>> Narrator: Live from San Francisco, it's theCUBE, covering RSA Conference 2020 San Francisco. Brought to you by SiliconANGLE Media. >> Welcome back everyone. This is theCUBE's coverage from RSA Conference on Moscone South. I'm John Furrier, host of theCUBE. You know, cybersecurity is changing, and the next technology is right around the corner, and it's got to be invented somewhere, and of course Accenture Labs is part of it. Our next guest is Lisa O'Connor, Global Security R&D Lead for Accenture Labs. Lisa's working on some of those hard problems all around the world. Thank you for joining me today. Thanks for coming on. >> Thank you for having me. >> So, we always get the good scoop from Accenture, because you have a lot of smart people in that company. You know, they know their stuff. I know you got a huge analytics team. I've talked to Jean-Luc Chatelain before, and I know you got a massive amount of, deep bench of talent. But as you have to go do the applied R&D, and maybe some of the crazy ideas, you got to start thinking about where the puck is going to be. >> Absolutely. >> You got to understand that. Well, it's pretty clear to us that Cloud is certainly there. Palo Alto Networks had a disappointing earnings yesterday, because their on-premises business is shifting to the Cloud. You're seeing hybrid operating model and multicloud for the enterprise, but now you got global challenges. >> We absolutely do. >> Huge, so what are you guys working on that's coming? Tell us. >> So we're working on lots of exciting things, and Cloud is one of them. But, some of the things I'm so passionate about in labs, and I have the best job at Accenture. Don't tell anyone. (laughs) I do. So, we are working on, like Jean-Luc is working on applied intelligence, we are working on robust AI. So, when we think about AI in the future, how do we feel that, and know that it's okay? How do we put it out there and know it's safe in production, we've done the right training, we've made our model resilient to what's out there? One of the things we see happening, and I love AI, love it. It has great potential, and we get great insights out of it, but a lot of times we stop, we get the insights, and we say, "Okay, it's in the box, we got a couple hits there, "we're good, it's good." No, maybe not. And so really, it's learning and creating the actually applied attacks on AI, and then figuring out what the right defenses are. And, depending on what type of machine learning you're using, those defenses change. And so, we're having a great time in our lab in Washington D.C., working on basically defending AI and building those techniques, so that what we put out as Accenture is robust. >> You know, it's interesting, AI, you watch some of the hardcore, you know, social justice warriors out there going after Amazon, Google, you know, because they're doing some pretty progressive things. Oh, facial recognition, you got AI, you got Alexa. You know, a lot of people are like, "Oh, I'm scared." But, at the end of the day, they also have some challenges like network security, so you have all this AI up and down the stack. And, one thing I like about what's being talked about in the industry is the shared responsibility model. So, I got to ask you, as AI becomes exciting, but also, balancing, frightening to people, how do you get that shared responsibility model, so we get it right, do the experimentation, without people freaking out? (laughs) So, it's kind of like this weird mode we're in now, where I want to do more AI, because I think it benefits society, but everyone's freaking out. >> Yeah, so, in our tech vision that we just launched, The Tech Vision 2020, there's a lot of talk about value and values, which is really important when we think about AI because we can get great value out of it, but there's a values piece of it and it's how we're using it, how we're getting those insights. Because, the one thing, we have this circle, and it's between customer experience, because the companies that do customer experience well are going to excel, they're going to keep their clients, they're going to do amazing things, they're going to become sticky. But, to do that well, you have to be a good custodian of their data and their information, and curated experiences that they want, and not the creepy ones, not the ones they don't want. And so, we really look at that trust is necessary in that ecosystem, in building that, and keeping that with clients. So, that's something that came out of our technology vision. And, in fact, we're going to be talking at the Executive Women's Forum, this is tomorrow, and we're going to be having a panel on AI, and defending it, which will be very interesting. >> Make sure your people film that conference. We'd like to get a view of it on YouTube after. We love those conferences, really insightful. But, I want to get back to what you were talking about, the fun side. >> Yeah. >> You got a lot of new things on, your guys are kicking the tires on, scratching the surface on. You have two operating labs, one in Washington D.C., and one in Israel. What city in Israel? Is it in Tel Aviv or-- >> Herzliya. >> Okay, did not know. >> Yeah, the tech district, just north of Tel Aviv. It's the hotspot. >> So, Silicon Valley, D.C., and Israel, hotbeds of technology now. >> Yes. >> What's coming out of those labs, what's hot? >> Oh, there's so much exciting stuff coming out of our lab in Herzliya. One of the things that we have, and it's something that's been long and coming, it's been brewing for a while, but it's really looking at creating a model of the enterprise security posture. And, when I say a model of it, I'm talking about a cyber digital twin. Because, so much we can't do in our production networks, we don't have the capabilities. We can look around the room, but we don't have the capabilities on the SOCs team side, to ingest all this stuff. We need a playground where we can ask the what-ifs, where we can run high performance analytics, and we do that through a temporal knowledge graph. And, that's a hard thing to achieve, and it's a hard thing to do analytics at scale. So, that's one of the big projects that we're doing out of our Israel lab. >> Are you saying digital twins is a framework for that? >> Yeah. >> Does it really work well with that? >> So the knowledge graph, we can create digital twins around many things, because a digital twin is a model of processes, people, technologies, the statefulness of things, and configurations, whatever you want to pull in there. So, when we start thinking about, what would we take in to create the perfect enterprise security posture? What would give us all the insights? And, then we can ask the questions about, okay, how would an adversary do lateral movement through this? I can't fix everything that's a 10, but I could fix the right ones to reduce the risk impactfully. And, those are the kind of what-ifs that you can do. >> That's real sci-fi stuff, that's right around the corner. >> Yeah, it is. >> That simulation environment. >> It is. >> What-ifs. Oh my god, the company just got hacked, we're out of business. That's your simulation. You could get to, that's the goal, right? >> It absolutely is, to ask those good business questions about the data, and then to report on the risk of it. And, the other thing, as we move to 5G, this problem's getting bigger and bigger, and we're now bringing in very disparate kinds of compute platforms, computing-at-the-edge. And, what does that do to our nice little network model that we had, that our traditional systems are used to defending against? >> I mean, just the segmentation of the network, and the edge opens up so much more aperture-- >> Yes, it does (laughs). >> to the digital twin, or a knowledge graph. You brought up knowledge graph, I want to get your thoughts on this. I was just having dinner last night with an amazing woman out of New York. She's a Ph.D. in computer science. So, we're talking about graphs, and I love riffing on graph databases. But, the topic came up about databases in general, because with the cloud, it's horizontally scalable, you've got all kinds of simulation, a lot of elasticity going on, there's a lot of software being written on this. You got time series database, you got relational database, you got unstructured, and you got graphs. You got to make them all work together. This is kind of the unique challenge. And, with security, leveraging the right database, and the right construct is a super important thing. How do you guys look at that in the labs? Because, is it something that you guys think about, or is it going to be invisible someday? >> Oh, we think about it a lot. In fact, we've had a number of research projects over the last five years now, actually six years, where we've really pivoted hard in cyber security to graph databases. And, the reason for that is, the many-to-many relationships, and what we can do in terms of navigating, asking the questions, pulling on a thread, because in cyber hunting, that's what we're doing. In many of these use cases that we're trying to defend an enterprise, we're following the next new path based on the newest information of now what the challenge is, or what the current configuration is. So, that's really important. So, graph databases enable that so well. Now, there's still the architecture challenge of, okay, when I ask a query, what am I doing? Am I disrupting the whole apple cart? Do I have to process everything over, or is there a way to do that elegantly, where I can ask my query, and because of how I've structured it in storage, I can do it much better, and I can do it much more efficiently. And that, I think, is where the opportunities are. >> I got to tell you, I'm getting exited now on this whole database discussion, because you think about the logic around what you just said. A graph database with that kind of complexity, when you factor in contextually different things happening at any given time, the database needs to be parsed and managed differently. >> Yes. >> That's a huge challenge. >> It is a great research challenge, which is why we're doing it. >> What is that, how far along are we going to be able to have this dynamic, self-evolving, self-governing, self-healing data modeling? Is that coming soon, or... >> Yeah, I hope so. We wrote about it a couple of years ago. >> You did? >> The self-healing enterprise, aspirational. But I think, I mean, we try to get to real time, right? And, we try to get to real time, and again, refactoring. As we talk about what an adversary is going to do, or lateral movement through a business process, we're talking about a lot of computational horsepower to recalculate all that, process it again, update it, and then again present that back. So the number of things we're asking, how we're asking it becomes also very important to the structure. >> Just, it goes zooming up a little bit, high level, what we're really talking about here is value >> of the data. >> Absolutely. >> And, when you get into the valuation of the nodes, and the arcs, and all that graphs, and other databases, you got to know what to pay attention to. It's kind of like going into the hospital and hearing all these alarms going off. At some point you don't know what's, until they hear a flat line, or whatever. >> Right. That's a bad one. >> I mean, well that's obvious. But, now sometimes there's so many alerts, there's so many alarms. How do you understand at any given time what to pay attention to, because obviously when someone's having a problem you want to pay attention to it. If it's a security alert, that's prioritized. >> And the devil is in the analytics, right? What's the question we're asking, and the analytics that give us that prioritization? And that's non-trivial, because there are a lot of other folks that are doing prioritization in a different manner. To do it at scale, and to do it, not just one hop out, but I want to go all the way to the crown jewels, I want that whole path navigated, and I want to know where to cut along that path. That's a hard thing to do. And so, we've actually developed, and we've submitted patents for them, but we've developed new analytics that'll support that. >> Awesome. Well Lisa, I want to ask you kind of a, I'll give you a plug here, just going to get it out, because I think it's important. Skills gap's a big thing, so I want to give you a minute to explain, or share what you're looking for in your hiring. Who are you looking for? What kind of, the make-up of individual, obviously? Maybe, do you use straight, more academic paper kind of people, or practitioners? I mean, when you look to hire, what are some of the priorities that you look for, and who would thrive in an Accenture Lab's environment? >> Oh, my goodness. >> Take a minute to share what you're looking for. >> Yeah, so we love people that think out of the box, and those kinds of people come from very different backgrounds. And so, part of that is, some of them we look for Ph.D.'s, that have wonderful applied skills, and applied is a key word there. White papers are great, I need to be able to prove something, I need to be able to demo something that has value. So, having the applied skills to a business challenge is really important. So, that sort of ground, understanding the business, very important too. But, our talent comes from many different areas. I mean, I kind of joke, my lab looks like the UN, it's wonderful. I have people from across the globe that are in our cyber security lab. I have, in our Washington D.C. lab, we're 50% women, which is also exciting, because we want different experiences, and we shoot for cognitive diversity, right? So, we're looking for people that think differently about solving problems, and are not encumbered by what they've seen in the past, because we're trying to be tip of spear. And, I'm sure you know that from Paul Daugherty. >> Yeah. >> We are trying to be three to five years over the horizon. >> You guys got a good narrative. I always love talking to Accenture, they have a good vision. So, I got to ask you, the next logical question is, obviously, in the news, you see everyone talking about breaches, and ya know, it's not a breach if the door's open, you just walk in. They're really walking in, nothing was really breached, you're just giving it to them. >> Yeah. It's a passive invitation. >> (laughs) Hey come on in. Human error is a big part of it, but then, breach is obviously targeted, phishing, and all that good stuff. But, as those stories get told, there's a whole nother set of stories that aren't being told that are super important. So, I'd love to get your thoughts on, what are the most important stories that we should be talking about that aren't being talked about? >> Yeah, so I have two that are front-of-mind for me. One theme we come back to, and it's not sexy, it's hygiene. It is IT hygiene, and so many of the large companies, and even medium, small companies, we have legacy technology, and keeping that adds complexity, it adds to the whole breadth and depth of what we have to manage and defend. Keeping that attack surface simple and small, cloud-enabled, all those good things, is a real asset and it makes it much easier to defend. So, that's kind of the first non-sexy one, hygiene. The other one I'll say that I think is a challenge that we are not dealing with yet, quantum computing, right? And so, we're on the way to getting our post quantum cryptography in place, but there's another dimension to it, and it's our histories. So, all of the things that have passed on the wire, all the communications with the key exchanges, all that brilliant stuff, is sitting somewhere. Once we get to that point where this becomes very routine, and it's coming fast, we predicted eight years, two years ago. >> So, all that exhaust is somewhere, pent up. >> It's somewhere that, we have to think about how much data we're keeping as custodians, how we're managing it, and then we have to think about the exposure from our past, and say, "Okay, what does that mean that, that was out there?" "Is it aged enough that it doesn't have value?" And, I think there's a real triage that needs to be done, and certainly data management. >> I think, you know, the hygiene brings up a good point. It reminds me of the story Andy Jassy was telling about the mainframe customer that they couldn't find who had the password. They had to find their person, who was retired 10 years earlier to get the password. You don't forget things, but also, there's a human component in all this. Humans and machines are working together. >> Absolutely. >> And. that's a huge part of it. It's not just machines dominating it all, there's going to be a human component, there's a societal impact that we're seeing with information. And, whether that's out in the open, or behind closed doors, there's all kinds of things looming. >> There are, and I think one of the things in the companies that we're seeing who are embracing innovation well, are doing a lot of retraining. Because, the things that people are excellent at, AI is not good at, and the things that AI is good at, are not at all what people are good at. So, the good news is there is a beautiful teaming there, if we retool the skills, or if we re-envision those roles, so that people can get into those roles, and I think that's really important, because I'd rather see AI do all the heavy lifting well, and be trustworthy, and robust and all those great things, and the people be doing the much smarter things that require a human. >> Does the process serve the purpose? Does the purpose serve the process? Same kind of question, right? >> Exactly. >> AI, you can't have great AI that does nothing. >> That's right. >> (laughs) So, it has to be relevant. >> It absolutely does. >> Relevance is kind of a big thing. >> And we own that context, right? Humans own that context. >> Yeah. Yeah. Yeah. Well, thanks for coming in, and sharing the insight. Really appreciate it. Final question, it's always tough to pick your favorite child, but what is your most coolest thing you're working on right now? >> I'll tell you, the cyber digital twin stuff is so cool. >> The what? >> The cyber digital twin stuff is so cool. When you see the power of what that picture, and the analytics can do, we'll show ya. >> Do you have a demo of that now? >> We absolutely do. >> You do. Is it online, or is it more in person you got to see it? >> More in person. >> Okay. >> Folks can reach out, yeah. >> We'll have to get the exclusive on that. >> We do. >> I love those simulations. I think it's very beneficial. >> It is. >> A lot of learning. I mean, who doesn't want practice? >> Well, and a picture, you know that is worth a million dollars. It's just incredible to look at it, and it clicks. It clicks of all the potential things you could ask or do. And, that's the exciting part now, as we show this with customers' and we co-innovate with customers', they're coming up with a laundry list of questions. >> And, this is the beautiful thing about cloud, is that new capabilities are emerging every day, and you could use the good ones. Lisa O'Connor is here. Thank you very much for sharing your insights. Global Security R&D Lead for Accenture Labs. TheCUBE coverage, getting all the signal here on the show floor, extracting that from all the noise. I'm John Furrier, thanks for watching. (upbeat music)