>>from Las >>Vegas. It's the cues covering quality security Conference 2019 Bike. Wallace. Hey, welcome back It ready? Geoffrey here with the Cube were at the Bellagio in Las Vegas. It's actually raining outside, which is pretty odd, but through the desert is happy. We're here at the Kuala Security Conference. Been going on for 19 years. It's our first time here. We're excited to be here, but we got a really familiar Gaston. She's been on a number of times that Nutanix next, conferences and girls who code conferences, etcetera. So we're happy to have back Wendy Pfeifer. She's the C I O of Nutanix and as of August, early this year, a board member for quality. So great to see you. >>Nice to see you again, too. So it's raining outside. I'll have to get out. >>I know it's pretty, uh, pretty cool, actually. School coming in on the plane. But let's let's jump into a little bit from your C I, Oh, roll. We're talking a lot about security and in the age old thing came up in the keynote. You know, there's companies that have been hacked, and then there's companies that have been hacked and don't know it yet, but we're introducing 1/3 type of the company. Here is one of the themes which is that you actually can prevent, you know, not necessarily getting hacked, but kind of the damage and destruction and the duration once people get in. I'm just curious from your CEO >>hat. How >>do you look at this problem? That the space is evolving so quickly? How do you kind of organize your your thoughts around it? >>Yeah, for me. First of all, um, it starts with good architecture. So whether it's our own products running or third party products running, we need to ensure that those products are architected for resilience. And that third kind of company, the Resilient company, is one that has built in architecture er and a set of tools and service is that are focused on knowing that we will be hacked. But how can we minimize or even eliminate the damage from those hacks? And in this case, having the ability to detect those hacks when their incoming and to stop them autonomously is the key to HQ Wallace's play and the key to what I do as CEO at Nutanix, >>right? So one of the other things that keeps coming up here is kind of a budget allocation to security within the CEO budget on. And I think Mr Clark said that, you know, if you're doing 3% or less, you're losing, and you gotta be spending at least 8%. But I'm curious, because it to me is kind of like an insurance story. How much do you spend? How much do you allocate? Because potentially the downside is enormous. But you can't spend 100% of your budget just on security. So how do you think about kind of allocating budget as a percentage of spin versus the risk? >>Well, I love that question. That's part of the art of being a C i O A. C. So, you know, first of all, we have ah mixed portfolio of opportunities to spend toe hold to divest at any one time, and I t portfolio management has been around for 30 years, 40 years, almost as long as some of the people that I know. However, um, we always have that choice, right? We're aware of risk, and then we have the ability to spend. Now, of course, perfect security is to not operate at all. But that's about that's, you know, swinging too far the wrong way on Dhe. Then we also have that ability, maybe to not protect against anything and just take out a big old cyber security policy. And where is that policy might help us with lawsuits? It wouldn't necessarily have help us with ongoing operations. And so it's somewhere in the middle, and I liked some of the statistics that they share today. One of the big ones for me was that companies that tend to build resilient worlds of cybersecurity tend to spend about 10% of their total I t operating budgets on cyber security. That makes sense to me, and that reflects my track record at Nutanix and elsewhere, roughly in that amount of spending. Now you know, checking the box and saying, Well, we're spending 10% on cybersecurity doesn't really buy us that much, and also we have to think about how we're defining that spend on cyber security. Part of that spend is in building resilient architectures and building resilient code. And uh, that's sort of a dual purpose spend, because that also makes for performance code it makes for scalable, supportable code, et cetera. So you know, we can do well by doing good in this >>case. So again, just to stay on that beam permit, it went. So when you walk the floor at R S. A. And there's 50,000 people and I don't even know how many vendors and I imagine your even your I T portfolio now around security is probably tens of products, if not hundreds, and certainly tens of vendors again. How do you How do you? You kind of approach it. Do you have trusted advisors around certain point solutions? Are you leveraging? You know, system integrators or other types of specialists to help? You kind of sort through and get some clarity around this just kind of mess. >>Well, all of us actually are looking for that magic discernment algorithm. Wouldn't it be great if >>you could just >>walk up to a vendor and apply the algorithm? And ah ha. There's one who's fantastic. We don't have that, and so we've got a lot of layers of ingest. I try to leave room in my portfolio for stealth and emerging technologies because generally the more modern the technology Is the Mauritz keeping pace with the hackers out there and the bad guys out there? Um, we do have sort of that middle layer that surround the ability for us to operate at scale because we also have to operate these technologies. Even the most cutting edge technology sometimes lack some of the abilities for us to ingest them into our operations. And then they're sort of the tried and true bedrock that hopefully is built into products we consume. Everything from public Cloud service is to, uh, you know, hardware and so on. And so there's this range of choices. What we have to dio ultimately is we use that lens of operations and operational capability. And first of all, we also ensure that anything we ingest meets our design standards and our design standards include some things that I think are fascinating. I won't go into too much detail because I know how much you love this detail. But you know, things like are the AP eyes open? What is integration look like? What's the interaction design look like? And so those things matter, right? Ultimately, we have to be able to consume the data from those things, and then they have to work with our automation, our machine learning tools. Today at Nutanix, for example, you know, we weigh like toe. I'm happy to say we catch, you know, most if not all of any of the threats against us, and we deal with well over 95% of them autonomously. And so were a living example of that resilient organization that is, of course, being attacked, but at the same time hopefully responding in a resilient way. We're not perfect knock on wood, but we're actively engaged. >>So shifting gears a little bit a bit a bit now to your board hat, which again, Congratulations. Some curious. You know, your perspective on kind of breaking through the clutter from the from the board seat Cos been doing this for 19 years. Still relatively small company. But, you know, Philippe talked a lot about kind of company. Percy's me industry security initiatives that have to go through what are some of the challenges and opportunities see sitting at the board seat instead of down in the nitty gritty down the CEO. >>Well, first of all, um, quality is financially a well run responsible organization and one of Philippe and the leadership teams. Goals has always been toe operate profitably and tow. Have that hedge on DSO. What that means is that as consumers, we can count on the longevity of the organization and the company's ability to execute on its road map. It's the road map that I think is particularly attractive about Wallace. You know, I am who I am. I'm an operator. I'm a technologist. And so although I'm a board member and I care about all dimensions of the company, the most attractive component is that this this road map in those 19 years of execution are now coming to fruition at exactly the right time. For those of us who need these tools in these technologies to operate, this is a different kind of platform and its instrumented with machine learning with a I. At a time when the Attackers and the attacks are instrumented that way as well as as you mentioned, we have a lot of noise in the market today, and these point solutions, they're gonna be around for a while, right? We operate a messy and complex and wonderful ecosystem. But at the same time, the more that we can streamline, simplify on and sort of raised that bar. And the more we can depend on the collected data. From all of these point tools to instrument are automated responses, the better off we'll be. And so this is, Ah, platform whose whose time has come and as we see all of the road map items sort of coming to fruition. It's really, really exciting. And it's, you know, just speaking for a moment of someone who's been a leader in various technology companies in the security and, you know, technology space for some time. One of the most disappointing things about many technology startups is that they don't build in that that business strength. Thio have enough longevity and have enough of a hedge to execute on that brilliant vision. And so many brilliant ideas have just not seen the light of day because of a failure to execute. In this case, we have a company with a track record of execution that's monetized the build out of the platform, and now also these game changing technologies are coming to fruition. It's it's really, really exciting to be a part of it. >>So Wendy, you've mentioned a I machine learning Probably get checked. The transfer of a number of times 85 times is this interview. So it's really interesting, you know, kind of there's always a lot of chatter in the marketplace, But you talked about so many threats coming in and we heard about Mickey noticed. Not really for somebody sitting in front of a screen anymore to pay attention, this stuff. So when you look at the opportunity of machine learning and artificial intelligence and how that's going to change the role of the CEO and specifically and security when if you can share your thoughts on what that opens up >>absolutely s so there's kind of two streams here I'd love to talk about. The first is that we've had this concern as we've moved to Public Cloud and I t that i t people would be left behind. But in fact, after sort of ah little Dev ops blip where non i t people were writing code that was them consumed by enterprises were now seen the growth of I t. Again and what this relates to is this In the past, when we wanted to deploy something in public cloud. We had to be able Thio compose an express infrastructure as code. And, um, folks who are great at infrastructure are actually pretty lousy at writing code, and so that was a challenge. But today we have low code and know code tools, things like work Otto, for example, that my team uses that allow us to express the operational processes that we follow sort of the best practices and the accumulated knowledge of these I t professionals. And then we turn the machine on that inefficient code and the machine improves and refines the code. So now, adding machine learning to the mix enables us to have these I t professionals who know more than you'd ever imagine about storage and compute and scaling and data and cybersecurity and so on. And they're able to transform that knowledge into code that a machine can read, refine and execute against. And so we're seeing this leap forward in terms of the ability of some of these tools. Thio transform how we address the scale and the scope in the complexity of these challenges. And so on the one side, I think there's new opportunity for I T professionals and for those who have that operational expertise to thrive because of these tools on the other side, there's also the opportunity for the bad guys in the in the cyberspace. Um, Thio also engage with the use of thes tools. And so the use of these tools, that sort of a baseline level isn't enough. Now we need to train the systems, and the systems need to be responsive, performance resilient. And also, they need to have the ability to be augmented by to be integrated with these tools. And so suddenly we go from having this utopian. Aye, aye. Future where you know, the good looking male or female robot, you know, is the nanny for our kids, um, to something much more practical that's already in place, which is that the machine itself, the computer itself is refining in augmenting the things that human beings are doing and therefore able to be first of all, more responsive, more performance, but also to do that layer of work that is not unique to human discernment. >>Right? We hear that over and over because the press loved to jump on the general. May I think it's much more fun to show robots than then Really, the applied A I, which is lots of just kind of like Dev ops. Lots of little improvements. Yeah, lots of little places. >>Exactly. Exactly. You know, I mean, I kind of like the stories of our robot overlords, you know, take it over to. But the fact is, at the end of the day, these machine, it's just math. It's just mathematics. That's all it is. It's compute. >>So when you find let you go, I won't touch about women in tech. You know, you're a huge proponent of women in tech. You're very active on lots of boards and cure with Adriaan on the girls and Tech board where we last where we last sat down. Um, and you're making moves now. Obviously, you've already got a C title. Now you're doing more bored work. I just wonder if you can kind of share your thoughts of how this thing's kind of movement is progressing. It seems to have a lot of of weight behind it, but I don't know if the numbers air really reflecting that, but you're you're on the front lines. What can you shares? You know, you're trying to help women. That's much getting detect. But to stay into tech, I think, is what most of the stats talk about. >>Yeah, I've got a lot of thoughts on this. I think I'll try to bring our all the vectors together. So I recently was awarded CEO of the year by the Fisher Center for Data and Analytics and thank you very much. And the focus there is on inclusive analytics and inclusive. Aye, aye. And And I think this this is sort of a story that that makes the point. So if we think about all of the data that is training these technology tools and systems, um, and we think about the people who are creating these systems and the leaders who are our building, these systems and so on, for the most part, the groups of people who are working on these things technologists, particularly in Silicon Valley. They're not a diverse set of people. They're mostly male. They're overwhelmingly male. Many are from just a handful of of, um, you know, countries and groups, right? It's it's It's mainly, you know, Caucasian males, Indian males and Asian males. And and because of that, um, this lack of diverse thinking and diverse development is being reflected in the tools in ways that eventually will build barriers for folks who don't share those characteristics. As an example, Natural language processing tooling is trained by non diverse data sets, and so we have challenges with that. For example, people who are older speak a little bit more slowly and have different inflections in general on how they speak. And the voice recognition tools don't recognize them as often. People who have heavy accents, for example, are just not recognized. Yes, you know, I always have a phone, Um, and this is my iPhone and I have had an iPhone for 10 years. Siri, my, you know, helpful Agent has been on the phone in all those years. And in all of those years, um, I have had a daughter named Holly H O l L Y. And every time that I speak Thio, I dictate to Syria to send a message on. I use my daughter's name. Holly. Syria always responds with the spelling. H o L I. The Hindu holiday. Now, in 10 years, Siri has never learned that. When I say Holly, I'm most likely mean my daughter >>was in the context of the sentence. >>Exactly. Never, ever, ever. Because, you know Siri is an Aye aye, if you will. That was built without allowing for true user input through training at the point of conversation. And so s So that's it. That's bad architecture. There's a lot of other challenges with that architecture that reflect on cybersecurity and so on. One tiny example. But I think that, um now more than ever, we need diverse voices in the mix. We need diverse training data. We need, you know, folks who have different perspectives and who understand different interaction design to be not only as a tech entrepreneurs, builders and leaders of country of companies like, you know, girls in tech Support's educating women supporting women entrepreneurs. I'm I'm also on the board of another group called Tech Wald. That's all about bringing US combat veterans into the technology workforce. There's another diverse group of people who again can have a voice in this technology space. There are organizations that I work with that go into the refugee that the permanent refugee camps and find technically qualified folks who can actually build some of this training data for, ah, you know, analytics and a I We need much, much more of that. So, you know, my heart is full of the opportunity for this. My my head's on on fire, you know, and just trying to figure out how can we get the attention of technology companies of government leaders and and before it's too late, are training data sets are growing exponentially year over year, and they're being built in a way that doesn't reflect the potential usage. I was actually thinking about this the other day. I had an elderly neighbor who ah, spoke with me about how excited he waas that he he no longer could drive. He wasn't excited about that. He no longer could drive. He couldn't see very well and couldn't operate a car. And he was looking forward to autonomous vehicles because he was gonna have a mobility and freedom again. Right? Um, but he had asked me to help him to set up something that he had on his computer, and it was actually on his phone. But he there was their voice commands, but But it didn't understand him. He was frustrated. So he said, Could you help me. And I thought, man, if his mobile phone doesn't understand him, how's the autonomous vehicle going to understand him so that the very population who needs these technologies the most will will be left out another digital divide? And and, um, now is the moment while these tools and technologies are being developed, a word about Wallace. You know, when I was recruited for the board, um, you know, they already had 50 50 gender parity on the board. It wasn't even a thing in my interviews. We didn't talk about the fact that I am female at all. We talked about the fact that I'm an operator, that I'm a technologist. And so, um, you know that divide? It was already conquered on HK. Wallace's board that's so not true for many, many other organizations and leadership teams is particularly in California Silicon Valley. And so I think there's a great opportunity for us to make a difference. First of all, people like me who have made it, you know, by representing ourselves and then people of every gender, every color, every ethnicity, immigrants, et cetera, um, need to I'm begging you guys stick with it, stay engaged don't let the mean people. The naysayers force you to drop out. Um, you know, reconnect with your original values and stay strong because that's what it's gonna take. >>It's a great message. And thank you for your passion and all your hard work in the space. And the today it drives better outcomes is not only the right thing to do and a good thing to do that it actually drives better outcomes. >>We see that. >>All right, Wendy, again. Always great to catch up. And congratulations on the award and the board seat and look forward to seeing you next time. Thank you. All right, She's windy. I'm Jeff. You're watching the Cube with a quality security conference at the Bellagio in Las Vegas. Thanks for watching. We'll see you next time.