(upbeat music) >> Live from Las Vegas, it's theCUBE. Covering Fortinet Accelerate 18. Brought to you by Fortinet. >> Welcome back to theCUBEs continuing coverage of Fortinet Accelerate 2018. I'm Lisa Martin here in Las Vegas with my co-host Peter Burris and we're excited to welcome a Cuba alumni back to theCUBE, please welcome Eric Kohl, the VP of Advanced Solutions from Ingram Micro. Welcome back! >> Thank you, thanks for having me back. Excited to be here. >> Yes, we're very excited. So tell us, what's new? We talked to you last year at this event, what's new and Ingram? Tell us about your role there and the things that are all exciting Ingram Micro. >> Yeah, brand-new for me. I'm in my 20th year at Ingram Micro. I lead our security practice for Ingram Micro U.S. and I have responsibility for sales, vendor management, strategy and execution on behalf of our manufacturer partners. It's a ever evolving space. It's such a great space to be in, I love watching the news every day. You know there's going to be some big logo but just as much fun as I have watching those, that's some of these small breaches that you don't hear about and it's just fascinating. So much more exciting than virtualization. (laughs) >> Some might argue with that. So tell us about the partnership that you guys have with Fortinet. How has that evolved over your time there? >> Yeah so been at Ingram for 10 and I've been working with Fortinet for, I'm sorry I've been at Ingram for 20 and been with Fortinet for over 10, back to when we signed the contract together. Just a very great partnership. They're our security partner of the year, last year. Good friends, excited to see John Bove back leading channels back to Fortinet and you know, we both invest in each other's success and so I think that's pretty unique. Huge investment for them here, having an event like this. Not every company does it but to bring everybody together where you can have security conversations get on the same page, it's extremely valuable, huge investment, and we're proud to be a sponsor. >> I'd love to chat about a little bit of the evolution that you've seen at Fortinet in the last 10 years as we look at, you mentioned breaches. I mean, there were some very notable things that happened in 2017. How have you seen the evolution from them on a security transformation standpoint as it relates to your customers and digital transformation. >> Yeah, so I mean it's something that we see every day from you know, as you know we sell to and through partners but you know, one thing obviously is their breath of solutions has expanded. But you know, also things that partners are asking us today is how is this technology being consumed? And in the face of digital transformation, that's a huge value point because ultimately we want to help our partners to architect, recommend the right technology to solve that business problem and then how do you want to consume it? How does your want to your client want to consume that? So I think that's one of the biggest kind of trends that we're seeing right now. >> So as you think about where you've come from to where you are and we'll talk a little bit about where you think might go, what were the stories you told about security 10 years ago? And how are they different from the stories you're telling about security today? >> I would say it's changed from my perspective because at Ingram, we have never ever been a services company like we are today. And so what I mean by that is, we wrap our services, partner services around the Fortinet solution to make it stronger. 10 years ago I would say we are living more in the traditional distribution role of hey, how do we get a box from here to there? Certainly channel enablement, we've been doing that for a long time but our offering of services to help drive demand is incredibly strong. You know, we work with Fortinet for example, on their threat assessment program and we have an engineer that can go and help. Our partners understand to do that, it's a huge partner ecosystem and so we've got to help them with all those channel enablement efforts. >> What are some of the biggest security challenges that you're hearing, say in the last year or so through the channel, that your partnership with Fortinet can help address? >> You know, it's all around complexity and that as you have likely heard that the shortage of folks that can get out and do some of these services have limitations. There's incredibly high demand for services, you know we're serving a channel ecosystem of roughly 12,000 companies that are buying security technology from us, all with varying degrees of capability and so we've really got to help them understand, hey, how can we help you deploy these services, etc. >> So as you imagine then the steps associated with helping the customer, the roles and relationships between Fortinet, Ingram, and your partners also must be evolving. So how is, as a person responsible for ensuring that that stays bound together in a coherent way for customers, how are you seeing that changing? >> Well you know, look it's a three-legged stool. (laughs) It's us, it's Fortinet and that's our partner community and we're reliant on each other to go and be successful in the market. Look, we couldn't be as great as we are working with our Fortinet channel ecosystem if we didn't have the support of Fortinet, the investments they make, the team that they have wrapped around our business, the team we've put in place wrapped around their business so that's kind of what I'm seeing there. >> They shared a lot of momentum not only in the keynotes this morning but also a number of the guests that we've had on the show today in terms of what Fortinet achieved last year. 1.8 billion in billing, nearly 18 thousand new customers acquired, a lot of momentum, a lot of numbers, I love that theme of the event today. So if we look at some of the things that were shared by Kenzie this morning for example, like I mentioned that the customer numbers and even talking about what they're doing to protect 90% of customers in the global S&P 100 and showed some some big brands there. Tell us a little bit about the partnership and how you're leveraging the momentum of what Fortinet is able to do in terms of capturing customers. How does that momentum translate and really kind of maybe fuel Ingram and what you're able to do? >> Well look, I mean there's incredible demand in security today. There was a slide that they showed this morning and I think it was the perfect storm. I like to call the security space a beautiful disaster. It's a mess, it's complicated, it's scary, the threat attacks are you know new and different and they're never going to stop but it again comes back to hey, how do we work together to kind of harness this? How do we go and there's a great partner community here, lots of our friends are here but they can't all be here. So we want to be able to help take that message out to our channel partners that were not here. Things like that. >> What are some of, oh sorry, go ahead Peter. >> I was going to say so Ingram, Ingram itself has changed. You said you've now, are now introducing security or you're introducing more services. So how is that.. How is security leading that charge to move from a more of a product and a distributor to now services? Is security one of the reasons why Ingram is going in that direction? >> It's one of them. I joked on virtualization but there's a lot of services that we can wrap around and I think, obviously there's a high demand of services and we will lead with Fortinet services and solutions where we can. We want our partners to lead with theirs but really we've hired people to go out do assessments. We have a partner ecosystem where, hey I can't get down to New Mexico to do an install. We have a partner network where they can tap into that and make sure that everything is installed correctly, all the features are turned on. You think about all these breaches that happen in the news, it's not that they didn't have the technology, they missed an alert or they didn't have it all deployed. We want to be able to help our partners solve for that. >> Along the partnership front, what are some of the things that excite you about the Fabric-Ready Partner Program and the announcements they've made today? >> Yeah, love it. Look Fortinet has built comprehensive end-to-end solutions within their Fortinet, I'm sorry, for their Fabric ecosystem but they've also recognized that they can't do it all alone and so they've introduced a lot of partners into that. And so what's exciting for me, leading our security category is, hey how do we bring new partners into our ecosystem too? Because it is a differentiator for Ingram to be able to provide multi-vendor solutions. To have somebody you can go to to say, how does SentinelOne work with for Fortinet Fabric? Those types of things, those conversations are happening all the time. >> Another thing that was announced today was what they're doing with with AI. Tell us a little bit about that and how are you seeing what they're going to be able to do with AI as an advantage for your partners and customers. >> Again the artificial intelligence, machine learning, it all goes back to making the technology easier to use. I still think, you think intelligence and I think back to the human factor. Some of these big breaches, look the threat actors are going to get in but how you recover from a breach, I think if we could inject some artificial intelligence into some of these companies that haven't figured out how to successfully pivot. You know paying your hacker a hundred thousand dollars to keep quiet is not the answer but I think that some of these machine learning things are going to make it easier. It's going to be easier to manage the alerts that are happening every day. So anything that helps eliminate, as they said today, the enemy of security is complexity. Things that help to discover these threats and remediate against them, all good stuff for our partners. >> On the enablement side, when we were talking with the channel chief, John Bove, earlier today and talking about sort of this long history of partner focused culture at Fortinet. Tell us about that in terms of the enablement that you're able to glean from them and then pass on to your channels in terms of selling strategies, marketing to, marketing through. What are some of the things that-- >> Look, we have an amazing team. John Bove, Curt Stratton, the folks that really spent so much time working with Ingram and then we've built an amazing team. I think we have 12 people from our company here at this event to make sure we're making the most out of it but you know. If you heard, we're at The Cosmo. They have Secret Pizza, have you been there? Have you heard about it? >> Lisa: No, Secret Pizza? >> Yeah, it's amazing, it's pretty good, okay. (laughs) >> You didn't bring any, I noticed that but continue. >> I didn't but it's secret not-so-secret pizza but we have some secret not so secret weapons. Jenna Tombolesi an NSE 7. She's one of the highest certified engineers on the planet and she works for Ingram Micro helping to technically enable some of our partners. We've got a guy by the name of Will The Thrill Sharland and The Thrill is out talking to partners every single day, helping them to be more profitable, trusted security advisors helping them through anything you can imagine from a channel enablement perspective. And then just huge teams of people that we go to serve this big market together. >> Are you seeing any vertical specificities? When Ken was sharing some slides this morning, they were talking about, they showed some verticals from a kind of market share perspective but I'm curious some of the verticals that kind of come to mind where security is concerned that maybe are a little bit more elevated than some of the others in terms of risk or health care education and financial services. Maybe Fed, SLED, are you seeing any verticals in particular, maybe those that are really going to be kind of having to be leading-edge, where security transformation is concerned? >> They have to be. Think about health care and when they're big ransomware attack hit last year. There's guys on CNN saying, they had to postpone my surgery because ransomware head. I mean that's life-and-death stuff there but I don't think there's any vertical that's immune to what's going on today. So I think you know regardless of your vertical, you have to be prepared, you have to choose the right technology, and choose the right partner to help you implement it. >> If you imagine where Ingram's going to go with this relationship, what kinds of things are you looking to be able to do as a consequence of great strong partnership with Fortinet. >> Look, the way that companies want to consume technology is changing in the space of digital transformation. Once we work with Fortinet and the partner to recommend the right technology and I mentioned this, like how do you want to consume it? Is it public cloud, is it AWS, or Azure? We have an answer for that today is that hey, it's on premise but I need some creative financing to help close this deal to solve a budget constraint. We have an answer for that. There's several variations of that but however that technology wants to be consumed, we have an answer together. So I think that's a testament to the strength of our relationship. >> And I think one of the words that I saw in, at least one of the press releases, was adaptability. Adaptability of some of the technologies and even John Madison was kind of talking about how customers can go, I've got 20-plus security products, how do I start this Fabric? And that word adaptability kind of jumped out at me as how do you enable adaptability when your customers, through the channel, have so many technologies in place and how does Fortinet help that adaptation? >> I would say they're placing bets like we are on top partners that are going to lead with that technology. They've got to go be the experts in that field and really start driving that. Events like this help get everybody on the same page, understand the new offerings. I mentioned Jenna, she was locked in a room all day yesterday all excited about all these things. She's been running around all day but look we've just got to help the channel understand what the new technologies are, what are the new offerings, and hey, how do we go solve that customer problem together. >> So are there any particular new approaches or tactics or techniques that you're using to get the channels to understand better? >> I don't think that there's anything necessarily new. We're all driving towards the same common goal. Having a security conversation today is easier than ever before so you know, I think we're we're going to continue doing what we've been doing. It's been very successful for us but that's, you know. >> What are some of the things, kind of wrapping up here, that you're looking forward to throughout the rest of 2018? We're kind of still in the first quarter calendar, some big announcements from your partner here today. What are some of the things that excite you at Ingram about the year of 2018? >> Look, it's a market that's that's really ripe right now and I think that when you talk about their new technologies, when you talk about the machine learning, there's a lot of these things happening out there. It's just look, we've got a huge market. The potential is unlimited and I think one area where we're really going to drill down this year is down market, down SMB in mid market because they need enterprise grade technology and Fortinet delivers that and has a history of delivering that. So I think we're going to double click down there together this year and John and his team have been great around putting some programs together for us to go and tackle that together. >> Excellent, well we thank you so much Eric for stopping by theCUBE again. >> Yes and I'll bring pizza next time. >> Please do. >> All right. >> Yes and maybe some beverages so we don't have dry throats. >> Of course, yes. >> So we wish you and Ingram the best of luck in this next year and we look forward to talking to you next year, if not sooner. >> Sounds good. Great, thank you. >> We want to thank you for watching theCUBE's continuing coverage of Fortinet Accelerate 2018. For Peter Burris, I'm Lisa Martin, after the short break we'll be right back. (upbeat music)

>> Commentator: Live from Las Vegas, Nevada. It's theCUBE. Covering Accelerate 2017. Brought to you by Fortinet. Now, here are your hosts, Lisa Martin and Peter Burris. >> Welcome back to theCUBE. We are live at Fortinet Accelerate 2017 in Las Vegas. We've got a great day so far talking to a lot of Fortinet folks, some of their technology alliances partners. And up next we've got Eric Kohl from Ingram Micro. Eric is the Vice President of Advanced Solutions and Eric's going to have a chit chat with myself, Lisa Martin and my co-host, Peter Burris. Eric, first and foremost, welcome to theCUBE. >> Thank you. >> Your first time on. Eric, you are an Ingram Micro veteran. >> Just a little bit. >> Just a little bit. You have previously been their Vice President of Network and Security Business Unit responsible for leadership, for strategy, and channel sales working with solutions, our networking SP's. Tell us about Ingram Micro. What is the role that Ingram Micro plays bolstering Fortinet's channel? >> Sure, yeah, I've been at Ingram for 18 years, it's kind of hard to believe. Our role is really to help kind of shorten the sale cycle for Fortinet partners. So we want to help our partners to become more highly trusted and more profitable security advisors. So I lead our, I'll all it our security practice because I think security is at the tipping point now, so where I used to be networking to security, my portfolio is primarily security and most of the networking guys are leaving the security as well. We play an integral role in really helping to make it easy to do business with our vendor partners. >> Lisa: Fantastic. One of the things that has been a topic that we have heard from the general session today and throughout a number of our guests is you mentioned really networking, but also networking in security really being no longer separate conversations. And the opportunities proliferation to mobile and IOT devices is really creating a talent impact. A talent shortage. How is Ingram Micro helping to maybe mitigate some of the challenges that companies are facing with respect to how to do deal with these daily attacks? >> Eric: Yeah, there's a couple key challenges. It's complexity. It's not just the complexity of some of the technology solutions that are supposed to help us in protecting our data. But when you think about DYOD and the internet of things, there's already a connected device for every human on this planet. And that's a security, that's like a CISO's nightmare is how to protect all of these things. So that's a huge challenge. And then to be able to have the resources to manage the solutions that are complex in themselves, that's a big challenge. And it's not just for the end users themselves, there's thousands and thousands of IT security integrators with varying degrees of competency. We're serving all of them. And even some of these guys are struggling with the complexity. I think one of the other things that we constantly hear from partners is SMB's and mid market companies are under attack like never before. They don't make the headlines like Yahoo or some of the things that are going on in the political world. These small companies are under attack and if they get attacked, they don't make the news, they just go out of business. >> Lisa: Right. >> So that's a huge challenge. >> So demand's going up, significantly. >> This is a great spot to be in. I go to conferences like these and a new breach hits the wire and we're high fiving. It's good for our industry. >> Peter: But that the same time, as demand goes up and the capacity to serve that demand increasingly has to move into technology because of some of these labor shortfalls, it means there's a whole bunch of reconfiguring of where are values created, who's creating value, how they're creating value. How is Ingram Micro finding itself mediating what partners want, what the industry has to offer, and ultimately what the customers of your partners are trying to serve. How are you finding your business evolving? >> Eric: We have transformed more into a services company than ever before. If you think about IT distribution, it used to be about getting a box from point A to point B. That was so far in the past. And for us it's around how do we help augment and provide services kind of what I would say throughout the security sales cycle so that we can help these trusted advisors? Or even if they're not a highly competent security advisor, how do we help them look like they are so they can serve and protect our clients better than anybody. >> Lisa: Actually, you brought up a good point there. Can we ask you about the security sale cycle? You mention you're an 18 year veteran at Ingram Micro. How have you seen the security sale cycle evolve as security itself has evolved and we have this daily expanding threat surface? What's that sales cycle like now? >> Eric: Like I said, many, many, many years ago it was all about moving the products or helping with some financial services but toady Ingram plays a pivotal role throughout that sales cycle. So for us, it kind of starts with training and education. Helping our partners to make sure that they understand the benefits of going to get certified for Fortinet Technologies. Or the benefits of getting your technical accreditation so you can move up into the partner stack and better serve your clients. It's also around helping our partners understand a position like security awareness trainings as an example. You can have the best technology in the world but if you still don't understand what today's threats are, you're a risk. The second area would be around what I would call pre-sales professional services such as assessment work. So the cyber threat assessment program that Fortinet has. So we're authorized to go and help our partners do that. We've done it in conjunction with partners. We have partners on the phone all the time, we'll set them on a demo, we'll help them get that CTAP done. And once that thing is in, it's closing a sale. So you can really drive demand. You have a better understanding of what's going on in the network. And that's all before we've even delivered a product, right? So then you kind of get into the core of what I would call channel enablement and operations. Which is, look yes we have to help our partners get the technology, but it's also around, we're serving more Fortinet resellers than any other company in any country from a distribution standpoint. I'm really proud of that. But they're all varying degrees of competency and so we have to act as though we're their Fortinet channel account manager. And so we love doing that type of work. The next part of that sale cycle would be around how do we finance that? So there's a multitude of financial services offerings. Or leading with Fortinet's MSSP program to help close an opportunity in the invariable financial models. And then it's around implementation. A lot of partners may find an opportunity and they can't get to Las Cruces, New Mexico. Well they can tap into our network and we'll help them find a provider that can do that implementation service. And then wrapping it up with remote monitoring and management or managed services of those things. And now, Fortinet plays a role in many of those categories. So we would lead with those solutions to make sure that a security advisor is really taking advantage of offerings throughout the sale cycle. Whether Fortinet offers them or whether we're working with a third party provider. >> So you mentioned that you are the largest distributor working with Fortinet Technologies. You also mentioned something earlier too that's interesting and that is, kind of leading into differentiation. You talked about Fortinet being able to go from the antiphrase down to the SMB and the fact that what we're hearing so much media about enterprise attacks that's what gets attention. >> Right. >> Talk to us about the differentiation that Ingram Micro is getting as a result of partnering in such a focused way with a Fortinet that is able to get into and help those small, medium businesses not go out of business. >> Right. And Fortinet's in a great spot because they've been serving from the SMB to the mid markets and the enterprise. And to your point, yes, the Sony's and the Yahoo's they make all the headlines. Companies like 80stees.com that got attacked and almost when out of business they don't make the news. And so we play an integral role because we're serving thousands of resellers that actually are working with those small companies. So we have to help them understand the technology, understand the new like there's announcements today. You know, we have to help get that message out to the Fortinet channel and really help augment their channel efforts with that. >> As think out over the next couple of years given that it is the movement from a product to a service orientation in many respects requires that much more data. The visibility that makes you that much more intimately tied to your partners, what will be the role as a business person, what will be the role of data, data security, more secure networks to you as business person? >> As a business person this is just going to keep accelerating. The demand for information isn't going to slow down. The demand over the networks, it's just going to keep expanding as quickly as are the devices in our hands. It's one human has a device or one device for every human on the planet today that's going to double or triple in the next few years. That demand for data and data protection is going to go right along with it. >> Lisa: One last question for you, Eric. One of the things that was interesting today was a lot of the predictions that we were learning from Fortinet. We had Derek Manky on the program and he did a blog, his team did, leads Fortiguard Labs about really six predominant evolutions and challenges and it was quite striking. I'm curious your perspective as we're seeing this threat surface expand. One of the things that he was talking about was the need to bridge the gap between public sector and private sector and what Fortinet is doing there to facilitate things where they don't have jurisdiction that maybe a police organization would need to be involved in. As we look at Fortinet going in that direction in helping to bridge the gap there and share knowledge and threat intelligence across public and private sector and to your point earlier helping the SMB market which doesn't get that visibility. Last question, what are you most excited about? Fortinet's just starting their fiscal year 17. What excites you most as a distributor for this year of opportunities? >> I would say it's a couple things. They had an exciting announcement today around their intent based and that's really exciting. To be able to drive simplicity and to management and being able to understand what's going on. Our partners and ultimately the clients, they don't want point products. There's a lot of security vendors that are offering point products. These customers want business outcomes and they want simplicity. It's really easy to be a cyber criminal today. Ransomware's a service. You can go out and start flooding emails out and then all the sudden you rent the malware and you'll get paid if you can infect somebody and they have to go pay for it. Protecting against that has to be as simple as it is to be a cyber criminal. I think that it's exciting with what they're doing there. In terms of this event, and Derek is a great leader in security. He was out at our big event in November so I was catching up with folks like him. I love these events to come and check in with our partners and we've been a Fortinet distributor, this will be our 10 year anniversary and we're also a customer. It's exciting for me to come in and see our friends and familiar faces and catch up with everybody and see what's new. We're really excited about the future with Fortinet. In those 10 years, we've been above market growth every year. Don't tell my boss, he assigns quotas. But they've been a great partner for us. >> It sounds like from what we've heard today from yourself and from your partners at Fortinet, this year presents a tremendous amount of opporunity and challenge. We wish you continued success, Eric. Thank you so much for your time on theCUBE. >> Thank you very much. >> We thank you for watching theCUBE as well. And I'll thank you on behalf of my esteemed colleague, Peter Burris. But, don't go away, we'll be right back.

>> Announcer: Live, from Las Vegas, it's theCUBE, covering Fortinet Accelerate18. Brought to you buy Fortinet. (upbeat digital music) >> Welcome back to theCUBE's continuing coverage of Fortinet Accelerate 2018. I'm Lisa Martin, with my co-host Peter Burris, and we are now joined by the CISO of Ingram Micro Kevin Kealy. Welcome to theCUBE. >> Thank you both very much. It's nice to be here. >> I love your title, the Prince of Security Weirdness, your other title. >> Yeah, right. >> Tell us about where you got that and why you like it. >> I was at a customer engagement years ago, when I was working for AT&T, in of all places, Moline, Illinois, and I was working with a lady whose business card actually said Protocol Princess. And the customers, based on what we were actually there to do, the customer decided that if she was the Protocol Princess, then I had to be the Prince of Security Weirdness, because the problem ended up being a combination of something very odd that was happening with their security appliances plus the network itself. And so, of course she spread that when we got back to the office and it just kind of stuck from thereon. I kind of like it. If a company found something weird that was going on with security, they'd just go, "Send him, he'll sort it out." And I did. >> So you've seen probably a really interesting evolution of security. >> Kevin: Oh yeah. >> You've been the CISO for almost a couple years. >> Kevin: Yep, almost two years, yeah. Longest tenured one in a while, I think. >> And you have an interesting kind of strategic perspective. Tell us a little bit about that and what makes that unique. >> Sure, so from a CISO perspective it used to be the CISO was the C-E NO. You know, the place where business goes to die. My feeling is, if I'm not adding lift to the business, then I'm adding drag. And if you're adding drag then you're not being a responsible custodian of the company's money or it's direction. So my feeling is, and my strategic objective is, always partner with business to help them achieve what they need to achieve, but to do it safely and in a way that doesn't add risk to the company. So, I like to say you look through your lens at something, it looks ridiculous. Somebody's doing something truly stupid. But if you pivot your perspective and you look at what they're doing it for, they have a perfectly reasonable and rational expectation of their results and what they're trying to achieve. What you need to do is to adjust your thinking to understand what you currently don't understand in order to pivot them to get to a safe perspective, and therefore business. >> So one of the key differences between business and digital business, is the role that data plays. But we could also take a security perspective. Business was about securing and limiting access. Digital business is about sharing and making possible access. >> Kevin: Right. >> So is that kind of what you mean when you say that you're not the C-NO? You're not the C-YES necessarily, but you're really focused on how to appropriately share? >> Completely agree. My approach is always, let's consult with each other, tell me what you're trying to achieve and let's not look at what's caused me to be in your business today, let's look at what you're trying to achieve. What's your end goal? Right, now let's work together to achieve that in a way that adds limited... 'cuz you can't ever have a solution that exposes stuff without adding any risk,. But there's always an acceptable risk appetite that you have to maintain in order to do business, right? With risk comes opportunity and reward, right? So you can never eliminate all risk. So my approach is, understand what they're trying to do. Look at how much risk there is in any different way of doing it, and then choose the way that offers you the most risk reduction for the least capital expenditure and operational expenditure. And gets them to market the quickest. At that point now, I know I've done my responsible part of keeping risk under control. I maintain a risk register, tells me as a whole the company has accepted this much risk. If we do this extra thing, this might put you over what you, the board of directors and management have accepted before. Let's see what we can do to reign that back in here. I have a solution here that's nearly what you want, will that do? You know, another mantra I cite is, don't let perfect be the enemy of good enough. Too many of my peers in the CISO realm keep chasing perfection. You know they see NIST 800 as an achievable goal. They see, you know, total PCI compliance as an achievable goal. My feeling is, as soon as you get to the point where you are PCI compliant, and you still have things to do, then you need to start concentrating on other more risky things that are going on in your business. You can never achieve NIST 800 unless you have a government's funding. I don't know too many CISOs who have a government's funding, right? So my feeling is never let good enough fail to be good enough. Achieve good enough then go and solve other riskier things, and then come back, maybe in a year, couple of years, when it's time to refresh that solution, and see if now that's not good enough anymore. Maybe you need to do something different. But in all cases I'm partnering with business to make sure that whatever I'm doing is adding lift for them, not drag. >> So, Ingram Micro, we just had Eric Kohl on a little bit ago. So Ingram's been a partner with Fortinet for 10 years or so, but you, on your side and your CISO role, are a customer of Fortinet. >> Kevin: Absolutely. >> So in the last couple of years when you came on board, some of the things I'm hearing that you're talking about, sounds like potentially a cultural shift. Talk to us about maybe some of the weirdness that you found in from a security perspective, and how Fortinet is helping you guys on the Ingram, achieve security transformations so that you can evolve. >> Sure, so, Fortinet's been a great partner for me. They have a truly wonderful suite of products. I mean, everything from the edge protection for the dissolving perimeter, all the way out to small and SOHO type firewalls. And then we have wireless access points that are strong and well fortified with the ability to separate between multiple networks, all the way down to FortiDB, which I use to protect our databases. So we do our database monitoring for our critical databases. As a suite of things that I can manage with one console, it helps me minimize the number of operational staff and the operational training they have to do. And then, from my perspective as a customer, Fortinet's always there for me. I know that I can just call them, and within five minutes somebody's calling me back and we can get the right resources right on the phone. That kind of partnership, you can't put a price on that. You know, everybody's at some point in their lives, bought a product that's failed, and then you can't get any customer support on it, and eventually you have to toss it out. Fortinet's always there for me. They're always checking to make sure that we're doing the right thing. And to give you an example of how Fortinet is part of our company fabric, and I use the word in both it's terms, we chose Fortinet gear to protect our CEO's house. Alright? Our CEO, of course, has a lot of, you know, he's a high net worth individual. He has a lot of high value assets that he takes home to work from home. You know he's clearly a target. So for protecting his home and infrastructure there, we deployed Fortinet gear. >> That's a very interesting use case. >> Yeah, and all my staff, including myself, we have Fortinet gear at home as well. So this is the stuff we trust to protect ourselves, when we're in our most vulnerable environment. A lot of people don't think about that. You take these well secured devices and you take them outside the company perimeter. Now they're on their own. You know, if you can take them to a safe environment though, it makes them a lot safer. From an engagement perspective, as the buyer of things for a company like Ingram, one of the first partnerships I made when I first joined the company was with Eric. Because I want to make sure that I'm supporting our sales side as well. So if anybody comes to me and says, "Hey, I have the perfect solution for you." The very first question I ask them is, "Are you a re-seller with us?" And if the answer is no, it's like, call this guy. This Eric Kohl chap, he'll be able to have a very interesting conversation with you. So, Fortinet being such a long-term partner with Ingram, it's an easy purchasing decision for me. Number one on the technology side. Number on on the partner side. You know what that old story is, nobody got fired for buying IBM? At Ingram, nobody got fired for buying Fortinet gear. And it helps that it's the best on the books, for me anyway, for the stuff that I use it for. I'm very excited about the new Fabric. >> Tell us about that, from a visibility perspective internally, complexity, mitigation standpoint, TCO. How is that going to help you at Ingram? >> So, you said the word, visibility. One of the first things I did when I got to Ingram, was I realized I couldn't see all the way to the edges and to the bottom of my network. So I started to increase the visibility with a combination of the Fortinet product suite, I think I'll be able to get the edge-to-edge, top-to-bottom visibility. And I'm really excited about the web-based CASD solution. 'Cuz what I really don't want to do, and one of the talks this morning, the keynote was talking about it, is the vendor, just the vendor pile of different things that have to be managed. All the different people we have to get training from. All of the currency that you have to maintain. If I can manage it all through one console, And I only have to train my staff in one suite of products, that makes the overall work that they do that much simpler to execute. And I love the concept of being able to make those contextual rules. You know, if this device is in this class then don't let it go over to this data that's in this class. That's so simple to describe. And I love the fact that you can then orchestrate that deployment. So when as we go to a virtualized environment, and we roll into cloud and so on, being able to push a policy like that and being able to push that context is going to be so exciting for me. >> One of the challenges of integration is that you get dependencies. >> Yes. >> So as a CISO, and you start looking at a fabric, and as you said, it's a very rich fabric, it does a lot of work. How do you ensure that you don't find, 'cuz if there's a vulnerability inside the fabric, then the whole fabric gets affected. So what is that trade-off between integration and dependency for you? >> So, that's a great question. Back in 1998,'99, I was at AT&T during what was, it became known as the Great Frame Relay Outage, that AT&T had. Many people will remember that. >> Not to laugh at you. >> Do you remember it, though? >> I do remember it. >> Right? >> Kevin: And the cause of that was, the company was entirely CISCO on the back burner. I was one of the engineers that was there trying to fix it all. CISCO had a self-deploying patch protocol where you drop a patch onto a device and it would automatically push the patch to all its neighboring devices and so on. Well you dropped the patch on this device, it would push the patch towards its neighbors, then it would crash and reboot. But it had already had time to push the patch to all its neighbors. So one by one, every single router and switch in the entire network, received a patch and then crashed and rebooted. And that became a three-week problem known as The Great Frame Relay Outage of 1998. So at that point, our then CISO, Edward Amoroso, he decided that we wanted vendor diversity in our network. And at AT&T at the time, then, we went to CISCO on the edge, Juniper in the core. And the reason was, we wanted the network to be able to stay up and routing, even if we has a problem on the edge. And of course, automatic patch push protocol was disabled. (laughing) From my perspective, I think, there's a fine line to be managed here. Southwest Airlines has made a very concrete and a very risky, but certainly it's worked out for them right now, decision. All their aircraft are Boeing 737s. So they only have to train their maintenance staff to maintain one airplane. All their pilots can fly all their airplanes. >> Lisa: My brother's a pilot for them, yes. >> Right? >> Yeah. >> Kevin: All of them are 737s, but if the FAA grounds 737s, all of Southwest is out of business, for the duration of the flying ban, right? So Southwest has decided they don't need vendor diversity across their fleet. I know they bought Allegiant, and that's got a number of Boeing aircraft, however, from the perspective of their original business plan, all 737s because they now have a very, very well defined TCO. From my perspective I think, there's a line to be drawn here, but Fortinet has me covered. They have their APIs. They work with the other vendors. So if I have a SIM or a log manager or something like Splunk deployed, they already have that partnership in place. It means they can manage the data within the device as though it's my own data, as though it's within the Fortinet Fabric. And that then keeps me happy. Because I then get the benefits of the additional features perhaps that I would get from a Splunk rather than a Fortinet tool, but I also get the vendor diversity that's there. See Splunk for me is not just a security tool, it's a VI tool and there are many other groups that are leveraging the capabilities that it has. So for me, if I went to something like the Fortinet SIM, that would be a very selfish solution. It would be just a security thing. That's not really partnering with business. My investment in Splunk, I've got six other groups within the company leveraging it, and I just invited the seventh one in today. Now those people are all using Splunk for their own things. I'm footing the bill for them so they get all this VI for free. That's been a real big win for me, because I'm now known as the guy that's providing stuff that the company can actually use. That's a very powerful position to be in as the CISO because when I come asking for something that normally they would've said no to, all I have to do is remind them, "Hey, you know you're using my Splunk solution? "Well now, would you mind helping me out? "I need you to do this thing "with your laptops in your organization." And they're much more receptive because they know of me as a partner. >> So would you say, one of the things we were talking about a number of times today, Peter, with guests, is getting, how, does a CISO get this, well maybe it's enable the balance, at the speed at which a business needs to transform digitally to be profitable and grow and compete and manage that with risk? Where do you think that your are on getting that balance? Sounds like there's a lot of collaboration within what you've been able to achieve. >> So, there's a couple of rules that I go with. The first is I go meet the business leaders and introduce myself. And I say, I know you may have heard this before, but this time I mean it, I'm here to help. Tell me what your pain points are. How can I help you, right? And that's a very powerful question. I always try to end every meeting with "How can I help you?" Alright. If you end the meeting with that question, that last memory they have of you will be, you were offering to help last time I saw you. I'm willing to give you another audience. And then, it's by action. Like my Splunk investment. I invested in it, and now other people are using it. I'm showing by my actions that I'm actually not just all talk. And other people have noticed. They would come to one of my predecessors and say, "Hey, I want to do X." and they would be told straight out, "No." My answer is always, okay. How are you planning to do it? Something brought you here today. Let's talk about it. And then when they show me how they are planning to do it, it's like, you know what, I see opportunity here. You guys can do it in three fewer steps and at significantly less risk if you just let me help you in this area, and then we do it this way, and we use this tool that I've already bought and you don't have to pay for. Now all of a sudden they've got a yes. It's already through. It's through architecture review. They've got the solution in place, but I get the logs and I get to put my own encryption solution in or whatever else it is, and I get to absorb the risk for the company. And again, it's all by actions too. You know, if you make sure that you never say the word no. People say, "No, because." Try to change it to, "Yes, and." And by pivoting the conversation that way all of a sudden people aren't arguing with you. They're trying to sell you something. And when somebody's trying to sell you something and you're buying it now you've got the upper hand, right? So now I'm the buyer. Right, it's like, "Let's buy it, but let's do it like this." >> So I have another question for you. Something that's related to one of the conversations that we've had many times today. I'm going to paint a scenario for you. A CEO is sitting in front of a group of investors. And talking about strategic flexibility and the things that their assets allows her to do. My balance sheet will allow us to do this. My sales force will allow us to do this. When are we going to see the first CEO say, "My security, my digital security, "will allow us to do this, "things that our competitors can't do." >> That's an excellent question, I hope it's soon. I'd like to be right in the vanguard of that. Ingram Micro already uses us as an enabler. >> I'm sorry, what was that? >> Ingram Micro already uses me and my group as an enabler. This year we've been able to negotiate a reduction in our corporate insurance rates, for cyber risk, simply because I was able to show the value in what we've achieved over the last two years. And show how materially we've affected the company's risk envelope and our acceptance of risk. So by doing that, I've already added value to the bottom line because insurance costs money and it's a dead sunk cost, right? So I've already reduced the cost of that. So now all of a sudden I'm enabling the business. And I'm also meaning that we can actually uplift our coverage too, so now we're reducing risk even more. We can displace more risk to the outside of the business. This conversation with Eric, you know, I'm about to award an RFP. Before I award an RFP, I'll go and see Eric. Is there a strategic reason for me to award it to this vendor or this other vendor? Now of course we're negotiating on the sale side and the buy side together. That's a very powerful story. So certainly at Ingram, I think I'm already partnering with the business in such a way that we can make that a compelling message. In terms of the overall industry, I really hope that it'll be soon. I think the CISO and the CIO roles are merging together. I think as the CIO is rolling less hardware and is rolling more into virtual and policy and direction and technology choices, I think people are going to have to realize that security has to be built into that. Because if you try to bake it on later, or bolt it on, it's never as effective. It's always more expensive. You look at something like the Fortinet Fabric, you roll that as part of your orchestrated virtual environment, you've turned the whole attack chain on it's head, now. Now it's going to cost so much to try and compromise any part of that infrastructure, you're going to see it so quickly, you've turned it all around. Now it's way too expensive to try and attack companies with that kind of fabric. Now the boot is on the foot. Okay, so invent something I can't see. You know, we've got contextual threat intelligence here, that's able to spot patterns. We've got polyform on the outside here. Everything's working in concert, okay. >> So you're not worried about being put out of a job any time soon. >> I think sadly this job is around for a while. I used to joke that it was Bill Gates and his company that provided us with permanent job security. Now it's the cyber criminals. I tell you what though, today the simplest attacks are still the ones that work. It's phishing, phishing, phishing, phishing, phishing. People clicking on links. >> Human beings. >> Human beings are always easier to hack than computers. >> So you've given us, last question as we have a minute or so left, you've given us a great perspective of the impact that you've been able to make using Fortinet on the customer side. You talk to a lot of partners in Ingram's ecosystem. How do you impart your wisdom and your expertise on the partners from that enablement, such so that they can go and talk to customers and really share best practices from the CISO suite? >> So again, I partner with Eric's cybersecurity advisory committee, where he has a number of our key security partners who come along. And for two years running now, I've participated. I've spoken. I spent two days with those folks. I'll answer any question they have. I'll spend the evenings with them. We'll have a beer together. And I'll do a panel and I'll have discussions just like this with them. And share with them some of the things that I've done with the company that have worked, and some of the things that haven't worked out quite so well. No holds barred. I'm a big believer in herd immunity. You know, it's an old joke, you don't want to be the fastest antelope, but you sure as hell don't want to be the slowest one either. So from my perspective, the more of us that share that kind of intel, the easier things will be as we go forward. Because together as a herd we'll be more immune. So from my perspective, even if it's a competitor's CISO, I'll still sit down, have a coffee with them and chat with them. And it will be very much open kimono. Because I feel like we can never share enough of this intelligence with each other. We're not seeking to gain a competitive advantage individually. We're seeking to make the field and the companies, and if you like, the white hats, less vulnerable. And I think that's a compelling value message. >> I noticed your clothes. I guess you're an All Blacks fan? >> Well, you know, being South African I have to be a Springboks, but, uh, you know, it was such a sad day when Jonha Lumo died. That was such a sad day. I got to meet him once and he was a mountain of a man, but such a gentleman. Yep, that was good. But yes, rugby is definitely my sport, so thank you. >> Well, Kevin, thank you so much for stopping by theCUBE and sharing your insights, what you've been able to achieve on the consumer side, or consuming Fortinet's technology and what you're able to impart on your partners. We wish you great success in 2018 and look forward to having you back on the show. >> That sounds great, thank you very much. Thanks for having me, it's been a great pleasure, thanks. >> Excellent. And we want to thank you for watching theCUBE from Fortinet Accelerate 2018. I'm Lisa Martin with my cohost Peter Burris, after this short break we will be right back. (upbeat digital music)