>> From Gillette Stadium in Foxborough, Massachusetts It's theCUBE, covering VTUG Winter Warmer 2019. Brought to you by SiliconANGLE media. >> Hi, I'm Stu Miniman and this is theCUBE's coverage of the VTUG Winter Warmer 2019. We talk about virtualization, we talk about cloud computing. In this segment, we're going to talk about cyber security. Absolutely a hugely important to every user out there and if it's not hugely important to them today, I don't know I want to do business with 'em. Helping me to dig into this conversation-- >> (laughs) >> Is Matt Kozloski who's the Vice President of Professional Services at Winslow Technology Group. Matt, thanks so much for joining us. >> Thank you for having me. >> Alright, so I set it up. >> You did. >> Cyber security. >> Yeah. >> You know, what I said, Matt, in my career, I remember back, you know, 15, 20 years ago, security would be top of mind, kind of bottom of budget. >> Yep. >> It got great lip service, but when you looked at the project, if you look what's going off, it was like, I didn't do it. Now, that security project that I've been putting off for years, it's a board level discussion, you know, everybody needs to be paying attention to it, so, there's got to be no better time to be in the cyber security business than today, right? >> Well, you would think. So I would say a lot of organizations are taking the right steps that they need to in their budgeting and preparing for, you know, incidents or protecting themselves, but a lot of organizations, still, are just not taking the right steps to protect themselves and their, you know, patients or just their organization's information. >> Yeah, it's challenging, 'cause they say while it gets more attention, there's huge-- >> Mhmm. >> Emphasis on it, many companies are doing it, boards do care about it. Dave Vellante, one of our hosts of theCUBE, something he said many times, he said, okay, do I feel more secure now than I did last year and, you know, we've been doing this program for nine years and every year it's like, oh my god, it seems scarier now than ever. >> Yeah, that's a great, yeah. I mean-- >> So, you know, how are we doing as an industry? >> Yeah, I think technology continues to get more complicated, which is part of it. Another part is just the way that technology's integrated into everyone's lives, whether it's their smartphone, their smartwatch, their, you know, smart everything now. And the software behind the scenes is just incredibly complicated, too. So, things are getting more complicated. We rely on it a lot more and it just gives more opportunity for, you know, hackers to do bad things. >> Yeah, so my background is in network-- >> Mhmm. >> And virtualization technology and it used to be, you know, you talk about security products. >> Yeah. >> It was like, oh well, I've got the firewall-- >> Yeah, the thing. >> Or I've got something in, you know, the virtualization layer-- >> Yeah. >> That does things. I heard, the line that I hear that resonates with me is security is everyone's responsibility. >> Sure. >> And where does it go? The answer is yes, everywhere. >> Yeah. >> And everything from, it can go down to the chip level to absolutely at the application level and everywhere in between, but boy, that sounds complicated. >> It is. >> So, is it, you know, I need to have a security practice more than buying security products and security mindset. Is that what you hear and what you recommend to clients? >> Yeah, it's a practice or program. So you have to think of cyber security as that, like a program. It's about people, policies, the technology in place. I mean, one of the, you know, most common ways that malware gets into organizations is through a phishing attack. That's all social engineering. That's not exactly the most high tech thing around, right? So, there's an example of it on the people angle. >> Okay, so Matt, tell us a little bit about your background, you know, what you've been doing and maybe explain, so Winslow Technology Group, we're familiar, hopefully people have watched some of the videos we've done because they, you know, offer products that are made by other people-- >> Yes, yes, yeah. >> So you know, Dell, VMware and the like, Nutanix-- >> Yep. >> And things like that. So tell us your background and what, say how security fits into that. >> Sure, so my background is in supporting enterprise, you know, environments in the past and then I became, you know, a consultant and now at Winslow. Winslow, yes, is a reseller of products, but we also do services, which is kind of my role there too. So, in a way, the services is Winslow's product. >> Right. Yeah, absolutely. So, is it consulting, is it, you know, helping to bring in various products? >> Yeah. >> Is it doing, you know, a comprehensive analysis? >> It's all of those things. >> Yeah. >> So it's the comprehensive analyis, that's usually where things start, where we do a gap assessment and we figure out, like, hey, even if you're not HIPAA regulated or fall under PCI complaince, maybe you just want to look at NIST as a framework to start with. That's a government standard for cyber security, right? So we can do a gap assessment against that and then figure out, well you're deficit in awareness training or, you know, that firewall is not effective for what you need it to do, things along those lines. >> Okay, so you know, I mentioned earlier, security can be lots of places. Is this a holistic approach do you have? Are you, you know, data center, SAS, public cloud, all of the above, everything in between? >> I think all of the above. >> Yeah. >> It really starts with security as a philosophy and a way of doing things and then figuring out how that pipes down to the individual app components and infrastructure component. >> So, you know, I hear statements sometimes that it's, you know, it's not a question of if you will be hacked, but it's usually how soon you'll find out that you have been hacked. >> (laughs) Yeah. >> Is it that dire, I mean, I feel like the weather is, you know, appropriate for what we have today. There's fog rolling in, the rain is pouring, there's no sunshine here, you know, give us some sunlight in-- >> Yeah. >> How we can disinfect, you know, some of these challenges. You know, what are we doing well-- >> Yeah, people are doing well in that they're actually talking about it now. I do see a lot of people doing things like awareness training and it's actually really become part of what people consider, even in, like, mergers and acquisitions, right up front, people are asking, like, are they secure? How about we don't just connect their networks together and hope for the best, right? There's firewalls put in and even here today at VTUG, you see a lot about microsegmentation and what we're doing to containerize apps and secure, you know, software and applications from each other and, you know, have like, almost a zero trust policy on the inside of the network too, not just on the perimeter. >> Well, that's great, 'cause yeah. You know, I think back, you know, five years ago it was, the general conversation was, oh wait, I shouldn't do public cloud because it's not secure and now it's like, look, we understand. In many cases, public cloud is more secure-- >> Way more secure, sure. >> And many times just 'cause they update things. >> Yeah. >> You know, much more often. They have thousands of people focused and working on it as opposed to, how many people do you have-- >> Exactly. >> Maintaining and watching your environment. >> Yep, mhmm. >> So yeah, maybe, what are some of the hot segments? You brought up, you know, containerization-- >> Yeah. >> You know I remember, you know, can containers be secure? I have gone to, you know, the Docker Kan show, the group entities show and it seems like it's still a major issue, just shove it all into the-- >> Yes, yeah. In some ways too, I wonder if we're creating a problem in certain circumstances that way too because now we're giving more power and more scale in different ways that, and it just could be used in different ways that we didn't intend, I guess, right? I think in terms of segments, though, where we see, like, the cloud adoption. One example is in medical space, right? So medical records are incredibly important. When you think back to, you know, there's a server in the closet that the private practice I go to, my PCP's office, you're like, how are you securing that? Like, you're doctors, you know, you're good at keeping me alive, but what's going on there? A lot of private practices, just an an example, have actually migrated to cloud-based systems for patient management and I personally feel like that's more secure because doctors, in that case, can focus on what they're good at and they've offloaded, not necessarily all the risk, but a lot of the care and feeding and like, all of the security to people who know what they're doing and they're good at it, so that's like, an example. >> Matt, Matt, have you talked to doctors? They know how to do this. >> (laughs) >> Absolutely. They totally understand and have taken every, you know, thing to make sure that that absolutely is true-- >> (laughs) >> But, yeah maybe sometimes they understand that bringing in an expert that focuses on that more than the, you know, one hour every couple of months. >> (laughs) >> Would be there. >> Yeah. >> So, good to hear. What then, what would you like to see from the vendor ecosystem out there to, you know, is there more training, is it, you know, improvement of the products? >> I'd like to see some standardizations around the way products work with each other a little bit more. I mean, I think like, you know, you have vendor A, vendor B, vendor C, creating all these really great products and there's a lot going on from, you know, network monitoring and like, deep analysis to different technologies on the endpoints themselves, so like, traditional malware isn't, I mean it's a thing, but we're talking about more advanced protection, but really, like a framework for all of these products to talk to each other, 'cause that would, you know, allow, you know, cyber security consultants and engineers to really see all of this without being locked in to some proprietary system as well. >> Yeah, ransomware's been, you know, a hot topic the last couple of years. Are we getting a good handle on that? >> The studies that I've read recently say that it's relatively leveling off. So it's not necessarily getting any worse, but it's not getting an better either, so yeah. >> Excellent, so what you're saying is, you will not be put out of a job anytime soon, right? >> No. (laughs) >> Alright, want to give you the final word, Matt, you know, 2019, you know, what's interesting you, what are some of the, you know, top initiatives that your customers are going to have going forward? >> Yeah, so just in cyber security in general, just putting these programs together, doing the assessments they need. Enterprise customers are really interested in containers, we talked about that a little bit. So, me this year, I want to do a little more, you know, investigation and figuring out, like, cyber security as it relates to containers and how enterprise environments can secure the containerized apps. >> Alright well, Matt, really appreciate you-- >> Thank you. >> Helping bring us up to speed on some of the state of cyber security here at 2019 and you're watching theCUBE's coverage of VTUG Winter Warmer 2019 here from Gillette Stadium, home of the AFC Championship New England Pariots, going off to Super Bowl LIII in just a week. Thank you for watching theCUBE. (upbeat music)