>>Welcome everyone to the cubes presentation of the AWS startup showcase open cloud innovations. This is season two episode one of the ongoing series and we're covering exciting and innovative startups from the AWS ecosystem. Today. We're going to focus on the open source community. I'm your host, Dave Vellante. And right now we're going to talk about open source security and mitigating risk in light of a recent discovery of a zero day flaw in log for J a Java logging utility and a related white house executive order that points to the FTC pursuing companies that don't properly secure consumer data as a result of this vulnerability and with me to discuss this critical issue and how to more broadly address software supply chain risk is Don Fisher. Who's the CEO of tide lift. Thank you for coming on the program, Donald. >>Thanks for having me excited to be here. Yeah, pleasure. >>So look, there's a lot of buzz. You open the news, you go to your favorite news site and you see this, you know, a log for J this is an, a project otherwise known as logged for shell. It's this logging tool. My understanding is it's, it's both ubiquitous and very easy to exploit. Maybe you could explain that in a little bit more detail. And how do you think this vulnerability is going to affect things this year? >>Yeah, happy to, happy to dig in a little bit in orient around this. So, you know, just a little definitions to start with. So log for J is a very widely used course component that's been around for quite a while. It's actually an amazing piece of technology log for J is used in practically every serious enterprise Java application over the last 10 going on 20 years. So it's, you know, log for J itself is fantastic. The challenge that organization organizations have been facing relate to a specific security vulnerability that was discovered in log for J and that has been given this sort of brand's name as it happens these days. Folks may remember Heartbleed around the openness to sell vulnerability some years back. This one has been dubbed logged for shell. And the reason why it was given that name is that this is a form of security vulnerability that actually allows attackers. >>You know, if a system is found that hasn't been patched to remediate it, it allows hackers to get full control of a, of a system of a server that has the software running on it, or includes this log for J component. And that means that they can do anything. They can access, you know, private customer data on that system, or really do anything and so-called shell level access. So, you know, that's the sort of definitions of what it is, but the reason why it's important is in the, in the small, you know, this is a open door, right? It's a, if, if organizations haven't patched this, they need to respond to it. But one of the things that's kind of, you know, I think important to recognize here is that this log for J is just one of literally thousands of independently created open source components that flow into the applications that almost every organization built and all of them all software is going to have security vulnerabilities. And so I think that log for J is, has been a catalyst for organizations to say, okay, we've got to solve this specific problem, but we all also have to think ahead about how is this all gonna work. If our software supply chain originates with independent creators across thousands of projects across the internet, how are we going to put a better plan in place to think ahead to the next log for J log for shell style incident? And for sure there will be more >>Okay. So you see this incident as a catalyst to maybe more broadly thinking about how to secure the, the digital supply chain. >>Absolutely. Yeah, it's a, this is proving a point that, you know, a variety of folks have been making for a number of years. Hey, we depend, I mean, honestly these days more than 70% of most applications, most custom applications are comprised of this third party open source code. Project's very similar in origin and governance to log for J that's just reality. It's actually great. That's an amazing thing that the humans collaborating on the internet have caused to be possible that we have this rich comments of open source software to build with, but we also have to be practical about it and say, Hey, how are we going to work together to make sure that that software as much as possible is vetted to ensure that it meets commercial standards, enterprise standards ahead of time. And then when the inevitable issues arise like this incident around the log for J library, that we have a great plan in place to respond to it and to, you know, close the close the door on vulnerabilities when they, when they show up. >>I mean, you know, when you listen to the high level narrative, it's easy to point fingers at organizations, Hey, you're not doing enough now. Of course the U S government has definitely made attempts to emphasize this and, and shore up in, in, in, in, in push people to shore up the software supply chain, they've released an executive order last may, but, but specifically, I mean, it's just a complicated situation. So what steps should organizations really take to make sure that they don't fall prey to these future supply chain attacks, which, you know, are, as you pointed out are inevitable. >>Yeah. I mean, it's, it's a great point that you make that the us federal government has taken proactive steps starting last year, 2021 in the fallout of the solar winds breach, you know, about 12 months ago from the time that we're talking, talking here, the U S government actually was a bit ahead of the game, both in flagging the severity of this, you know, area of concern and also directing organizations on how to respond to it. So the, in May, 2021, the white house issued an executive order on cybersecurity and it S directed federal agencies to undertake a whole bunch of new measures to ensure the security of different aspects of their technology and software supply chain specifically called out open source software as an area where they put, you know, hard requirements around federal agencies when they're acquiring technology. And one of the things that the federal government that the white house cybersecurity executive order directed was that organizations need to start with creating a list of the third-party open source. >>That's flowing into their applications, just that even have a table of contents or an index to start working with. And that's, that's called a, a software bill of materials or S bomb is how some people pronounce that acronym. So th the federal government basically requires federal agencies to now create Nessbaum for their applications to demand a software bill of materials from vendors that are doing business with the government and the strategy there has been to expressly use the purchasing power of the us government to level up industry as a whole, and create the necessary incentives for organizations to, to take this seriously. >>You know, I, I feel like the solar winds hack that you mentioned, of course it was widely affected the government. So we kind of woke them up, but I feel like it was almost like a stuck set Stuxnet moment. Donald were very sophisticated. I mean, for the first time patches that were supposed to be helping us protect, now we have to be careful with them. And you mentioned the, the bill of its software, bill of materials. We have to really inspect that. And so let's get to what you guys do. How do you help organizations deal with this problem and secure their open source software supply chain? >>Yeah, absolutely happy to tell you about, about tide lift and, and how we're looking to help. So, you know, the company, I co-founded the company with a couple of colleagues, all of whom are long-term open source folks. You know, I've been working in around commercializing open source for the last 20 years that companies like red hat and, and a number of others as have my co-founders the opportunity that we saw is that, you know, while there have been vendors for some of the traditional systems level, open source components and stacks like Linux, you know, of course there's red hat and other vendors for Linux, or for Kubernetes, or for some of the databases, you know, there's standalone companies for these logs, for shell style projects, there just hasn't been a vendor for them. And part of it is there's a challenge to cover a really vast territory, a typical enterprise that we inspect has, you know, upwards of 10,000 log for shell log for J like components flowing into their application. >>So how do they get a hand around their hands around that challenge of managing that and ensuring it needs, you know, reasonable commercial standards. That's what tide lifts sets out to do. And we do it through a combination of two elements, both of which are fairly unique in the market. The first of those is a purpose-built software solution that we've created that keeps track of the third-party open source, flowing into your applications, inserts itself into your DevSecOps tool chain, your developer tooling, your application development process. And you can kind of think of it as next to the point in your release process, where you run your unit test to ensure the business logic in the code that your team is writing is accurate and sort of passes tests. We do a inspection to look at the state of the third-party open source packages like Apache log for J that are flowing into your, into your application. >>So there's a software element to it. That's a multi-tenant SAS service. We're excited to be partnered with, with AWS. And one of the reasons why we're here in this venue, talking about how we are making that available jointly with AWS to, to drink customers deploying on AWS platforms. Now, the other piece of the, of our solution is really, really unique. And that's the set of relationships that Tyler has built directly with these independent open source maintainers, the folks behind these open source packages that organizations rely on. And, you know, this is where we sort of have this idea. Somebody is making that software in the first place, right? And so would those folks be interested? Could we create a set of aligned incentives to encourage them, to make sure that that software meets a bunch of enterprise standards and areas around security, like, you know, relating to the log for J vulnerability, but also other complicated parts of open source consumption like licensing and open source license, accuracy, and compatibility, and also maintenance. >>Like if somebody looking after the software going forward. So just trying to basically invite open source creators, to partner with us, to level up their packages through those relationships, we get really, really clean, clear first party data from the folks who create, maintain the software. And we can flow that through the tools that I described so that end organizations can know that they're building with open source components that have been vetted to meet these standards, by the way, there's a really cool side effect of this business model, which is that we pay these open source maintainers to do this work with us. And so now we're creating a new income stream around what previously had been primarily a volunteer activity done for impact in this universe of open source software. We're helping these open source maintainers kind of GoPro on an aspect of what they do around open source. And that means they can spend more time applying more process and tools and methodology to making that open source software even better. And that's good for our customers. And it's good for everyone who relies on open source software, which is really everyone in society these days. That's interesting. I >>Was going to ask you what's their incentive other than doing the right thing. Can you give us an example of, of maybe a example of an open source maintainer that you're working with? >>Yeah. I mean, w we're working with hundreds of open source maintainers and a few of the key open source foundations in different areas across JavaScript, Java PHP, Ruby python.net, and, you know, like examples of categories of projects that we're working with, just to be clear, are things like, you know, web frameworks or parser libraries or logging libraries, like a, you know, log for J and all the other languages, right? Or, you know, time and date manipulation libraries. I mean, they, these are sort of the, you know, kind of core building blocks of applications and individually, they, you know, they may seem like, you know, maybe a minor, a minor thing, but when you multiply them across how many applications these get used in and log for J is a really, really clarifying case for folks to understand this, you know, what can seemingly a small part of your overall application estate can have disproportionate impact on, on your operations? As we saw with many organizations that spent, you know, a weekend or a week, or a large part of the holidays, scrambling to patch and remediate this, a single vulnerability in one of those thousands of packages in that case log. >>Okay, got it. So you have this two, two headed, two vectors that I'm going to call it, your ecosystem, your relationship with these open source maintainers is kind of a, that just didn't happen overnight, and it develop those relationships. And now you get first party data. You monetize that with a software service that is purpose built as the monitor of the probe that actually tracks that third, third party activity. So >>Exactly right. Got it. >>Okay. So a lot of companies, Donald, I mean, this is, like I said before, it's a complicated situation. You know, a lot of people don't have the skillsets to deal with this. And so many companies just kind of stick their head in the sand and, you know, hope for the best, but that's not a great strategy. What are the implications for organizations if they don't really put the tools and processes into place to manage their open source, digital supply chain. >>Yeah. Ignoring the problem is not a viable strategy anymore, you know, and it's just become increasingly clear as these big headline incidents that happened like Heartbleed and solar winds. And now this logged for shell vulnerability. So you can, you can bet on that. Continuing into the future and organizations I think are, are realizing the ones that haven't gotten ahead of this problem are realizing this is a critical issue that they need to address, but they have help, right. You know, the federal government, another action beyond that cybersecurity executive order that was directed at federal agencies early last year, just in the last week or so, the FTC of the U S federal trade commission has made a much more direct warning to private companies and industry saying that, you know, issues like this log for J vulnerability risk exposing private, you know, consumer data. That is one of the express mandates of the FTC is to avoid that the FTC has said that this is, you know, bears on both the federal trade commission act, as well as the Gramm-Leach-Bliley act, which relates to consumer data privacy. >>And the FTC just came right out and said it, they said they cited the $700 million settlements that Equifax was subject to for their data breach that also related to open source component, by the way, that that had not been patched by, by Equifax. And they said the FTC intents to use its full legal authority to pursue companies that failed to take reasonable steps, to protect consumer data from exposure as a result of log for J or similar known vulnerabilities in the future. So the FTC is saying, you know, this is a critical issue for consumer privacy and consumer data. We are going to enforce against companies that do not take reasonable precautions. What are reasonable precautions? I think it's kind of a mosaic of solutions, but I'm glad to say tide lift is contributing a really different and novel solution to the mix that we hope will help organizations contend with this and avoid that kind of enforcement action from FTC or other regulators. >>Well, and the good news is that you can tap a tooling like tide lift in the cloud as a service and you know, much easier today than it was 10 or 15 years ago to, to resolve, or at least begin to demonstrate that you're taking action against this problem. >>Absolutely. There's new challenges. Now I'm moving into a world where we build on a foundation of independently created open source. We need new solutions and new ideas, and that's a, you know, that's part of what we're, we're, we're showing up with from the tide lift angle, but there's many other elements that are going to be necessary to provide the full solution around securing the open source supply chain going forward. >>Well, Donald Fisher of tide lift, thanks so much for coming to the cube and best of luck to your organization. Thanks for the good work that you guys do. >>Thanks, Dave. Really appreciate your partnership on this, getting the word out and yeah, thanks so much for today. >>Very welcome. And you are watching the AWS startup showcase open cloud innovations. Keep it right there for more action on the cube, your leader in enterprise tech coverage.

>>Hello, everyone. My name is John Jane Shake. I work from Iran. Tous Andi. I am here this afternoon very gratefully with Anders Vulcan, who is VP of technology strategy for cloud bees, a Miranda's partner and a well known company in the space that we're going to be discussing. Anders is also a well known entity in this space, which is continuous integration and continuous delivery. Um, you've seen already today some sessions that focus on specific implementations of continuous integration and delivery, um, particularly around security. And, uh, we think this is a critically important topic for anyone in the cloud space, particularly in this increasingly complicated kubernetes space. To understand, um, Miranda's thanks, Uh, if I can recapitulate our own our own strategy and, uh, and language that with complexity on uncertainty consistently increasing with the depth of the technology stacks that we have to deal with consistently, um um elaborating themselves that navigating this requires, um first three implementation of automation to increase speed, which is what C and C d do. Um, and that this speed ba leveraged toe let us ship and iterate code faster. Since that's ultimately the business that all of us air in one way or another. I would like, I guess, toe open this conversation by asking Onders what does he think of that core strategy? >>You know, I think you know, hitting the security thing, right? Right off the bat. You know, security doesn't happen by accident. You know, security is not something that you know, Like a like a server in a restaurant. You know, Sprinkles a little bit of Parmesan cheese right before they serve you the the food. It's not something you Sprinkle on at the end. It's something that has to be baked in from the beginning, not just in the kitchen, but in the supply chain from from from the very beginning. So the you know it's a feature, and if you don't build it, if you're not going to get an outcome that you're not gonna be happy with and I think the you know it's increasingly it's obviously increasingly important and increasingly visible. You know, the you know, the kinds of security problems that we that we see these days can can be, you know, life altering, for for people that are subject to them and and can be, you know, life or death for a company that that's exposed to it. So it's it's it's very, very important. Thio pay attention to it and to work to achieve that as an explicit outcome of the software delivery process. And I think, you know, C i n c d as as process as tooling as culture plays a big part in that because ah, lot of it has to do with, you know, set things up, right? Um run them the same way over and over, you know, get the machine going. Turned the crane. Now, you wanna you wanna make improvements over over time. You know, it's not just, you know, set it and forget it. You know, we got that set up. We don't have to worry about it anymore, but it really is a question of, you know, get the human out of the loop a lot of the times because if if you're dealing with configuring complex systems, you wanna make sure that you get them set up configured, you know, documented Ideally, you know, as code, whether it's a domain specific language or or something like that. And then that's something that you contest against that you can verify against that you can that you can difficult. And then that becomes the basis for for your, you know, for yourself, for pipelines, for your automation around, you know, kind of the software factory floor. So I think automation is a key aspect of that because it, you know, it takes a lot of the drudgery out of it, for one thing, So now the humans have more time to spend on doing on the on the creative things on the things that we're good at a zoo. Humans and it also make sure that, you know, one of the things that computers are really good at is doing the same thing over and over and over and over. Eso that kind of puts that responsibility into the hands of the entity that that knows how to do that well, which is which is the machine eso I think it's, you know, it's a light. It's a deep, deep topic, obviously, but, you know, automation plays into it. Uh, you know, small batch sizes play into it, you know, being able to test very frequently whether that's testing in. You're kind of you're C I pipeline where you're sort of doing building mostly unit testing, maybe some integration testing, but also in layering in the mawr. Serious kinds of testing in terms of security scanning, penetration, testing, vulnerability, scanning. You know those sorts of things which, you know, maybe you do on every single see I Bill. But most people don't because those things tend toe take a little bit longer on. And you know you want your sea ice cycle to be as fast as possible because that's really in service of the developer who has committed code and wants toe kind of see the thumbs up from the system saying it. And, um, so most organizations most organizations are are are focusing on, you know, making sure that there's a follow on pipeline to follow on set of tests that happened after the C I passes successfully and and that's, you know, where a lot of the security scanning and those sorts of things happen. >>It's a It's an interesting problem. I mean, you mentioned, um, what almost sounds like a Lawrence Lessig Ian kind of idea that, you know, code is law in enterprises today, code particularly see, I code ends up being policy, but At the same time, there's, Ah, it seems to me there's a an alternative peril, which is, as you increase speed, particularly when you become more and more dependent on things like containers and layering technology to provide components and capabilities that you don't have to build yourself to your build pipeline, that there are new vulnerabilities, potentially that creep in and can creep in despite automation. Zor at least 1st. 1st order automation is attempts toe to prevent them from creeping in. You don't wanna you wanna freeze people on a six month old version of a key container image. But on the other hand, if the latest version has vulnerabilities, that could be a problem. >>Yeah, I mean, it's, you know, it's it's a it's a it's a double edged sword. It's two sides of the same coin. I think you know, when I talked to a lot of security people, um, you know, people to do it for a living is supposed to mean I just talk about it, um, that Z not completely true. But, um, the ah, lot of times the problem is old vulnerabilities. The thing that I think keeps a lot of people up at night isn't necessarily that the thing at the tip of the releases for particular, you know, well known open source, library or something like that. But that's gonna burn you all the vast majority of the time. And I want to say, like, 80 85% of the time. The vulnerability is that you that you get hosed by are ones that have been known about for years. And so I think the if I had to pick. So if you know, in that sort of two sides of that coin, if I had to pick, I would say Be aggressive in making sure that your third party dependencies are updated frequently and and continuously right, because that is the biggest, biggest cause of of of security vulnerabilities when it comes to third party code. Um, now you know the famous saying, You know, move fast and break things Well, there's certain things you don't want to break. You know you don't want to break a radiation machine that's going to deliver radio radiotherapy to someone because that will endanger their health. So So those sorts of systems, you know, naturally or subject a little bit more kind of caution and scrutiny and rigor and process those sorts of things. The micro service that I run that shows my little avatar when I log in, that one probably gets a little less group. You know, Andre rightfully so. So I think a lot of it has to do. And somebody once said in a I think it was, Ah, panel. I was on a PR say conference, which was, which was kind of a wise thing to say it was Don't spend a million dollars protecting a $5 assets. You know, you wanna be smart and you wanna you wanna figure out where your vulnerabilities they're going to come from and in my experience, and and you know, what I hear from a lot of the security professionals is pay attention to your supply chain. You're you want to make sure that you're up to date with the latest patches of, of all of your third party, you know, open source or close source. It doesn't really matter. I mean, if anything, you know, open source is is more open. Eso You could inspect things a little bit better than the close source, but with both kinds of streams of code that you consume and and use. You wanna make sure that you're you're more up to date as opposed to a less up to date? Um, that generally will be better. Now, can a new version of the library cause problems? You know, introduce bugs? You know, those sorts of things? Yes. That's why we have tests. That's what we have automated tests, regression, sweets, You know, those sorts of things. And so you wanna, you know, you wanna live in a in a world where you feel the confidence as a as a developer, that if I update this library from, you know, one debt owed at 3 to 1 debt owed at 10 to pick up a bunch of, you know, bug fixes and patches and those sorts of things. But that's not going to break some on demand in the test suites that that will run against that ought to cover that that sort of functionality. And I'd rather be in that world of Oh, yeah, we tried to update to that, but it But it broke the tests and then have to go spend time on that, then say, Oh, it broke the test. So let's not update. And then six months later, you do find out. Oh, geez. There was a problem in one that owed at three. And it was fixed in one. That about four. If only we had updated. Um, you know, you look at the, um you look at some of the highest profile security breaches that are out there that you sort of can trace toe third party libraries. It's almost always gonna be that it was out of date and hadn't been patched. That's so that's my you know, opinionated. Take on that. Sure. >>What are the parts of modern C I c D. As opposed to what one would encounter 56 years ago? Maybe if we can imagine that is being before the micro services and containers revolution really took off. >>You know, I think e think you're absolutely right that, you know, not the whole world is not doing. See, I Yeah, and certainly the whole world is not doing city yet. Um, you know, I think you know, as you say, we kind of live in a little bit of an ivory tower. You know, we live in an echo chamber in a little bit of a bubble Aziz vendors in this space. The truth is that I would say less than 50% of the software organizations out there do real. See, I do real CD. The number's probably less than that. Um, you know, I don't have anything to back that up other than just I talked to a lot of folks and work with, you know, with a lot of organizations and like, Yeah, that team does see I that team does Weekly builds You know, those sorts of things. It's it's really all over the place, Onda. Lot of times there's There's definitely, in my experience, a high correlation there with the amount of time that a team or a code base has been around, and the amount of sort of modern technologies and processes and and and so on that are that are brought to it on. And that sort of makes sense. I mean, if you if you're starting with the green field with a blank sheet of paper, you're gonna adopt, you know, the technologies and the processes and the cultures of today. A knot of 5, 10 15 15 years ago, Um but but most organizations air moving in that direction. Right? Andi, I think you know what? What? What? What's really changed in the last few years is the level of integration between the various tools between the various pieces and the amount of automation that you could bring to bear. I mean, I you know, I remember, you know, five or 10 years ago having all kinds of conversations with customers and prospects and and people of conferences and so on and they said, Oh, yeah, we'd like to automate our our software development life cycle, but, you know, we can't We have a manual thing here. We have a manual thing there. We do this kind of testing that we can automate it, and then we have this system, but it doesn't have any guy. So somebody has to sit and click on the screen. And, you know, and I used to say e used to say I don't accept No for an answer of can you automate this right? Everything. Anything can be automated. Even if you just get the little drinking bird. You know that just pokes the mouse. Everyone something. You can automate it, and I Actually, you know, I had one customer who was like, Okay, and we had a discussion and and and and they said, Well, we had this old Windows tool. We Its's an obscure tool. It's no longer updated, but it's it's it's used in a critical part of the life cycle and it can't be automated. And I said, Well, just install one of those Windows tools that allows you to peek and poke at the, you know, mass with my aunt I said so I don't accept your answer. And I said, Well, unfortunately, security won't allow us to install those tools, Eh? So I had to accept No, at that point, but But I think the big change were one of the biggest changes that's happened in the last few years is the systems now have all I'll have a p i s and they all talk to each other. So if you've gotta, you know, if you if you've got a scanning tool, if you've got a deployment tool, if you have a deployment, you know, infrastructure, you know, kubernetes based or, you know, kind of sitting in front of our around kubernetes thes things. I'll talk to each other and are all automated. So one of the things that's happened is we've taken out a lot of the weight states. A lot of the pauses, right? So if you you know, if you do something like a value stream mapping where you sit down and I'll date myself here and probably lose some of the audience with this analogy. But if you remember Schoolhouse Rock cartoons in in the late seventies, early eighties, there was one which was one of my favorites, and and the guy who did the music for this passed away last year, sadly, But, uh, the it was called How a bill Becomes a Law and they personified the bill. So the bill, you know, becomes a little person and, you know, first time passed by the house and then the Senate, and then the president either signs me or doesn't and or he vetoes, and it really sort of did this and what I always talk about with respect to sort of value stream mapping and talking about your processes, put a GoPro camera on your source codes head, and then follow that source code all the way through to your customer understand all of the stuff that happens to it, including nothing, right? Because a lot of times in that elapsed time, nothing keeps happening, right. If we build software the way we were sorry. If we build cars the way we build software, we would install the radio in a car, and then we would park it in a corner of the factory for three weeks. And then we might remember to test the radio before we ship the car out to the customer. Right, Because that's how a lot of us still develop some for. And I think one thing that's changed in the in the last few years is that we don't have these kind of, Well, we did the bill. So now we're waiting for somebody to create an environment and rack up some hardware and install an operating system and install. You know, this that and the other. You know, that that went from manual to we use Scheffer puppet to do it, which then went to we use containers to do it, which then went to we use containers and kubernetes to do it. So whole swaths of elapsed time in our software development life cycles basically went to nothing, right and went to the point where we can weaken, weaken, configure them way to the left and and and follow them all the way through. And that the artifact that we're delivering isn't necessarily and execute herbal. It could be a container, right? So now that starts to get interesting for us in terms of being able to test against that container scan against that container, def. Against that container, Um, you know, and it, you know, it does bring complexity to in terms of now you've got a layered file system in there. Well, what all is in there, you know, And so there's tools for scanning those kinds of things, But But I think that one of the biggest things that's happened is a lot of the natural pause. Points are no longer natural. Pause points their unnatural pause points, and they're now just delays in yourself for delivery. And so what? What a lot of organizations are working on is kind of getting to the point where those sorts of things get get automated and connected, and that's now possible. And it wasn't 55 or 10 years ago. >>So It sounds like a great deal of the speed benefit, which has been quantified many different ways. But is once you get one of these systems working, as we've all experienced enormous, um, is actually done by collapsing out what would have been unused time in a prior process or non paralyze herbal stuff has been made parallel. >>I remember doing a, uh, spent some time with a customer, and they did a value stream mapping, and they they found out at the end that of the 30 days of elapsed time they were spending three days on task. Everything else was waiting, waiting for a build waiting foran install, waiting for an environment, waiting for an approval, having meetings, you know, those sorts of things. And I thought to myself, Oh, my goodness, you know, 90% of the elapsed time is doing nothing. And I was talking to someone Gene Kim, actually, and I said, Oh my God, it was terrible that these you know, these people are screwed and he says, 0 90%. That's actually pretty good, you know? So So I think you know, if you if you think today, you know, if you If you if you look at the teams that are doing just really pure continuous delivery, you know, write some code committed, gets picked up by the sea ice system and passes through CIA goes through whatever coast, see I processing, you need to do security scanning and so on. It gets staged and it gets pushed into production. That stuff can happen in minutes, right? That's new. That's different. Now, if you do that without having the right automated gates in place around security and and and and those sorts of things you know, then you're living a little bit dangerously, although I would argue not necessarily any more dangerously, than just letting that insecure coat sit around for a week before your shipment, right? It's not like that problem is going to fix itself if you just let it sit there, Um, but But, you know, you definitely operated at a higher velocity. Now that's a lot of the benefit that you're tryingto trying to get out of it, right? You can get stuff out to the market faster, or if you take a little bit more time, you get more out to the market in, in in the same amount of time you could turn around and fix problems faster. Um, if you have a vulnerability, you can get it fixed and pushed out much more quickly. If you have a competitive threat that you need to address, you can you know, you could move that that much faster if you have a critical bug. You know, I mean, all security issues or bugs, sort of by definition. But, you know, if you have a functionality bug, you can you can get that pushed out faster. Eso So I think kind of all factors of the business benefit from from this increase in speed. And I think developers due to because anybody you know, any human that has a context switch and step away from something for for for, you know, duration of time longer than a few minutes, you know, you're gonna you're gonna you're gonna you're gonna have to load back up again. And so that's productivity loss. Now, that's a soft cost. But man, is it Is it expensive and is a painful So you see a lot of benefit there. Think >>if you have, you know, an organization that is just starting this journey What would you ask that organization to consider in orderto sort of move them down this path? >>It's by far the most frequent and almost always the first question I get at the end of the talk or or a presentation or something like that is where do we start? How do I know where to start? And and And there's a couple of answers to that. What one is Don't boil the ocean, right? Don't try to fix everything all at once. You know that because that's not agile, right? The be agile about your transformation Here, you know, pick, pick a set of problems that you have and and make a, you know, basically make a burn down list and and do them in order. So find find a pain point that you have right and, you know, just go address that and and try to make it small and actionable and especially early on when you're trying to affect change. And you're tryingto convinced teams that this is the way to go and you may have some naysayers, or you may have people who are skeptical or have been through these processes before that have been you know failures released, not the successes that they that they were supposed to be. You know, it's important to have some wind. So what I always say is look, you know, if you have a pebble in your shoe, you've got a pain point. You know how to address that. You know, you're not gonna address that by changing out your wardrobe or or by buying a new pair of shoes. You know, you're gonna address that by taking your shoe off, shaking it until the pebble falls out there putting the shoe back on. So look for those kinds of use cases, right? So if you're engineers are complaining that whenever I check in the build is broken and we're not doing see, I well, then let's look at doing C I Let's do see eye, right? If you're not doing that. And for most organizations, you know, setting up C I is a very manageable, very doable thing. There's lots of open source tooling out there. There's lots of commercial tooling out there. Thio do that to do it for small teams to do it for large teams and and everything in between. Um, if the problem is Gosh, Every time we push a change, we break something. You know where every time something works in staging it doesn't work in production. Then you gotta look at Well, how are these systems being configured? If you're If you're configuring them manually, stop automate the configuration of them. Um, you know, if you're if you're fixing system manually, don't you know, as a friend of mine says, don't fix, Repave? Um, you know, you don't wanna, you know, there's a story of, you know how how Google operates in their data centers. You know, they don't they don't go look for a broken disk drive and swap it out. You know, when it breaks, they just have a team of people that, like once a month or something, I don't know what the interval is. They just walked through the data center and they pull out all the dead stuff and they throw it out, and what they did was they assume that if the scale that they operate, things are always going to break physical things are always going to break. You have to build a software to assume that breakage and any system that assumes that we're going to step in when a disk drive is broken and fix it so that we can get back to running just isn't gonna work at scale. There's a similarity. There's sort of ah, parallel to that in in software, which is you know, any time you have these kinds of complex systems, you have to assume that they're gonna break and you have to put the things in place to catch those things. The automated testing, whether it's, you know, whether you have 10,000 tests that you that you've written already or whether you have no tests and you just need to go right, your first test that that journey, you've got to start somewhere. But my answer thio their questions generally always just start small, pick a very specific problem. Build a plan around it, you know, build a burned down list of things that you wanna address and just start working your way down that the same way that you would for any, you know, kind of agile project, your transformation of your own processes of your own internal systems. You should use agile processes for those as well, because if you if you go off for six months and and build something. By the time you come back, it's gonna be relevant. Probably thio the problems that you were facing six months ago. >>A Then let's consider the situation of, ah, company that's using C I and maybe sea ice and C d together. Um, and they want to reach what you might call the next level. Um, they've seen obvious benefits they're interested in, you know, in increasing their investment in, you know and cycles devoted to this technology. You don't have to sell them anymore, but they're looking for a next direction. What would you say that direction should be? I >>think oftentimes what organizations start to do is they start to look at feedback loops. So on DAT starts to go into the area of sort of metrics and analytics and those sorts of things. You know what we're we're always concerned about? You know, we're always affected by things like meantime to recovery. Meantime, the detection, what are our cycle times from, you know, ideation, toe codecommit. What's the cycle? Time from codecommit the production, those sorts of things. And you know you can't change what you don't measure eso so a lot of times the next step after kind of getting the rudimentary zoo of C I Orsini or some combination of both in places start to measure. Stop you, Um, and and then but But there. I think you know, you gotta be smart about it, because what you don't want to do is kind of just pull all the metrics out that exists. Barf them up on the dashboard. And the giant television screens say boom metrics, right. You know, Mike, drop go home. That's the wrong way to do it. You want to use metrics very specifically to achieve outcomes. So if you have an outcome that you want to achieve and you can tie it to a metric start looking at that metric and start working that problem once you saw that problem, you can take that metric. And you know, if that's the metric you're showing on the big you know, the big screen TV, you can pop that off and pick the next one and put it up there. I I always worry when you know a little different when you're in a knock or something like that. When when you're looking at the network stuff and so on. But I'm always leery of when I walk into to a software development organization. You know, just a Brazilian different metrics, this whole place because they're not all relevant. They're not all relevant at the same time. Some of them you wanna look at often, some of them you just want to kind of set an alarm on and make sure that, you know, I mean, you don't go down in your basement every day to check that the sump pump is working. What you do is you put a little water detector in there and you have an alarm go off if the water level ever rises above a certain amount. Well, you want to do the same thing with metrics, right? Once you've got in the water out of your basement, you don't have to go down there and look at it all the time. You put the little detector in, and then you move on and you worry about something else. And so organizations as they start to get a little bit more sophisticated and start to look at the analytics, the metrics, um, start to say, Hey, look, if our if our cycle time from from, you know, commit to deploy is this much. And we want it to be this much. What happens during that time, And where can we take slices out of that? You know, without without affecting the outcomes in terms of quality and so on, or or if it's, you know, from from ideation, toe codecommit. You know what? What can we do there? Um, you start to do that. And and then as you get those sort of virtuous cycles of feedback loops happening, you know, you get better and better and better, but you wanna be careful with metrics, you know, you don't wanna, you know, like I said, you don't wanna barf a bunch of metrics up just to say, Look, we got metrics. Metrics are there to serve a particular outcome. And once you've achieved that outcome, and you know that you can continue to achieve that outcome, you turn it into an alarm or a trigger, and you put it out of sight. And you know that. You know, you don't need to have, like, a code coverage metric prominently displayed you you pick a code coverage number that you're happy with you work to achieve that. Once you achieve it, you just worry about not going below that threshold again. So you can take that graph off and just put a trigger on this as if we ever get below this, you know, raising alarm or fail a build or fail a pipeline or something like that and then start to focus on improving another man. Uh, or another outcome using another matter >>makes enormous sense. So I'm afraid we are getting to be out of time. I want to thank you very much on this for joining us today. This has been certainly informative for me, and I hope for the audience, um, you know, thank you very, very much for sharing your insulin.

>>welcome to our session on security titled Securing Your Cloud. Everywhere With Me is Brian Langston, senior solutions engineer from Miranda's, who leads security initiatives from Renta's most security conscious customers. Our topic today is security, and we're setting the bar high by talking in some depth about the requirements of the most highly regulated industries. So, Brian four Regulated industries What do you perceive as the benefits of evolution from classic infra za service to container orchestration? >>Yeah, the adoption of container orchestration has given rise to five key benefits. The first is accountability. Think about the evolution of Dev ops and the security focused version of that team. Deb. SEC ops. These two competencies have emerged to provide, among other things, accountability for the processes they oversee. The outputs that they enable. The second benefit is audit ability. Logging has always been around, but the pervasiveness of logging data within container or container environments allows for the definition of audit trails in new and interesting ways. The third area is transparency organizations that have well developed container orchestration pipelines are much more likely to have a higher degree of transparency in their processes. This helps development teams move faster. It helped operations teams operations teams identify and resolve issues easier and help simplify the observation and certification of security operations by security organizations. Next is quality. Several decades ago, Toyota revolutionized the manufacturing industry when they implemented the philosophy of continuous improvement. Included within that philosophy was this dependency and trust in the process as the process was improved so that the quality of the output Similarly, the refinement of the process of container orchestration yields ah, higher quality output. The four things have mentioned ultimately points to a natural outcome, which is speed when you don't have to spend so much time wondering who does what or who did what. When you have the clear visibility to your processes and because you can continuously improve the quality of your work, you aren't wasting time in a process that produces defects or spending time and wasteful rework phases. You can move much faster than we've seen this to be the case with our customers. >>So what is it specifically about? Container orchestration that gives these benefits, I guess. I guess I'm really asking why are these benefits emerging now around these technologies? What's enabling them, >>right? So I think it boils down to four things related to the orchestration pipelines that are also critical components. Two successful security programs for our customers and related industry. The first one is policy. One of the core concepts and container orchestration is this idea of declaring what you want to happen or declaring the way you want things done? One place where declarations air made our policies. So as long as we can define what we want to happen, it's much easier to do complementary activities like enforcement, which is our second enabler. Um, tools that allow you to define a policy typically have a way to enforce that policy. Where this isn't the case, you need to have a way of enforcing and validating the policies objectives. Miranda's tools allow custom policies to be written and also enforce those policies. The third enabler is the idea of a baseline. Having a well documented set of policies and processes allows you to establish a baseline. Um, it allows you to know what's normal. Having a baseline allows you to measure against it as a way of evaluating whether or not you're achieving your objectives with container orchestration. The fourth enabler of benefits is continuous assessment, which is about measuring constantly back to what I said a few minutes ago. With the toilet away measuring constantly helps you see whether your processes and your target and state are being delivered as your output deviates from that baseline, your adjustments can be made more quickly. So these four concepts, I think, could really make or break your compliance status. >>It's a really way interesting way of thinking about compliance. I had thought previously back compliance, mostly as a as a matter of legally declaring and then trying to do something. But at this point, we have methods beyond legal boilerplate for asserting what we wanna happen, as you say, and and this is actually opening up new ways to detect, deviation and and enforce failure to comply. That's really exciting. Um, so you've you've touched on the benefits of container orchestration here, and you've provided some thoughts on what the drivers on enablers are. So what does Miranda's fit in all this? How does how are we helping enable these benefits, >>right? Well, our goal and more antis is ultimately to make the world's most compliant distribution. We we understand what our customers need, and we have developed our product around those needs, and I could describe a few key security aspects about our product. Um, so Miranda's promotes this idea of building and enabling a secure software supply chain. The simplified version of that that pertains directly to our product follows a build ship run model. So at the build stage is doctor trusted registry. This is where images are stored following numerous security best practices. Image scanning is an optional but highly recommended feature to enable within D T R. Image tags can be regularly pruned so that you have the most current validated images available to your developers. And the second or middle stage is the ship stage, where Miranda's enforces policies that also follow industry best practices, as well as custom image promotion policies that our customers can write and align to their own internal security requirements. The third and final stages to run stage. And at this stage, we're talking about the engine itself. Docker Engine Enterprise is the Onley container, run time with 51 40 dash to cryptography and has many other security features built in communications across the cluster across the container platform are all secure by default. So this build ship stage model is one way of how our products help support this idea of a secure supply chain. There are other aspects of the security supply chain that arm or customer specific that I won't go into. But that's kind of how we could help our product. The second big area eso I just touched on the secure supply chain. The second big area is in a Stig certification. Um, a stick is basically an implementation or configuration guide, but it's published by the U. S government for products used by the US government. It's not exclusive to them, but for customers that value security highly, especially in a regulated industry, will understand the significance and value that the Stig certification brings. So in achieving the certification, we've demonstrated compliance or alignment with a very rigid set of guidelines. Our fifth validation, the cryptography and the Stig certification our third party at two stations that our product is secure, whether you're using our product as a government customer, whether you're a customer in a regulated industry or something else, >>I did not understand what the Stig really Waas. It's helpful because this is not something that I think people in the industry by and large talk about. I suspect because these things are hard to get and time consuming to get s so they don't tend to bubble up to the top of marketing speak the way glitzy new features do that may or may not >>be secure. >>The, uh so then moving on, how has container orchestration changed? How your customers approach compliance assessment and reporting. >>Yeah, This has been an interesting experience and observation as we've worked with some of our customers in these areas. Eso I'll call out three areas. One is the integration of assessment tooling into the overall development process. The second is assessment frequency and then the third is how results are being reported, which includes what data is needed to go into the reporting. There are very likely others that could be addressed. But those are three things that I have noticed personally and working with customers. >>What do you mean exactly? By integration of assessment tooling. >>Yeah. So our customers all generally have some form of a development pipeline and process eso with various third party and open source tools that can be inserted at various phases of the pipeline to do things like status static source would analysis or host scanning or image scanning and other activities. What's not very well established in some cases is how everything fits within the overall pipeline framework. Eso fit too many customers, ends up having a conversation with us about what commands need should be run with what permissions? Where in the environment should things run? How does code get there that does this scanning? Where does the day to go? Once the out once the scan is done and how will I consume it? Thies Real things where we can help our customers understand? Um, you know what? Integration? What? Integration of assessment. Tooling really means. >>It is fascinating to hear this on, baby. We can come back to it at the end. But what I'm picking out of this Ah, this the way you speak about this and this conversation is this kind of re emergence of these Japanese innovations in product productivity in in factory floor productivity. Um, like, just in time delivery and the, you know, the Toyota Miracle and, uh, and that kind of stuff. Fundamentally, it's someone Yesterday, Anders Wahlgren from cloud bees, of course. The C I. C D expert told me, um, that one of the things he likes to tell his, uh consult ease and customers is to put a GoPro on the head of your code and figure out where it's going and how it's spending its time, which is very reminiscent of these 19 fifties time and motion studies, isn't it that that that people, you know pioneered accelerating the factory floor in the industrial America of the mid century? The idea that we should be coming back around to this and doing it at light speed with code now is quite fascinating. >>Yeah, it's funny how many of those same principles are really transferrable from 50 60 70 years ago to today. Yeah, quite fascinating. >>So getting back to what you were just talking about integrating, assessment, tooling, it sounds like that's very challenging. And you mentioned assessment frequency and and reporting. What is it about those areas that that's required? Adaptation >>Eso eso assessment frequency? Um, you know, in legacy environments, if we think about what those look like not too long ago, uh, compliance assessment used to be relatively infrequent activity in the form of some kind of an audit, whether it be a friendly peer review or intercompany audit. Formal third party assessments, whatever. In many cases, these were big, lengthy reviews full of interview questions, Um, it's requests for information, periods of data collection and then the actual review itself. One of the big drawbacks to this lengthy engagement is an infrequent engagement is that vulnerabilities would sometimes go unnoticed or unmitigated until these reviews at it. But in this era of container orchestration, with the decomposition of everything in the software supply chain and with clearer visibility of the various inputs to the build life cycle, our customers can now focus on what tooling and processes can be assembled together in the form of a pipeline that allows constant inspection of a continuous flow of code from start to finish. And they're asking how our product can integrate into their pipeline into their Q A frameworks to help simplify this continuous assessment framework. Eso that's that kind of addresses the frequency, uh, challenge now regarding reporting, our customers have had to reevaluate how results are being reported and the data that's needed in the reporting. The root of this change is in the fact that security has multiple stakeholder groups and I'll just focus on two of them. One is development, and their primary focus, if you think about it, is really about finding and fixing defects. That's all they're focused on, really, is there is there pushing code? The other group, though, is the Security Project Management Office, or PMO. This group is interested in what security controls are at risk due to those defects. So the data that you need for these two stakeholder groups is very different. But because it's also related, it requires a different approach to how the data is expressed, formatted and ultimately integrated with sometimes different data sources to be able to appease both use cases. >>Mhm. So how does Miranda's help improve the rate of compliance assessment? Aziz? Well, as this question of the need for differential data presentation, >>right, So we've developed on exposed a P I S that helped report the compliance status of our product as it's implemented in our customers on environment. So through these AP eyes, we express the data and industry standard formats using plastic out Oscar is a relatively new project out of the mist organization. It's really all about standardizing a set of standards instead of formats that expresses control information. So in this way our customers can get machine and human readable information related to compliance, and that data can then be massaged into other tools or downstream processes that our customers might have. And what I mean by downstream processes is if you're a development team and you have the inspection tools, the process is to gather findings defects related to your code. A downstream process might be the ticketing system with the era that might log a formal defect or that finding. But it all starts with having a common, standard way of expressing thes scan output. And the findings such that both development teams and and the security PMO groups can both benefit from the data. So essentially we've been following this philosophy of transparency, insecurity. What we mean by that is security isn't or should not be a black box of information on Lee, accessible and consumable by security professionals. Assessment is happening proactively in our product, and it's happening automatically. We're bringing security out of obscurity by exposing the aspects of our product that ultimately have a bearing on your compliance status and then making that information available to you in very user friendly ways. >>It's fascinating. Uh uh. I have been excited about Oscar's since, uh, since first hearing about it, Um, it seems extraordinarily important to have what is, in effect, a ah query capability. Um, that that let's that that lets different people for different reasons formalize and ask questions of a system that is constantly in flux, very, very powerful. So regarding security, what do you see is the basic requirements for container infrastructure and tools for use in production by the industries that you are working with, >>right? So obviously, you know, the tools and infrastructure is going to vary widely across customers. But Thio generalize it. I would refer back to the concept I mentioned earlier of a secure software supply chain. There are several guiding principles behind us that are worth mentioning. The first is toe have a strategy for ensuring code quality. What this means is being able to do static source code analysis, static source code analysis tools are largely language specific, so there may be a few different tools that you'll need to have to be able to manage that, um, second point is to have a framework for doing regular testing or even slightly more formal security assessments. There are plenty of tools that can help get a company started doing this. Some of these tools are scanning engines like open ESCAP that's also a product of n'est open. ESCAP can use CS benchmarks as inputs, and these tools do a very good job of summarizing and visualizing output, um, along the same family or idea of CS benchmarks. There's many, many benchmarks that are published. And if you look at your own container environment, um, there are very likely to be many benchmarks that can form the core platform, the building blocks of your container environment. There's benchmarks for being too, for kubernetes, for Dr and and it's always growing. In fact, Mirante is, uh, editing the benchmark for container D, so that will be a formal CSCE benchmark coming up very shortly. Um, next item would be defining security policies that line with your organization's requirements. There are a lot of things that come out of box that comes standard that comes default in various products, including ours, but we also give you through our product. The ability to write your own policies that align with your own organization's requirements, uh, minimizing your tax surface. It's another key area. What that means is only deploying what's necessary. Pretty common sense. But sometimes it's overlooked. What this means is really enabling required ports and services and nothing more. Um, and it's related to this concept of least privilege, which is the next thing I would suggest focusing on these privileges related to minimizing your tax service. It's, uh, it's about only allowing permissions to those people or groups that excuse me that are absolutely necessary. Um, within the container environment, you'll likely have heard this deny all approach. This denial approach is recommended here, which means deny everything first and then explicitly allow only what you need. Eso. That's a very common, uh uh, common thing that sometimes overlooked in some of our customer environments. Andi, finally, the idea of defense and death, which is about minimizing your plast radius by implementing multiple layers of defense that also are in line with your own risk management strategy. Eso following these basic principles, adapting them to your own use cases and requirements, uh, in our experience with our customers, they could go a long way and having a secure software supply chain. >>Thank you very much, Brian. That was pretty eye opening. Um, and I had the privilege of listening to it from the perspective of someone who has been working behind the scenes on the launch pad 2020 event. So I'd like to use that privilege to recommend that our listeners, if you're interested in this stuff certainly if you work within one of these regulated industries in a development role, um, that you may want to check out, which will be easy for you to do today, since everything is available once it's been presented. Matt Bentley's live presentation on secure Supply Chain, where he demonstrates one possible example of a secure supply chain that permits image. Signing him, Scanning on content Trust. Um, you may want to check out the session that I conducted with Andres Falcon at Cloud Bees who talks about thes um, these industrial efficiency factory floor time and motion models for for assessing where software is in order to understand what policies can and should be applied to it. Um, and you will probably want to frequent the tutorial sessions in that track, uh, to see about how Dr Enterprise Container Cloud implements many of these concentric security policies. Um, in order to provide, you know, as you say, defense in depth. There's a lot going on in there, and, uh, and it's ah, fascinating Thio to see it all expressed. Brian. Thanks again. This has been really, really educational. >>My pleasure. Thank you. >>Have a good afternoon. >>Thank you too. Bye.

>> From Palo Alto, California, it's theCUBE. Covering The Conference Board's 6th Annual Innovation Master Class. >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at the Innovation Master Class that's put on by The Conference Board. We're here at Xerox PARC, one of the original innovation centers here in Silicon Valley. Tremendous history, if you don't know the history of Xerox PARC go get a book and do some reading. And we're excited to have our next guest because there's a lot of talk about tech but really not enough talk about people and where the people play in this whole thing. And as we're seeing more and more, especially in downtown San Francisco, an assumption of responsibility by tech companies to use some of the monies that they're making to invest back in the community. And one of the big problems in San Francisco if you've been there lately is homelessness. There's people all over the streets, there's tent cities and it's a problem. And it's great to have our next guest, who's actually doing something about it, small discrete steps, that are really changing people's lives, and I'm excited to have him. He's Kevin Adler, the founder and CEO of Miracle Messages. Kevin, great to meet you. >> Great to meet you too Jeff. >> So, before we did this, doing a little background, you knew I obviously stumbled across your TED Talk and it was a really compelling story so I wonder A, for the people, what is Miracle Messages all about, and then how did it start, how did you start this journey? >> Miracle Messages, we help people experiencing homelessness reconnect to their loved ones and in the process, help us as their neighbors reconnect with them. And we're really tackling what we've come to call the relational poverty on the streets. A lot of people that we walk by every day, Sure, they don't have housing, but their level of disconnection and isolation is mind boggling when you actually find out about it. So, I started it four years ago. I had an uncle who was homeless for about 30 years. Uncle Mark, and I never saw him as a homeless man. He was just a beloved uncle, remembered every birthday, guest of honor at Thanksgiving, Christmas. >> And he was in the neighborhood, he just didn't have a home? >> He was in Santa Cruz, he suffered from schizophrenia. And, when he was on his meds he was good and then he'd do something disruptive and get kicked out of a halfway house. And we wouldn't hear from him for six months or a year. >> Right. So, after he passed away, I was with my dad, and not far from here, visiting his grave site in Santa Cruz. And I was having a conversation with my dad of the significance of having a commemorative plot for Uncle Mark. I said, he meant something to us, this is his legacy. So that's nice, but I'm going to go back in the car, pull out my smartphone, and see status updates from every friend, acquaintance I've ever met, and I'm going to learn more about their stories on Facebook, with a quick scroll, than I will at the grave site of my Uncle Mark. So, I'm actually a Christian. I have a faith background, and I asked this question: "How would Jesus use a smartphone?" "How would Jesus use a GoPro camera?" Cause I didn't think it was going to be surfing pigs on surf boards. And I started a side project where homeless volunteers, like my Uncle Mark, wore GoPro cameras around their chests. And I invited them to narrate those experiences and I was shocked by what I saw. And I won't regale you with stories right now but I heard over and over again, people say "I never realized I was homeless when I lost my housing, "only when I lost my family and friends." >> Right. >> And that led me to say, if that's true, I can just walk down the street and go up to every person I see and say "Do you have any family or friends "you'd like to reconnect with?" And I did that in Market Street, San Francisco four years ago, met a man named Jeffrey, he hadn't seen his family in 22 years. Recorded a video on the spot to his niece and nephew, go home that night, posted the video in a Facebook group connected to his hometown, and within one hour the video was shared hundreds of times, makes the local news that night. Classmates start commenting, "Hey, "I went to high school with this guy, "I work in construction, does he need a job? "I work at the mayor's office does he need healthcare?" His sister gets tagged, we talk the next day. It turns out that Jeffrey had been a missing person for 12 years. And that's when I quit my job and started doing this work full time. >> Right, phenomenal. There's so many great aspects to this story. One of the ones that you talked about in your TED Talk that I found interesting was really just the psychology of people's reaction to homeless people in the streets. And the fact that once they become homeless in our minds that we really see through them. >> Totally. >> Which I guess is a defense mechanism to some point because, when there's just so many. And you brought up that it's not the condition that they don't have a place to sleep at night, but it's really that they become disassociated with everything. >> Yeah, so I mean, you're introduction to me, if you had said hey there's this guy, there's no TED talk, there's nothing else, he's a housed person, let's hear what he has to say. Like, what would I talk... That's what we do every single day with people experiencing homelessness. We define them by their lack of one physical need. And, sure, they need it, but it presumes that's all there is to being human. Not the higher order needs of belonging, love, self-actualization. And some of the research has found that the part of the brain that activates when we see a person, compared to an inanimate object, does not respond when we see a person who's experiencing homelessness. And in one experiment in New York, they had members of a person's very own family, mom and dad, dress up to look homeless on the streets. Not a single person recognized their own member of their own family as they walked by 'em. >> Yeah, it's crazy. It's such a big problem, and there's so many kind of little steps that people are trying to do. There's people that walk around with peanut butter and jelly sandwiches that we see on social media, and there's a couple guys that walk around with scissors and a comb and just give haircuts. These little tiny bits of humanization is probably the best way to describe it makes such a difference to these people. And I was amazed, your website... 80 percent of the people that get reconnected with their family, it's a positive reconnection. That is phenomenal because I would have imagined it's much less than that. >> Every time we reconnect someone, we're blown away at the lived examples of forgiveness, reconciliation. And every reunion, every message we record from a person experiencing homelessness, we have four, five messages from families reaching out to us saying, "Hey I haven't seen "my relative in 15 years, 20 years." The average time disconnect of our clients is 20 years. >> Right, wow. >> So what I've been doing now is, once you see it like this, you walk down the street, you see someone on the streets, you're like that's someone's son or daughter. That's someone's brother or sister. It's not to say that families sometimes aren't the problem. Half of the youth in San Francisco that are homeless, LGBTQ. But it's to say that everyone's someone's somebody that we shouldn't be this disconnected as people in this age of hyper-connectivity and let's have these courageous conversations to try to bring people back in to the fold. >> Right, so I'm just curious this great talk by Jeff Bezos at Amazon talking about some of the homeless situations in Seattle and he talks, there's a lot-- >> He's a wealthy guy, right? >> He's got a few bucks, yeah, just a few bucks. But he talks about there's different kind of classes of homelessness. We tend to think of them all as the same but he talks about young families that aren't necessarily the same as people that have some serious psychological problems and you talked about the youth. So, there's these sub-segments inside the homeless situations. Where do you find in what you offer you have the most success? What is the homeless sub population that you find reconnecting them with their history, their family, their loved ones, their friends has the most benefit, the most impact? >> That's a great question. Our sweet spot right now, we've done 175 reunions. >> And how many films have you put out? >> Films in terms of recording the messages? >> Yeah, to get the 175. >> 175 reunions, we have recorded just north of about 600 messages. And not all of 'em are video messages. So, we have a hotline, 1-800-MISS-YOU. Calls that number, we gather the information over the phone, we have paper for 'em. So 600 messages recorded, about 300, 350 delivered and then half of them lead to a reunion. The sweet spot, I'd say the average time disconnected of our clients is 20 years. And the average age is 50, and they tend to be individuals isolated by their homelessness. So, these are folks for decades who have had the shame, the embarrassment, might not have the highest level of digital literacy. Maybe outside of any other service provider. Not going to the shelter every night, not working with a case worker or social worker, and we say hey, we're not tryna' push anything on ya' but do you have any family or friends you'd like to reconnect with. That opens up a sense of possibility that was kind of dormant otherwise. But then we also go at the other end of the spectrum where we have folks who are maybe in an SRO, a single room occupancy, getting on their feet through a drug rehab program and now's the point that they're sayin' "Hey, I'm stably housed, I feel good, "I don't need anything from anyone. "Now's the time to rebuild that community "and that trust from loved ones." >> Kevin, it's such a great story. You're speaking here later today. >> I think so, I believe so. >> On site for good, which is good 'cause there's so much... There's a lot of negative tech press these days. So, great for you. How do people get involved if they want to contribute time, they want to contribute money, resources? Definitely get a plug in there. >> Now, or later? Right now, yeah, let 'em know. >> No time like the present. We have 1200 volunteer digital detectives. These are people who use social media for social good. Search for the loved ones online, find them, deliver the messages. So, people can join that, they can join us for a street walk or a dinner, where they go around offering miracle messages and if they're interested they can go to our website miraclemessages.org and then sign up to get involved. And we just released these T-shirts, pretty cool. Says, "Everyone is someone's somebody." I'm not a stylish man, but I wear that shirt and people are like "That's a great shirt." I'm like, wow, and this is a volunteer shirt? Okay cool, I'm in business. >> I hope you're putting one on before your thing later tonight. >> I have maybe an image of it, I should of. >> All right Kevin, again, congratulations to you and doing good work. >> Thanks brother, I appreciate it. >> I'm sure it's super fulfilling every single time you match somebody. >> It's great, yeah, check out our videos. >> All right he's Kevin, I'm Jeff. We're going to get teary if we don't get off the air soon so I'm going to let it go from here. We're at the Palo Alto Xerox PARC. Really the head, the beginning of the innovation in a lot of ways in the computer industry. The Conference Board, thanks for hosting us here at the Innovation Master Class. Thanks for watching, we'll see you next time. (bright ambient music)

>> Narrator: Live from Washington, D.C., it's theCUBE covering .NEXT conference. Brought to you by Nutanix. >> Welcome back to Washington, D.C. everybody. This is theCUBE, the leader in live tech coverage. My name is Dave Vellante. I'm here with Stu Miniman, this is day two of our coverage of .NEXT Conf #NEXTConf. Wendy M. Pfeiffer is here. She's the relatively new CIO of Nutanix. Wendy, thanks for coming on theCUBE. >> Thanks for having me, good to be here. >> Okay, you got my attention. You said there's a reason for it. >> Reason for the M? >> For the M. >> Yeah, absolutely. It's my mom's middle initial, her middle name is Michelle. My middle name is Michelle and my ten-year-old daughter Holly's middle name is Michelle and we sort of pass along our female heritage. I send Holly a message whenever I do anything publicly that it's a shout out to her. She gets to lead, she gets to be proud of her feminine heritage as well as her family heritage. >> I love that, that is fantastic. Quick aside, I'm going to make you laugh. We're at the race track one day and there was this one guy, and he was winning and I wasn't winning so I said, it's like the eighth race, How are you doing this? Well his last name began with an M. He goes, I'm just betting on all the horses with an M in it. >> That could be another good reason. Thanks for the tip. >> Anyway, welcome to theCUBE and welcome to Nutanix. Five months in on the job, you got a really strong IT background. GoPro, Yahoo, both companies of senior leadership. Robert Half, I think, was on the resume as well. >> Yeah, CISCO Systems, Exodus Communications. >> You've seen it all. >> Which means I'm old. I've been around a long time. Any company, I would work anywhere. >> Not as old as I am, honey. So, what's the experience been like at Nutanix? Tell us about the onboarding. >> It is a playground, I love it. Nutanix, I was hoping that they would have the technology that I love and they do. It's one of the first places I've worked where it doesn't matter if I need server storage, we have that. It's pretty cool. I have a really amazing team and then the leadership there is fantastic. It's also the first time in my career where I'm working for a company that sells to CIO's and so my opinion of our product matters. I get to be customer number one, drink our champagne, that sort of thing. In fact, I'm on that path, we call it Eat Your Own Dog Food, when I came on board and I said, I don't want the dog food. We're going to be drinking our own champagne. I want the good stuff. I'm getting to play and just experience the product and experience that process and then people care what I think, people who are developing product care what I think and that's great. >> Are the sales guys dragging you into situations as well? >> They are totally dragging me into situations. I'm not that compelling in direct sales but I have been giving them some tips on how to sell to CIO's. Just letting them know how to approach us, and some of the things that we care about and don't care about. What's great as well is, I'm not very good at being fake, so when I talk about using our product and when I'm excited about our product, it's pretty, you know, it's genuine. If I don't like something, you know that too. >> Well CIO's, you're part of a network. >> We are. >> And that network is sort of immutable, in my opinion. >> It's a secret cabal. It really is, we get together in treehouses and exchange the password. >> But there's a code, right? >> There is. >> You're not going to give another one of your peers some bad advice, even if you are a CIO of a company that's trying to sell to them. >> That's right. It's a small circle. I do belong to some groups that get together and talk about some of our common challenges and one of our cardinal rules is that no vendors are allowed and there's no selling. We do, if we have some expertise, we'll share that but we really don't cross that line. So when I do give advice, they know it's genuine, as much as possible. >> Wendy, we always like to ask CO's, what's challenging you today? Typical IT, we always said for years, it was like, Okay, your headcount next year is going to be flat, your budget's going to be declining. What do you see when you're talking to your peers? What are some of the biggest challenges that they see? >> It's a few things. One thing is, the transformation that's happening around digital technologies and moving into the cloud. It's requiring a transformation of skill sets as well. We really have a challenge, first of all, in deciding, if we have traditional IT folks, how do we transform their skill sets? How do you make an infrastructure guy or gal someone who writes code? That's one thing and just a dearth of talent. There aren't enough people entering the workforce. That's one thing. Another thing is, really just about the pace of innovation. By nature, when you get to a senior executive level, you're almost less innovative than you might've originally been but we're supposed to be the paragons of innovation and new ideas and so we struggle with that. We struggle to keep it fresh and reinvent ourselves. I left a fairly traditional career to go to GoPro, just because of that desire to reinvent myself and try something hard and new. We've got that struggle as well. I'd think as well, just the changing business models, too. There's a lot, we're always balancing CapEx, OpEx, a lot of us have a big investment in OpEx and in SaaS and then trying to balance that with CapEx. We've always got those challenges. I think that's a lot of it. >> Wendy, we're 10 years into this journey of what cloud and how it's going to affect it and the role of the CIO is something that's been in the center of it. Does the CIO become irrelevant? Does he become a broker of services? You talked a little bit about some of the changing roles. How was your viewpoint on cloud, has it changed over the last few years in some of your different roles and I'm curious inside of Nutanix, how public cloud fits into what you use. >> I think there's a couple of layers. One layer that doesn't go away is operations. Whether it's taking operational expertise and transforming that into code for DevOps, or whether it's transforming it into process for on-premise infrastructure, you have to have that knowledge and you have to have that leadership so I don't think the need for leadership is ever really going away. I think the center of leadership is changing over time and has sort of moved from place to place but ultimately, we have to have folks who understand how to build whatever it is, to scale, who understand how to flex, who understand how to deal with crisis. Then also, there's some fundamentals towards architecture and building blocks. Yes, we're architecting differently. We're architecting with code in the cloud but the principles underlying those things are relatively the same. I don't think that the functions, the need for leadership, is going away at all but I do think that we have to be flexible in our thinking. I will say the title CIO it's actually never kind of been right. Chief Digital Officer or Chief AWS Officer. All of those things are not exactly right. We need to not be so precious about titles and just go back to thinking and leading and innovating and let the titles take care of themselves. >> I got to still ask you about this emergent role of the Chief Data Officer. We can all agree data's important, whatever bromide you want to use, data's the new oil and so forth and so on. Many of the chief data officers that we've talked to are individuals that maybe do a lot of governance, lot of things that CIO's generally aren't responsible for. Yet at the same time, data is becoming this new competitive advantage and it's so important to information technology. What are your thoughts on data, helping companies become data-driven and what is the role of the CIO in that context? >> First of all, data is really, really important. How a company deals with its data is a gigantic differentiator. Obviously, we have all this opportunity in the areas of machine learning and potentially AI and so on. When I was at Yahoo, one of the things I worked on was our privacy initiatives and even back then, we had the ability to ingest a lot of data about our users and we had the ability, algorithmically, to do behavioral targeting. But we had to make some ethical decisions and some compliance decisions about how we used that data and so, the technology has been available for some time, but where we haven't caught up is in policy. I think that Chief Data Officer is really at the nexus of creating policy, understanding capabilities and deciding how we apply those things. We've always needed that role. Sometimes it's the CIO, sometimes it's the Chief Privacy Officer, we've always needed that role but the role is a little bit different, I think, with data because of the power of the data. I do think there's a need for some knowledge of the law, GDPR is coming down from Europe and there's a key factor there. Ultimately, data needs to be treated like an asset. It's product as much as anything else. I think someone who's akin to a Chief Product Officer needs to handle the company's data and that data needs to imbue the product, it needs to go to market plans. It also can be a reflection of the culture of the company, as well. Even collecting data on ourselves and how we operate and how our employees move through their cycles is very, very powerful. Always with ethics, though. That's the thing that, if you leave data in the hands of pure engineers or pure technologists, then you need some sorts of checks and balances as well because sometimes we're overcome by the possibilities of the technology, without thinking through the possibilities that affect human beings. We need that balance. >> I've always felt like the CIO is the field general and should be implementing the data strategy but he or she shouldn't be necessarily responsible for, Okay, how are we going to monetize the data? Who has access to data? What are the data policies? That seems like a full-time job but there is overlap, though. >> It's messy, right? A lot of times it has to do with, I mean at that sea level, those are all board-level positions, right? Ultimately, we're responsible for the financial health of the company >> Sure. >> At that level. Really, we're playing to our strengths. Sometimes we come to the table and we understand how to monetize data. Sometimes we come to the table and we know how to efficiently manage operations. There's usually a mix. There's somebody with a CTO or a CPO or a CIO title or a Chief Data Officer title, but it's less about the title and more about those strengths that show up around the executive table but there needs to be somebody, or maybe a combination of a couple of somebodies, who are hungry for the value that they can derive from that data and accrue that to value to the company. >> It's some notion of swim lanes for accountability but recognizing there's some overlap. We got to talk about women in tech, but go ahead. >> Just two things, Wendy. >> Did you notice I'm a girl? >> As a technology leader, I'm curious if you see differences between yourself being a technology leader in Silicon Valley and those outside the Valley and the second one, just curious if you've had any learnings working now for a company that sells to the enterprise versus being on the consumer side of the house at GoPro and some of the others? >> Silicon Valley is a bubble. We all breathe our own oxygen. We think we're pretty cool. We tend to be libertarian as a group and therefore, we have libertarian policies that are embodied in how we develop code, how we create product and we're creating our own little culture but we're not in sync with a lot of the rest of the world. Luckily, one of the pieces of our culture is about building things that are open and so people can repurpose our technologies in ways that make sense for them. The other thing is, even more profound, is the effect of millennials on both Silicon Valley and outside of Silicon Valley. Millennials are changing how we develop code, how we organize our companies, et cetera. Your other question, can't remember. >> Consumer versus selling to the enterprise. >> I think the difference really is just internally, my job it was a different sport, working for a consumer company because people weren't generally smarter than me around my technology. In the consumer company. But they are a lot smarter than me. I am not the technical expert in the room at Nutanix. All of them know more than I do. >> No offense, but I'll bet. >> That was a little intimidating. I had to think twice, do I want to go back to being in junior high? >> Got to ask you, your journey. 17% of the IT industry's employment comprises women. Just so happens that 17% of the guests on theCUBE are women. We really try and go overboard on it. >> Hard to find us. >> There's a clear disparity in pay, it's well-documented. What was your journey to get here? >> It's only now that I'm old and wise and at a senior level that people are making a big thing about me being female. I've been female my entire career. >> Never heard boo. >> I never traded on it. I will tell you that throughout my career, I have been given advice that would seem ridiculous if it were given to a male. As an example, I've been told that I use too many words. That I'm too emotional. I've been told, can you imagine? If I said, Hey Bob, could you button up that top button of your shirt, there? When you sit down, don't spread your legs because I'm drawn to looking at Girls, women, we get that advice from senior advisors. We're told, Be less emotional. I've always ignored that advice. I'm a mom, I have the blonde 1980's hair. There's not much I can do about that. Being genuinely myself, it was all I could figure out how to be. It just so happens that now I'm in my 50's and I'm a CIO, so suddenly that's a thing. It's never been a thing. It's been something where my entire career, I've had to just keep my own counsel and be genuine and the fact that I'm female and feminine and a mom, doesn't diminish the fact that I'm also a brilliant technologist, that I'm good at leading people. I can feel empathy and care in my heart for a person, at the same time that I'm firing them for non-performance. I can be multifaceted. I think that's women's superpower. I think when we try to be just one thing or we try to be more like the traditional male in leadership, then it's like being Jerry Rice and walking onto the field with your legs tied together. My unfair advantage, to quote John Madden, I got to use my unfair advantage. My unfair advantage is that I think in a multifaceted way. >> Wendy M., thanks so much for coming. I'm glad we could make time for you, I'm glad you could make time for us. Thank you. >> Thank you, appreciate it, it was fun. >> Keep it right there, buddy. We'll be back to wrap. This is theCUBE in D.C. at Nutanix .NEXT. Right back.

>> Announcer: Live from Washington, DC, it's theCube, covering AWS Public Sector Summit 2017, brought to you by Amazon Web Services and its partner ecosystem. >> Welcome inside the convention center here in Washington, DC. You're looking at many of the attendees of the AWS Public Sector Summit 2017. We're coming to you live from our nation's capital. Several thousand people on hand here for this three-day event, we're here for two days. John Walls, along with John Furrier. John, good to see you again, sir. >> Sir, thank you. >> We're joined by Jay Littlepage, who is the VP of Infrastructure and Operations at Digital Globe, and Jay, thank you for being with us at theCube. >> My pleasure. >> John W: Good to have you. First off, your company, high-resolution, earth imagery satellite stuff. Out-of-this world business. >> Yep. >> Right, tell our viewers a little bit about what you do, I mean, the magnitude of, obviously, the environmental implications of that or defense, safety security, all those realms. >> Okay, well, stop me when I've said too much because I get pretty excited about this. We work for a very cool company. We've been taking earth imagery since 1999, when our first satellite went up in the sky. And, as we've increased our capabilities with our constellation, our latest satellite went up last November. We're flying, basically, a giant camera that we can fly like a drone. So, and when I say giant camera, it's about the size of a school bus, and the lens is about the size of the front of the school bus, and we can take imagery from 700 miles up in space and resolve a pixel about the size of a laptop. So, that gives us an incredible amount of capability, and the flying like a drone, besides just being really cool and geeky, we can sling the lens from basically Kansas City to here in Washington in 15 seconds and take a shot. And so, when world events happen, when an earthquake happens, you know, they're generally not scheduled events, we don't have to have the satellite right above the point where there's something going on on the ground, we can take a shot from an angle of 1,000 miles away, and with compute power and good algorithms, we can basically resolve the picture of the earth, and it looks like we're right overhead, and we're getting imagery out immediately to first responders, to governmental agencies so they can respond very quickly to a disaster happening to save lives. >> So, obviously, the ramifications are endless, almost, right? >> Yes. >> All that data, I mean, you can't even imagine the amount, talk about storage. So, that's certainly a complexity, and then, they are making it useful too all these different sectors. Without getting too simple, how do you manage that? >> Well, you know, it's a big trade-off because, ideally, if storage was free, all of our imagery in its highest consumable form would be available all the time to everybody. Each high-resolution image might be 35 gig by itself. So, you think of that long of flying a constellation, we've got 100 petabytes of imagery. That's too much, it's too expensive to have online all of the time. And so, we have to balance what's going to be relevant and useful to people versus cost. You know, a lot of the imagery goes through cycle where it's interesting until it's not, and it starts to age off. The thing about the planet, though, is we never know what's going to happen, and when something that aged off is going to be relevant again. And so, the balance for my team is really making sure we're hitting the sweet spot on there. The imagery that is relevant is readily accessible, and the imagery that's not is, in its cheapest form, fact or possible, which for us, is compressed, and it's in some sort of archival storage, which for us, now that we've used the Snowmobile, is Glacier. >> Jay, I want to ask to give your thoughts. I want you to talk about DigitalGlobe, before that, some context. This weekend, I was hanging out with my friends in Santa Cruz and kids were surfing. He's a big drone guy, he used to work for GoPro, and she used to buy the drones and, hey, how's it going with the drones. It got kind of boring, here's a great photo I created, but after a while, it just became like Google Earth, and it got boring. Kind of pointed out that he wanted more, and we got virtual reality, augmented reality, experience is coming to users. That puts imagery, place imagery, the globe, pictures, places and things is what you guys do. So, that's not going away any time soon. So, talk about your business, what you guys do, some of the things that you do, your business model, how that's changing, and how Amazon, here in the public sector, is changing that. >> Well, that's a fantastic questions, and our business is changing pretty rapidly. We have all that imagery, and it's beautiful imagery, but increasingly, there's so much of it, and so many of the use cases aren't about human eyeballs staring at pixels. They're about algorithms extracting information from the pixels. And, increasingly, from either the breadth of pixels, instead of just looking at a small area, you can look around it and see what's happening around it and use that as signal information, or you can go deep into an archive and see the same location on the planet over and over over years and see the changes that had happened in terms of time frame. So, increasingly, our market is about extracting information and extracting insights from the imagery more so than it is the imagery itself. And so that's driving an analytics business for us, and it's also driving a services business for us, which is particularly important in the public sector to actually use that for different purposes. >> You can imagine the creativity involved and developers out there watching or even thinking about using satellite imagery in conflux with other data. Remember, they're in the Web 2.0 craze earlier in the last decade. You saw mashups of API with Google Max. Oh yeah, pull a little pin, and then the mobile came. But now, you're seeing mashups go on with other data. And I've heard stats at Uber, for instance, remaps New York City every five days with all that GPS data of the cars, which are basically sensors. So, you can almost imagine the alchemy, the convergence of data. This is exciting for you, I can imagine. Won't you share with us, anecdotally or statistically what you're seeing, how this is playing out? >> Well, yes, some of our biggest commercial customers of our products now are location-based services. So, Uber's using our imagery because the size of the aperture of our lens means we have great resolution. And so, they've been consuming that and consuming our machine learning algorithms to basically understand where traffic is and where people are so that they can refine, on an ongoing basis, where the best pick-up and drop-off locations are. That really drives their business. Facebook's using the imagery to basically help build out the Internet. You know, they want to move into places on the planet where Internet doesn't exist. Well, in order to really understand that, they need to understand where to build, how to build, how many people are there, and you can actually extract all that from imagery by going in in detail and mapping roofs' shapes and roofs' sizes, and, from there, extracting pretty accurate estimates of how many people live in a particular area, and that's driving their project, which is ultimately going to drive access for... >> Intelligence in software, we look at imagery. I mean, we here at Amazon, recognition's their big product for facial recognition, among other pictures. But this is what's getting at, this notion of actually extracting that data. >> Well, you think about it. You know, once the data is available, once our imagery is available, then the sky's the limit. You know, we have a certain set of algorithms that we apply to help different industries, you know, to look at rooftops, to look at water extractions. After a hurricane, we can actually see how the coverage has changed. But, you look at a Facebook, and they're applying their own algorithms. We don't force our algorithms to be used. We provide the information, we try to provide the data. Companies can bring their own algorithms, and then, it's all about what can you learn, and then, what can you do about it, and it's amazing. >> So, here's the question. With the whole polyglot conversation, multiple languages that people speak that's translated into the tech industry, and interdisciplinary forces are in play: Data science, coding, cognitive, machine learning. So, the question is, for you, is that, okay, as this stuff comes together, do you speak DevOps? It's kind of a word, and we hear people say, is that in Russian or is that like English? DevOps is a cloud language mindset. And so, that brings up the question of, are you guys friendly to developers, and because people want to have microservices, I'm from a developer, I'm like, hey, I want those maps. How do I get them, can I buy it as a service, are they loaded on Amazon, how to I gauge with DataGlobe, as a developer or a company? >> Well, you think about what you just said and the customers I just talked about. They're not geospatial customers. You know, they're not staffed with people that are PhDs in extracting information. They're developers that are working for high-tech companies that have a problem that want to solve. >> There are already mobile apps or doing some cool database working in here. >> So, we're providing the raw imagery and the algorithms to very tried and true systems where people can plug into work benches and build artificial intelligence without necessarily being experts in that. And, as a case in point, my team is an IT team. You know, we've got a part of the organization that is all staffed with PhDs. They're the ones that are driving our global... >> John W: PhD is a service. (laughter) >> Well, kind of. I mean, if you think about it, they're driving the leading edge, for these solutions to our customers. But, I've got an IT team, and I've got this problem with all this data that we talked about earlier. Well, how am I actually going to manage that? I'm going to be pulling in all sorts of different sources of data, and I'm going to be applying machine learning using IT guys that aren't PhDs to actually do that, and I'm not going to send them to graduate school. They're going to be using standard APIs, and they're going to be applying fairly generic algorithms, and... >> So, is that your model, is it just API, is there other... >> I think the real key is the API makes it accessible, but a machine learning algorithm is only as good as its training. So, the more it's used, the more it refines itself, the better our algorithm gets. And so, that is going to be the type of thing that the IT developer, the infrastructure engineer of the future becomes, and I've already, basically, in the last couple of years, as we started this journey at AWS, 20% of my staff now, same size staff, but they're software developers now. >> So, I'll take this to the government side. We talked a lot about commercial use. But at the government side, I'm thinking about FEMA, disaster response, maybe a core of engineers, you know, bridge construction, road construction, coastline management. Are all those kind of applications that we see on the dot gov side? >> There are all things that you see that can be done on the dot gov side, but we're doing them all in the commercial environment. The USC's region for AWS, and I think that's actually a really important distinction, and it's something that I think more and more of the government agencies are starting to see. We do a lot of work for one particular government agency and have for years. But 99 point something percent of our imagery is commercial unclassified, and it's available for the purposes that our customers use it for, but they're also available for all those other customers I've talked about. And more and more of what we do, we are doing on the completely open but secure commercial environment because it's ubiquitous for our customers. Not all of our customers do that type of work. They don't need to comply with those rigid standards. It's generally where all AWS products that are released are released to, with the other environments lagging, and they probably don't want me saying that on TV, but I just did. And it's cheaper, you know, we're a commercial company that does public sector work. We have to make a profit, and the best way to do that is to put your environment in a place where if you're going to repeat an operation, like pulling an image of Glacier and build it into something that is consumable by either a human or an algorithm and put it back. If you're going to do something like that a million times, you want to do it really inexpensively. And so, that's where... (crosstalking) >> Lower prices, make things fast, that's Jeff Hayes' ethos, shipping products, that these books in the old days. Now, they're shipping code and making lower-latency systems. So, you guys are a big customer. What are the big implementation features that you have with AWS, and then, the second part of the question is, are you worried about locking. At some point, you're so big, the hours are going to be so massive, you're going to be paying so much cash, should you build your own, that's the big debate. Do you go private cloud, do you stay in the public? Thoughts on those two options? >> Well, we have both. Right now, we're running a 15-year-old system, which is where we create the imagery that comes off the satellites, and it goes into a tape archive. Last year, Reinvent... >> John F: Tape's supposed to be dead! >> Tape will die someday! It's going to die really soon, but, at the Reinvent Conference last year, AWS rolled out a semi truck. Well, the real semi truck was in our parking lot getting loaded with all those tapes, and it's sad... >> John F: Did you actually use the semi? >> We were the first customer ever, I believe, of the Snowmobile. And so, it takes a lot of time and effort to move 12,000 LTO 5 tapes loaded onto a semi and send it off. You know, that represents every image ever taken by DG in the history of our company, and it's now in AWS. So, to your second part of your question, we're pretty committed now. >> John F: Are you okay with that? >> Well, we're okay with that for a couple of reasons. One is, I'm not constraining the business. AWS is cheaper. It will be even cheaper for us as we learn how to pull all the levers and turn all the dials in this environment. But, you know, you think about that, we ran a particular job last year for a customer that consumes 750,000 compute hours in 22 days. We couldn't have done that in our data center. We would have said no. And so, I would... >> I know, I can't do, you can't do it. >> We can't do it! Or, we can do it, come back, the answer will be here in six months. So, time is of the essence in situations like that, so we're comfortable with it for our business. We're also comfortable with it because, increasingly, that's where our customers already are. We are creating something in our current environment and shipping it to Amazon anyway. >> We're going to start a movie about you, with Jim Carrey, Yes Man. (laughter) You're going to say yes to everything now with Amazon. Okay, but this is a good point. Joking aside, this is interesting because we have this debate all the time, when is the cloud prohibitive. In this case, your business model, based on that fact that variables spend that you turn up your Compute is based upon cadence of the business. >> That's exactly right. You know, the thing that's really changed for the business with this model is historically, IT has been a call center, and moving into Amazon, I manage our storage, and I pay for our storage because it's a shared asset. It's something that is for the common good. The business units and different product managers in our business now have the dial for what they spend on the Compute and everything else. So, if they want to go to market really rapidly, they can. If they want to spin it up rapidly, they can. If they want to turn it down, they can. And it's not a fixed investment. So, it allows the business philosophy that we've never had before. >> Jay, I know we're getting tight on time, but I do want to ask you one question, and I did not know that you were the first Snowmobile customers, so, that's good trivia to have on theCube and great to have you. So, while we got you here, being the first customer of AWS Snowmobile when they rolled out at Amazon Reinvent, we covered on SiliconAngle. Why did you jump on that and how was your experience been, share some color onto that whole process. >> Okay, it's been an iterative learning process for both us and for Amazon. We were sitting on all this imagery. We knew we wanted to get in AWS. We started using the Snowballs almost a year and a half ago. But moving 100 petabytes, 80 terabytes at a time, it's like using a spoon to move a haystack. So, when Amazon approached us, knowing the challenge we had about moving it all at once, I initially thought they were kidding, and I realized it was Amazon, they don't kid about things like this, and so we jumped on pretty early and worked with them on this. >> John F: So, you've got blown away like, what? >> Just like. >> What's the catch? >> Really, a truck, really? Yeah, but really. So, it's as secure as it could possibly be. We're taking out the Internet and all the different variables in that, including a lot of cost in bandwidth and strengths, and basically parking and next to our data, and, you know, it's basically a big NFS file system, and we loaded data onto it, the constraint for us being, basically that tape library with 10,000 miles of movement on the tape pads. We had to balance between loading the Snowmobile and basically responding to our regular customers. You know, we pulled 4 million images a year off that tape library. And so, loading every single image we've ever created onto the Snowmobile at the same time was a technical challenge on our side more so than Amazon's side. So, we had to find that sweet spot and then just let it run. >> John F: Now, it's operational. >> So, the Snowmobile is gone. AWS has got it. They're adjusting it right now into the West Region, and we're looking forward to being able to just go wild with that data. >> We got Snowmobiles, we got semis, we have satellites, we have it all, right? >> We have it all, yeah. >> It's massive, obviously, but impressed with what you're doing with this. So, congratulations on that front, and thank you again for being with us. >> My pleasure, thanks for having me. >> You bet, we continue our coverage here from Washington, DC, live on theCube. SiliconAngle TV continues right after this. (theCube jingle)

>> Announcer: Live from Las Vegas, it's theCUBE covering NAB 2017, brought to you by HGST. >> Hey, welcome back everybody, Jeff Frick here with theCUBE, we are back at NAB 2017 with a hundred thousand of our favorite friends doing everything about broadcast media. It's media, it's entertainment, it's technology, it's the M.E.T. effect, which is all the rage here at the show, because you can't really separate the three, they're all tied together. Really excited to be joined by our next guest, who's in the weeds, keeping an eye on this, trying to keep up with all the crazy trends. He's Avi Swerdlow, he's a Manager, Research and Development at the Walt Disney Company. Avi, welcome. >> Thank you, thank you for having me. >> Absolutely, so first off, we talked a little bit before we went live, your first time at the show, kind of general impressions of NAB? >> Yeah, it's big, a lot of walking, is my first impression. Aside from the tired feet, it's really exciting to see all the new tech out here. From talking to other people who have been in years past, it seems like things move really fast here. So what you were seeing last year is completely different of what you're seeing this year. But loving all the different sections, everything from hardware to some of the more data-driven stuff. Noticing that a lot more things are moving digital, that a lot of demos are now on laptops instead of physical. >> Right. >> Which is exciting to see. I've been impressed by some of the bigger company, like Microsoft's and IBM's machine learning efforts. And equally impressed by some of the hardware plays at DGI and GoPro, so really, really exciting stuff. >> Yeah, it's really interesting, kind of bifurcation of the market. On one hand, you've got all this crazy high end stuff with 4K and 6K and 8K and ultra HD and all these things and 360 and all these crazy cameras. At the other hand, you've got democratization of distribution with YouTube and Vimeo and all these tools being brought down in a price point, Samsung, 360 camera, where you can be a relatively small content creator and have amazing tools at your disposal. So the opportunities from a creative point of view have probably never been richer. >> Absolutely. I think a lot of what we're trying to focus on is moving in that digital direction for some of our content. Trying to implement some of those lower end or more cost efficient tools and those distribution points to get our content to people faster while at the same time trying to keep up on the higher 4K end. Something that's interesting I've chatted with my colleagues is that things move so fast that it's hard year to year to come here and see all the new things that are completely different from what you saw last year. >> Right, right. >> Now you have to start implementing those things. So I think it's a balance between all of that. I think, given that we're a big media company, some of those lower end tools are really interesting to us. In a sense that, take news for example. It's equally exciting to go live on Facebook video as it is sometimes to do it on a traditional broadcast. So I think learning how we integrate those and integrate those well are some of what we're trying to explore. >> Right. One of the topics we talked about before the cameras turned on was this virtual reality and augmented reality, VR and AR. It is pretty interesting because you talked specifically about data infusion on top of tech. And I remember the first time I ever saw a sports broadcast where, I think it was Fox maybe, that put the score bug on the upper left hand corner. You're like what is that, you're taking valuable real estate. Now we're so accustomed to this multi-layers of data on top of the broadcast. Take like a Bloomberg channel, where some of those things, where now they have multiple feeds that are constantly going. It's a very different way to consume data but that's what people really want these days. >> Absolutely. I think that last year was kind of this year of AR, VR. Where people thought there was going to be this massive revolution all of the sudden where everybody would be, would have headsets and VR would become ubiquitous. I think that will happen eventually, it's probably going to be a slower burn, mostly because people don't have devices yet. I think there's not enough content out there, not enough devices out there. Regardless, I think that if you distill down what AR and VR is at its core, it's the augmentation of information over something else. >> Right. >> So I think a lot of people are now starting to explore, what are the baby steps you take to implement some of that technology into your workflow. Assuming that people don't have devices yet, so I think, when I look at some of the virtual sets that we're seeing around this show and the implementation of information over, let's say, news or sports broadcasts, that becomes really interesting. If you use, we were talking about photogrammetry or volume capture, if you can use some of that and do interesting stuff for instance, if you're looking at a sports game and you're able to create in something like Unity or Unreal, an asset that represents the sports game, it becomes a much easier way to understand what's going on in the game then just a set of numbers. Yes, when you saw that score in the top left hand corner that was exciting. Now imagine seeing a live 3D version of the game same information unfolding, just in a different way. I think those are the baby steps towards this AR, VR implementation and eventually you might get to a point where everybody has a headset but baby steps for the average consumer. >> Right, right. In a lot of conversations about machine learning, you said you're excited about some of the machine learning, you've got the metadata and better metadata around the assets themselves, but now actually getting into the assets at the frame level to do more exploration so that people can, it's the age old adage, find, consume and share-- >> Absolutely. >> The stuff that they're most interested in. There's a lot of new opportunities because of the horsepower of these machines here that we're surrounded by, in terms of the massive capacity, and speed of the storage systems, to do things that you really couldn't do inside the assets themselves. >> Absolutely. I think our problem at somewhere like Disney is unique. It's different than at Google or at Facebook. We're not looking at this huge well of content like YouTube. We're looking at a smaller amount of content and what's really important to us is accurate metadata about our content more so than just having metadata. A lot of what we focus on is definitely metadata extraction but to the extent that we're going to use these machine learning tools we want to have really good training sets and get back really accurate data. So a lot of what we focus on is being able to have a QA layer on top of the machine learning efforts. Being able to use machine learning efforts that can be honed towards one show for instance. >> Right. >> So only extracting a certain set of characters. We really enjoy using these tools and enjoy finding ways that we can apply them to a unique problem which seems to be different than the problem that some of them are trying to address. >> Right. >> But regardless, they're working really well for us. >> So what are some of the use cases, or can you share any of how you're using machine learning to get and score that kind of metadata. >> Yeah. For instance, we're starting to use metadata in some of the ways other people are. Some of the stuff that I can talk about for instance is facial capture, location capture. Things that other people are doing but again, they're unique to one show. For instance, a Quantico on ABC might be something where we have a set of characters that we're looking for. We're starting to use machine learning to look at things like that. >> Interesting. Now Disney obviously, great company, been around forever, huge legacy. I'm just curious to the conversations in the hallway there's just this crazy wave of technology butting up against, we still have to tell great stories. Disney has a long history of telling great stories whether it's through the original animation studios or all the vast properties in which you guys have grown up. Is there still a creative ying and yang there-- >> Absolutely. >> Is there a thread and a rebalancing about technology versus let's not forget what should be-- >> A hundred percent. >> Job one. >> Absolutely. I think that's why I really enjoy working at Disney. It's always story first. My background is actually in creative development in the film industry so I always come at it from a story first point of view. I enjoy that the rest of the company does as well. But if you look at Disney's history, it's always been technology complimenting story. Think about the multi-plane camera in Snow White. The reason Snow White was able to be made was because Disney democratized animation. He figured out the technology that made animation possible at a feature film scale. Without that machine, that would not have been possible. I think in our core history you have these certain technologies that are put to use in the service of story. I think that's pretty much how we approach everything. We're looking for stuff that's going to augment our storytelling efforts. Not replace it, not degrade it in any way but only to enhance it. That's in our legacy. >> Right, right. That's interesting, I've never heard it explained that way but that is so much the trend that we continue to be on today. It's democratization of the data, democratization of the access to the data, democratization of the analytics of the data. And then operating at scale. Which requires, in today's scale, I'm not talking about a two hour movie scale, actually be able to set animation, but massive amounts of data that are flowing through the system. So how do you-- >> Absolutely. We want to use that data to empower our storytellers. To empower anybody at the company to tell better stories. But data management it's tough. I think a lot of what we had to do is first of all put in place the plumbing to make that data easily accessible. To make it easily searchable. To make it correct. To make it authoritative. To get people out of their spreadsheets that you had stored away somewhere. And unify that data so that it starts to tell a story. We've been very successful in those efforts. But it's a massive undertaking because you have companies that have not necessarily thought from a data first point of view and are now realizing that the actual value of this data. So part of what we're doing is extracting that metadata. Doing it in a way that's extremely accurate and authoritative. But also going as far upstream as possible to try to find are there other people that are already collecting this metadata and can we have them put it into a central database as opposed to everybody having their own little corner of data? >> Right, right. Is there an effort to reassess the value of the data? Where before just raw data in and of itself was a liability. Was expensive to store, expensive to keep and there was always trade off decisions about what you keep what you throw away. Now there really is the opportunity to keep it all and there's significant data outside, maybe beyond the box office gate of the feature film with all the various distribution channels and ancillary things. Obviously Disney is way ahead of the curve in terms of licensing and realizing value beyond just the core asset. But are there new ways now that those models are being worked in so that you can justify the additional expense of all this extra metadata and storage and infrastructure which, at the end of the day, you got to pay the bill-- >> Certainly. >> To the data center. >> Absolutely. I think to the extent that we can use our data to tell our stories to gain new insights it is extremely valuable. I think there are efforts around the company to, not necessarily store as much data as possible but to find what data is valuable and where it is. We're finding more and more data that is valuable. Because when you are able to unify it with other data it starts to tell a story. That's both data about our content, about our content performance, about our consumers, that what types of stories we should and shouldn't be telling. I think it's not just taking everything but it's figuring out what data is actually valuable and then trying to derive as much insight as possible from that. >> Right. Alright so, 2017, what are your top priorities for this year? Can't believe we're a third of the way through 2017- >> I know. >> It used to be like a stereo question, I guess it's not an end of the year question anymore. >> I would say one of our main goals is really to advance our automation efforts. I think also to the extent possible to advance our metadata tagging efforts as much as possible. I'd say that's top of mind at the moment. In addition to some other things but that's some of the stuff we're thinking about. >> Alright, great. Well Avi, thanks for-- >> Thank you for having me. >> For taking a few minutes and enjoy your first ever >> Thank you, yeah I will. >> NAB 2017. Alright Avi Swerdlow from Disney. I'm Jeff Frick from theCUBE, you're watching us like from NAB 2017 at the Las Vegas convention center. We'll be back after this short break. Thanks for watching. (upbeat music)

>>que presents on the ground. Wait. >>Hi. I'm Lisa Martin with the Cube, and we're on the ground at the Computer History Museum in Silicon Valley with the Association for Corporate Earth or a CG. Tonight is a CG 12th annual Growth Awards, and we're very fortunate to be joined by one of the longest sponsors of a CG Deloitte Gary Herbert from Delight. Welcome to the Cube. >>Thank you so much. >>So not only is a long time sponsor base did you get through the second biggest with the presumably a lot of options that Dylan has a sponsor and engage in communities like that. What next? A CG unique and warrant Deloitte sponsorship and active participation >>Delights been involved with a CG for over 10 years. And the reason is they collect a great group of senior leaders in Silicon Valley to talk about things that are really important. And a lot of great networks air here and make great things happen in the community. >>Excellent. And you can hear and feel the buzz of the innovation and the history of veterans in the room. We're here tonight to honor men who won the 2016 outstanding growth award, as well as Ambarella, who won the 2016 Emerging Growth Award in terms of the metrics used to select the winners, can you give us a little insight into what those metrics are and what this metrics and key criteria really mean for these types of award winners? >>One of the key metrics that we look at his revenue growth and Fitbit has had an incredible run over the last five years. But what's particularly amazing about Fitbit is they've been doing it very profitably, so it's really been a great testament to that. You can grow and grow in a profitable matter. >>And as we look at the next 2 to 3 years, in your perspective, what are some of the market drivers that you're going to see really influencing the fifth Mrs Your predictions there expect >>Fitbits and continue to be very successful. They've really done a great job from an execution perspective. They got great products and they define their brand. It's not just a just a tracker of steps. It is really a wellness brand. And that's why I think they're gonna continue to be successful. >>Same question for Amarillo in terms of emerging growth where some of the market drivers over the next two years, Amarilla will face. What are your >>predictions for them with Amber? I mean, since they're in the chip business, they they place themselves or have been very successful with getting successful with successful products, and that'll help their continued growth as well. Excellent. And >>what that said, Tell us what's next for Deloitte. >>Deloitte and we're diversified. Professional service is firm. I mean, people think of Deloitte as part of the Big Four, which is people think of audit Tax, I think people don't know is we're also actually were a consulting firm and an advisory firm. In fact, that makes up more than half of our revenues here. Look excellent. >>As we look forward to the future, we know tonight think that an emerald are in some great company with past winners. Lengthen Trulia Gopro What? Your predictions >>for the next class of candidates for 2017 grow awards. That's what's really exciting about this is you don't know who's successful. Companies are. If you told me three years ago is gonna be here today, I wouldn't have necessarily thought that. Um So what's exciting about this is you get to see what is next and who's who's being successful. And it really gets to celebrate the growth of those companies. Absolutely great closing to celebrate, not just the growth of these companies tonight fit, but an amber alert that we're here to celebrate, but >>also all of the >>leadership and expertise and sponsorship that we have here in Silicon Valley. Garrett, thank you so much for taking time to join us. It was a pleasure having you on the Cube. Thank you so much, Lisa. And with that said, Thank you for watching the Cube. I'm your host, Lisa Martin, and we'll see you next time.

>>Live from the Mandalay convention center in Las Vegas, Nevada. It's not cue at IBM insight 2014 >>you're all your hosts. John furrier and Dave Volante.. >>Okay. Welcome back everyone. We're here live inside the cube at IBM insight. I'm Sean with Dave Volante. We go after the events, extract the signal and noise. We go wall to wall covers what we do here. I don't, of course we're excited to have awesome gas. We talked to the executives, entrepreneurs, but we get the media stars in here. Uh, Katie Lyndon doll. Welcome to the cube. You are with CNN, the today show. You're the tech correspondent and you get a lot of energy. I could just tell this is going to be fun. It's been fun to hear the last few days. So I mean, Watson is the geeky story of any what, what are you seeing? Let me get the wife in a second. But outside of Watson, what's the coolest thing you've seen? >>I'm constantly on the hunt for the latest innovations in technology and I think that's probably the best part about my job. And always chasing down high level stories. I recently just came back for a dive with NASA. I learned that NASA astronauts actually train underwater to simulate microgravity and I'm like, Oh my gosh, no way. And they're like, do you want to come down to the world's only Marine underwater habitat? I was like, yes, please. So went down to the Florida keys, it's an hour off the coast and was diving literally with NASA European space agency and the Canadian space agency underwater. And again, it's the world's only underwater Marine habitat and seeing how they train in everything from asteroid mining to um, underwater surgery to actually seeing how the body responds to exercise. I guess water simulates one sixth of gravity. So it was a pretty dynamic shoot. >>I was doing that for NBC news and it's just I, those are the types of stories. I, I am a diver. I actually was doing a story on big data last year and it required me to get my dive certs and the Island of Bermuda feel very bad. It was a presentation that I was speaking on here at insight a, there was all this crowdsourced information about how the lion fish, if you've ever heard of the lion fish has been, it's an invasion in the Atlantic ocean. I took all of this information and metrics and made a story for CNN and it required me to get my advanced dive certs. So now I'm getting all these dive stories cause there's not a lot of us dive reporters. So the lion fish story for CNN too. Another good example of a piece that I go after. >>So you, you bring a lot of energy. What do you see here? I mean you see a lot of stories and you get pitched stories. I can imagine that your email box flux, I mean it's like, Oh >>I have 78,000 unread emails right now. I'm not proud of that. But yes, constantly being pitched. >>I had 40,000 I'm a little bit blind. I'm going to give that to you in the today show. Not too shabby. But what do you do? You get pitched all the time and so you got the vet stories. What's your formula for vetting stories? I mean, what gets your attention and how do you go outside your comfort zone to select good stories? What your attention. It's funny, >>you know, so I've been in television for the last 10 years and I feel like now I have this internal barometer and knowing when something's very good and the scope of the things that I cover from, you know, in the past month alone when I was talking about the NASA piece and then I'll flip the next day and do top Halloween gadgets on today's show. So it's, it's very vast, but I can instantly tell and it's, it's come through experience and being in a background in technology and knowing what's gonna work for the consumer and knowing a hot product. When I see it and I I T I gotten pretty good I think at it spotting a product that a consumer is going to love but also finding a story that is, maybe it's super nerdy, but my job is to take it and to bring it down to a level that's entertaining for any kind of audience, whether it be CNN or whether it be today. >>So it says your Guinness book of world record holder, share that in little nugget with the folks in. Yes, that is a true story. I have a Guinness world record holder in the most high fives and one minute. Okay, so this probably solicit some like how the heck did that happen? I've always been fascinated with Guinness world records and I always wanted one and I've always been obsessed with a high five like I am paranoid of huggers, there's nothing that scares me more or good high five just go for the five. I don't want to bring it in and okay, it's a little OCD. I will completely aware. So anyways, I found that this Guinness world record was held by a clown in England for the most high fives and one minute. So I convinced I was hosting a show on spike TV and I convinced them to allow me to break this record. >>So we had all these people line up in the MTV cafeteria and you have a Guinness world record adjudicator come onsite, you get two tries and if you win you get a plaque in a formal ceremony. The cube before we should do the most consecutive interviews to having a drink of water. We want to just come here and we could break something able to break something or like you said, it's his official. Yeah, we started to get like real nervous and like hot and yeah, so I had two tribes. Oh I was, I was giving him a big ass big fitness person. So I was like ready. And if clown beats me at this point, it's over your careers. division. You'll never work again because I beat it on the first try and then I advanced it on a single hand or you go, there's a whole process as you can imagine with the adjudicator's she's like real intense. >>She's like counting with her clicker on the high five so I go down this line of people and it has to be over there can't be like a mailed in like you know like a high five you go for the five names and then I got a couple that were disqualified, you know like a couple didn't count because it wasn't like a full on five four so like a film replay. Super slow motion. I like argued a few. I was like no, I was for sure up on that one. The flag, it was sponsored by PRL. It wasn't but it should have been but it was fun. So I have a plaque how many? 107 heard rumors that it's been broken but I didn't care as long as I've got a plan to that plan at one point. Okay. Let's cut to about IBM because Watson is the coolest thing I'll say is pretty mainstream. >>It hits your wheelhouse. I'll see for the day I've seen jeopardy. Absolutely. Now how does that translate into a story for sure. Stuff going on here. What do you, so what's very cool about Watson? I called my boyfriend because I've had a relationship with him now over the last few years, a few years ago on CVS. I actually got to challenge Watson on a full game of jeopardy and I think that was of course the most, the most memorable part of Watson when he took on the two, you know, jeopardy champions. But so this is like a lifetime moment for me. I got a full game of jeopardy, me Watson and another individual smoked me and actually I was doing okay and then it was like tennis vocab. I was like, Oh, I got this. You know, like I've been in sports my whole life. I've been worked at ESPN for seven years. >>I got this in the bag, I was doing good. And then they were like, Oh, we had them on the low setting. I was like, all right, really? Like really? Like I was just feeling good about myself. I finished with $2, two bucks. Um, and I thought it was so cool how gimmicky it was, you know, in a healthy beach in the tennis category. Oh, you smoking, you never in the low setting for sure. I got a few of those, a few. I actually got set in Tennessee vocab. You're going to have it right. Even watching tennis your whole life. Right. ESPN is embarrassing and disappointing. And then I weighed you too much and then the double jeopardy. Anyways, I digress. So how cool is it that I got to play Watson but then now years later seeing the power in it in many different developments and most notably I work over at as a volunteer at Sloan Memorial Kettering cancer center for a small group called Candlelighters that works with individuals that come in from around the world for cancer treatments. >>Now Sloan is one of those powerful cancer centers in the world is actually using it as predictive analysis. So here and I work with these kids and I, it's very complex. When they go in for a diagnosis, there's lots of different problems that they have and really it's, it's, it's, it's, it's guesswork for a doctor now. They can put all of these things that are happening with it, with a child into a machine, and they can pump out a hypotheses. Of course, you're going to have to have the human interaction tailored with that to have the emotional side, but I had been fascinated, especially on the medical side, watching your boyfriend at this point. That's interesting. We'll get that to the world of Facebook. It's complicated. I heard rumors that he's talks back and we'll listen to this a true statement. He's a lot smarter than I am. >>I'm intimidated by that, but what's the coolest demo with Watson that you've seen besides jeopardy? Yeah, that would have, well I actually learned something new from a few developers that I met yesterday about the new chef app. So being able to go into your pantry and to do some recipe from what you have, the ingredients you have insider, I think that's a little more consumer friendly. So I was kind of like, um, I'm excited to check that one out. Looking at the tech landscape, what are you most excited about? I mean, what's the coolest kind of consumer meats like gadget, short door, tech cloud. If you could pull a few favorites at what's, what's drawing your attention? Uh, one that we actually had here that's probably popped into mind. There's so many to choose from, but in the world of Oculus rift, and the reason I say that is not for the gaming aspect, but more for the potential in the landscape of physical therapy. >>The first time I got on Oculus raft, I was actually training on a Navy boat and I was doing a segment where all my camera men were all around me. I lost track of reality and I got so immersed into virtual reality and being there and even as a huge diver, I get very motion sick and I got motion sick on the boat. Being in this physical, this augmented reality world, we're actually shooting this at the birthplace of Oculus rift. So we really diving behind the scenes into the actual, uh, software and hardware and it was such a cool, immersive experience and realize that what this could do for physical therapy or even at the dentist at a lower end, I think the capabilities for augmented reality and taking yourself out of that moment are huge. So I think that's very exciting. How about drones? >>Oh my gosh. So yes, let's talk to, and my nephew the other day and he said, do you want to see the drone that I built? And I said, yeah, it's got this four or five quadcopter. It's a quadcopter. Yup. I said, where'd you get the software for? He goes, I'll download it. It's all open source. I hacked it a little bit. I actually have several drones. Okay. Nominal. Because this blew me away. I probably have what I consider is the best prosumer drone. It's a DGI Phantom, a DJI Phantom two and I have got some incredible aerial footage over the mountains of Montana and also over a Bermuda, the Island of Bermuda. I sent it up, put it over a shipwreck, gorgeous. And for me as a flake, being in photo and video and going out and getting my own video and not having to rely on a cop, a copter for, you know, that would be thousands of dollars worth of footage or relying on a cameraman. >>I just sent that baby up. I'm like, please don't hit anybody. It's a little hard to operate when you get the one, the higher end models. I have a couple of the parents too. There are a lot easier to operate and do it right from my iPhone, but I am just like, I'm so into it now. I think it's a little gimmicky when we talk about Amazon and pizza deliveries and taco deliveries and beer deliveries with a drone shooting surprises. Texas man, what am, I don't know about that. But uh, I think it's fascinating. I think it's a really cool technology. And again, I've personally saved tens and thousands of dollars using my drones. So you, when you flew over these sites yet proximate, so you had visual concepts. So the Phantom Jerome that I have, that's my favorite one. I actually attach a GoPro to it so I can send it up and I use the gyroscope or just kind of move my GoPro around in mid air. It goes hundreds of feet high. I mean, you've really got to get a grasp on it and know what you're doing. I had it out in a field well before I took it out to an Island on a beach. But I'm not, a drive is not something you really, it's not a remote control car. Now did you build it? Oh no. Goodness. Aww, that's totally on the market. Yeah, I got it at B and H photo >>sending them out. So in San Francisco off their balconies and then they're going out to, you know, angel Island, Alcatraz, and literally they're flying out then unregulated. It's like someday there'll be drone collisions, let's say this is unregulated. This is a huge, people are geeking out with the drones. It's super exciting. Dave camera's shooting down him sending him into football venues or you know, the world series delivering packages. But mom's a streaker. I mean Amazon. I like that. Okay. So what else is new for you? Tell us more about some, some cool behind the scenes at a today's show. Any sad night live, uh, opportunities for you next been >>to Saturday night live. Oh my gosh. By the way, that's like the hottest ticket in New York to get. I've had the opportunity to go to two shows cause my friend's a cameraman over there. The rehearsal for it is like amazing. I know that's a huge digression, but talking about something to see in person, that's one of my bucket lists. Phenomenal. Yeah. Phenomenal. What else is new in New York and the scene there? Uh, Oh, we constantly covering a lot of different pieces. Uh, one, I just came back from Africa a little bit ago. I was doing a number of pieces over there from an elephant orphanage to one of my favorite pieces that we'll be rolling out soon. I did it for cnn.com and also working on a video piece of it. I went in embedded myself in the second poorest part of the entire world in the slums of Kibera, Kenya, and it was amazing to see that in these very poor areas, 70 to 80% cell penetration. A lot of people don't think that a smartphone would be prevalent. It sure is. And these kids, yeah, absolutely. There's cell towers everywhere. These kids were, you know, they don't have much, but they have e-reader devices and they can have thousands of books when they're walking 10 miles to school. You walk into the school that doesn't have any electricity, it's a hundred degrees, but they all have e-readers, Kindles right on their desk. I was blown away. I went to several different schools around Eastern Kenya. Fascinating story to be able to cover. So >>yeah, that's a really good point. In mobile penetration. If I was talking to this startup that where their business plan is to build, sell a solar battery recharging stations because they have the exact points, like they have all these devices but it's not, they don't have the traditional electricity and the parks >>one outlet in the entire school. So fortunately for, you know, with wifi off it's about a week charge on a Kindle. So it is, >>yeah, I think, I think that's a great market opportunity. Certainly in emerging countries, the mobile penetration, I'm so suites about the IBM show here. Is this your first time here or, >>I have had the luxury and the opportunity to be a part of several IBM events and everyone is so uniquely different. And this one all about developers obviously. So something I get to nerd out in myself in that is an it girl and also a developer. It's fun to be able to learn. I picked up so much new information so I just kind of like, they're like, you can, you're done with, I'm like, I'm going to hang out for a little bit longer. >>You know, you know you're a, you know, you're a geek when you're geeking out, when you're off the clock, you know Steve and I the same way. We're like we should stop rookies now let's keep going. So CES, UFC, yes, >>yes, every year for sure. And for anyone that hasn't been to CF, it's kind of on the bucket list for anybody that's attending technology, 35 football fields full of gadgets. Amazing. Yeah, it's always one of my biggest times of the year. So we'll be back here. >>now do you enjoy CES or is it a hard slog for you because you must have to really get down and dirty for CS, I mean a lot of stuff to cover. >>I did and I tried to make it to like the most random boosts. I find someone of my best technology products and like the ma and PA type shops that don't have the million dollar booth and like you know that are really back in a corner and I'm like zero in, >>you go on to cover, by the way, do you go into cover? You kind of sneak in there and you go into the camera guys. No, I go for it. You go for it. Okay. Time. Okay. All right guys. Um, that's awesome. Well can. Thanks for coming on the cube. We really appreciate spending the time. We'd love the personality. I love the energy. I mean Dave and I think you know, we're, first of all we're huge fans of your work. Especially the ESPN part. No, we're, we're big sports fans. In fact we call this the ESPN of tech cause it's our kind of version of like trying to be like ESPN. But we think technology is going mainstream. People at this new generation are geeks and even too, you alluded to ESPN, even sports and technology, I can't tell you how many pieces I've covered in pro athletes and how tech is entering in that space. Everywhere. Disruption in the data, the social media, you know, limiting have agents that go direct to the audience. Just super exciting. I mean I'm real big fan of media, tech, sports and entertainment. Thanks for coming on the cube. We appreciate it. We'll be right back with this after the short break here inside the cube live in Las Vegas. I'm John and Dave. We write back.