>>Hello, and welcome to the cube conversation here in Palo Alto, California. I'm John furier host of the cube. We got a great guest, a chief information security officer CISO, Alex Shukman who's with Colgate Paul mall of company, Alex. Thanks for coming on this cube conversation. >>Thanks for having me, >>John. So fresh off the heels of RSA in San Francisco was quite the spectacle people back in person. Um, a lot of great conversations, kind of the old conversations, moving to the new, uh, really good to see, but CISO, the CISO agenda was clear on everyone's mind, more attacks, no surface area. Perimeter's dead. You got cloud native shift left, SBOs open sourced, supply chain and technology. Uh, software's now open source. How do you deal with that? A lot of complicated issues all through the prism of constantly being hacked with ransomware, everything else going on, you're in the middle of it. You gotta protect manufacturing assets, people, assets, intellectual property, you're in the middle of it. What's, what's the view. What's your current scope, the problem that you're dealing with every day. >>Yeah, it's really interesting world we live in today. Um, and, and definitely, uh, you know, the key topics were jumping around in RSA. Um, you know, everyone seems to be really trying to understand the, the environment better. And, you know, I, I think in the past we saw a lot of attacks against financial sector, a a lot of, of tax against critical infrastructure, but now many of us in the private sector, uh, especially in the non-critical manufacturing areas, you know, we're seeing the same thing that those industries have seen for many years. And so the criminals are getting, you know, less picky about their targets and, and they're targeting, uh, publicly traded companies, as much as they're targeting critical infrastructure. They're not as, uh, picky as they used to be. >>Yeah. You know, you see healthcare, financial services, uh, manufacturing, um, all there, intellectual, property's a big one, but you have, you know, now as you guys have your business, you're dealing with a global, um, borderless environment. You know, that's a big thing. You also have service providers probably work with. So you gotta have the business operations run modern in a modern way at the same time, protect in the modern way. What is the top agenda item for you in your sector, in, in manufacturing, in this area? What's the main high level, um, important task that you usually face every day? >>Yeah. When we talk to a lot of our, our peer companies or peers in the security industry, uh, especially in, in, at RSA, you know, a lot of 'em are very focused on their, their us business, a as well as you know, how to protect themselves. You know, I think one of the things that's really interesting about FGI Pala is that we are a global company and we really do have operations everywhere, uh, both from an, an office presence, a business presence, as well as manufacturing. So, you know, everything that, that those companies have to deal with who are primarily us based, and maybe they're aligning with some us intelligence, uh, we have to, to really incorporate global threats into our security program. Uh, and, and I think that's one of the really interesting things about Colgate, especially for people, uh, maybe who are familiar with our products, cuz they grew up using them. Mm-hmm <affirmative>, uh, you know, we have products, uh, all over the world and depending on which area you're in, you know, we are the one security team who's responsible for protecting the entire Colgate world. >>How has the pandemic pulled forward issues or highlighted more necessity around certain areas? Obviously the work from home thing is pretty obvious for many people and who would've thought you'd have to provision a hundred percent VPNs or whatever endpoint protection. Um, what, how has that affected you, your, your area, your company and your sector, um, how has the pandemic impacted your security? >>Yeah, and I think this is a really interesting topic. You've I I've heard many other people, uh, talk about their response to the COVID 19 pandemic over the last few years. Um, you know, I, I think the, the, the best way to answer it from, from my personal perspective is if, if you were prepared for remote work or you were prepared for a partially remote workforce, then you really could have been very prepared for the pandemic. So even prior to the pandemic, you had people traveling on business and you needed to provide system access, but in a secure way, you had people doing short term assignments, you had a remote sales force and you had a number of different, especially being a global company, uh, people working out of an office, that's not their traditional office. Mm-hmm <affirmative>. If, if you look at all the security prepared, preparedness that you need to do to enable all that, it's not that much different than the pandemic, except that it's really on steroids and it's gone a hundred times further. >>It makes everyone work harder. Yeah. You have to prepare for the a hundred percent scenario, not, you know, not some, uh, um, estimate, um, good, good call out. And the other thing too, is that there's also these, these markets where it gets pulled forward, but then pulls back when the pandemic is over. Have you seen any of that as we kind of come into our third year of, I guess, hybrid being steady state, what has kind of gone away, fell off the plate? What's been, what's the steady state. How do you, have you seen anything kind of go back? >>Yeah, I, I think one of the things that kind of seems to ping pong back and forth is, is our ability to really rely on suppliers to, to deliver it equipment. So, you know, being a, a global company we're, we have employees all over the world, we have it infrastructure that we're supporting across the globe. And, and as you see, different countries go into lockdowns, as you see different suppliers faced with, with different pressures, you know, that seems to be something that kind of ebbs and flows over the last few years, uh, being able to get laptops, being able to get multiple devices, being able to get communications equipment. So, um, you know, I think some of those industries are still trying to evolve, uh, post pandemic. Right. >>You know, I always, I always like to ask the question privately, but I won't do it on camera, how much budget you have and how much you spend on cyber. Um, but you know, generally speaking, I think it's pretty safe to say the number's going up and up, um, cuz of the threats and you got more vectors coming in, but on the question of what tools and platforms work best for you, what are you looking for? What works best from your perspective, as you evaluate new things, right? You gotta look at the new, then you gotta keep up with the state of the art to, to be ahead of the bad guys and obvious you take risk management very seriously, as well as prepare. Right. So what are some of the tools that work for you? What do you see out there that that's getting your attention? >>Yeah, you know, I, I look at a lot of different vendor solutions. I think, uh, that's pretty prevalent in our industry. I look for solutions from large names, suppliers that have been around for a number of years, but I also like to, to look at startup companies who are really trying to innovate and, and make a solution, that number one is easy to implement. And number two is, is easy to keep working. If, if we're spending more time keeping a solution working than we are using the solution. I think that's one of the pain points that than other security, uh, programs are, are fighting with. You know, we try to really avoid those types of solutions, put something in, make sure that it works well so that we can really focus on getting the value out of the solution versus trying to keep it running. >>You know, the old SAS equation, helping the enterprise get better at the old enterprise playbook, which was how do you solve complexity by adding more complexity and, you know, lock in or, you know, <laugh> more costs, hidden costs under the water, so to speak or the shark fan or the iceberg, uh, cost of ownership. I mean, so it's a time to value shift, um, cuz your time's valuable and you've got staff and the hiring's not easy. This is a huge point. >>Yeah. We're a manufacturing organization. Obviously our, our goal as a company is to produce, to sell to consumers. You know, it is a cost center. We're trying to be as efficient as possible yet still support our business and keep it safe. So, uh, if we're investing in a security solution or if we're investing in, in a, a vendor solution that that does provide some layer of protection, you know, we wanna make sure that that's efficient as possible for us and, and that we get value out of it immediately. Uh, you know, that's always the, the hardest thing to try to find a solution that, that fits your business, but also delivers value to your organization. >>You know, it's interesting, you mention it as a cost center and you're talking about cyber security, which is the, the jewels of the company. You're talking about the criticality of the business model. One hat could really take down companies. So you, you it's really offense you're it's profit center in inherently. If you look at it that way. Um, and a lot of people are looking at this this way because you're a private company, you're not a government, you don't have a militia, you got cyber protection issues. So there's a real trend for CISOs to come together. And we're seeing this, uh, about sharing for instance, you know, sharing a threat information. So there's been a big movement in the CISO community. Uh, and I'm curious to get your reaction to this and what your conversations are, where sharing is really about collective intelligence and winning and ex and helping each other. And there's this, it's a, it's a, it's an enable user enablement, a CISO enablement kind of vibe. How do you have those conversations? What is, uh, when you huddle with your CISO buddies and friends and colleagues, what's the conversations like, is this sharing thing real is how do you do it effectively? Is it data rooms? Is it, how do you protect the information? Can you share your perspective on that? Cause this is a kind of a real cutting edge area right now. >>Yeah, I think in the, in the public sector, especially in, in, uh, in the government side, as well as critical manufacturing, critical infrastructure, you know, they really do it best in class and have done it for years out, out of necessity. Uh, what's really nice to see, especially on CS a and some of the latest initiatives like shields up is, is a lot more public private sharing going on. There's a lot more information available to us as a private company. Who's not part of, of the DIB or any of the intelligence community, but at the same time, we need to protect ourselves from the bad guys as much as they do. So, you know, I like the fact that that we're seeing CS a do more and more outreach to connect public and private sector, plus there's more and more sharing initiatives going on in the ISAC communities and making sure that barrier is low and, and they're, they're sharing, uh, threat Intel IOCs, but in a safe way among a, a community of security practitioners, security practitioners are, are great at sharing. They just need the permission to do so. >>Exactly. And then getting that, getting that mindset of, we're not just a cost setter, we're a critical division or group that protects the assets. And I think that's where I seen security elevate from the it world where yeah, King's born in it, cuz that's where that, where everything is, assets are all there. And then as assets change it, you guys have a lot of operational technology called OT on your manufacturing. You gotta deal with that. Now that's usually locked down. Pretty good. Right. <laugh> so as you bring OT and it together, you guys are in the middle of that industrial I OT world. >>Yeah. What's really interesting about my, uh, career at Colgate. I I've been here for, for 25 years and uh, actually the majority of my career has been in it supporting business applications, uh, either for our sales force or our manufacturing organization, our finance and HR teams. So I really got a, a good partnership with our business teams and really understood what they were trying to deliver. Then in the last few years, when I shifted over security, it really helped me bridge that gap and understand, you know, what the business systems are doing, what the OT systems are doing and then how to best secure them. >>Yeah, it's interesting. It's it kind of goes away. It's everything now it's digital, right? Digital digitization, digital transformation. This is what what's awesome. And this is what I love about the cloud scale and it's about bringing the two worlds together and the hybrid is a steady state. Now, both workforce and environment, Alex. Great to get your perspective. Um, thanks for sharing, um, insight here on the cube. Final question, give a plug for what you're working on. What's the cool projects you got going. If you can share a little bit without getting confidential information out there, what's going on at Colgate? Uh what's on your plate. What are you excited about? Put a plug. Are you looking for hiring, give a quick plug for what you got working on? >>I mean, we have a great team. Uh, we've been growing the team steadily, uh, building out our, our security program. Uh, you know, we're always looking to hire new talent, uh, from different industries. Uh, we've been very focused on making sure that that we're building a diverse talent group inside my security program. So I'm not just looking for, uh, security practitioners. Who've been doing this for 25 years, but I've been hiring from various places like, uh, infrastructure service provider consultants, pen testers, and really trying to build, uh, uh, the best team possible. >>Yeah, just as a side to real quick note is I was chatting with a friend of mine the other day were old, old Foggie. Um, the young guns have never racked gear before. Right. They don't, they've never loaded Linux on a box. So, you know, as you start hiring some of the young talent, what's it like, what are they coming in? Obviously they probably probably have a broader CS perspective. Maybe they're probably more familiar, but you know, some of the different really rack gear all. So what is it like, what, what are some of the new, new, new young folks looking at right now? What's the, what's the skill. >>Yeah, they they're, they're used to cloud consoles and right clicking to, uh, to spin up a computer. And in an our day we unboxed the computer, put racks on, you know, had to plug in power and network and figure out, uh, you know, the right way to, to, to hook everything up and even load an OS. I mean, uh, you know, you're right out of, uh, university today, you, you probably right. Click spin up a, uh, an image in, in one of the public clouds and the OS boom comes up automatically for you, like imagine. So they >>Probably are like fish to water on the, on the dashboards and the, on some of the security challenges I can imagine they have a nice fit there, >>But at the same time, uh, you know, they have a great understanding of, uh, containers. They have a great understanding of server list. So you can really, uh, kind of marry the, the old school technology with some of the new ways of working. >>Yeah. Great stuff. Great. We'll have to do a segment on, uh, on talent and what the new roles are. A lot of openings, a lot of new opportunities. It really is a great time to be in this new digital, I don't know what the call it's nearly not it anymore. It's just digital transformation. Uh, it's just, it's just the way it is. Thanks for coming on. Appreciate it, Alex. Thanks for your time. >>Thanks a lot, John. Okay. Take >>Care. Just a cube conversation here in Palo Alto. I'm John fur host of the cube. Thanks for watching.

>> Live from London, England, it's theCUBE. Covering .NEXT Conference Europe, 2018. Brought to you by Nutanix. >> Welcome back, I'm Stu Miniman, my cohost Joep Piscaer, and you're watching theCUBE here at Nutanix .NEXT, London, 2018. Happy to welcome back to the program the co-founder, CEO, and chairman of Nutanix, Dheeraj Pandey. Dheeraj, thanks so much. Congratulations on 3500 people here at the third annual European show, and thanks so much for having theCUBE. >> Thank you, my pleasure. >> All right. So, Dheeraj, first of all, you got a lot going on. Big company event here, last night you announced the Q1 2019 earnings. I guess, step back for a second. Nutanix is now, nine years since the founding, you've been public now for a little while, you got to be feeling good. The company's reached a certain size, very respected in the marketplace. So how are you and the team feeling? >> Yeah, well, I tell people that it's actually fun to be a public company. And obviously there is a cost to being a public company, because you're on a quarterly treadmill, in some sense. But Wall Street also keeps you honest. Just like Main Street keeps you honest on quality of product and customer service, Wall Street keeps you honest on spend and what does it really mean to grow at scale. So I like the fact that there is two good streets that are keeping the company honest. And it's really fun to think about capital allocation, one of the big things as you grow. I mean, you're going to spend more than a billion dollars this year alone. How do you allocate capital wisely is something that I think a lot about in (mumbles). >> Yeah. So, at this show, you kind of change some of the positioning of the portfolio. It's the Core, Essentials, and Enterprise, and right, that asset allocation, when I look at Essential, Xi Cloud, there's all these different pieces, some of them through acquisition, some of them created internally. You need to be careful that you don't over-commit, but when do you decide to kill stuff or keep it going, so you got a lot of plates to spin now, a lot more than you did a year or two ago. >> Yeah, absolutely, and it's not just product development. It's also marketing and sales and G&A. I mean, there's other departments we need to think hard about. Like, how do you create brand awareness for these new things? How do you do demand generation? How do you have a specialty sales force? All those things have to be considered, so, nine years, it's been a journey, but it still looks like it's nothing. And we're still a very small company, and we need to think hard about the next five years, in some sense. >> Yeah. So, one of the metrics you gave Wall Street to be able to look at is, what percentage of customers are using more than just the Core? So the Essentials or the Enterprise. And if I got it right, it's up to 19% from 15%, the quarter before. I wonder, is the packaging, how much of that is for Wall Street? Somebody cynically might look and be like, hey, is the Core market slowing down? And therefore you need to expand. We've all seen public companies that need to go into adjacencies, and shouldn't you stick to your knitting? You've got a great solid product with leadership in the marketplace. >> Yep, absolutely. Also, look, we are not bundling them in SKUs so we cannot force customers to actually buy them. We're not doing financial engineering of dollars, because these not SKUs or bundles. This is a journey which is mostly advisory, in some sense. This is how you should start, this is how you should go, and this is advisory for our sellers and our buyers and our channel people. Everybody needs to say, look, have the customer go through the journey. If you had to do what he just said, probably would've bundled them in SKUs and then allocated capital to one or the other. I think, to your other comment about just sticking to the core, Juniper stuck to the core. And many companies out there which just stayed as a single-box company, they stayed at the core. And eventually you realize the market has moved faster than your core itself. So there's this business school thinking, they call it the Icarus Effect. The Icarus Effect is all about, I'm so good at what I do that I can fly to the sun and nothing will happen. But you don't realize that Icarus, the wings were actually pasted using wax. And you go to the sun, and the sun actually melts the wax. So companies like FGI and SUN, Norca, many companies just stuck to one thing. And they couldn't evolve, actually. >> Obviously you're not sticking to the core alone, right? You're expanding the portfolio, I mean, you're not just an infrastructure company anymore. You do so much on top of the infrastructure on-prem. You have so many SAP services, so how do you manage the portfolio in terms of the customer journey? Because there's so much to tell to a customer. How do you sell it? How do you convince a customer to go from Core to Essentials to Enterprise? >> The most important thing is leverage. Is Essentials going to leverage Core, and is the Enterprise going to leverage Essentials and Core itself? Case in point, Files is completely built on top of Core. So every time somebody's using Files, they're also using Core. If you think about Flow, it uses AHV underneath. Frame, and case in point. When it's going to deliver desktops, it's going to use Files because every desktop needs a filer as well. And then when Frame delivers desktops on-prem, it's going to use all the Core. So the important thing is how they don't become disparate things, like they're all going in their own direction, is there a level of progressiveness where you say, well, if you're using the Enterprise features, a lot of them actually go in and drag in the Core as well as Essentials. So how do we build that progressive experience for the customer, where each of these layers are actually being utilized, is the important piece. >> Dheeraj, so, we're talking a lot about the expansion beyond the Core. But there was a pretty significant activity that your team did on Core itself. So the first time I heard about it, it basically said, we're doing an entire file system rewrite. Think of it almost as AoS 2.0. Now, from a product name, I believe it's 5.10, so I might have trouble remembering which release it was, but talk about what went involved in that. Obviously a lot has changed in the nine years since you created it, so. >> Absolutely. Yeah, yesterday in the earnings call I talked about it too, that people scoff at Core infrastructure. Like, oh, it's going to be a commodity because it's good enough infrastructure. But then I argue that there's no such thing as good enough infrastructure. And companies struggle when they don't focus on infrastructure itself. It's like food, shelter, clothing in the Maslow's hierarchy of needs. If you don't get that, then there's no point self-actualizing it. So, Core infrastructure completely destroys network insecurity. You got to get it right. I mean, look at Oracle, how it's struggling with IaaS. And look at Google, they're trying to figure out how to make it relevant for the Enterprise. Azure has like three or four different stacks for infrastructure. One for old 265, one for Azure DB, one for Azure, and now they're rewriting it for Azure itself. VMware has three different infrastructure stacks. One for three tier, where they are very happily, they're saying, look, let EMC, their NetApps actually are underneath, and Cisco's, and stuff like that. And then they have this software-defined infrastructure with commodity servers. And finally, they have VMware-enabled AWS which is going to use AWS services. So now you have three different forks of your core base, in some sense. And for us, what's important is how we use a single core base for everything. So architecture matters. I was arguing yesterday in the earnings call that good enough infrastructure is an oxymoron. You need to get core right before you can go and try to live the other layers of the Maslow's hierarchy of needs, actually. And that's why we went back and thought about, as the workloads were growing and increasing, and we had mission-critical stuff in memory databases, what do we need to really do about the way we lay out the data and lay out the metadata? So as you know, metadata is at the core of anything in systems, and especially storage systems. And the metadata of our erstwhile system was actually very completely distributed. And then we realized that some things can be local, and some things can be distributed, and that's better scale. Again, going back to this understanding of what things can be represented locally for a certain disk versus what things need to be global so that you can go and say, okay, where is this data really located? What drive? But once you go to the drive, you can actually get more metadata. So, again, you're getting more progressive scanning. So at the end of the day, our engineers are constantly thinking about performance and scalability, and how do you change the wings of the plane at 35,000 feet? It's a very big challenge. >> So that's one of the issues, right? So you're still focusing on your own infrastructure layer, right? But many customers do already have presence in a different hardware stack, or the public cloud, or some service provider. So not everything runs on your platform. So how are you planning to deliver the services ensemble to customers that don't necessarily run on AoS? >> So that's the multi-cloud journey, which is basically the enterprise journey of our customers. I said this yesterday in the earnings call as well, that all our services should be available both on-prem and off-prem. This idea of a VPC, that is multi-location, is what hybrid cloud is all about. So how do you get a virtual private cloud to really span multiple clouds in multiple locations? I think you saw from the demos today of how you're really running all of AoS on top of GCP virtual infrastructure. And in the course of the coming year or two, you'll see us do the same thing, BEM at Amazon, BEM at Azure. Because they deliver servers in their data centers and that's leverage for them because they've already gone and spent so much money on data centers that it's easy for them to deliver a physical server that our software can run on top of. And if people are not using AoS, they'll still want to use things like Frame and Beam and COM and other such things like that. >> Yep, Dheeraj, what are you hearing from customers and how do you think of hybrid, as it were? You know, a lot of attention gets played to things like Azure Stack from Microsoft from VMware on AWS, I know you've got some view points on this. >> Yeah, no, in fact, so if you go back five years, hyperconvergence had become a buzz word maybe three, four years ago. And there were a lot of companies doing hyperconvergence. And only one or two have survived and it's us and VMware, basically have survived that. Everybody else has a checkbox because the customers said well, what about that? Will we have a check box? But, it's really about operating system sort of hyperconvergence. And it has to be honest. And it has to really blur the lines between compute and storage and networking and security. I think hybrid needs to be honest and one of the killer things that hybrid needs is blurring the lines between networks, blurring the lines on storage so you can do one click replication and one click fail over. So a lot of those things have required a lot of innovations from us. That's why we were delayed in Xi. We didn't want to just put up data centers and just like that. I mean, if you go back in time to many hardware companies were putting open stack data centers and calling it their new cloud in response to Amazon. And VMware tried vCloud Air. And they had a charter to go spend money. They weren't going to spend a ton of money on hardware. Without even knowing that the cloud is not about data centers. Cloud is about an experience. It's about eCommerce and computing coming together. And you have to be passionate about a catalog. You know, the marketplace, the catalog so that people can really go and consume things from a catalog. I think that's what our experience has been that. Look, if you don't think of it like a retail giant or retail customer, which is what Amazon has done such a good job of. You know, they've thought about computing as an eCommerce problem as opposed to as a compute storage networking problem itself. And those are the lessons that we have learned about hybrid just as much >> Alright, you did a nice job on the keynote, laying out that Nutanix, like your customers, you're going through a journey. The crawl-walk-run, if you will. We got a tease in the keynote this morning about something cloud native. Where you're going. Final question for you is as you look at the company, you said it's still young, where are your customers going, where are some of the things they need to work on, and that Nutanix will mature with them as we look to move forward? >> Well, I mean, look. I think everybody knows where customers are headed. They're questioning who fulfills the promise because the requirements are all the same. They all want to go and use next generation infrastructure, they want to modernize their data centers, the infrastructure. They want to use some things that they want to own, some things they want to rent. The question is, where is the best experience possible? And by that, I mean not just systems experience of hybrid clouds but also customer service and having an ever-growing catalog and being able to deliver things for developers and devops. And technology will come and go. Two, three years ago, the Puppet and Chef were the hottest thing on, now today, it's Kubernetes. Tomorrow, it's going to be something else. It's the fact that what you see is what you do. And what you do is what you say. In our business, it's about integrity. I was arguing about this yesterday in the earnings call, as well, that building business software is a little bit easier. I shouldn't trivialize it as much but if people use business software, they can work around weaknesses of business software. But if you are in the business of infrastructure, applications cannot work around weaknesses of infrastructure. So integrity matters a lot in our space, actually, and that is about great products, great customer service, fast innovation, recovering fast, being resilient. Those are the things that we focus a lot on. >> Alright, well, Dheeraj, thanks again, always. We didn't even get to talk about the width part, the fourth H that you've been talking about for the honest, humble, and hungry. So, thank you. Congratulations to the team and always appreciate you having on our program. >> My pleasure. >> Alright, for Joep Piscaer, I'm Stu Miniman. Stay with us. Two days live of wall to wall coverage. Thanks for watching theCUBE. (light music) >> I have been in the software and technology industry for over 12 years now. And so I've had the opportunity as a marketer.