you know, Silicon Valley being at the heart of our state, how do we best utilize systems that are already there? How do we better utilize the talent from those folks as well? We don't always pay as well as they do in the state, but we do have great benefit packages, everybody knows. So if anybody's looking for a job, we're always looking for technology folks as well. And so I would say that this governor absolutely leads in terms of making sure that we will be on cutting edge technology for the nation. >> And, you know, talk about pay, I mean, I know it's expensive to live in some parts of California, but there's a huge young population that wants a mission-driven job, and serving the government for the government, it's awesome. A final parting question for you, Stewart, is as you look at the workforce, a lot of people are passionate about this and it's, you know, you can't go anywhere without people saying, you know, "We've got to do education this way, and that way," there's an opinion everywhere you go. Cybersecurity, obviously a little bit peaked and focused, but there are people who are paying attention to education. So I have to ask you what creative ways can people get involved and contribute to workforce development, whether it's STEM, underrepresented minorities, people are looking for new, innovative ways to contribute. What advice would you give these people who have the passion to contribute to the next cyber workforce? >> Yeah, I appreciate that question because I think it's one of the key components that my secretary, Julie Su, secretary of Labor and Workforce Development Agency, talks about often. And a couple of us always have these conversations around one is getting people with that passion to work in government, one, or, and I brought it up community-based organizations. I think so many times that we didn't work with our CBOs to the level that in government, we should, this administration is very big on working with CBOs and philanthropy groups to make sure that the engagement of those entities are at the highest level. So I would say, students have opportunities to also engage with local CBOs and be that mission, what their values really drives them towards. And that gives them a couple of things to do, right? One is to look at ways that we're helping society in one way or another through those organizations, but it also links them to their own mission and how they can develop those skills around that. But I think the other piece to that is in a lot of these companies that you are working with and that we work with, have their own foundations. So those foundations are amazing. We work with them now, especially in the Newsom administration, more than we ever have. These foundations are really starting to help develop our strategies. My secretary works with a large number of foundations already, and we do as well in terms of strategy, really looking at how do we develop young people's attitudes towards the future, but also skills towards the future? >> Well, you got a pressure cooker of a job. I know how hard it is. I know you're working hard and appreciate what you do. And, and we wish you the best of luck, thank you for sharing this great insight on workforce development. And you guys are working hard. Thank you for what you do. Appreciate it. >> Great. Thank you so much. I appreciate it. >> This is theCUBE coverage and co-production of the Space and Cybersecurity Symposium 2020 with Cal Poly. I'm John Furrier with siliconangle.com and theCUBE. Thanks for watching. (calm music)

>> Announcer: From Las Vegas, it's theCUBE. Covering Qualys Security Conference 2019, brought to you by Qualys. >> Hey welcome back everybody, Jeff Frick here with theCUBE, we're in Las Vegas at the Bellagio, at the Qualys Security Conference, pretty amazing, it's been going on for 19 years, we heard in the keynote. It's our first time here, and we're excited to have our first guest, he was a keynote earlier this morning, the author of nine books, Richard Clarke, National Security and Cyber Risk expert, and author most recently of "The Fifth Domain." Dick, great to see you. >> Great to be with you. >> Absolutely. So you've been in this space for a very long time. >> I started doing cybersecurity in about 1996 or 1997. >> So early days. And preparing for this, I've watched some of your other stuff, and one of the things you said early on was before there was really nothing to buy. How ironic to think about that, that first there was a firewall, and basic kind of threat protection. Compare and contrast that to walking into RSA, which will be in a couple of months in Moscone, 50,000 people, more vendors than I can count on one hand, now there's too much stuff to buy. Do you look at this evolution? What's your take? And from a perspective of the CIO and the people responsible for protecting us, how should they work through this morass? >> Well, the CIO and the CFO, got used to thinking cyber security costs a little bit, 'cause you can only buy, this is 1997, you can only buy antivirus, firewall, and maybe, in 1997, you could buy an intrusion detection system. Didn't do anything, it just went "beep," but you could buy that too. So you had three things in 1997. And so that resulted in the IT budget having to take a tiny little bit of it, and put it aside for security, maybe 2%, 3% of the budget. Well, now, if you're only spending 2 or 3% of your IT budget on security, somebody owns your company, and it's not you (laughs). >> And that's 2 or 3% of the IT budget, that's not the whole budget. >> No, that's the IT budget. What we found in researching the book, is that secure companies, and there are some, there's companies that don't get hacked, or they get hacked, but the hack gets in, immediately contained, identified, quarantined. The damage is done, but it's easily repaired. Companies that are like that, the resilient companies, are spending 8%, 10%, we found companies at 12 and 17%, of their IT budget on security, and to your point, how many devices do you have to buy? You look at the floor at any of these RSA Conventions, Black Hat, or something, now there are 2000 companies at RSA, and they're all selling something, but their marketing message is all the same. So pity the poor CSO as she goes around trying to figure out, "Well, do I want to talk to that company? "What does it do?" We found that the big banks, and the big corporations, that are secure, have not three, anymore, but 75, 80, different, discreet cybersecurity products on their network, most of it software, some of it hardware. But if you've got 80 products, that's probably 60 vendors, and so you got to, for yourself, there's the big challenge, for a CSO, she's got to figure out, "What are the best products? "How do they integrate? "What are my priorities?" And, that's a tough task, I understand why a lot of the people want to outsource it, because it's daunting, especially for the small and medium-size business, you got to outsource it. >> Right, right. So the good news is, there's a silver lining. So traditionally, and you've talked about this, we talk about it all the time too, there's people that have been hacked and know it, and people that have been hacked and just don't know it yet, and the statistics are all over the map, anywhere you grab it, it used to be hundreds of days before intrusions were detected. Kind of the silver lining in your message is, with proper investments, with proper diligence and governance, you can be in that group, some they're trying to get in all the time, but you can actually stop it, you can actually contain it, you can actually minimize the damage. >> What we're saying is, used to be two kinds of companies, those that are hacked and knew it, and those that are hacked that don't, that didn't know it. Now there's a third kind of company. The company that's stopping the hack successfully, and the average, I think, is a 175 days to figure it out, now it's 175 minutes, or less. The attack gets in, there's all the five or six stages, of what's called "the attack killchain," and gets out very, very quickly. Human beings watching glass, looking at alerts, are not going to detect that and respond in time, it's got to be automated. Everybody says they got AI, but some people really do (laughs), and machine learning is absolutely necessary, to detect things out of the sea of data, 75 different kinds of devices giving you data, all of them alarming, and trying to figure out what's going on, and figure out in time, to stop that attack, quarantine it, you got to move very, very quickly, so you've got to trust machine learning and AI, you got to let them do some of the work. >> It's so funny 'cause people still are peeved when they get a false positive from their credit card company, and it's like (laughs), do you realize how many of those things are going through the system before one elevates to the level that you are actually getting an alert? >> So the problem has always been reducing the number of false positives, and identifying which are the real risks, and prioritizing, and humans can't do that anymore. >> Right, right, there's just too much data. So let's shift gears a little bit about in terms of how this has changed, and again, we hear about it over and over, right, the hacker used to be some malicious kid living in his mom's basement, being mischievous, maybe, actually doing some damage, or stealing a little money. Now it's government-funded, it's state attacks, for much more significant threats, and much more significant opportunities, targets of opportunity. You've made some interesting comments in some of your prior stuff, what's the role of the government? What's the role of the government helping businesses? What's the role of business? And then it also begs the question, all these multinational business, they don't even necessarily just exist in one place, but now, I've got to defend myself against a nation state, with, arguably, unlimited resources, that they can assign to this task. How should corporate CIOs be thinking about that, and what is the role, do you think, of the government? >> Let's say you're right. 20 years ago we actually used to see the number of cyber attacks go up on a Friday night and a Saturday night, because it was boys in their mother's basement who couldn't get a date, you know, and they were down there having fun with the computer. Now, it's not individuals who are doing the attacks. It is, as you say, nation states. It's the Russian Army, Russian Intelligence, Russian Military Intelligence, the GRU. The North Korean Army is funding its development of nuclear weapons by hacking companies and stealing money, all over the world, including central banks, in some cases. So, yeah, the threat has changed, and obviously, a nation state is going to be far more capable of attacking, military is going to be far more capable of attacking, so, CISOs say to me, "I'm being attacked by a foreign military, "isn't that the role of the Pentagon "to defend Americans, American companies?" And General Keith Alexander, who used to run Cyber Command, talks about, if a Russian bomber goes overhead, and drops a bomb on your plant, you expect the United States Air Force to intercept that Russian bomber, that's why you pay your taxes, assuming you pay taxes. What's the difference? General Alexander says, whether that's a Russian bomber attacking your plant, or a Russian cyber attack, attacking your plant, and he says, therefore, people should assume the Pentagon will protect them from foreign militaries. That sounds nice. There's a real ring of truth to that, right? But it doesn't work. I mean, how could the Pentagon defend your regional bank? How could the Pentagon defend the telephone company, or a retail store? It can't. It can barely defend itself, and they're not doing a great job of that either, defending the federal government. So, do you really want the Pentagon putting sensors on your network? Looking at your data? No, you don't. Moreover, they can't. They don't have enough people, they don't have enough skills. At the end of the day, whatever the analogy is about how the Defense Department should defend us from foreign military attack, they can't. And they shouldn't, by the way, in my view. The conclusion that that gets you to, is you got to defend yourself, and you can, right now, if you use the technology that exists. The government has a role, sure. It can provide you warnings, it can provide the community with intelligence, it can fund development and stuff, can train people, but it cannot defend your network, you have to defend your network. >> And you have municipalities, I think it's Atlanta, is the one that keeps getting hit, there's-- >> Well Louisiana, just the other night, the whole state of Louisiana government unplugged from the internet, because it was being hit by a ransomware attack. The whole city of Baltimore's been down, the whole city of Atlanta, as you said. There's a real problem here, because people, many of them are paying the ransom, and they pay the ransom, and they get their network back right away. People ask me, "Can I trust these criminals?" Well you can trust them to give you your network back, because they have a reputation to maintain. Think about that. This whole thing about ransomware depends on their reputation, the bad guys' reputation. If they get a reputation for not giving you your network back when you pay, no one's ever going to pay, so they do give it back, and sometimes that's a lot quicker, and a lot cheaper, than saying no and rebuilding your network. But if we give them the money, what are they doing with it? Yeah, they're buying Ferraris to drive round the streets of Moscow, but some of that money is going back into R&D, so they can develop more effective attacks. >> So it's an interesting take, right, so most people, I think, would say that the cybersecurity war is completely always going to be kind of cat and mouse, whack-a-mole, that the bad guys are always a little step ahead, and you're always trying to catch up, just the way the innovation cycle works. You specifically say no, that's not necessarily always true, that there are specific things you can do to, not necessarily have an impenetrable wall, but to really minimize the impact and neutralize these threats, like a super white blood cell, if you will. So what are those things that companies should be doing, to better increase their probability, their chance, of, I don't know, blocking-- >> Depends on the size of the company. >> Absorbing. >> Depends on the size of the company. But I think whether you're a small-to-medium business, or you're an enterprise, you begin in the same place. And I do this with all of my consulting contracts, I sit down with the leadership of the company individually, and I ask every one of them, "What are you worried about? "What could happen? "What could a bad guy do to you "that matters to your company?" 'Cause what matters to one company may not matter to another company. And you can't spend your entire budget defending the network, so let's figure out exactly what risk we're worried about, and what risk we're just kind of willing to tolerate. And then, we can design security around that, and sometimes that security will be outsourced, to a managed security provider. A lot of it means getting into the cloud, because if you're in Amazon or Microsoft's cloud, you've got some security automatically built in, they've got thousands of people doing the security of the cloud, and if your server's in your basement, good luck. (laughs) >> So, as you look forward, now you said you finished the book earlier in the year, it gets published, and it's out, and that's great, but as you said, it's a fast-moving train, and the spaces develops. 10 years from now, we don't want to look at 10 years from now, it's way too long. But as you look forward the next couple, two, three years, what are you keeping an eye on, that's going to be, again, another sea change of both challenge and opportunity in this space? >> The three technologies we talk about in the book, for the three-year time horizon, 'cause I can't get beyond three years, more machine learning on the defense, but also more machine learning on the offense, and where does that balance work out? To whose advantage? Secondly, quantum computing, which, we don't know how rapidly quantum computing will come onto the market, but we do know it's a risk for some people, in that it might break encryption, if the bad guys get their hands on the quantum computer, so that's a worry. But one I think most immediately, is 5G. What 5G allows people to do, is connect millions of things, at high speed, to the internet. And a lot of those things that will be connected are not defended right now, and are outside firewalls, and don't have end-point protection, and aren't really built into networks on a secure network. So I worry about 5G empowering the Internet of Things, and doing what we call expanding the attack surface, I worry about that. >> Right, Richard, well thank you for taking a few minutes, and congrats on the book, and I'm sure within a couple of years the gears will start turning and you'll put pen to paper and kick another one out for us. >> Number 10. >> All right. He's Richard, I'm Jeff, you're watching theCUBE, we're at the Qualys Security Conference at the Bellagio in Las Vegas, thanks for watching, we'll see you next time. (upbeat music)

>> Announcer: Live from Washington D.C. It's theCUBE! Covering AWS Public Sector Summit. Brought to you by Amazon Web Services. >> Welcome back everyone to theCUBE's live coverage of AWS Public Sector here in beautiful Washington D.C. Springtime in D.C., there's no better time to be here. I'm your host, Rebecca Knight, co-hosting along with John Furrier, always so much fun to work with you. >> Great to see you. >> And this is a very exciting event for you in particular 'cause you've been doing a lot of great reporting around the modernization of IT in government. I'd love to have you just start riffing, John. What's on your mind right now coming into this show? What are some of the questions that're burning? >> I mean clearly the most important story that needs to be told and is being talked about here in D.C. in the tech world is, for this show specifically, is the JEDI contract, the Joint Enterprise Defense Initiative. It's a word that's not being kicked around at this show because-- >> Rebecca: Nothing to do with Star Wars. >> It's literally the elephant in the room because the contract's been waiting, Oracle's been dragging it on and Oracle's been part of apparently, my opinion from my reporting, is involved in some dirty under-handed tactics against Amazon. But it's being delayed because they're suing it. And Oracle's out. They have no chance of winning the deal, it's really Microsoft and Amazon are going to get a lion's share of the business. So you have, that's the biggest story in tech in D.C. in a long time, is the role of cloud computing is playing in reshaping how government, public sector operates. Combine that with the fact that a new generation of workers are coming in who have no dogma around IT technology, how it's bought or consumed and purchased, and the overcharging that's been going on for many many years, it's been called the Beltway Bandits for a reason because of the waste and sometimes corruption. So a new generation's upon us and Amazon is the leader in making the change happen. The deal they did with the CIA a few years ago really was the catalyst. And since then, public sector and the government has realized that there's advantages to cloud, not only for operating and serving society and its citizens but also competitiveness on a global scale. So a huge transformation, that's the story we're following. That's the story that we got into from the cloud side of the business here in D.C. and that is just raging and expanding and compounded by other factors like Facebook. Irresponsibility in how they managed the data there. Elections were tied in the balance. You're seeing Brexit in the UK. You're seeing counter-terrorism organizations using the dark web and other cyber security challenges at the United States. Literally digital war is happening so a lot of people, smart people, have recognized this and it's now for the first time coming out. >> Right, and I think the other thing that we're also starting to talk much more about is the regulation. I know that you're friendly with Kara Swisher and she bangs on about this all the time. But then she said in a column the other day the problem is is that they're now guns ablazing but do they really understand it? And also, is it too feeble, too little too late? >> I mean, Kara Swisher nailed her story in the New York Times and opinion piece. And I've had similar opinions. Look it. She's been around for a long time, I've been around for a long time. I remember when Bill Clinton was president, that's when the internet was upon us, the Department of Commerce did a good job with the domain name system, they shepherded the technology and they brought it out in a way that was responsible and let government and industry have a nice balancing act with each other and the government really didn't meddle too much. But there was responsibility back then and it wasn't moving as fast. So now you look at what's happening now, the government can't just not ignore the fact that YouTube is, in essence, its own state. And it's acting irresponsibly with how they're handling their situation. You got Facebook run by a 30-something-year-old, which essentially could be as large as a government. So there's no ethics, there's no thinking behind some of the consequences that they've become. So this begs the question, as a technology hock myself, I love tech, never seen tech I didn't like. I mean I love tech. But there's a point where you got to get in there and start shaping impact on ethics and society and we're seeing real examples of how this can wildfire out of control, how tech has just become uncontrollable in a way. >> Yes, no absolutely. And so who is going to be the one to do that? I know that on the show later you're going to be talking to Jay Carney who was obviously in the Obama administration, now here at AWS. It's a well-worn path from the public sector to technology. Susan Molinari, a couple of other, David Plouffe. That is the thing though, that these people really need to get it. Before they can lay down regulations and laws. >> Again, back to why we're here and stories we're trying to tell and uncover and extract is I think the big story that's emerging from this whole world is not just the impact of cloud, we talked about that, we're going to continue to cover that. It's the societal impact and this real there there, there's the intersection of public policy and technology and science where you don't have to be a programmer, you can be an architect of change and know how it works. Then being a coder and trying to codify a government or society. I think you're going to see a new kind of skillset emerge where there's some real critical thinking into how technology can be used for good. You're seeing the trends, Hackathon For Good here, you're seeing a lot of different events where you have inclusion and diversity, bringing more perspectives in. So you got the perfect storm right now for a sea change where it won't be led by the nerds, so to speak, but geeky digital generations will change it. I think that's going to be a big story. Not just workforce changeover but real disciplines around using machine-learning for ethics, societal impact. These are the storylines. I think this is going to be a big long 10-year, 20-year changeover. >> But what will it take though? For the best and the brightest of the nerds to want to go into public service rather than go work for the tech behemoths that are making these changes? I mean that's the thing, it's a war for talent and as we know and we've discussed a lot on theCUBE, there's a big skills gap. >> I think it's been talked about a lot on the web, the millennials want to work for a company that's mission-based. What more mission-based can you look for than so unto our public service right now? John F. Kennedy's famous line, "Ask not what your country can do for you, "what you can do for you country." That might have that appeal for the younger generation because we need it! So the evidence is there and you look at what's going on with our government. There's so many inefficiencies from healthcare to tax reform to policies. There's a huge opportunity to take that waste, and this is what cloud computing and AI and machine-learning can do, is create new capabilities and address those critical waste areas and again, healthcare is just one of many many many others in government where you can really reduce that slack with tech. So it's a great opportunity. >> And where would you say, and I know you've been reporting on this for a long time, where is the government in terms of all of this? I remember not very long ago when healthcare.gov was rolled out and it was revealed that many agencies were still using floppy disks. The government is, first of all is not this monolithic thing, it's many different agencies all with their own tech agendas and with their own processes and policies. So where do you place the government in terms of its modernization right now? >> On the elected officials side, it's weak. They're really not that smart when it comes to tech. Most of the people that are involved in the elected side of the Hill are either lawyers or some sort of major that's not technical. So you can see that with Sundar Pichai from Google and Mark Zuckerberg's testimony when the basic kind of questions they're asking, it's almost a joke. So I think one, the elected officials have to become more tech-savvy. You can't regulate and govern what you don't understand. I think that something that's pretty obvious to most digital natives. And then on the kind of working class, the Defense Department and these other agencies, there's real people in there that have a passion for change and I think there's change agents, Amazon's done really well there. I think that is a piece where you're going to see a movement, where you're going to see this digital native movement where people going to be like, "There's no excuse not to do this right." And I think there's new ways to do it, I think that's going to change. So that's that. On the business side, to how the government procures technology is literally like the '80s, it's like that movie "Hot Tub Time Machine" where you get thrown back. Everything is based on 1980s procurement, 1990s procurement. I mean, shipping manuals. So all these things have to change. How do you procure cloud? If you got to go through a six-month procurement process just to spit up some servers, that's not agility. So procurement's got to change. Competitiveness, what does that mean? This Oracle deal with JEDI highlights a lot of flaws in the government. Which is Oracle's using these rules around procurement to try to stall Amazon, it's kind of like a technicality but it's so irrelevant to the reality of the situation. So procurement has to change. >> Well one of the things you said about how there's a lot of pressure to get it right. And that is absolutely true because we are dealing with national security issues, people's lives, health, these really important topics. And yet the private sector doesn't always get it right the first time either. So how would you describe the government, the federal approach to how they start to implement these new technologies and experiment with other kinds of tools and techniques? >> Well I think there's obviously some agencies that have sensitive things. CIA's a poster child in my opinion of how to do it right. The JEDI, Department of Defense is emulating that and that's a good thing. The Department of Defense is also going multicloud as they put out in their statement. Amazon for the JEDI piece which is for troops in the field. I think that every agency's going to have its own workload and those workloads should decide which cloud to use based upon the architecture of the workload. 'Cause the data needs to be in the cloud, it needs to be real time. And to take the military example, you can't have lag in military, it's not a video game, it's real life, people die. Lag can literally kill people in the field. So technology can be a betterment there but technology to avoid fighting is another one. So you have all these things going on, I think the government's got to really design everything around the workload, their mission, their applications, rather than designing around here's your infrastructure, then decide. >> One of the things we talk about all the time, almost ad nauseam, on theCUBE is digital transformation. And so how do you think about those two, private sector versus public sector? What are the big differences in terms of these institutions on their own journeys of digital transformation? >> I think the government's slower. That's an easy one to talk about. I think there's a lot of moving parts involved, you mentioned some of the procurement things, so a lot of processes. It's the same kind of equation. People process technology, except the people that process is much more complicated on the public sector side than private sector, unless it's a big company. So imagine the biggest company in the private sector side, multiply that times a hundred, that's the government. So in each agency there's a lot of things going on there. But it's getting better. I think cloud has shown that you can actually do that, the people side of things going to be addressed by this new migration of new generation of people coming in saying, "I don't really care how you did it before, "this is how we're going to do it today." The processes are going to be optimized so there's some innovation around process improvement that's going to end on the wayside and the technology everyday is coming faster and faster. Recognition, facial recognition software. Look at that. AI. These are things that are just undeniable now, they have to be dealt with. What do you do to privacy? So again, back to process. So people process technology. >> AWS is a behemoth in cloud computing. What do you want to be hearing here at this conference? They're so far ahead of Google and Microsoft but we cannot count those two companies out, of course not. But what are you looking for for key messaging at this show? >> Well I'm looking forward to seeing Andy Jassy's Fireside Chat with Teresa Carlson tomorrow. I'm interested in some of the use cases coming out of Teresa Carlson's top customers in public sector, again it's global public sector so it's not just in North America here in the United States. I'm interested in also understanding what's real and what's not real around the fear, uncertainty and doubt that a lot of people have been putting on Amazon. Because I see Amazon posturing in a way that's saying go faster, make change and it's not so much that they want to monopolize the entire thing, they're just moving faster. And I think Andy Jassy yesterday saying that they welcome regulation is something that they're trying to push the regulators on. So I think they welcome change. So I want to understand if Amazon really wants to go faster or is there an agenda there. (laughs) What's going on? >> I know, methinks these tech titans are asking for a little too much regulation right now. I mean obviously Mark Zuckerberg has also said, "Please regulate us, I can't do this alone." And here we have Andy Jassy yesterday saying those same things. >> Andy Jassy said on stage yesterday with Kara Swisher, "We can't arrest people." So if their tech goes bad, they're only beholden to the consequences as a private entity. They're not the law so this is where again, back to top story here is that, what is the role of government? This change is here. It's not going away, it's only going to get faster. So the sooner the elected officials and all the agencies get out in front of the digital transformation, the sooner the better. Otherwise it's going to be a wrecking ball. >> Well I cannot wait to dig into more of this over the next two days with you, here at AWS Public Sector. >> All right. >> I'm Rebecca Knight for John Furrier, you are watching theCUBE. (upbeat music)

>> Announcer: Live from Nashville, Tennessee, it's theCUBE. Covering Commvault GO 2018. Brought to you by Commvault. >> Welcome back to Nashville, Tennessee. This is Commvault GO, and you are watching theCUBE. I'm Stu Miniman, with my co-host Keith Townsend. Happy to welcome to the program, this is a user conference, so we love digging in with the users. I've got David Mccurdy, who's the CTO from the great state of Colorado. Thanks so much for joining us. >> Great to be here. It's a great event, I'm happy to be here. We're here to evangelize the great work Colorado's been doing, with Commvault, and just in general. >> Alright great, so we're from Chicago, Boston, and Colorado, Denver. So we're not going to talk football, but tell us a little bit about, you know, you're CTO, love talking to the CTOs. What's your technology charter? Give us a little bit of the thumbnail, as to kind of, you know, what divisions you support, how many people you have, that sort of thing. >> Yeah, so the way the state's set up is I work underneath the Governor. We're an office of the Governor, so it's actually the Governor's Office of Information Technology. We support all the traditional branches of government, that people think of, in terms of agencies, like the Department of Health and Human Services, Medicaid, Department of Corrections, DMV, Department of Revenue. So all the big agencies all fall under our department. And then about 800 of the 900 staff inside of OIT report to me directly. And that's all the infrastructure and application stacks, all the strategy. Chief Data office, Chief Transformation office. A lot of responsibility, lots of fun, lots of long weekends, but it's been a good row for the last four years. >> David before we dig into some of the data protection stuff, I love, you talk about innovation. You talk about technology transformation. First of all, IT in general, and government specifically, often get, you know, labeled with the, oh well they do things the old way, and they've got no budgets, and they never make any changes. I've had some great case studies. I've talked with people in roles like yours, so give us a little bit of, what's it like to be working under state government this day and age, with 2018, with technology. >> It's very exciting. It's very exciting to work for Colorado specifically. I don't know if it translates to all other states. I've talked to other CIOs and CTOs around the country, but we have a very supportive governor. He just announced his campaign to run for president, maybe, we'll see how that goes. But outside of that, he's very innovative. He took a business trip to Israel, came back, and set up a cyber security lab in the state, because he thinks there's a major need for more cyber security and those disciplines. In Colorado, today, we're running negative 14% unemployment for security jobs, so it's just, huge opportunity. Outside of that, my boss, Suma Nallapati, is state CIO. Right underneath him, is all about innovation. How can we make Colorado number one in everything we do. And that's really the goal. What the governor said, the way he talks about technology, he wants technology to be elegant. That's not word you hear a lot. But when you think about that and apply it to technology, there's a very specific outcome you're trying to get out of that. >> Alright, well David, at this show, we're all talking about data. And everybody's, you know, it's what can I do with my data? And how do I make sure that things don't get wrong? Well, anybody that's been in the IT for a while is, Murphy's Law sometimes does play out. So you've actually had a couple of experiences. Some good things you've learned, but some challenges that you had, maybe share with us what happened. >> Yeah, I mean one of the things I'm here to talk about is we kicked off an initiative called Backup Colorado. And what it was is, it was consolidating all the backup and recovery services for all those agencies I just named, plus some more, right. Monster project, monster task. It was all born out of a major data failure the state had. We were a fairly new organization. We were immature. We were still running things in a siloed environment. Most of the country, most large organizations have gone down the IT consolidation path. We were a few years down the road, and we got hit with a major data loss event. And it was specific to marijuana data, which makes some people smile, some people frown, but it's a very interesting topic. It wasn't interesting to lose customer data though. I don't care if you're a private organization, or a public organization, this was real data loss. And it highlighted the need for a focused approach to solving those problems. So we went about just kind of transforming the whole space. First, put a proposal on the table. Going to the general assembly. Going to the Governor saying, this is what we need to do. They signed off on it, and then we implemented it, right. We got tens if not hundreds of people together around the state. We coordinated agencies. We got people on board that didn't want to be on board. They liked the silo approach. They liked their agencies doing their own thing. But you can't do anything right 16 different ways. You don't have to do it one way, but it can't be 16. But we took a standardized approach, and we worked with Commvault as our partner to deploy a complete backup and recovery system for the state. Highly successful project. Rolled out, standardized. Everything you could want. While we're doing that, we are completely changing our application and infrastructure stacks. We are consolidating all of our servers into three data centers in the state. We're bursting into the cloud. We're replatforming on software, the service. You know, all those. I'm responsible for each one of those stacks. My guidance was just go and change the world, right. In a very non-senile way, we went out there, and we were like, how can we do this thoughtfully. How can we do it, but push, blaze new trails, that type of thing. And the story that I've been sharing is, we got to see the end results of that. What kicked it off, was a public disaster, but the state was hit with a ransomware attack. Very targeted, very coordinated. They hit one of our larger agencies. We had good security in place, but there's always stuff that can happen, as you've kind of eluded to. And because of this project, because of the team coordinated effort, because of the technology, because of the stuff we were leveraging, we were able to bring that agency back whole. Which a lot of organizations cannot say. A lot of the technologies cannot say, with as many systems that were impacted for the time period they were, to bring that agency back whole, and actually have the executive director of that agency, doing very similar conversations as we're doing now. How can dots around the country, roll out a plan very similar to this? >> Well David, people process technology, you guys are changing processes, you're changing technology, extremely disruptive. Talk about the impact on your people. What mindset, or what changes did you have to make organization wide. 800 people was a lot of people to get in line. What did you start, what did you do? What was successful, well not so much. >> Well first I had to get my customers on board, right. And compelling events helped bring customers on board. I don't think that's the best way of doing it, but always leverage a compelling event. In this case, we had a compelling event. We had the onus from our executive branch and a legislative branch. So we had the hammer if we needed it to get it done. The team actually came together. We ran a very successful RFP. We baked off competitors in the space. And it was a beautiful thing to see all my server engineers, all my desktop guys, all my database guys and gals comin' in and working together to make this project happen. I didn't have to sell them on it. They came to me and said, we think this is the best technology stack for the state. When I recognized, when I heard them, they all got on board and we were able to roll it out. And so I think it was that team approach, not top down, but you know, let's all come together and find the right thing for the state. I think that was why it was so successful. It was a team approach, and we had executive buy in, we were able to get it done. >> You talked about how Commvault helped with that transition, 16 different backup products, if the state was like any other organization, there's at least 15, 16 different backup products, people like what they use. And transitioning to something new requires training, support. How did Commvault help you guys in that transition? >> You know, they were a great partner, all the way through the RFP process, to bringing it in and doing training. We have a big thing at the state, the technology stack, we do luncheon learns, so there's lots of training. Commvault brought a lot of resources. We had engineers specifically assigned from Commvault to help with the project, the roll out, and then the transition. So a very effective partner, in terms of helping us along the way. It never helps to have that kind of hammer, as I said before, to push it forward. I really couldn't have asked for anything more. I spoke a little bit about this the other day. When we had this compelling event with the ransomware this year, I picked up the phone, and I got an answer right away. And I said we're going to need you once again. And they showed up. Commvault showed up. The great thing was, we didn't need them, right. My engineers had an effective turnover and training. They got the initial alerts before anybody did, before any of our security groups, anybody, Commvault detected this ransomware really before any of my tool suites because of the way it came into our organization. Which was kind of cool. But just in general, a great partnership. They were there all the way through the recovery of CDOT as support for our team. Really weren't needed just because of the effective transition. >> That's an interesting point. You talk about, you would think it would be the security tool that would be alerting you. Commvault and companies like it, sit in an interesting position. You've got data, you've got metadata. That surprise you that that was the tool that helped alert you in the first? >> Shocked me, shocked me, right. I mean we spent a lot of money building stacks of tools to protect the state, and very effective tools. There's nothing against those tool suites specifically. We were actually rolling out another tool that week that ultimately would've prevented it. That being said, stuff happens and the way this ransomware came in, bypassed that visibility. But Commvault, looking at our backups every night, taking differentials of 'em, saw encrypted files on disk, sent out an alert. The teams knew exactly what to do. Got executives on the phone. Got security ops on the phone. And it kicked off from there, so yeah, shocked, you know, happy that we caught it. Not the way I would have wanted, but that's why you've got layers of security. That's why you've got layers of teams to support each other. >> So specifies, outside of the support capability that Commvault provided and one, helping you guys get alerted to the event, and then the support reacting to the event, talk to us. What did they take to recover from the event? Was this a multi-month thing? Multi-week, multi-hour? How did you guys recover and how much did you recover? >> It took us a little over a month to recover. It's actually a great conversation maybe for another time. But building a structure in an open attack. Like when you have a coordinated resources from other countries, trying to do the United States, or the state of Colorado harm, the first thing you're going to do is make sure they're outside of your environment. So for about the first two weeks, we had everybody from the National Guard to the Defense Department there, helping us evaluate the situation. Getting it to a place where we felt comfortable bringing the department back up. Once we reached that point, and there is never a clear line in the sand. There's a role for the CIO and the CTO in that place to say, hey, now's time we've done everything we can and then we've very methodically started bringing desktops online and servers online. And Commvault played a huge role in that as well as some other vendors. But, in all, we restored about 192 servers. Some were infected, some weren't, but just from a sensibility stake, we wanted to go back to clean backups, clean restores, a place where the customer felt comfortable. We were able to do it in a way that there was no data loss to the customer or at least manage data loss. Meaning, in some cases, their systems, they wanted to go really back on, because their data didn't change very much in there. My biggest pinpoint in this whole process is, I want to bring that department up much faster, right. There's two sides that you're looking at: How do you protect the department in the short term? And how do you protect them in the long term? So I had to look at both sides of it. Very interesting experience. Don't wish it on anybody. >> David, last thing I want to ask is, the role of data, how do you, inside the state of Colorado, look at the role of data and the changing role of data? And if you look at Commvault, they are really expanding where they play. They're playing in multi-cloud. They've got artificial intelligence helping them. They're helping with governance and compliance. How do you see them lined up? Where do you see your relationship going with them in the future? >> Well, obviously, I like to stay with partners that take care of me, so there's obviously an affinity there, in terms of how they've helped the state in the last year. The data is really two parts, the agencies data, and then the resident, and the customers of the state of Colorado's data, right. So you first got to look at who owns and who is the steward of the data. And as IT for the state, our role is protecting that data, both in the short and long term. But as it becomes more and more of an asset, and we all know data is an asset today, it's almost the most critical asset. So protecting it is just as important as how you're going to innovate with it. So we are very excited about how we're going to be leveraging data in the future. Some of the issues we're talking about, the Department of Transportation wants to take their data for Road X and change how people drive. You know, very similar as to how you may use Waze and stuff like that. The DOTs around the country want to take that data and leverage it all over the place. So you're not only taking an asset that was leveraged for a very different purpose 10 years ago and completely transforming industries, you're doing that all across state government, right. The impetus, the need for protecting it, using it, I'm very excited with where they're going and how they look at data, Commvault specifically. I had a great conversation with our CTO last year about, I'm storing all this data on FASTDISK anyway. Why can't I use this as a data lake? How can I get metadata for your customers? How can I take this in places where maybe the founders of this company didn't even envision 20 years ago. It's very exciting how they're looking at the technology and where they can take it. AI is one of my focus areas for the year. I'm going to listen to everybody's pitch and I'm going to choose the right ones, because I do think it's transformative. If they can do it correctly and ultimately lessen the burden on IT, that's what we're looking for, right. That's what AI should bring to the table, is the ability for IT to do more with less. So that's what we're looking for and I'm excited what they're going to do with it. >> Alright, well David Mccarthy, we really appreciate you joining us, sharing your story. For Keith Townsend, I'm Stu Miniman. We'll be back with more coverage here from Commvault GO in Nashville, Tennessee. Thanks for watching theCUBE. >> David: Thank you. (lively tech music)

(bright orchestral music) >> I'm Peter Burris and welcome to another Cube Conversation from our beautiful studios here in Palo Alto, California. Not a great show today. First off, being joined by my colleague at SiliconANGLE Wikibon, Dave Vellante. >> Peter >> But the real star of the show, Nick Curcuru with MasterCard. Welcome to The Cube Nick. >> Thanks for having me. >> So Nick, MasterCard, 165 million transactions an hour. A financial juggernaut. Blockchain, interesting technology, a lot of applications. How are they going to come together? >> Well, the biggest thing that we look at when we look at those two technologies: our world which is the network and you look at blockchain, is they're the challenge. And I think we have the opportunity to actually meet the challenge and those challenges are speed, transparency of the transaction itself, and actually even trying to reduce the cost of those transactions, especially when you talk cross border. You know when you're going from country to country right now blockchain has a big cost in order to let that happen. The other component is that transparency. I need to know who I am dealing with on the other side and create an auditable trail to understand how that transaction is going through, and again this is something that we do within our core business and again, we're trying to make that meet and then work on the speed. Again, one of the things we pride ourselves are on that 165 million transactions per hour, making it a smooth flow, making it seamless, making it frictionless, that we can do. So again, can we do the same now with blockchain. You know, and for us, we're experimenting now with our B2B, but we hopefully will be able to move that right into individuals as well, to the consumer level. >> So, we're a decade into when Satoshi, whoever he or she was created Bitcoin. >> Or them. >> Or them and yeah, was it the Russians? People are asking that question, so who knows? But, of course a lot of people have been facing negative comments in the press, et cetera. What was your motivation for exploring blockchain, starting to experiment with it? Take us through that if you would. >> Well you know part of what we started to see is that it started to gain traction. That was the biggest thing, and as you start to take a look at more and more people that started to use that technology, it's one of those items that in the beginning we're like okay it's nice it's a hobby right as it started to come out. But as you started to see some more heavyweights come into the place to use it and actually utilize what that technology can provide, we're like, there is something here. Again, MasterCard, our CEO has been very good to say, we need to always be thinking outside of our core. What else do we have to be able to include to allow our MasterCard stakeholders, our banks, our issuers, and everyone, the opportunities that we can continuously expand. So our CEO has been really good about that. And when blockchain started to gain some momentum, he goes, we need to actually take a look, so our guys in the labs, our smart people that sit there in O'Fallon and New York City started to explore how do we take what we know, apply it here to help with that particular way a transaction is being done, and then, can we really allow ourselves and blockchain to grow? So, that's pretty much where we started. Again, it was a little hobby, we started to see it pick up momentum, and about three years ago we were like, there is something here. We need to actually begin to think about how we can interact with this form of payment. >> So what are you actually doing? Are you experimenting, kicking the tires, trying to figure out the use cases? >> That's actually everything that we're doing. Right now, we've actually got a few patents that have just come out, which is very good for what we are trying to accomplish. Right now, we're in the B2B space because that's what we're watching mostly is being used right now is in that business to business space. So we're out there piloting. We actually have set up a whole bunch of APIs to allow people to actually put the blockchain inside, whether it's a mobile device that you want to use, or within the Internet of things. So we have developed a set of APIs that we have got out there that we are allowing our different people within B2B to use, to experiment, to start to say, hey give us feedback on how are they operating. Is it seamless, is it frictionless, are we reducing that operational time, making it efficient, reducing those costs. So that's what we're beginning to roll out. And again, our goal is, if we can do it in B2B, how do we finally get it to the consumer? Because again, that's going to be a big part of what people are going to want to do, to be able to do those transactions amongst themselves. >> When you think about things like AML and Know Your Customer KYC, do you see blockchain as having a role there or does it sort of accentuate your need to understand different ways to know your customer and fight money laundering. >> Well that's actually a big part of it. That's the whole thing we talk about being able to authorization and authentication. So there is a big thing, again, when you deal with blockchain, people, you got the wire in transit right? And there are people trying to skim off that, trying to find a way to get into your bank account, basically, because that's really what you're exposing because you're making a payment. So the question for us is okay, again, that's a core competency of ours is data in motion and securing the transaction while it's in motion before that. So for us, when you start to take a look at the way we can do the authorization and authentication becomes a big deal. And our core competency is to do that, to make sure that you can't have anti-money laundering, to make sure that you can't have fraud existing because we can verify it's you who is transacting with Dave, that you are the two people transacting, just like we do with a card, right? And when you do the pin, chip, we know it's you. Even with our new products like new data with biometrics, we know it's you. We can validate and verify and authenticate it's you. That's where we think we can provide tremendous value with the blockchain. >> So blockchain is kind of a hot new technology, but there's got to be more than just the fact that it's a hot new technology. Give us some examples of some use cases that you're envisioning that will be made possible and will be sustained with the blockchain approach. >> A lot of it is actually, if you take a look at the supply chain, the ability to make sure that when I need goods and services, not only, I don't have to wait for it. I think actually one of the best stories that we heard when it came down to the blockchain is how, actually the Defense Department has used it. So for example, if you can imagine, on an aircraft carrier, there's a plane that went down, right? That needed a part. Or I think it was a helicopter, sorry. And it needed a part. Well the question was it's in the middle of the Pacific Ocean. So how do you get the part there? Well if you go through the normal channels, to get that helicopter up and running, it's going to take you two to three months to get it there. But using blockchain, because it's anonymous and you have some privacy within it, being able to say, can you send me the specs? This particular ship had a metal 3D printer on it. So not only were they able to send the specs via blockchain in an anonymous manner so no one else could pick it up, they could actually put it on the ship. They could actually create the part, and what's really kind of cool is they actually put a flaw. They put a scratch across the part itself so that you knew the guys who sent it are the guys that you are getting it from and no one else picked it up along the way. So that's one way to be able to do it, to actually create the parts that you need when you need them in a secure manner. The other part, if you believe it or not, I was just at a sports conference, and the other thing was is can I actually use blockchain to transfer my tickets? So you're in Palo Alton. I got 9ers tickets. I'm a season ticket holder, and what I want to be able to do is send you my tickets, but you need to know it's me who has the tickets, not a fraudster, right, that's going up there saying I got two tickets for sale or whatever it may be. So I can use blockchain in an anonymous transaction You send me the funds, you know it's me, and I can send you the tickets because I am a verified, valid ticket holder. So there is another case where it is consumer to consumer. >> But coming back to the B2B examples, there are a lot of circumstances when a business realizes that entering into a transaction is signaling an enormous amount of information other than just the part that they're getting or the business activity that they're performing, and so it has the potential to be a great technology to dramatically focus the characteristics of the transaction just on the transaction and keep all the other signaling that might otherwise be picked up on out of the equation. Is that right? >> Yeah, that's absolutely correct. The other part is it creates that efficiency in that transaction itself. We're always worried about can you reduce paperwork? We did that, that's the 80's and 90's, right? And then it became into now we got these electronic transfers. But what blockchain is allowing you to do is almost in real time to be able to order those goods and services and get them delivered when you need them and be able to run those transactions. That's a big part to it. Now we're getting faster and better at what we're doing. We're not letting antiquated processes and procedures really bog us down. And again, the blockchain allows you to do that, allows an easier transfer of cash amongst the providers, a lower cost in many cases on that transfer when you're talking about the funds, more of the ability to actually interact with the consumer itself, especially if you've got artificial intelligence, because one of the other use cases in the supply chain is the auto-ordering. Right, so this thing is learning, it's understanding what's coming off the shelves, what's going on the shelves, where it needs to be. Can I actually that to help me distribute my products amongst my warehouses, amongst my stores? Blockchain is doing that. It's automating that and allows those transactions, both I need this and you sent it to me as well as actually going through and making the financial transaction happen. >> So you guys must be having some mind-melting conversations inside your company. (laughing) When you think about the examples that you gave those transactions, I presume, the ticket transaction, doesn't require a trusted third party to validate that transaction because the technology of blockchain is doing that and then yet, but MasterCard is a trusted third party. So how are you thinking about, this might change your business? You've still got amazing assets. You've got a brand, you've got a network, you've got your partnerships, you've got the relationships that you have with the suppliers and customers and consumers, et cetera. So how do you think about that notion of when you talk to the world of crypto. Oh let's find where there's a trusted third party and we can disintermediate that. So what do you think all this means for the future of financial services and companies like MasterCard? >> Well, you know for us it's not the ability to say that one is going to... for a lot of folks, their complaint is, what we hear is, blockchain is going to take over everything. Cryptocurrency is going to... no it's how you actually have to live within that, because you're going to have to have multiple ways to do that. So that's how we feel we can make that help those folks in the transition. So that trusted third party, okay you can have five trusted third parties take care of your credit cards, your debit cards, your blockchain, your cryptocurrency. Our goal is, just come to us. Let's get you that solution. We can help embed that API. We can give you some flexibility. We can give you the reach of being able to have you know 22,000 banks and issuers worldwide at your disposal if you need that. So again, that's where we see ourselves really playing a good role, and that's how it's going to change our business. >> But it's, related to that, it's we can bring the scale, we can bring your operational certainty, we can bring you all the things because at the end of the day, it's still a computer, right, and it has to stay up and it has to be auditable and it has to be backed up and that's something that there's not a lot of companies that know how to operate at the kind of scale you guys do. >> Technology platform is critical. >> Absolutely >> Yes, absolutely. And again, that's when you look at quadruple and quint- types of redundancy, not just primary and secondary. I mean we are running four or five types of redundancy to make sure those networks are up and running. >> So Nick, I got a question because one of the things that I find interesting about all this and I know that you and I have talked about this, Dave, is that a blockchain presumes that there's some sort of contract in the middle of all this, but the processes of running contracts are complex. The design of the blockchain is crucial ultimately to the behavior and the success of the blockchain. Not a lot of tools to do that. How do you think the future of blockchain design is going to evolve so that issues like scale, technological, operational certainty, et cetera, come into play? >> Well, it's almost, as you take a look at it, it's almost the way that you have to be interacting today. So you've got the edge where the transaction is happening right and you've got the core part of the business where you're using that machine learning, the artificial intelligence to help you make better decisions. And then of course, you've got the deep learning. So as you look at those technologies, it's how you're handling within that contract, where things need to be done. Right, so again, if you're looking at how we supply a shelf, well that's not going to be done potentially at the edge. That's potentially in your core. It could be part of deep learning, but then how do you bring it to the edge to make that transaction go through to make that part of blockchain? So as you think about the contracts, something that's real important with blockchain is picking the right partner to go to market with because, again, you're looking at those technologies you want to make sure are in place. >> So, you're adding to a notion of scale and operational certainty, the expertise associated with how do you design these things well so that they can be put in an operation and you don't have to, you know, the immutability issue doesn't come and bite you in the butt in six months. >> Yeah, absolutely. So again, what you're looking for is, what we always look for are those people that have the right ability for scale, have the global experience that we really need, because again, when you think about it, you're in a global economy, so you're really looking to see how those people interact and can they do it. You're looking for that partner. You're not looking for the guy who's got the coolest, latest technology. Those are always fine to know about, but again, you're always worried about scale at this point. You're looking at flexibility. You know, how do I, how can I be flexible in the way I'm making those contracts and those contracts always change. It's not like there's a template, all right? Almost with blockchain, it's almost individual companies and B2B are coming back with their own types of contracts. >> Sure. >> And that's the part that you also have to have make sure is available to you, both from a technology standpoint and being able to you know actually operationalize it. >> Peter, at the top, talked about the transaction volumes being you know limited, you were talking about Bitcoin transaction volumes. Obviously, in the near term anyway, limits some of the use cases, but I wonder how you guys are thinking about solving that problem. Do you see that as MasterCard's role or is that, is Google, a Google-like company going to solve that? Is it going to be a partnership? How do you see that shaking out? >> It is going to be, it's a collaborative partnership, so again, we have conversations with people like, the Googles of the world, the Microsofts, the Dells, and people like that. It's a collaboration now. So just like four years ago. Remember Hadoop's community? >> Yeah. >> So we see it, there is a blockchain community because we are all seeing the same issues, but what's nice is, because of the experience that we're having through being part of a community, we're helping each other solve those particular problems. Because again, Google sees a different part of blockchain. Right, we see a different part of blockchain. And when you start to bring those resources together and you start talking to them and the Microsofts and the Dells and even the Amazons of the world. When you start putting everybody into a room, we're frenemies at that point. Because we're all trying to solve the same problem. We all have different interests within the major issue, but if we can do it together, tide rises all boats, right? >> The best innovations are combinatorial. >> Correct. >> Taking a lot of folks with expertise and mature technology and bringing it together and creating something new not just because you're creating something new but because you have the social reach to actually have it happen in the marketplace. >> Absolutely. >> Nick Curcuru, MasterCard, thanks very much for being on The Cube and talking about blockchain. >> Appreciate it. >> Thank you for having me, thanks guys. (orchestral music fading out)

>> Announcer: Live from Washington DC, it's CUBE Conversations with John Furrier. >> Well, welcome to a special CUBE conversation here at Amazon Web Services headquarters in public sector, in Washington DC, actually, in Arlington, Virginia. It's a CUBE coverage on the ground in Washington DC. Our next guest is Shannon Kellogg, who's the Director of AWS Public Policy in Americas, here, joining us. Thanks for spending the time with us. >> It's a pleasure to be here. >> So obviously, public policy is a big part of public sector, hence the success you guys have had. Amazon's had great success. I mean, you go back four years ago, the shock heard all around the cloud was the CIA deal. >> Shannon: Indeed. >> And since then, there's been this gestation period of innovation. You guys have been penetrating, doing a lot of hard work. I know how hard it is. And kind of knowing the DC culture, how hard was it, and hard is it for you guys now? Is it getting easier? I mean, policies, got a lot of education involved, a lot of moving parts. >> Yeah, well, I joined over five years ago. And when I joined, there was very little understanding that Amazon was even in the cloud computing business. And so we really had to start from scratch. And so it was just basic education and awareness work. And I wouldn't call that easy, but it certainly was in a different time where people were curious about Amazon, AWS, and cloud. What is cloud computing? The cloud computing directive of the Federal Government, Cloud First Policy, had just come out a year prior, and so there was a lot of curiosity. So people were willing to talk. People were curious, but they didn't really understand what cloud computing was. And again, they didn't even realize AWS was in that business. >> And back at that time, and I know you have a tech history over at EMC before and RSA. You know the tech game. You've seen many waves of >> Shannon: I have. >> innovation, and it's almost a time where you saw some interesting shadow IT developing. Shadow IT term referred to kind of a in-the-shadows experiment. You put your credit card down and get some Amazon, get some cloud, and test, kick the tires, if you will, kind of, without anyone seeing you, called shadow IT. That became a big part of the growth. How much shadow IT has been involved to kind of force Amazon to the table? Did that help? Was that a help-driver for you guys? Was it going on? >> Yeah. Well, it's interesting, because when you look back four or five years ago, there were a lot of first movers in departments and agencies, folks in little units that I had actually even never heard of in some of the big agencies, customers that I would speak to that were experimenting with AWS and commercial cloud. In those days, they were able to take out their credit card and experiment a little bit with it and discover what was possible. And we saw a lot of uptake in interest as a result of some of that experimentation. But really, things started to change in a big way when AWS won the contract to build the community cloud for the intelligence community. And following that win, and as that project was implemented, and in the six months to a year after that award, we saw a lot more interest by agencies to not just experiment, but to go bigger. >> I couldn't get Amazon to confirm. I've tried many times on the CUBE, Jassy and Teresa, to get them to confirm that that was certainly a shadow IT effort, that someone within the CIA came out of the woodwork and said, "Hold on IBM, we have an alternative." >> Yeah, well I can't-- >> (laughing) Conferment denied. I can't comment on that either, but I can tell you that it was a very open, competitive process that we won. And it was a very big deal for the community and a very big deal for us. And that's when we really started to see a number of other agencies and organizations, really, not just experiment with cloud, but how can we leverage this to get the same benefits that the intel community needs? >> And IBM didn't help either. They got cocky. They figured they're going to sue you guys and ended up amplifying it, where the judge actually said on the ruling, "Amazon is a better service." >> Shannon: Yeah. >> I mean, you couldn't get a better testimony. But let's talk about that move. >> There was a resounding public, or resounding legal opinion, and I would encourage your viewers who haven't read it to read it. >> It's well doc, but at SiliconANGLE. Search SiliconANGLE, AWS, IBM, CIA deal, you'll find it. But I think what's notable about that is it's kind of cocky, because the old way of doing things was schmooze, win the ivory tower, have that relationship, lean on that relationship. And the IT just, they were just like going through security at the airport, just whatever, right? >> Shannon: Right. They just checked the boxes. You got to win the C level. That now has changed, where not only at the buying and evaluation process bottoms up, there's a lot of consensus involved. There's now new stakeholders. >> You bet. >> Talk about that new dynamic, because this is a modern trend. It's not just send it to the department for a check box, it's truly agile. Talk about this new, modern procurement process that people are going through. >> You bet, and it's still evolving. But over the last few years, we've seen a lot of interest by federal organizations to shift from what is traditionally a capital expense model to an operational expense model. And you'll probably laugh at me that I actually even remember this. But in the 2015 budget, with the previous administration, President Obama's budget request in 2015, there was, actually, on page 41 of that budget, a line, or actually a paragraph, that talked about how the Federal Government would need to continue to move to commercial cloud services. And in the language, in the budget, it actually talked about the consumption model, the operational expense model versus the traditional capex model. >> Shannon, what is commercial cloud, because, I mean, again, back to the old days, kind of back in my days when I was growing with the industry, you had a federal division that managed all the government stuff, sometimes separate products, right, I mean, absolutely different, unique features >> Yeah, you bet. >> in the government. Now with the cloud, I'm I hearing that this is the same cloud that Amazon runs? Is it a different product. I know there's different private clouds. >> Certainly, our cloud >> But what is the commercial cloud? >> is one option. >> Explain what the commercial cloud is. >> Yeah, our cloud is one option in this area of commercial cloud services. And we think it's a great option. But if you look at the different types of solutions, NIST actually talked about this when they put out the definition on what cloud computing should be described as several years ago. I think the final definition came out in 2011. And at the time, they called public cloud, which we in federal agencies, now, really refer to as commercial cloud, as one of the deployment models. But it also is really emphasizing commercial solutions and commerciality, versus having an agency go out and try to build its own cloud, or to issue a special contract that is controlled by that agency, that does a traditional private-cloud type of build, like for example, California did with CalCloud several years ago. We're seeing more and more agencies move away from that model and into procuring-- >> Why is that? Why are they moving, costly? >> Well, because, yeah, it's-- >> Just like HP and everyone else backed out of the cloud, same reason? >> It's costly, and one thing, looking at CalCloud, and if you haven't sort of looked at what they did with their policy, in 2014 they issued a policy, California did, which basically created a preference for CalCloud. And by August of 2017, they moved away from that preference reversing the policy and then doing sort of a about-face and saying not only is there not a preference for CalCloud, this privately built cloud, anymore in California, but there's going to be a preference for commercial cloud services and leveraging commercial solutions and technologies. >> Is that, again, the same reasons why a lot of commercial vendors like HP, even VMware, and others who kind of backed out of the cloud. It's expensive, it's complicated, right? I mean, is that main driver, or is it of talent? I mean, why did CalCloud move from that to the (mumbles). >> Yeah, I mean, I obviously can't speak for what other >> Well generally speaking. >> companies have done, but I think, based on our observations at the federal level, at the state level, and even internationally, we're seeing more and more governments in their cloud policies focus on how to leverage commercial cloud services, versus build their own, or go out and spend a billion dollars in trying to build their own through a contractor or traditional contractor. >> I talked to Teresa Carlson. >> And by the way, just for the record, in California, it was IBM who actually ended up building CalCloud. >> Nice dig on IBM there, good one. >> So I just talked to Teresa Carlson, and she and I, we talked about the notion of commercializing ecosystem, to bring in tech in with government kind of the mash up or integration culturally among other things, technology. I had an interview with an executive of New Relic, one of Amazon's top customers. I think they were saying they were getting FedRAMP certified. But there's a variety of certifications that you guys offer, essentially, people in the ecosystem, non-governmental, but they can come in and provide solutions. Can you talk about that dynamic, because we're seeing that become a trend now, where folks in the Amazon, or in general tech ecosystems, that says, "Hey, you know what? "I can go in through Amazon and do some business "with the public sector." >> Sure. >> What do you guys offer? Is there a playbook? Is there a roadmap? Is there check boxes? What's the playbook? >> Well, first of all, if you don't, if your viewers don't know what FedRAMP is, it's a Federal Government security evaluation process for cloud computing providers and service providers who want to sell to the US Federal Government. And the framework itself was created on international security standards as well as existing, and evolving in some cases, NIST security standards. And so it's a common security framework that any company of any size can align to. And AWS, because we believe so strongly in security, and because we had a lot of first-mover customers in the Federal Government marketplace, we really invested in that process early. And as a result of that, we meet the FedRAMP requirements at the different security levels that exist. And we were one of the first providers to actually do that. And then partners started working with us and leveraging that. And not just-- >> So what does that mean to the partner? >> resellers or systems integrators. >> They piggyback on your certification, or they have to do some modifications? It's like the stamp of approval. You can't get into the party without it, right? >> Yeah, you have to have FedRAMP certification in order to provide certain types of services to the US government. A lot of agencies now require some type of FedRAMP certification to do business with them. It's very common now. >> Any other certifications that they need? >> Well, that's the most common one at the federal level. But there are some department-specific requirements too. So for example, when you look at the Defense Department, they've added additional requirements on top of FedRAMP. And providers like us have to go through those additional processes, and then again, if you're partnering with an AWS, and we've gone through that process, and we made the investments, and you have some software that's based on AWS, that's going to be favorable for you in order to sell to that market segment. >> Take a step back and zoom out, and talk about the big landscape in DC. Obviously, DC's the center of the action for policy and this, obviously, public sector all around the world, as well in the United States. What's the trend that you're seeing? I mean, obviously Amazon is kind of like its own black swan. If you think about it, lowering prices, increasing functionality on a daily basis is the business model of Amazon. They win on scale. Customers are happy with that, and government seems to be happy. Yet, the competitive landscape couldn't have been at an all-time high, certainly Oracle, IBM, Microsoft, the others are competing for the same dollars, potentially. So you have the old guard, as Andy Jassy would say, and you guys, self-described, new guard. What's the landscape look like? How are you guys competing? What observations can you share and the role of policy makers in the middle of it? Are they stuck between all this? >> Well, it's been quite a ride over the last seven or eight years. Again, going back to when the First Cloud Policy was issued by the Federal Government CIO at the time, Vivek Kundra. Very early days, they talked about each agency trying to move three applications to the cloud. And so we're in a much different time now. And there a lot of agencies who are going all in on cloud services. That's actually been really fast forward and emphasized even more over the last couple years, starting with the previous administration and the emphasis that they had. I talked about the 2015 budget, but we also saw a number of other policy initiatives in the previous administration during President Obama's eight years. And then you had the new administration come in and really emphasize this early too. And one of the cornerstone things that's happened by the new administration over the last year has been the development and then the release of the President's report on IT modernization. And they set up a new Office of American Innovation and a new tech council to advise on the development of that report. And they went out, the administration did, and got a lot of input from the industry. And then they came out with a final report of recommendations in December. And they're already moving to actually implement a number of those recommendations and pilot a number of recommendations in agencies. And they're really emphasizing shared services and commercial cloud services as a key part of that effort. And then in tandem with that, and this is probably going to shock you, but in tandem with that, Congress actually worked with the administration to also make a number of changes to law, including in December of 2017, a really important piece of legislation called, The Modernizing Government Technology Act. And that was added to the Defense Authorization Bill for 2018. You know in this town, that's often how legislation moves at the end of the year is through the Defense Authorization Bill. So that legislation was passed, and it really is focused on helping agencies in their IT modernization efforts move again from legacy IT systems to the cloud. And they're not doing that just because it lowers cost, and it's a good thing to do. They're actually doing that as part of a way to improve the Federal Government cyber security posture. And that's the last thing I'll talk about that's happened in the last year is I mentioned what the administration did about its IT Modernization Report. I mentioned also what Congress did with the Modernizing Government Technology Act. Well, there was also a new cyber security executive order that was issued during the year by the President that married those two things. And basically, it made very clear that there's very little possibility to actually improve the security of federal systems without moving forward with the IT modernization efforts and moving to cloud. >> And the cyber warfare we're living in it truly is a cyber war. This is not just hand-waving, IT modernization. It's beyond that, because it's critical infrastructure now being compromised. This is our security, right? It's the state of the security of our people. >> You bet, and quite frankly, we're seeing this trend internationally too. You see more and more governments making this link between IT modernization and improving the country's cyber security posture. We've seen that in the UK. We've seen that in Australia. >> It takes cyber war to fix IT. I mean, is that what we're coming to? Okay, final point is obviously IT modernization is key. I love that that's driving it. We need to go faster. Question for you, Cloud First, certainly a big, initial orientation from the government to go Cloud First. Question for you is do you see the expectations yet in the agencies and throughout public sector for cloud speed, meaning not only like speed in feeds, like moving to an agile outcome, faster delivery, under budget, on time, lower prices. Is that expectation now set, or is it still getting there? >> No, we believe it is being set. And if you look at developments over the last six months I mean, you now have the Department of Defense that has come out with changes to policy to move faster to the cloud. And if you look at the Secretary, I'm sorry, the Deputy Secretary of Defense's memorandum in September of last year, he talked a lot about leveraging cloud computing as part of a way to make improvements in the implementation of technology, such as artificial intelligence and machine learning. And in that memo they talked about that's a national security imperative to do that. And so they're seeing technology, not as the end result, but as a way to enable a lot of these developments and changes. And we've already seen many of those steps forward in the intelligence community. So it's very encouraging to us that we're also seeing now the Department of Defense move in this direction. >> So they're running towards the cloud. They're running towards AI. >> Shannon: They're trying to. >> They're going as fast as they can, because they need to. >> They're trying to. >> Final word on security. What do you hope to have happen in our government in America to really crack the code on cyber security and surveillance all these holes? Especially with IoT, their surface area couldn't be bigger. >> So before I answer that question, one thing I did want to say, because we were talking about the Department of Defense. And you had added a question in earlier about what some of the legacy proprietors may or may not be doing. Well, these two things are married. What we're seeing at the Department of Defense is that they really do want to move faster to the cloud. But you probably noticed in the press that there are many different legacy providers out there. And as our boss would say, Andy Jassy, a lot of the old-guard community, who want to try to slow that transition down. And so that is really something that's going on right now. There's a lot of effort out there to pursue the status quo, to continue to keep the lights on. And if you look at what amount of the federal budget that is being spent on keeping the lights on in IT, it's over 80% is what the number is commonly referred to. And so a lot of companies are making traditional companies, old-guard companies, as Andy Jassy would say, are making a lot of money following that same path. And you know what? The taxpayer can't afford that anymore. The mission owners can't afford that anymore. And so it's really time to move forward into the 21st century and leverage commercial cloud technology and some of these advanced capabilities, like artificial intelligence and machine learning. And then to answer your final question-- >> Hold on, on the DoD thing, because I did see that in the news. It's obviously clearly FUD, fear, uncertainty, and doubt, as they said, in the industry from the old guards to slow down the process. That's classic move, right? Hey, slow down. >> It is. >> We're going to lose this thing. If we don't put the brakes on-- >> It's a classic move that some companies have been practicing for a few decades. >> Decades, decades, we all know that, I mean, it's called Selling 101 when you want to secure the ivory tower. Okay, so papa, this is the tactic, and I want to get your opinion. This is a policy question. It's not in the best interest of the users, and the society, and the citizens to have a policy injection for political warfare on deal selling. So that's, essentially, what I see happening. >> Yeah, we agree. >> I want to get your comments on this, because it comes up to a very political topic, technically, multi-cloud. >> Shannon: Right. So the move is, whoa, you can't go to one cloud. We're putting all our eggs in one basket, so we have to spec it to be multi-cloud. That's the policy injection. What's the impact of that in your opinion? Does it matter? Does the government say, "Hey, we should do multi-cloud"? You actually want to have one cloud. That's what Andy Jassy >> Well, actually... >> wants, right? >> you know, that's not true. What I'll say, and take a step back here, is that what we want is what the customer wants. And a lot of companies are forgetting the customer in this debate about multi-cloud versus single cloud. >> So you're jump ball. Your philosophy is to say jump ball. >> We welcome open competition. >> So multi-cloud, >> We want to serve the customer. >> and single cloud. >> What happened with the intelligence community is they had an open competition for a single-cloud approach. One thing that's happening right now as part of this broader discussion is some of the old-guard companies are spreading a lot of misinformation about-- >> John: Like what? >> the different types of contracts, and so there's been a lot of misinformation about DoD trying to pursue a sole-source contract for this JEDI program that they're trying to do to implement cloud. And what DoD has said in the stories that I've read on the record is that they want to have an open competition. And whether or not they choose a single award, which is different than a sole source that's not competed, if they choose a single award that's competed like the intelligence community did, or they choose a multi-award, it's going to be their preference. And let me tell you something, the policy space, what we've heard consistently from members of Congress and other policy makers is they don't want to be in the business of telling the Department of Defense or any other federal agency, specifically, what they should do or shouldn't do in a technology procurement. What they want is an open competition. And I'll tell you on the record, we embrace an open competition, and that will serve the customers well. But don't tell the customer if you're an old-guard company what they should or shouldn't do. And don't ignore the customer. >> Well, I would, from just a personal standpoint, industry participant, I would say that that's going backwards. If you have the companies doing old-guard tactics injecting policy and FUD to slow a deal down just to save it, that's really bad, bad form. >> Yeah, it's- >> That's going backwards. >> It's bad policy, but it's also bad for the taxpayer, and it's bad for the mission owner. So let there be open competition. Let the customers, like DoD, make the decisions that they're going to make, which is going to be best for their mission. >> Well, Shannon, as Teresa, a basketball fan, would say, "Jump ball," make it fair. >> Let's do it. >> Let the chips fall where they may. >> Let's do it. >> All right. Open competition, that is Amazon's position here in DC. Policy, no problem, we can play that game, but it's all about the customers. Shannon, thanks for your insight and observations. >> You bet. >> Shannon Kellogg, who's in charge of policy at Americas for AWS. This is CUBE Conversations. I'm John Furrier, thanks for watching. (rhythmic electronic music)

>> Host: New York City, it's The Cube covering Cyber Connect 2017, brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> Hey, welcome back, everyone. This the Cube's live coverage in New York City. This is the Cyber Connect 2017, presented by Centrify, underwritten by such a large industry event. I'm John Furrier, Dave Vellante. Our next guest is Byron Acohido who's the journalist at lastwatchdog.com. Thanks for joining us, welcome to The Cube. >> Thank you, pleasure to be here. >> So, seasoned journalist, there's a lot to report. Cyber is great, we heard a great talk this morning around the national issues around the government. But businesses are also struggling, too, that seems to be the theme of this event, inaugural event. >> It really is a terrific topic that touches everything that we're doing, the way we live our lives today. So, yeah, this is a terrific event where some of the smartest minds dealing with it come together to talk about the issues. >> What's the top level story in your mind in this industry right now? Chaos, is it data, civil liberties, common threats? How do you stack rank in level of importance, the most important story? >> You know, it really is all of the above. I had the privilege to sit at lunch with General Keith Alexander. I've seen him speak before at different security events. So it was a small group of the keynote speakers, and Tom Kemp, the CEO of Centrify. And he just nailed it. He basically, what resonated with me was he said basically we're kind of like where we were, where the world was at the start of World War I, where Russia and Germany and England, we're all kind of lining up, and Serbia was in the middle, and nobody really knew the significance of what lay ahead, and the US was on the sidelines. And all these things were just going to converge and create this huge chaos. That's what he compared it today, except we're in the digital space with that, because we're moving into cloud computing, mobile devices, destruction of privacy, and then now the nation states, Russia is lining up, North Korea, and Iran. We are doing it too, that was probably one of the most interesting things that came at you. >> His rhetoric was very high on the, hey, get our act together, country, attitude. Like, we got a lot to bring to the table, he highlighted a couple use cases and some war stories that the NSA's been involved in, but almost kind of teasing out, like we're kind of getting in our own way if we don't reimagine this. >> Yes, he is a very great advocate for the private sector industry, but not just industry, the different major verticals like especially the financial sector and the energy sector to put aside some of the competitive urges they have and recognize that this is going on. >> Okay, but I got to ask you, as a journalist, Last Watchdog, General Alexander definitely came down, when he sort of addressed privacy, and Snowden, and the whole story he told about the gentleman from the ACLU who came in a skeptic and left an advocate. As a journalist whose job is to be a skeptic, did you buy that? Does your community buy that? What's the counterpoint to that narrative that we heard this morning? >> Well, actually I think he hit it right on the head. As a journalist, why I got into this business and am still doing it after all these years is if I can do a little bit to shed a little bit of light on something that helps the public recognize what's going on, that's what I'm here to do. And this topic is just so rich and touches everything. We were talking just about the nation state level of it, but really it effects down to what we're doing as a society, what Google, and Facebook, and Twitter, how they're shaping our society and how that impacts privacy. >> We were talking last night, Dave, about the Twitter, and Facebook, and Alphabet in front of the Senate hearings last week, and how it means, in terms, he brought it up today. The common protection of America in this time, given the past election, that was the context of the Google thing, really has got a whole opportunity to reimagine how we work as a society in America, but also on the global stage. You got China, Russia, and the big actors. So, it's interesting, can we eventually reimagine, use this opportunity as the greatest crisis to transform the crap that's out there today. Divisiveness, no trust. We're living in an era now where, in my life time I can honestly say I've never seen it this shitty before. I mean, it's bad. I mean, it's like the younger generation looking at us, looking at, oh, Trump this, Trump that, I don't trust anybody. And the government has an opportunity. >> Alright, but wait a minute. So, I'm down the middle, as you know, but I'm going to play skeptic here a little bit. What I basically heard from General Alexander this morning was we got vetted by the ACLU, they threw sort of holy water on it, and we followed the law. And I believe everything he said, but I didn't know about that law until Snowden went public, and I agree with you, Snowden should be in jail. >> John: I didn't say that. >> You did, you said that a couple, few years ago on The Cube, you said that. Anyway, regardless. >> I'm going to go find the archive. >> Maybe I'm rewriting history, but those laws were enacted kind of in a clandestine manner, so I put it out to both of you guys. As a citizen, are you willing to say, okay, I'll give up maybe some of my privacy rights for protection? I know where I stand on that, but I'm just asking you guys. I mean, do all your readers sort of agree with that narrative? Do all of The Cube? >> If you look at the World War I example the general, he brought up at lunch, I wasn't there, but just me thinking about that, it brings up a good perspective. If you look at reinventing how society in America is done, what will you give up for safety? These are some of the questions. What does patriotizing mean for if industry's going to work together, what does it mean to be a patriot? What I heard from the general onstage today was, we're screwed if we don't figure this out, because the war, it's coming. It's happening at massive speeds. >> Again, I know where I stand on this. I'm a law-abiding citizen. >> - Byron, what do you think? >> Go ahead and snoop me, but I know people who would say no, that's violating my constitutional rights. I dunno, it's worth a debate, is all I'm saying. >> It's a core question to how we're living our lives today, especially here in the US. In terms of privacy, I think the horse has left the barn. Nobody cares about privacy if you just look at the way we live our lives. Google and Facebook have basically thrown the privacy model-- >> GPS. >> That came about because we went through World War I and World War II, and we wanted the right to be left alone and not have authoritative forces following us inside the door. But now we don't live in just a physical space, we live in a cyberspace. >> I think there's new rules. >> There is no privacy. >> Don't try and paint me into a corner here, I did maybe say some comments. Looking forward the new realities are, there are realities happening, and I think the general illuminated a lot of those today. I've been feeling that. However, I think when you you define what it means to be a patriot of the United States of America and freedom, that freedom has to be looked through the prism of the new realities. The new realities are, as the General illuminated, there are now open public domain tools for anyone to attack the United State, industry and government, he brought it up. Who do they protect, the banks? So, this ends up, I think will be a generational thing that the younger generation and others will have to figure out, but the leaders in industry will have to step up. And I think that to me is interesting. What does that look like? >> I think leadership is the whole key to this. I think there's a big thread about where the burden lies. I write about that a lot as a central theme, where is the burden? Well, each of us have a burden in this society to pay attention to our digital footprint, but it's moving and whirling so fast, and the speaker just now from US Bank said there is no such thing as unprecedented, it's all ridiculous the way things are happening. So, it has to be at the level of the leaders, a combination, and I think this is what the general was advocating, a combination of the government as we know it, as we've built it, by and for the people, and industry recognizing that if they don't do it, regulations are going to be pushed down, which is already happening here in New York. New York State Department of Financial Services now imposes rules on financial services companies to protect their data, have a CSO, check their third parties. That just went in effect in March. >> Let's unpack that, because I think that's what new. If they don't do this, they don't partner, governments and industry don't partner together, either collectively as a vertical or sector with the government, then the government will impose new mandates on them. That's kind of what you're getting at. That's what's happening. >> It'll be a push and shove. Now the push is because industry has not acted with enough urgency, and even though they were seeing them in the headlines. California's already led the way in terms of its Data Loss Disclosure law that now 47 states have, but it's a very, I mean, that's just the level the government can push, and then industry has to react to that. >> I got to say, I'm just being an observer in the industry, we do The Cube, and how many events will we hear the word digital transformation. If people think digital transformation is hard now, imagine if the government imposes all these restrictions. >> What about GDPR? >> Byron: That's a good question, yeah. >> You're trying to tell me the US government is going to be obliged to leak private information because of a socialist agenda, which GDPR has been called. >> No, that's another one of these catalysts or one of these drivers that are pushing. We're in a global society, right? >> Here's my take, I'll share my opinion on this, Dave, I brought it up earlier. What the general was pointing out is the terror states now have democratized tools that other big actors are democratizing through the public domain to allow any enemy of the United States to attack with zero consequences, because they're either anonymous. But let's just say they're not anonymous, let's just say they get caught. We can barely convert drug dealers, multiple jurisdictions in court and around the world. What court is out there that will actually solve the problem? So, the question is, if they get caught, what is the judicial process? >> Navy SEALs? >> I mean, obviously, I'm using the DEA and drug, when we've been fighting drug for multiple generations and we still have to have a process to multiple years to get that in a global court. I mean, it's hard. My point is, if we can't even figure it out for drug trade, generations of data, how fast are we going to get cyber criminals? >> Well, there is recognition of this, and there is work being done, but the gap is so large. Microsoft has done a big chunk of this in fighting botnets, right? So, they've taken a whole legal strategy that they've managed to impose in maybe a half-dozen cases the last few years, where they legally went and got legal power to shut down hosting services that were sources of these botnets. So, that's just one piece of it. >> So, this World War I analogy, let's just take it to the cloud wars. So, in a way, Dave, we asked Amazon early on, Amazon Web Services how their security was. And you questioned, maybe cloud has better security than on premise, at that time eight years ago. Oh my God, the cloud is so insecure. Now it looks like the cloud's more secure, so maybe it's a scale game. Cloud guys might actually be an answer, if you take your point to the next level. What do you think? >> Correct me if I'm wrong, you haven't seen these kind of massive Equifax-like breaches at Amazon and Google. >> That we know about. >> That we know about. >> What do you think? Don't they have to disclose? >> Cloud players have an opportunity? >> That we know about. >> That's what I was saying. The question on the table is, are the cloud guys in a better position to walk around and carry the heavy stick on cyber? >> Personally, I would say no question. There's homogeneity of the infrastructure, and standardization, and more automation. >> What do you think? What's your community think? >> I think you're right, first of all, but I think it's not the full answer. I think the full answer is what the general keeps hammering on, which is private, public, this needs to be leadership, we need to connect all these things where it makes sense to connect them, and realize that there's a bigger thing on the horizon that's already breathing down our necks, already blowing fire like a dragon at us. It's a piece of the, yeah. >> It's a community problem. The community has to solve the problem at leadership level for companies and industry, but also what the security industry has always been known for is sharing. The question is, can they get to a data sharing protocol of some sort? >> It's more than just data sharing. I mean, he talked about that, he talked about, at lunch he did, about the ISAC sharing. He said now it's more, ISACs are these informational sharing by industry, by financial industry, health industry, energy industry, they share information about they've been hacked. But he said, it's more than that. We have to get together at the table and recognize where these attacks are coming, and figure out what the smart things are doing, like at the ISP level. That's a big part of the funnel, crucial part of the funnel, is where traffic moves. That's where it needs to be done. >> What about the the balance of power in the cyber war, cyber warfare? I mean, US obviously, US military industrial complex, Russia, China, okay, we know what the balance of power is there. Is there much more of a level playing field in cyber warfare, do you think, or is it sort of mirror the size of the economy, or the sophistication of the technology? >> No, I think you're absolutely right. There is much more of a level playing field. I mean, North Korea can come in and do a, this is what we know about, or we think we know about, come in and do a WannaCry attack, develop a ransomware that actually moves on the internet of things to raise cash, right, for North Korea. So there, yeah, you're absolutely right. >> That's funding their Defense Department. >> As Robert Gates said when he was on The Cube, we have to be really careful with how much we go on the offense with cyber security, because we have more to lose than anybody with critical infrastructure, and the banking system, the electrical grid, nuclear facilities. >> I interviewed a cyber guy on The Cube in the studio from Vidder, Junaid Islam. He's like, we can look at geo and not have anyone outside the US access our grid. I mean, no one should attack our resources from outside the US, to start with. So, core network access has been a big problem. >> Here's something, I think I can share this because I think he said he wouldn't mind me sharing it. At the lunch today, to your point that we have more to lose is, the general said yeah, we have terrific offensive capability. Just like in the analog world, we have all the great bombers, more bombers than anybody else. But can we stop people from getting, we don't have the comparable level of stopping. >> The defense is weak. >> The defense, right. Same thing with cyber. He said somebody once asked him how many of your, what percentage of your offensive attacks are successful? 100%. You know, we do have, we saw some of that with leaks of the NSA's weapons that happened this year, that gone out. >> It's like Swiss cheese, the leaks are everywhere, and it's by the network itself. I ran into a guy who was running one of the big ports, I say the city to reveal who it was, but he's like, oh my God, these guys are coming in the maritime network, accessing the core internet, unvetted. Pure core access, his first job as CIO was shut down the core network, so he has to put a VPN out there and segment the network, and validate all the traffic coming through. But the predecessor had direct internet access to their core network. >> Yeah, I think the energy sector, there's a sponsor here, ICIT, that's in the industrial control space, that I think that's where a lot of attention is going to go in the next couple of years, because as we saw with these attacks of the Ukraine, getting in there and shutting down their power grid for half a day or whatever, or with our own alleged, US own involvement in something like Stuxnet where we get into the power grid in Iran, those controls are over here with a separate legacy. Once you get in, it's really easy to move around. I think that needs to be all cleaned up and locked down. >> They're already in there, the malware's sitting in there, it's idle. >> We're already over there probably, I don't know, but that's what I would guess and hope. >> I don't believe anything I read these days, except your stuff, of course, and ours. Being a journalist, what are you working on right now? Obviously you're out there reporting, what are the top things you're looking at that you're observing? What's your observation space relative to what you're feeding into your reports? >> This topic, security, I'm going to retire and be long gone on this. This is a terrific topic that means so much and connects to everything. >> A lot of runway on this topic, right? >> I think the whole area of what, right there, your mobile device and how it plugs into the cloud, and then what that portends for internet of things. We have this whole 10-year history of the laptops, and we're not even solving that, and the servers are now moving here to these mobile devices in the clouds and IOT. It's just, attack surface area is just, continues to get bigger. >> And the IT cameras. >> The other thing I noticed on AETNA's presentation this morning on the keynote, Jim was he said, a lot of times many people chase the wrong attack vector, because of not sharing, literally waste cycle times on innovation. So, it's just interesting market. Okay, final thoughts, Byron. This event, what's the significance of this event? Obviously there's Black Hat out there and other industry events. What is so significant about CyberConnect from your perspective? Obviously, our view is it's an industry conversation, it's up-leveled a bit. It's not competing with other events. Do you see it the same way? What is your perspective on this event? >> I think that it's properly named, Connect, and I think that is right at the center of all this, when you have people like Jim Ralph from AETNA, which is doing these fantastic things in terms of protecting their network and sharing that freely, and the US Bank guy that was just on, and Verizon is talking later today. They've been in this space a long time sharing terrific intelligence, and then somebody like the general, and Tom Kemp, the CEO of Centrify, talking about giving visibility to that, a real key piece that's not necessarily sexy, but by locking that down, that's accessing. >> How is the Centrify message being received in the DC circles? Obviously they're an enterprise, they're doing very well. I don't know their net revenue numbers because they're private, they don't really report those. Are they well-received in the DC and the cyber communities in terms of what they do? Identity obviously is a key piece of the kingdom, but it used to be kind of a fenced off area in enterprise software model. They seem to have more relevance now. Is that translating for them in the marketplace? >> I would think so, I mean, the company's growing. I was just talking to somebody. The story they have to tell is substantive and really simple. There's some smart people over there, and I think there are friendly ears out there to hear what they have to say. >> Yeah, anything with identity, know your customer's a big term, and you hear in blockchain and anti-money laundering, know your customer, big term, you're seeing more of that now. Certainly seeing Facebook, Twitter, and Alphabet in front of the Senate getting peppered, I thought that was interesting. We followed those guys pretty deeply. They got hammered, like what's going on, how could you let this happen? Not that it was national security, but it was a major FUD campaign going on on those platforms. That's data, right, so it wasn't necessarily hacked, per se. Great stuff, Byron, thanks for joining us here on The Cube, appreciate it. And your website is lastwatchdog.com. >> Yes. >> Okay, lastwatchdog.com. Byron Acohido here inside The Cube. I'm John Furrier, Dave Vellante, we'll be back with more live coverage after this short break.