>> Hey, welcome back everybody. Jeff Frigg here with theCUBE. We're at Data Privacy Day 2018 here at Linked-In's brand new, downtown San Francisco headquarters not in Sunny Vale. And we're excited to be here for the second time. And we've got Eve Maylar back she's a VP in innovation and emerging tech at Forge Rock, we caught up last year, so great to see you. >> Likewise. >> So what's different in 2018 than 2017? >> Well GDPR, the general data protection regulation Well, also we didn't talk about it much here today, but the payment services directive version two is on the lips of everybody in the EU who's in financial services, along with open banking, and all these regulations are actually as much about digital transformation, I've been starting to say hashtag digital transformation, as they are about regulating data protection and privacy, so that's big. >> So why aren't those other two being talked about here do you think? >> To a certain extent they are for the global banks and the multinational banks and they have as much impact on things like user consent as GDPR does, so that's a big thing. >> Jeff: Same penalties? >> They do have some penalties, but they are as much about, okay, I'm starting to say hashtag in front of all these cliches, but you know they are as much about trying to do the digital single market as GDPR is, so what they're trying to do is have a level playing field for all those players. So the way that GDPR is trying to make sure that all of the countries have the same kind of regulations to apply so that they can get to the business of doing business. >> Right, right, and so it's the same thing trying to have this kind of unified platform. >> Yup, absolutely, and so that affects companies here if they play in that market as well. >> So there's a lot of talk on this security site when you go to these security conferences about baking security in everywhere, right? It can't be OL guard anymore, there is no such thing as keeping the bad guys out, it's more all the places you need to bake in security, and so you're talking about that really needs to be on the privacy side as well, it needs to go hand-in-hand, not be counter to innovation. >> Yes, it is not a zero sum game, it should be a positive sum game in fact, GDPR would call it data protection by design and by default. And so, you have to bake it in, and I think the best way to bake it in is to see this as an opportunity to do better business with your customers, your consumers, your patients, your citizens, your students, and the way to do that is to actually go for a trust mark instead of, I shouldn't say a trust mark, but go for building trusted digital relationships with all those people instead of just saying "Well I'm going to go for compliance" and then say " Well I'm sorry if you didn't feel that action "on my part was correct" >> Well hopefully it's more successful than we've seen on the security side right? Because data breaches are happening constantly, no one is immune and I don't know, we're almost kind of getting immune to it. I mean Yahoo's it was their entire database of however many billions of people, and some will say it's not even when you get caught it's more about how you react, when you do get caught both from a PR perspective, as well as mending faith like the old Tylenol issue back in the day, so, on the privacy side do you expect that to be the same? Are these regulations in such a way where it's relatively easy to implement so we won't have kind of this never ending breach problem on the security side, or is it going to be kind of the same. >> I think I just made a face when you said easy, the word easy okay. >> Not easy but actually doable, 'cause sometimes it feels like some of the security stuff again on the breaches specifically, yeah it seems like it should be doable, but man oh man we just hear over and over again on the headlines that people are getting compromised. >> Yeah people are getting compromised and I think they are sort of getting immune to the stories when it's a security breach. We try to do at my company at Forge Rock we're identities so I have this identity lens that I see everything through, and I think especially in the internet of things which we've talked about in the past there's a recognition that digital identity is a way that you can start to attack security and privacy problems, because if you want to, for example, save off somebody's consent to let information about them flow, you need to have a persistent storage that they did consent, you need to have persistent storage of the information about them, and if they want to withdraw consent which is a thing like GDPR requires you to be able to do, and prove that they're able to do, you need to have a persistent storage of their digital identity. So identity is actually a solution to the problem, and what you want to do is have an identity and access management solution that actually reduces the friction to solving those problems so it's basically a way to have consent life cycle management if you will and have that solution be able to solve your problems of security and privacy. >> And to come at it from the identity point of view versus coming at it from the data point of view. >> That's right, and especially when it comes to internet of things, but not even just internet of things, you're starting to need to authenticate and identity everything; services, applications, piles of data, and smart devices, and people, and keep track of the relationships among them. >> We just like to say people are things too so you can always include the people in the IT conversation. But it is pretty interesting the identity task 'cause we see that more and more, security companies coming at the problem from an identity problem because now you can test the identity against applications, against data, against usage, change what's available, not available to them, versus trying to build that big wall. >> Yes, there's no perimeters anymore. >> Unless you go to China and walk the old great wall. >> Yes you're taking your burner devices with you aren't you? (laughs) >> Yes. >> Good, good to hear >> Yeah but it's a very different way to attack the problem from an identity point of view. >> Yeah, and one of the interesting things actually about PSD2 and this open banking mandate, and I was talking about they want to get digital business to be more attractive, is that they're demanding strong customer authentication, SCA they call it, and so I think we're going to see, I think we talked about passwords last time we met, less reliance. >> Jeff: And I still have them and I still can't remember them. >> Well you know, less reliance on passwords either is the only factor or sometimes a factor, and more sophisticated authentication that has less impact, well less negative impact on your life, and so I'm kind of hopeful that they're getting it, and these things are rolling up faster than GDPR, so I think those are kind of easier. They're aware of the API economy, they get it. They get all the standards that are needed. >> 'Cause the API especially when you get the thing to thing and you got multi steps and everything is depending on the connectivity upstream, you've got some significant issues if you throw a big wrench into there. But it's interesting to see how the two factor authentication is slowly working its way into more and more applications, and using a phone now without the old RSA key on the keychain, what a game changer that is. >> Yeah I think we're getting there. Nice to hear something's improving right? >> There you go. So as you look forward to 2018 what are some of your priorities, what are we going to be talking about a year from now do you think? >> Well I'm working on this really interesting project, this is in the UK, it has to do with Affintech, the UK has a mandate that it's calling the Pensions Dashboard Project, and I think that this has got a great analogy in the US, we have 401ks. They did a study there where they say the average person has 11 jobs over their lifetime and they leave behind some, what they call pension pots, so that would be like our 401ks, and this Pensions Dashboard Project is a way for people to find all of their left behind pension pots, and we talked last year about the technology that I've worked on called user managed access, UMA, which is a way where you can kind of have a standardized version of that Google Docs share button where you're in control of how much you share with somebody else, well they're using UMA to actually manage this pension finder service, so you give access first of all, to yourself, so you can get this aggregated dashboard view of all your pensions, and then you can share, one pension pot, you know one account, or more, with financial advisors selectively, and get advice on how to spend your newly found money. It's pretty awesome and it's an Affintech use case. >> How much unclaimed pension pot money, that must just be. >> In the country, in the UK, apparently it's billions upon billions, so imagine in the US, I mean it's probably a trillion dollars. I'm not sure, but it's a lot. We should do something here, I'm wondering how much money I have left behind. >> All right check your pension pot, that's the message from today's interview. All right Eve, well thanks for taking a few minutes, and again really interesting space and you guys are right at the forefront, so exciting times. >> It's a pleasure. >> All right she's Eve Maylar I'm Jeff Frigg you're watching theCUBE from Data Privacy Day 2018, thanks for watching, catch you next time. (upbeat music)

>> Hey, welcome back everybody. Jeff Frick here with the CUBE. We are in downtown San Francisco at the Twitter headquarters for a big event, the Data Privacy Day that's been going on for years and years and years. It's our first visit and we're excited to be here. And our next guest is going to talk about something that is near and dear to all of our hearts. Eve Maler, she's the VP Innovation and Emerging Technology for ForgeRock. Welcome. >> Thank you so much. >> Absolutely. So for people who aren't familiar with ForgeRock, give us a little background on the company. >> Sure. So, of course, the digital journey for every customer and consumer and patient and citizen in the world is so important because trust is important. And so what ForgeRock is about is about creating that seamless digital identity journey throughout cloud, mobile, internet of things, devices, across all of their experiences in a trustworthy and secure way. >> So one of the topics that we had down and getting ready for this was OAuth. >> Yes. >> And as the proliferation of SAS applications continues to grow both within our home life as well as our work life, we have these pesky things called passwords which no one can remember and they force you to change all the time. So along comes OAuth. >> Yes. So OAuth is one of those technologies... I'm kind of a standards wonk. I actually had a hand in creating XML for those people who remember XML. >> Jeff: That's right. >> OAuth took a tact of saying, "Let's get rid of what's called the password anti-pattern. "Let's not give out our passwords to third party services and applications so that we can just give those applications what's called an access token. Instead it's meant just for that application. In fact, Twitter... We're heard at Twitter headquarters. Twitter uses that OAuth technology. And I'm involved in a standard, being a standards wonk, that builds on top of OAuth called user managed access. And it uses this so that we can share access with applications in the same way. And we can share access also with other people using applications. So for example, the same way we hit a share button in Google, Alice hits a share button to share access with a document with Bob. We want to allow every application in the world to be able to do that, not just GoogleDocs, GoogleSheets, and so on. So OAuth is powerful and user managed access is powerful for privacy in the same way. >> Now there's OAuth and I use my Twitter OAuth all the time. Or with Google. >> That's right. >> And then there's these other kind of third party tools which add kind of another layer. >> So you might use like tweetbot is something I like to use on my phone to tweet. >> Jeff: Right, right. >> And so there's... >> Well there's the tweetbot. But then there's these pure, like identity password manager applications which you know you load it into there and then... >> LastPass or something like that. >> Right, right, right. >> One password people use yeah >> To me it's just like wow, that just seems like it's adding another layer. And if oh my gosh, if I forget the LastPass password, I'm really in bad shape. >> You are. >> Not just the one application, but a whole bunch. I mean, how do you see the space kind of evolving to where we got to now? And how is it going to change going forward? It just fascinates me that you still have passwords when our phones have fingerprint. >> TouchID. >> Why can't it just work off my finger? >> More and more, SAS services and applications are actually becoming more sensitive to multifactor authentication, strong authentication, what we at ForgeRock would actually call contextual authentication and that's a great way to go. So they're leveraging things like TouchID, like device fingerprint, for example. Recognizing that the devices kind of represents you and your unique way of using the device. And in that way, we can start to do things like what's called a password list flow. Where it can, most of the time, or all of the time, actually not even use a password. And so, I don't know, I used to be an industry analyst and 75 percent of my conversations with folks like you would be about passwords. And more frequently, I would say now, we're getting into the topic of people are more password savvy and more of the time people are turning on things like multifactor authentication and more of that it knows the context that I'm using my corporate WiFi which is safer. Or I'm using a familiar device. And that means I don't have to use the password as often. So that's contextual authentication. Meaning I don't have to use that insecure password so often. >> Jeff: Right. >> So I think the world has gotten actually a little bit smarter about authentication. I'm hoping. And actually, technologies like OAuth and the things that are based on OAuth like OpenIDConnect which is an identity technology, a modern identity, federated identity technology. And things like user managed access are leveraging the fact that OAuth is getting away from having to use, if it was a password based authentication, not flinging the password around the internet, which is the problem. >> Right, right. Okay so that's good, that's getting better, but now we have this new thing. Internet of things. >> Yes indeed. >> And people are things. But now we've got connected devices, they're not necessarily ones that I purchased, that I authorized, that I even maybe am aware of. >> Like a beacon on a wall, just observing you. >> Like a beacon on a wall and sensors, and the proliferation is just now really starting to run. So from a privacy point of view, how does kind of IOT that I'm not directly involved with compare to IOT with my Alexa compare to applications that I'm actively participating in. How do those lines start to blur? And how does the privacy issues kind of spill over now into managing this wild world of IOT? >> Yeah, there's a couple of threads with the Internet of Things. And so I'm here today at this Data Privacy Day Event to participate on a panel about the IOT tipping point. And there's a couple of threads that are just really important. One is the security of these devices is in large part, a device identity theft problem with this dyn attack. In fact, that was an identity theft problem of devices. We had poorly authenticated devices. We had devices that have identities they have identities, they have identifiers, and they have secrets. And it was a matter of their own passwords being easily taken over. It was account takeovers, essentially for devices, that was the problem. And that's something we have to be aware of. So, you know, just like applications and services can have identities, just like people, we've always known that. It's something our platform can handle. We need to authenticate our devices better and that's something manufacturers have to take responsibility for. >> Jeff: Right. >> And we can see the government agencies starting to crack down on that which is a really good thing. The second thing is there's a saying in the healthcare world for people who are working on patient privacy rights, for example. And the saying is, no data about me without me. So there's got to be a kind of a pressure, you know we see whenever there's a front page news article about the latest password breach. We don't actually see so many password breaches anymore as we see this multifactor authentication come in to play. So that's the industry pressures coming in to play. Where passwords become less important because we have multifactor. We're starting to see consumer pressure say I want to be a part of this. I want you to tell me what you shared. I want more transparency, and I want more control. And that's got to be part of the equation now when it comes to these devices. It's got to be not just more transparent, but what is it you're sharing about me? >> Jeff: Right. >> Last year I actually bought, maybe this is TMI, I always have this habit of sharing too much information, >> That's okay, we're on theCUBE we like >> Being honest here. >> To go places other companies don't go. >> I bought one of those adjustable beds that actually has an air pump that... >> What's your number? Your sleep number. >> It is, it's a Sleep Number bed and it has a feature that connects to an app that tells you how well you slept. You look at the terms and conditions and it says we own your biometric data, we are free to do whatever we want. >> Where did you even find the terms and conditions? >> They're right there on the app, to use the app. >> Oh in the app, in the app. >> You have to say yes. >> So you actually read before just clicking on the box. >> Hey, I'm a privacy pro, I've got to. >> Right, right, right. >> And of course, I saw this, and to use the feature, you have to opt in. >> Right. >> This is the way it is. There's no choice, and they probably got some lawyer... This is the risk management view of privacy. It's no longer tenable to have just a risk management view because the most strategic and the most robust way to see your relationship with your customers is you have to realize there's two sides to the bargain because businesses are commoditized now. There's low switching costs to almost anything. I mean, I bought a bed, but I don't have to have that feature. >> Do you think, do you think they'll break it up? So you want the bed, you're using a FitBit or something else to tell you whether you got a good night's sleep or not. Do you see businesses starting to kind of break up the units of information that they're taking and can they deliver an experience based on a fragmented selection? >> I do believe so. So, user managed access and certain technologies like it, standards like it, there's a standard called consent receipts. They're based on a premise of being able to now deliver convenient control to users. There's even, so there's regulations that are coming like the general data protection regulation in the EU. It's bearing down on pretty much every multinational, every global enterprise that monitors or sells to an EU citizen. That's pretty much every enterprise. >> Jeff: Right, right. >> That demands that individuals get some measure of the ability to withdraw consent in a convenient fashion. So we've got to have consent tech that measures up to the policy that these >> Right. >> organizations have to have. So this is coming whether we sort of like it or not. But we should have a robust and strategic way of exposing to these people the kind of control that they want anyway. >> Jeff: Right. >> They all tell us they want it. So in essence, personal data is becoming a joint asset. We have to conceive of this that way. >> So that's in your... So that's in your sleep app, but what about the traffic cameras and the public facility? >> Yeah. >> I mean, they say in London right you're basically on camera all the time. I don't know if that's fact or not, but clearly there's a lot >> That's true, CCTV, yeah. Of cameras that are tracking your movements. You don't get a chance to opt in or out. >> That is actually true, that's a tough case. >> You don't know. >> The class of... Yeah. The class of beacons. >> And security, right. Obviously, post 9/11 world, that's usually the justification for we want to make sure something bad doesn't happen again. We want to keep track. >> Yeah. >> So how does kind of the government's role in that play? And even in the government, then you have you know all these different agencies, whether it's the traffic agency or even just a traffic camera that maybe KCBS puts up to keep track of you know, it says slow down >> Yeah. >> Between two exits. How does that play into this conversation? >> Yeah, where you don't have an identified individual. And not even an identifiable individual, these are actually terms if you look at GDPR, which I've read closely. It is a tougher case, although I have worked... One of the members of my user managed access working group is one of the sort of experts on UK CCTV stuff. And it is a very big challenge to figure out. And governments do have a special duty of care to figure this out. And so the toughest cases are when you have beacons that just observe passively. Especially because the incentives are such that, I will grant you, the incentives are such that, well how do they go and identify somebody who's hard to identify and then go inform them and be transparent about what they're doing. >> Jeff: Right, right. >> So in those cases, even heuristically identifying somebody is very, very tough. However, there is a case where eye beacons in, say, retail stores do have a very high incentive to identify their consumers and their retail customers. >> Right. >> And in those cases, the incentives flip in the other direction towards transparency and reaching out to the customer. >> Yeah. The tech of these things of someone who I will not name, recently got a drive through red light ticket. >> Yep. >> And the clarity of the images that came in that piece of paper that I saw was unbelievable. >> Yes. >> So I mean, if you're using any kind of monitoring equipment, the ability to identify is pretty much there. >> Now we have cases... So this just happened, actually I'm not going to say, do I say it was to me or to my husband? It was in a non-smart car in a non-smart circumstance where simply a red light camera that takes a picture of an identified car, so you've got a license plate and that binds it to a registered owner of a car. >> Right. >> Now I have a car that's registered in the name of a trust. They didn't get a picture of the driver. They got a picture of the car. So now here we can talk about, let's translate that from a dumb car circumstance, registered to a trust, not to an individual, they sent us what amounted to a parking ticket. Cause they couldn't identify the driver. So now that gives us an opportunity to map that to an IOT circumstance. Because if you've got a smart device. You've got a person, you've got a cloud account. What you need to do is the ability to, in responsible secured fashion, bind a smart device to a person and their cloud account. And the ability to unbind. So now we're back to having an identity centric architecture for security and privacy that knows how to... I'll give you a concrete example, let's say you've got a fleet vehicle in a police department. You assign it to whatever cop on the beat. And at the end of their shift, you assign the car to another cop. What happens on one shift and what happens on another shift is a completely different matter. And it's a smart car, maybe it's a cop who has a uniform with some sort of camera, you know body cam. That's another smart device, and those body cams also get reassigned. So you want whatever was recorded, in the car, on the body cam, with the cop, and with their whatever online account it is, you want the data to go with the cop, only when the cop is using the smart devices that they've been assigned and you want the data for somebody else to go with the somebody else. So in these cases, the binding of identities and the unbinding of identities is critical to the privacy of that police person. >> Jeff: Right, right. >> And to the integrity of the data. So this is why I think of identity centric security and privacy as being so important. And we actually say, at ForgeRock, we say identity relationship management is being so key. >> And whether you use it or not, it is really kind of after the fact of being able to effectively tie the two together. >> You have to look at the relationships in order to know whether it's viable to associate the police person's identity with the car identity. Did something happen to the car on the shift? Did something through the view of the camera on the shift? >> Right, right. And all this is underlaid by trust, which has come up in a number of these interviews today. And unfortunately we're in a situation now if you read all the surveys. And the government particularly, these are kind of the more crazy cases cause businesses can choose to or not to and they've got a relationship with the customer. But on the government side, where there's really no choice, right, they're there. Right now, I think we're at a low point on the trust factor. >> Indeed. >> So how is that, and if you don't trust, then these things are seen as really bad as opposed to if you do trust and then maybe they're just inconvenient or they're not quite worked out all the way. So as this trust changes and fake news and all this other stuff going on right now, how is that impacting the implementation of these technologies? >> Well ask me if I said yes to the terms and conditions. (laughter) Of the sleep app, right. I mean I said yes, I said yes. And I didn't even ask for the app, you know my husband signed up for the free trial. >> Just showed up on my phone. Cause I was in proximity >> I said this one on stage >> to the bed, right? >> at RSA so this is not news. I'm not breaking news here. But you know, consumers want the features, they want convenience, they want value. So it's unreasonable, I believe to simply mount an education campaign and thereby change the world. I do think it's good to have general awareness of what to demand and that's why I say no data about me without me. That's what people should be demanding is to be let in to the loop. Because that gives them more convenience and value. >> Right. >> They want share buttons. I mean, we saw that with the initial introduction of CareKit with Apple. Because that enabled what, people who are involved in user managed access, we call ourselves Umanitarians. So umanitarians like to say, like to call it Alice to Bob sharing, that's the use case. >> Jeff: Okay. >> And it enabled Alice to Dr. Bob sharing. That's a real use case. And IOT kind of made real that use case. When web and mobile and API, I don't think we thought about it so much as a positive use case, although in healthcare it's been a very real thing with EHR. You know you can go into your EHR system and you can see it, you can share with a spouse your allergy record or something, it's there. >> Right, right, right. >> But with IOT, it's a really positive thing. I've talked to folks in my day job about sharing access to a connected car to a remote user. You know, we've seen the experiments with let somebody deliver a package into the trunk of my car, but not get access to driving the car. These are real. That's better than saving >> I've heard that one actually >> Saving a little money by having smart light bulbs is not as good as you've got an Airbnb renter and you want to share limited access to all your stuff while you're away with your renter and then shut down access after you leave, that's an uma use case, actually. And that's good stuff. I could make money. >> Jeff: Right. >> Off of sharing that way. That's convenience and value. >> It's only, I just heard the other day that Airbnb is renting a million rooms a night. >> There you go. >> So not insignificant. >> So once you've have... You have a home that's bristling with smart stuff, you know. That's when it really makes sense to have a share button on all that stuff. It's not just data you're sharing. >> Well Eve, we could go on and on and on. >> Apparently. >> Are you going to be at RSA in a couple of weeks? >> Absolutely. >> Absolutely. >> I'm actually speaking about consent management. >> Alright, well maybe we'll see you there. >> That would be great. >> But I want to thank you for stopping by. >> It's a pleasure. >> And I really enjoyed the conversation. >> Me too, thanks. >> Alright, she's Eve, I'm Jeff, you're watching theCUBE. We'll catch you next time, thanks for watching. (upbeat music)

>> Narrator: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is theCUBE conversation. >> Hey, welcome back everybody. Jeff Frick here with theCUBE, we're in our Palo Alto studios, the COVID crisis continues. Luckily we've got the ability to interview guests from remote and so we're excited to have this next guest. There's a lot of activity going on around equality and gender diversity, Black Lives Matter, and it feels like it really does feel like there's kind of a step function in moving this along. And there's a lot of groups out there that are trying to take a very active role, and one of the things they're trying to do is help women get on more corporate board seats, more representation, and we're really excited to have our next guest. Who's really taking a slightly different approach, a new approach to this, and we're happy to be joined by Rita Scroggin. She is the founder of FirstBoard.io, and she's also the Practice Director, Executive Group at Triad Group. So Rita, great to see you. >> Thank you very much, Jeff, for having me, I'm super excited to be here and to share the story about FirstBoard.io, what we're doing and how hopefully that will change the world just a little bit. >> That's great. Well, the way that this came about is I was on LinkedIn, I'm on LinkedIn all the time, and all of a sudden this big picture hit my feed and a ton of familiar faces. I think that's what it is four by eight. And I see Abby Kearns, Dao Jensen, Eve Maler, Wendy Perilli, Jocelyn is in there Syamla in there. And I thought, wow, I know a bunch of these women, and I'm always happy to promote the women in theCUBE alumni. And I reached out and I think it was Wendy said, "Hey, this is... She said, "I'm a founding member of this thing called FirstBoard.io. And I (indistinct) and she said, we got to talk to Rita. So it was great to meet you. And this is a new organization. I think you said you started at the very beginning of this year. >> Yeah. >> Why? Let's get kind of to the origin story. >> Yeah. >> What gave you the idea? Why did you think that this was something that needed to be done? And what caused you to actually take the leap of faith and start FirstBoard? >> Yeah, very good question. So in the fall of 2019, I did an event in partnership with K&L Gates and it was about how to get on board, and it wasn't gender specific, but I invited a lot of women from my network, and through K&L Gates, there was a speaker on the panel, Cheryl Bolton, who is now a supporter of FirstBoard.io. And we spoke after the panel discussion, so I was the moderator, and she said, "Do you place people or women specifically, "on private company boards? I said, I do now let's have a conversation about that. So we talked some more and we kind of felt like there's really a need for companies to diversify their boards, particularly private tech companies. And so then I thought about more about the idea. I reached out to a few women in my network and I said, hey, I have this idea. I'm thinking about starting an initiative around this topic, would you be interested in being part of it? And a lot of the women who I reached out to said, I'd love the idea, I would love to get involved. So that was really the origin, then we met, we had a little sort of social get together in, I think it was early December in Palo Alto. And then we said, let's launch officially in January, which we did. So in January we had our first and only in-person meeting, the idea initially was that we would meet every quarter in person. So it would be very localized to Silicon Valley and then COVID happened and everything changed. And we are now meeting via Zoom every six to eight weeks. We have members who are in different locations, most of our members are on Silicon Valley, but we also have a member in New York, in Seattle, in Dallas, and I might forget a location, but we're a little bit more distributed right now. And so that is where we are today. >> So you've done it a little bit different. You've got this group of women, there's 32 women in that picture, the founding members. And so you're taking almost like a cohort approach, a group approach. Why that approach? What did you see that wanted you to go that way, versus doing individual searches for individual companies, looking for individual kind of board members. Why the group approach? What type of dynamic does that introduce? How do the women leverage one another inside of this structure? >> Yeah, that's a good question. That's really the idea. The idea is that we work together collaboratively and that we leverage each other's networks. We raise each other's platform. I might know 10 or 15 or whatever, decision makers let's say VCs, CEOs, but the next member might know an equal number or more or less. So what I was thinking is if we leverage each other's network, we exponentially grow our network and we exponentially grow our visibility. So our focus right now is to really raise the profile of FirstBoard.io and the profile of each member of the group. So it it's fundamentally different, 'cause we're working together, kind of almost like a company that can accelerate where if we have a success, it's everybody's success. Because it raises the profile of everybody else. >> Right. >> So that's the idea, which is different than a networking organization, where you are an unknown member. And we're trying to make this in a different way. >> Right, right. And is the goal, within all the women that have joined, the founding members for all of them to get on a board, I mean, is that all of them are >> That's the goal. qualified people to be on a proper board. >> Yeah, that is the goal, that's the idea, we may not accomplish that in the first round because this is a problem that's been going on for a long time, but we're getting close to our first board placement. So that's I think initial great success. And we're working on a number of initiatives right now to raise the profile. We're doing a video interview with all our supporters. We are creating a campaign, how to reach out to CEOs and VCs. So we're working on a number of things right now behind the background to really target our audience, and our audience is specific to the tech world. So we're focusing really on private tech companies and we're focusing on our decision makers within those organizations. So whether it's the investor, the private equity, growth equity, or venture capital community, or the CEO or other board members for that matter, who may be aware that there's an opening and we're trying to tap into those as well. >> Right, right. So you've mentioned Silicon Valley, VCs and private equity a couple of times. So is the focus more in kind of that ecosystem that we're familiar with here in Silicon Valley with more private, kind of private and growth opportunities, or are you also just fully looking for large, regular public companies as well? >> We wouldn't turn down a public company opportunity, but none of our members have been on a board so far. And I think it's probably more realistic that, the first board position might be at a private tech company where the operating experience is particularly valuable. So that's our primary focus in terms of reaching out of the old But if a public company would come our way and say, we absolutely would love to talk to some of your members, of course we wouldn't turn that down. >> Jeff: Right. >> But actively we are going after private tech companies, and they can be located anywhere, so it's not specific this to Silicon Valley, of course a lot of tech companies are clustered there or here, but it could also be company in New York, or Boston, or wherever, but the focus is really on tech versus a broader focus of any kind of company. >> Right, right. So when you're working with these women who've never been on a board, what do you find is kind of the biggest gap that they need to fill, whether that's a real gap or perceived gap in their either skillsets or experience or whatever, to kind of make the jump and get into one of these board seats. Is it in any particular skill, any particular kind of point of view, what are the types of things that you do as a group to help them be better received, I guess, for the opportunities? >> Yeah. What we don't do is we don't really a training program or prep here. There are other organizations who do that, I think we do a very, very good job. Some of our members are part of other organizations as well. So what we're thinking more is the company oftentimes has, in a certain growth stage, has a gap in some form. And in looking at board opportunities, I think it's important to identify where's that gap, maybe it's go to market, or maybe it is a certain technical expertise, and match them up with the experience of our founding members. So we don't have a program to prepare women, we're more focused on... Okay, we're assuming you're prepared, that might be various degrees, and we're just trying to match kind of the operating expertise to the gap on a fully independent board member at any given company. >> Right, right I think we talked before we turned on the cameras, the three things you said you focus on really is, is operational expertise, skill experience, as well as domain expertise. >> Yeah. >> And so you're really trying to kind of map against a gap that the company has against a skillset that one of the members has. >> Yeah. So far I've sort of facilitated three different board opportunities and two of them, what they had in common, that the company was looking for somebody who really had domain expertise with the audience they were looking at, and who understood the buyer, and who had deep expertise in what to market strategies, developing them. So that's one example, right. And the other company, the third one was looking for somebody who had connections in the space who really understood that particular domain. And so it all depends, and I think it also depends on what stage the company's in. And I think the further along the company is, the more it's about governance and regulations. And earlier on, it's really filling a certain gap on the leadership team. >> Right. >> In the private equity world is also very interesting to us because oftentimes there's a timeline and there are certain growth objectives the company wants to reach. And that's a great opportunity, I think, for FirstBoard to bring in a founding member with that particular operating expertise. >> Right, right. So I'm curious, that's a great segue into kind of the customer side, if you will, the people that are looking for board members. Have you seen over the last several months or years, I'll open it up, kind of a shift in terms of people a, just kind of accepting that there are going to be more women and people of color on the board, but also more of kind of an active search and a more kind of progressive goal to make sure that they do increase the diversity on their boards, whether that be for women or people of color or whatever, just to bring more diversity. Have you seen a shift in your customer base, in terms of they're really focused on prioritization on that? >> Well, I think it's certainly on people's mind and I think now more so than ever with the recent changes and sort of uprising of Black Lives Matter, but I wouldn't say that has really transferred over into real meaningful diversity on boards. I think we still have a long, long way to go, and there's an organization, Him For Her, and I think it was the Calyx Management Institute, they did a study last year and they found that privately, heavily funded companies, 60% of those don't have a single woman on the board. And I think women in general held about 7% of board seats at these companies. So I think there's still a long way to go, but I think it's very important that in the future, a larger proportion of the population is reflected in the boards. Right? So whether it's women, women of color, people of color, so everybody should be part of the leadership team on the board level and on the leadership level. And I think that has become certainly more of a topic, I think, especially for large companies. And I think startups are now recognizing that it's important for them too, especially if they want to be perceived as a company, which has fair and equal values. >> Right. Right. So given that kind of landscape, if you will, what are kind of the expectations that you have with this founding member group? And I presume there'll be other groups in the future once these people all find a great board seat and are doing their thing, kind of, is it a really tough road ahead? Do you see that it's really not that tough on maybe in the macro level, but on the micro level there are some real opportunities, how are you as a group of 32 founding members trying to take this Hill, if you will, against pretty tough odds actually. >> But I think we're going to take it one step at a time. We already did a press release, we have a website, we have some visibility on LinkedIn and we already have been able to curate three different board conversations. So I think step by step, I think we will become more visible. I think we will be more known. We will have more opportunities to introduce founding members, this current cohort and future cohorts. And through that, I think we will make progress. So I'm very optimistic that we can make a difference, that we can get more women on boards. And once the founding members have joined a board, the plan is to launch a group where basically we create a peer group, which will then mentor and support the next cohort. And we also have an amazing group of supporters and partners already. We have Steve Singh from Madrona Ventures. We have Rohini from NGP Capital, and we're always looking for more partners and supporters. I'm not going list everybody right now, but I'm very proud about that we have partners and supporters who bought into the mission and who are helping us accomplish the mission. So I feel very optimistic that we will be able to move the needle. >> Jeff: Yeah. >> It might be at slower pace, but it was still the making a difference. >> Right. Right. Well, the hundredth anniversary of women getting the vote is coming up here in a couple of weeks. Right. And that took a long time to get done, So this stuff it does not happen easily. It does not happen overnight. But I would think certainly too with the increasing number of women in VC roles, as partners, and are also getting on board seats that hopefully that the things are starting to fall in the right direction. And hopefully with each progressive placement is a little bit easier than the one before. So Rita it's great to meet you, everyone I talked to you about you is so excited about the work that you're doing and what you're doing with FirstBoard. >> Thank you. >> I want to give you kind of the last word before we sign off, how should people learn more? How can people support the cause? How should people get involved, so that they can move the needle. >> That's great. Thank you. Get in touch with us on, if you go to the website FirstBoard.io, there is a way to partner with us, there's a link to partner with us, there's a link if you are interested in joining the future cohort. Please contact me and I will respond. And we would love to talk to companies, who are thinking about diversifying their board, we would love to talk to VCs for whom this is important. So please get in touch, and we'll figure out how to change the world together. >> Right And, oh by the way, most studies show you get better business outcomes, right. With diversity of opinion, diversity of points of view. So it's not only the right thing to do, it's also very good business. >> And I think the next decade we are ready for change. I think the society, I think is ready for change. And I think how companies run and are operated, I think people are ready for a change too. So I think the timing is really, really right. And I think we can make it happen. >> Great. Well, Rita, thank you again for taking a few minutes >> Thank you >> and telling your story and joining us on theCUBE. >> Thank you very much. It was pressure of Jeff and I look forward to talk again. >> Yeah. Maybe in person after we get through all this COVID madness. >> Maybe in person, yeah. >> All right. Well, thanks again, Rita. >> Rita: Thank you very much. >> All right She's Rita, I'm Jeff. You're watching theCUBE. Thanks for watching. We'll see you next time. (soft music)