>>Bye from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angle media. >>Hey, welcome back. Everyone's keeps coverage here in San Francisco at the Moscone center for RSA conference 2020 I'm John, your host, as cybersecurity goes to the next generation as the new cloud scale, cyber threats are out there, the real impact a company's business and society will be determined by the industry. This technology and the people that a cube alumni here, caramel Jaffer, SVP, senior vice president of strategy and corporate development for iron net. Welcome back. Thanks to Shawn. Good to be here. Thanks for having so iron net FC general Keith Alexander and you got to know new CEO of there. Phil Welsh scaler and duo knows how to scale up a company. He's right. Iron is doing really well. The iron dome, the vision of collaboration and signaling. Congratulations on your success. What's a quick update? >> Well look, I mean, you know, we have now built the capability to share information across multiple companies, multiple industries with the government in real time at machine speed. >>Really bringing people together, not just creating collected security or clip to defense, but also collaborating real time to defend one another. So you're able to divide and conquer Goliath, the enemy the same way they come after you and beat them at their own game. >> So this is the classic case of offense defense. Most corporations are playing defense, whack-a-mole, redundant, not a lot of efficiencies, a lot of burnout. Exactly. Not a lot of collaboration, but everyone's talking about the who the attackers are and collaborating like a team. Right? And you guys talk about this mission. Exactly. This is really the new way to do it. It has, the only way it works, >> it is. And you know, you see kids doing it out there when they're playing Fortnite, right? They're collaborating in real time across networks, uh, to, you know, to play a game, right? You can imagine that same construct when it comes to cyber defense, right? >>There's no reason why one big company, a second big company in a small company can't work together to identify all the threats, see that common threat landscape, and then take action on it. Trusting one another to take down the pieces they have folk to focus on and ultimately winning the battle. There's no other way a single company is gonna be able defend itself against a huge decency that has virtually unlimited resources and virtually unlimited human capital. And you've got to come together, defend across multiple industries, uh, collectively and collaboratively. >> Do you mean, we talked about this last time and I want to revisit this and I think it's super important. I think it's the most important story that's not really being talked about in the industry. And that is that we were talking last time about the government protects businesses. If someone dropped troops on the ground in your neighborhood, the government would protect you digitally. >>That's not happening. So there's really no protection for businesses. Do they build their own militia? Do they build their own army? Who was going to, who's going to be their heat shield? So this is a big conversation and a big, it brings a question. The role of the government. We're going to need a digital air force. We're going to need a digital army, Navy, Navy seals. We need to have that force, and this has to be a policy issue, but in the short term, businesses and individuals are sitting out there being attacked by sophisticated mission-based teams of hackers and nation States, right? Either camouflaging or hiding, but attacking still. This is a huge issue. What's going on? Are people talking about this in D C well, >> John, look not enough. People are talking about it, right? And forget DC. We need to be talking about here, out here in the Silicon Valley with all these companies here at the RSA floor and bring up the things you're bringing up because this is a real problem we're facing as a nation. >>The Russians aren't coming after one company, one state. They're coming after our entire election infrastructure. They're coming after us as a nation. The Chinese maybe come after one company at a time, but their goal is to take our electoral properties, a nation, repurpose it back home. And when the economic game, right, the Iranians, the North Koreans, they're not focused on individual actors, but they are coming after individual actors. We can't defend against those things. One man, one woman, one company on an Island, one, one agency, one state. We've got to come together collectively, right? Work state with other States, right? If we can defend against the Russians, California might be really good at it. Rhode Island, small States can be real hard, defends against the Russians, but if California, Rhode Island come together, here's the threats. I see. Here's what it's. You see share information, that's great. Then we collaborate on the defense and work together. >>You take these threats, I'll take those threats and now we're working as a team, like you said earlier, like those kids do when they're playing fortnight and now we're changing the game. Now we're really fighting the real fight. >> You know, when I hear general Keith Alexander talking about his vision with iron net and what you guys are doing, I'm inspired because it's simply put, we have a mission to protect our nation, our people, and a good businesses, and he puts it into kind of military, military terms, but in reality, it's a simple concept. Yeah, we're being attacked, defend and attack back. Just basic stuff. But to make it work as the sharing. So I got to ask you, I'm first of all, I love the, I love what he has, his vision. I love what you guys are doing. How real are we? What's the progression? >>Where are we on the progress bar of that vision? Well, you know, a lot's changed to the last year and a half alone, right? The threats gotten a lot, a lot more real to everybody, right? Used to be the industry would say to us, yeah, we want to share with the government, but we want something back for, right. We want them to show us some signal to today. Industry is like, look, the Chinese are crushing us out there, right? We can beat them at a, at some level, but we really need the governor to go do its job too. So we'll give you the information we have on, on an anonymized basis. You do your thing. We're going to keep defending ourselves and if you can give us something back, that's great. So we've now stood up in real time of DHS. We're sharing with them huge amounts of data about what we're seeing across six of the top 10 energy companies, some of the biggest banks, some of the biggest healthcare companies in the country. >>Right? In real time with DHS and more to come on that more to come with other government agencies and more to come with some our partners across the globe, right? Partners like those in Japan, Singapore, Eastern Europe, right? Our allies in the middle East, they're all the four lenses threat. We can bring their better capability. They can help us see what's coming at us in the future because as those enemies out there testing the weapons in those local areas. I want to get your thoughts on the capital markets because obviously financing is critical and you're seeing successful venture capital formulas like forge point really specialized funds on cyber but not classic industry formation sectors. Like it's not just security industry are taking a much more broader view because there's a policy implication is that organizational behavior, this technology up and down the stack. So it's a much broad investment thesis. >>What's your view of that? Because as you do, you see that as a formula and if so, what is this new aperture or this new lens of investing to be successful in funding? Companies will look, it's really important what companies like forge point are doing. Venture capital funds, right? Don Dixon, Alberta Pez will land. They're really innovating here. They've created a largest cybersecurity focused fund. They just closed the recently in the world, right? And so they really focus on this industry. Partners like, Kleiner Perkins, Ted Schlein, Andrea are doing really great work in this area. Also really important capital formation, right? And let's not forget other funds. Ron Gula, right? The founder of tenable started his own fund out there in DC, in the DMV area. There's a lot of innovation happening this country and the funding on it's critical. Now look, the reality is the easy money's not going to be here forever, right? >>It's the question is what comes when that inevitable step back. We don't. Nobody likes to talk about it. I said the guy who who bets on the other side of the craps game in Vegas, right? You don't wanna be that guy, but let's be real. I mean that day will eventually come. And the question is how do you bring some of these things together, right? Bring these various pieces together to really create long term strategies, right? And that's I think what's really innovative about what Don and Alberto are doing is they're building portfolio companies across a range of areas to create sort of an end to end capability, right? Andrea is doing things like that. Ted's doing stuff like that. It's a, that's really innovation. The VC market, right? And we're seeing increased collaboration VC to PE. It's looking a lot more similar, right? And now we're seeing innovative vehicles like stacks that are taking some of these public sort of the reverse manner, right? >>There's a lot of interests. I've had to be there with Hank Thomas, the guys chief cyber wrenches. So a lot of really cool stuff going on in the financing world. Opportunities for young, smart entrepreneurs to really move out in this field and to do it now. And money's still silver. All that hasn't come as innovation on the capital market side, which is awesome. Let's talk about the ecosystem in every single market sector that I've been over, my 30 year career has been about a successful entrepreneurship check, capital two formation of partnerships. Okay. You're on the iron net, front lines here. As part of that ecosystem, how do you see the ecosystem formula developing? Is it the same kind of model? Is it a little bit different? What's your vision of the ecosystem? Look, I mean partnerships channel, it's critical to every cyber security company. You can't scale on your own. >>You've got to do it through others, right? I was at a CrowdStrike event the other day. 91% of the revenue comes from the channel. That's an amazing number. You think about that, right? It's you look at who we're trying to talk about partnering with. We're talking about some of the big cloud players. Amazon, Microsoft, right? Google, right on the, on the vendor side. Pardon me? Splunk crashes, so these big players, right? We want to build with them, right? We want to work with them because there's a story to tell here, right? When we were together, the AECOS through self is defendant stronger. There's no, there's no anonymity here, right? It's all we bring a specialty, you bring specialty, you work together, you run out and go get the go get the business and make companies safer. At the end of the day, it's all about protecting the ecosystem. What about the big cloud player? >>Cause he goes two big mega trends. Obviously cloud computing and scale, right? Multi-cloud on the horizon, hybrids, kind of the bridge between single public cloud and multi-cloud and then AI you've got the biggies are generally will be multiple generations of innovation and value creation. What's your vision on the impact of the big waves that are coming? Well, look, I mean cloud computing is a rate change the world right? Today you can deploy capability and have a supercomputer in your fingertips in in minutes, right? You can also secure that in minutes because you can update it in real time. As the machine is functioning, you have a problem, take it down, throw up a new virtual machine. These are amazing innovations that are creating more and more capability out there in industry. It's game changing. We're happy, we're glad to be part of that and we ought to be helping defend that new amazing ecosystem. >>Partnering with companies like Microsoft. They didn't AWS did, you know, you know, I'm really impressed with your technical acumen. You've got a good grasp of the industry, but also, uh, you have really strong on the societal impact policy formulation side of government and business. So I want to get your thoughts for the young kids out there that are going to school, trying to make sense of the chaos that's going on in the world, whether it's DC political theater or the tech theater, big tech and in general, all of the things with coronavirus, all this stuff going on. It's a, it's a pretty crazy time, but a lot of work has to start getting done that are new problems. Yeah. What is your advice as someone who's been through the multiple waves to the young kids who have to figure out what half fatigue, what problems are out there, what things can people get their arms around to work on, to specialize in? >>What's your, what's your thoughts and expertise on that? Well, John, thanks for the question. What I really like about that question is is we're talking about what the future looks like and here's what I think the future looks like. It's all about taking risks. Tell a lot of these young kids out there today, they're worried about how the world looks right? Will America still be strong? Can we, can we get through this hard time we're going through in DC with the world challenges and what I can say is this country has never been stronger. We may have our own troubles internally, but we are risk takers and we always win. No matter how hard it gets them out of how bad it gets, right? Risk taking a study that's building the American blood. It's our founders came here taking a risk, leaving Eagle to come here and we've succeeded the last 200 years. >>There is no question in my mind that trend will continue. So the young people out there, I don't know what the future has to hold. I don't know if the new tape I was going to be, but you're going to invent it. And if you don't take the risks, we're not succeed as a nation. And that's what I think is key. You know, most people worry that if they take too many risks, they might not succeed. Right? But the reality is most people you see around at this convention, they all took risks to be here. And even when they had trouble, they got up, they dust themselves off and they won. And I believe that everybody in this country, that's what's amazing about the station is we have this opportunity to, to try, if we fail to get up again and succeed. So fail fast, fail often, and crush it. >>You know, some of the best innovations have come from times where you had the cold war, you had, um, you had times where, you know, the hippie revolution spawn the computer. So you, so you have the culture of America, which is not about regulation and stunting growth. You had risk-taking, you had entrepreneurship, but yet enough freedom for business to operate, to solve new challenges, accurate. And to me the biggest imperative in my mind is this next generation has to solve a lot of those new questions. What side of the street is the self driving cars go on? I see bike lanes in San Francisco, more congestion, more more cry. All this stuff's going on. AI could be a great enabler for that. Cyber security, a direct threat to our country and global geopolitical landscape. These are big problems. State and local governments, they're not really tech savvy. They don't really have a lot ID. >>So what do they do? How do they serve their, their constituents? You know, look John, these are really important and hard questions, but we know what has made technology so successful in America? What's made it large, successful is the governor state out of the way, right? Industry and innovators have had a chance to work together and do stuff and change the world, right? You look at California, you know, one of the reasons California is so successful and Silicon Valley is so dynamic. You can move between jobs and we don't enforce non-compete agreements, right? Because you can switch jobs and you can go to that next higher value target, right? That shows the value of, you know, innovation, creating innovation. Now there's a real tendency to say, when we're faced with challenges, well, the government has to step in and solve that problem, right? The Silicon Valley and what California's done, what technology's done is a story about the government stayed out and let innovators innovate, and that's a real opportunity for this nation. >>We've got to keep on down that path, even when it seemed like the easier answer is, come on in DC, come on in Sacramento, fix this problem for us. We have demonstrated as a country that Americans and individual are good at solve these problems. We should allow them to do that and innovate. Yeah. One of my passions is to kind of use technology and media to end communities to get to the truth faster. A lot of, um, access to smart minds out there, but young minds, young minds, uh, old minds, young minds though. It's all there. You gotta get the data out and that's going to be a big thing. That's the, one of the things that's changing is the dark arts of smear campaigns. The story of Bloomberg today, Oracle reveals funding for dark money, group biting, big tech internet accountability projects. Um, and so the classic astroturfing get the Jedi contract, Google WASU with Java. >>So articles in the middle of all this, but using them as an illustrative point. The lawyers seem to be running the kingdom right now. I know you're an attorney, so I'm recovering, recovering. I don't want to be offensive, but entrepreneurship cannot be stifled by regulation. Sarbanes Oxley slowed down a lot of the IPO shifts to the latest stage capital. So regulation, nest and every good thing. But also there's some of these little tactics out in the shadows are going to be revealed. What's the new way to get this straightened out in your mind? We'll look, in my view, the best solution for problematic speech or pragmatic people is more speech, right? Let's shine a light on it, right? If there are people doing shady stuff, let's talk about it's an outfit. Let's have it out in the open. Let's fight it out. At the end of the day, what America's really about is smart ideas. >>Winning. It's a, let's get the ideas out there. You know, we spent a lot of time, right now we're under attack by the Russians when it comes to our elections, right? We spent a lot of time harping at one another, one party versus another party. The president versus that person. This person who tells committee for zap person who tells committee. It's crazy when the real threat is from the outside. We need to get past all that noise, right? And really get to the next thing which is we're fighting a foreign entity on this front. We need to face that enemy down and stop killing each other with this nonsense and turn the lights on. I'm a big believer of if something can be exposed, you can talk about it. Why is it happening exactly right. This consequences with that reputation, et cetera. You got it. >>Thanks for coming on the queue. Really appreciate your insight. Um, I want to just ask you one final question cause you look at, look at the industry right now. What is the most important story that people are talking about and what is the most important story that people should be talking about? Yeah. Well look, I think the one story that's out there a lot, right, is what's going on in our politics, what's going on in our elections. Um, you know, Chris Krebs at DHS has been out here this week talking a lot about the threat that our elections face and the importance about States working with one another and States working with the federal government to defend the nation when it comes to these elections in November. Right? We need to get ahead of that. Right? The reality is it's been four years since 2016 we need to do more. That's a key issue going forward. What are the Iranians North Koreans think about next? They haven't hit us recently. We know what's coming. We got to get ahead of that. I'm going to come again at a nation, depending on staff threat to your meal. Great to have you on the QSO is great insight. Thanks for coming on sharing your perspective. I'm John furrier here at RSA in San Francisco for the cube coverage. Thanks for watching.

(Caribbean music) >> Narrator: Live, from San Juan, Puerto Rico. It's theCUBE, covering Blockchain Unbound. Brought to you by Blockchain Industries. >> Hello, welcome back everyone. I'm John Furrier, co-host of theCUBE. Exclusive coverage here in Puerto Rico for Blockchain Unbound, it's a global conference where a lot of the leaders are coming together. It's our second day of wall-to-wall coverage. Talking to all the top people: government officials, entrepreneurs, investors, and tons of great action here. Our next guest is Marcus Levin who's the co-founder of XYO Network, xyo.network is the URL. Interesting opportunity really built from the ground up. No outside funding, although it does some interesting things with their community. Great IoT example, great use of the cloud, great example of how real entrepreneurs are working with crypto and blockchain to actually grow. Welcome to theCUBE. >> Thank you, John. >> So, tell me a little bit about what you guys do. Take a minute to explain to the audience what XYO Network is, how did you get here, what is it all about? >> Yeah, sure. So, XYO Network is the world's first decentralized location oracle. "Oracle" means data input into smart contracts. Now you have the problem that a lot of data sources are centralized and hackable or spoofable. So, if you make a bet, for example, you need to look at the results of the bet at a website, the website could be hacked, it could collude with someone to provide wrong data. The same problem exists with GPS. GPS is easily spoofable and hackable, like during the Pokemon Go craze, for example, all the kids just downloaded GPS spoofing apps, they get all the rare Pokemons. Or, allegedly the Iranians took down an American drone a few years back sending up a wrong GPS signal. The drone just landed. So, because of that, you can't do transactions based on location data. Today, most applications for location, GPS location, are navigational but not transactional. We solve this by providing a decentralized location data or network. We do this though IoT devices, mobile phone apps, and other types of partnerships. We are around since 2012. Started as an IoT company which provided location beacons, we call it XY Findit. We have about a million of them out there, and they can recognize each other's location. It's like us two taking a selfie together, we print out two copies, put our signatures on there. When we leave each other, we can prove that were here together. And it's the same thing with those devices. Our own devices but also with partnerships we build this mobile app distributors and IoT companies. What can you do with this? You could, for example, do payment up and delivery for e-commerce. So, you could put a chip, a small chip like an RFID chip into Amazon packaging tape. Once the package arrives at your doorstep, or even in your house, the payment gets triggered. It works by the doorbell, your Tesla in the driveway, your neighbor's cell phone, any type of connected device recognizing that the package is there. The payment automatically gets triggered. One third of Americans experienced porch theft in 2016. You don't know if it was a UPS driver, for example, scanning the package but taking it, or your neighbor took the package, or someone random came by. This way, you can prevent porch theft, or you can discover it. Or you could make sure your kids arrived safely at school, they arrived there with their friends and they took the path you wanted them to take. Or hotel review sites, for example, have the problem that they lose their users because they don't believe that the reviews are real anymore. But if you could prove someone flew from San Diego, that's where we're based, to Puerto Rico, has stayed at this hotel for tonight, and then flew back and wrote the review about it, suddenly you have a location-verified review. So, that's all today, but in the world, in five to ten years, full of AI, robots, self-driving cars, drones, smart cities, you need transactional location data and nobody's providing that today and we want to be the center of the future. >> Awesome. So, that's super-exciting, I got to ask you about the IoT piece because, do you need physical devices out there? Are you going to be deploying sensors? Are you leveraging pre-existing infrastructure? I love that selfie example. I can imagine we do a selfie, share it, it's a location-based opportunity. The phone's got location base. How do you guys interface with this? How does it work? >> Right now the network builds on top of our own devices. We are around since 2012, as I said, so we have a large network already. We are an existing company, it's a little rare in the blockchain space. >> Yeah. >> And we build partnerships now with IoT companies like certain light bulb division company, or fridges, all connected devices, mobile app distributors. >> So, you're providing your customers the IoT device folks who are proliferating out there. >> Yeah, we put our code basically out there. We can-- >> Open source? >> Open source, yeah. >> Okay. >> And you can plug it as an SDK into, let's say, your mobile app. Or you can use it as a monetization tool as well, because you earn tokens as you verify location, and this data is part an answer, and so you could earn XYO tokens, as you become-- We call them "sentinels", location verification device in our network. >> So, how do you guys tie this together on the token side? So, you reward, what behavior do you reward with a token? >> There are four components in our network. There's the sentinel, as I spoke about, which are the IoT devices or mobile phones which verify the location. Then you have bridges which relay the data. They relay it into something we call the archivist, which is a distributed computer system, if you are familiar with storage here in this space, for example, or the old system, like Sentient home from Berkeley, it works like that. So, the data's on people's personal computers. And then we have something we call the diviner algorithm, which provides the answers. It works like mining. So, you might want to ask, "Where's my package right now?" And the question gets sent to the network, a bunch of diviners, which works like mining, Ethereum, transactional things. A bunch of diviners will take the data from the archivist, the distributed computer system, and try to find the best answer and try to find as close as possible the consensus as they can. >> What about spoofing? I mean, people might want to spoof the location. >> Yes. >> How do you prevent spoofing? >> Yeah, that's a good question. So, we two could collude pretty easily. But if this entire room of people is who you usually don't know, it's very difficult to collude. So, one of them is scale. Then we build reputation over time. So, as your answers are probable, you build reputation. For example, if all us say we are here at this hotel right now, but you say, "No, we are in Shanghai," your answer is improbable and your reputation goes down. In addition to that, we disincentivize lying-- >> You're very data-driven. >> Extremely. >> This is big time analytics. >> Extremely data-driven. >> So, what are you guys doing for analytics and what chain are you using? 'Cause performance becomes an issue. >> Yep. >> How's the plumbing work? What's the analytics look like? Take a minute to explain that. >> Yeah, it's very beautiful. We have our own chain: the XYO main chain. So, we are an oracle which plugs into any type of smart contract. You know, you have Ethereum and about 19 other coins which have smart contracts. So, we build on our chain to lower the transaction costs, transaction times, and build a more reliable network for ourselves and then it plugs into all other smart contracts. >> So, you have your own chain to manage this? >> Yes. >> So, that's one of the reasons why you, from an operational standpoint, you want to lock that down. >> Yes. >> So you can control performance. >> Exactly. >> Latency, timestamps, security, whatnot. >> Exactly, that's right. >> The openness is for the smart contracts. Is that what you're saying? >> Yeah. >> I can do any smart contract I want. >> This is basically for old site developers it's like an API, you can plug into it-- >> Got it. >> We connect the real world with the blockchain. So, right now you have very limited applications for blockchain in a lot of cases because you can't take offline things and connect them to the chain. What we allow to do is, we call it the API to the real world, where you take location data, put it into the chain and make it transactional. >> So, I got to ask you a question. This is interesting, I love this, I want to get into more of the token sale and what you guys are doing raising money. In the IoT world, certainly with cloud computing, the big debate is, do you move compute to the edge where the data is, or do you move the data back to the centralized cloud? Here, since you're decentralized with the IoT device, is the data coming back to your central network, or-- >> No, it's not. >> Where is the processing at? At the edge? What's the edge equation? Explain that. >> So, everything is decentralized. We believe that our company doesn't need to necessarily exist in a few years and the network will live on and grow as we grow the community, so the community is very important to us. The devices are decentralized, you own your cell phone. The data storage is decentralized. So, you can define, like, 3% of my personal computing power goes to this, for example, you earn XYO tokens. The mining is decentralized like any mining is decentralized today, so us as a company, once people start to build on the platform, we don't need to exist, which makes it beautiful, right? This is what blockchain is all about. Decentralizing and building this platform layer where people can build on top of. >> So, there's a ton of Bluetooth and GPS out there. >> Yep. >> Talk about where you guys have got your traction. I want you to take a minute to explain. We kind of went off on a tangent on some IoT rant, there, I was interested in. But I want to take it back to mainstream. >> Okay. >> There's GPS out there, you've got Bluetooth, everyone's got Bluetooth devices. So, it's not like this is massive new, it's a requirement. >> Yeah. >> You guys did some interesting things how you funded your first token sale. >> Right. >> You have customers. You've been around for how long? >> 2012. >> 2012. You've been successful. No outside capital. >> Yeah. >> So, you bootstrapped. You made things happen. Had some revenue come in. How'd you do it? Take us through that progression. >> Yeah, so we co-founders worked in various ventures together previously and one of our co-founders, the main founder I would say, Arie Trouw, he started this company in 2012, and we bootstrapped it with seven million dollars of our own cash and one and a half million in venture debt. We really believe in what we do. >> You guys put up a lot of capital. >> Yes. >> Congratulations. >> We believe in what we do. We believe in our capabilities to attract the right teams, we have an amazing team. >> That's skin in the game. >> It's skin in the game and it's actually a low-risk investment for me because I know what we are capable of. >> You are underwriting your own competence. >> Exactly, exactly. >> Okay, so, you had seven million of your own cash. Did you pass the hat around, you all kind of contributed money in, or? >> It was mostly from Arie, actually. (laughs) But we all have skin in the game there. >> So, you have a community, then you launch your idea, what happened next? >> Exactly. So, then the VCs started to come. We did some outreach, VCs started to come, they're interested in our idea, you know, they love what we do. Platform is right, quite sexy right now. In blockchain we are a platform and you can build a lot on top of it. We pushed off the VCs and we said we want to take community money first. The reason is, we believe in building this strong community of evangelists, people who believe in us, who want to code with us. We went to all the developer conferences, not to, like, investor conferences, or something like that. And, so, we marketed to about 2,300 people, our token sale and a little under 500 people put some Ethereum into our token sale and 95% were under 5 ETH. That was a very global community. >> Was that a utility token sale? >> Yes. >> Outside the US, 'cause there's credited investors involved, or what was the-- >> It's clearly a utility token, because you can build on top of it. Last weekend, the city of San Diego and 120 hackers, a IoT company, were in our office to build on top of our chain, traffic flow and parking solutions for the city of San Diego. So, it's clearly a utility token but because of the uncertain regulatory environment we are actually running it like it's a security, so, we have a Reg A, Reg D, Reg S, whatever, we have 115 different jurisdictions we look at, I spoke during the whole process, I'm not lying, it's-- >> That's a lot of work. >> Yeah. 23 lawyers I spoke with. It's a lot of hours with lawyers on the phone. The most aggressive on of them, she suggested to me a structure with no taxes but 20% prison potential, I think. (laughs) On the other side-- >> It's a good cause. You're doing it right. So you spent a lot of money to make sure that your community was involved. >> Yes. And they weren't throwing a lot of money, like they're millionaires, they're like, let's throw a thousand dollars? >> Yep. >> That kind of numbers. >> Yes, exactly. >> So, it's not like you're breaking the bank but they feel ownership. >> Absolutely. If you look at our telegram channel-- >> And you've raised, what, a million, two million, three million, from that? >> One point seven. >> From the community? >> Only community, those 400 people. We had it open for five to six days. We closed it down. We didn't take any money anymore. And since yesterday, I started talking with institutionals again and now we are a sexy story so now they come again, right? (laughs) >> Platforms are sexy. >> Exactly. >> We know, we have one, too. >> (laughs) That's awesome. Love your project. >> Well, the thing about platforms is that, as you know, we talked about last night, is that the platform wars and the platform entrepreneurial thinking has radically changed. In the old days, it was, I've got a platform and I'm going to monetize my platform for my application. Look at Facebook. >> Right. >> They monetize their platform data for advertisers, not users. I am a Google search engine, I need to make the best search result so I can get better advertising. And search results, thats a part. But the new order is the platform value goes to the users or customers. >> Right, right. That's right. >> So not... >> We are not rent-seeking. >> This is an open model with platforming. >> 100% open. There is a lot of the platforms are rent-seeking, where a certain percent of each transaction goes to the company or to some founders or something. We don't have that at all. So, what we do, for every token we sell, we allocate one to the company and after the token sale there is not going to be ever more XYO tokens ever again. And we use our portion to build this network but we don't take any fees or anything there. >> How do you make money? >> Building partnerships with companies, helping them to build on top of the chain, building the community. >> At some point you need to take a small cut of something, right? >> Yeah, if we own half the tokens, hopefully there is some value. >> They could be-- okay, so you'll get the token opportunity? >> Yes. >> So, on the security token, do the investors, the community and now token holders, is that an equity security token, so they own the company through the tokens, right? Non-dilutive, non-voting equity, is that what you're thinking? >> Yeah, it's not an equity token. It's still in our mind a utility token but we do something very interesting. During the token sale event, we are going to launch an equity sale at the same time. So, you can decide if you are comfortable in the blockchain space, you know, all you want to be an equity investor. The disadvantage is you have less liquidity there but you have all the protections an equity gives you. We are a California-based company. It was audited financial since 2012. SEC-qualified and regulated, so equity in our case is a kind of sexy kind of thing. >> Yeah, and they have the long game. They're betting on acquisition or something else. >> Basically. >> Oh, well, they've got to get some revenue going. Well, what's next? What are you guys doing? Token sale done, is it working? What, is it going on now, let me just check it out. You've completed it? >> No, it's going to start on March 20th. It's going to run for two months until May 20th and so now it's a lot of travel, speaking with people, engaging. >> (laughs) >> Yeah, that's next. >> Well, congratulations. >> Thank you. >> So glad that Carrie on Facebook notified me of you guys. Super-impressed with what you're doing and we had a great conversation last night at the monetize roof party. Great to know you guys. I think IoT really needs this kind of model because there's a lot of real critical challenges around the role of data, the role of immutability. There's all kind of sensor devices out there, cameras, you can't go anywhere, digital cities are coming, smart cities. >> Right. >> Self-driving cars. It's going to be wired up, big time, so I think you guys got a good opportunity. Thanks for coming on theCUBE. This is John Furrier here in Puerto Rico for exclusive coverage of Blockchain Unbound. More after this short break. (electronic beats)

>> Announcer: Live from Washington, DC it's theCube covering .conf 2017 brought to you by Splunk. >> Welcome back here on theCube the flagship broadcast for Silicon Angle TV, glad to have you here at .conf 2017 along with Dave Vellante, John Walls. We are live in Washington, DC and balmy Washington, DC. It's like 88 here today, really hot. >> It's cooler here than it is in Boston, I here. >> Yeah, right, but we're not used to it this time of year. Brad Medairy now joins us he's an SVP at Booz Allen Hamilton and Brad, thank you for being with us. >> Dave: And another Redskins fan I heard. >> Another Redskins fan. >> It was a big night wasn't it? Sunday night, I mean we haven't had many of those in the last decade or so. >> Yeah, yeah, I became a Redskins fan in 1998 and unfortunately a little late after the three or four superbowls. >> John: That's a long dry spell, yeah. >> Are you guys Nats fans? >> Oh, huge Nats fan, I don't know, how about Brad, I don't want to speak for you. >> I've got a soft spot in my heart for the Nats, what's the story with that team? >> Well, it's just been post-season disappointment, but this year. >> This is the year. >> This is the year, although-- >> Hey, if the Redsox and the Cubs can do it. >> I hate to go down the path, but Geos worry me a little bit, but we can talk about it offline. >> Brad: Yeah, let's not talk about DC Sports. >> Three out of five outings now have not been very good, but anyway let's take care of what we can. Cyber, let's talk a little cyber here. I guess that's your expertise, so pretty calm, nothing going on these days, right? >> It's a boring field, you know? Boring field, yeah. >> A piece of cake. So you've got clients private sector, public sector, what's kind of the cross-pollination there? I mean, what are there mutual concerns, and what do you see from them in terms of common threats? >> Yeah, so at Booz Allen we support both federal and commercial clients, and we have a long history in cyber security kind of with deep roots in the defense and the intelligence community, and have been in the space for years. What's interesting is I kind of straddle both sides of the fence from a commercial and a federal perspective, and the commercial side, some of the major breaches really force a lot of these organizations to quickly get religion, and early on everything was very compliance driven and now it's much more proactive and the need to be much more both efficient and effective. The federal space is, I think in many cases, catching up, and so I've done a lot of work across .mil and there's been a lot of investment across .mil, and very secure, .gov, you know, is still probably a fast follower, and one of the things that we're doing is bringing a lot of commercial best practices into the government space and the government's quickly moving from a compliance-based approach to cyber security to much more proactive, proactive defense. >> Can you get, it's almost like a glacier sometimes, right, I mean there's a legacy mindset, in a way, that government does it's business, but I would assume that events over the past year or two have really prompted them along a little bit more. >> I mean there's definitely been some highly publicized events around breaches across .gov, and I think there's a lot of really progressive programs out there that are working to quickly you know, remediate a lot of these issues. One of the programs we're involved in is something called CDM that's run out of DHS, Continuous Diagnostic and Mitigation, and it's a program really designed to up-armor .gov, you know to increase situational awareness and provide much more proactive reporting so that you can get real-time information around events and postures of the network, so I think there's a lot of exciting activities and I think DHS and partnership with the federal agencies is really kind of spearheading that. >> So if we can just sort of lay out the situation in the commercial world and see how it compares to what's going on in gov. Product creep, right, there's dozens and dozens and dozens of products that have been installed, security teams are just sort of overwhelmed, overworked, response is too slow, I've seen data from, whatever, 190 days to 350 days, to identify an infiltration, nevermind remediate it, and so, it's a challenge, so what's happening in your world and how can you guys help? >> Yeah, you know it's funny, I love going out to the RSA conference and, you know, I watch a lot of folks in the space, walking around with a shopping cart and they meet all these great vendors and they have all these shiny pebbles and they walk away with the silver bullet, right, and so if they implement this tool or technology, they're done, right? And I think we all know, that's not the case, and so over the years I think that we've seen a lot of, a lot of organizations, both federal and commercial, try to solve a lot of the problems through, you know, new technology solutions, whether it's the next best intrusion detection, or if it's endpoint, you know, the rage now is EDR, MDR, and so, but the problem is at the end of the day, the adversaries live in the seams, and in the world that I grew up in focused a lot around counter-terrorism. We took a data-centric approach to finding advanced adversaries, and one of the reasons that the Booz Allen has strategically partnered with Splunk is we believe that, you know, in a data-centric approach to cyber, and Splunk as a platform allows us to quickly integrate data, independent of the tools because the other thing with these tool ecosystems is all these tools work really well within their own ecosystem, but as soon as you start to mix and match best of breed tools and capabilities, they tend to not play well together. And so we use Splunk as that integration hub to bring together the data that allows us to bring our advanced trade-craft and tech-craft around hunting, understanding of the adversaries to be able to fuse that data and do advanced detection and help our clients be a lot more proactive. >> So cyber foresight is the service that you lead with? >> Yeah, you know, one of the things, having a company that's been, Booz Allen I think now is 103 years old, with obvious deep roots in the federal government, and so we have a pedigree in defense and intelligence, and we have a lot of amazing analysts, a lot of amazing, what we call, tech-craft, and what we did was, this was many many years ago, and we're probably one of the best kept secrets in threat intelligence, but after maybe five or six years ago when you started to see a lot of the public breaches in the financial services industry, a lot of the financial service clients came to us and said, "Hey, Booz Allen, you guys understand the threat, you understand actors, you understand TTPs, help educate us around what these adversaries are doing. Why are they doing it, how are they doing it, and how can we get out in front of it?" So the question has always been, you know, how can we be more proactive? And so we started a capability that we, or we developed a capability called cyber foresight where we provided some of our human intelligence analysts and applied them to open-source data and we were providing threat intelligence as a service. And what's funny is today you see a lot of the cyber threat intelligence landscape is fairly crowded, when I talk to clients they affectionately refer to people that provide threat intelligence as beltway book reporters, which I love. (laughter) But for us, you know, we've lived in that space for so many years we have the analysts, the scale, the tradecraft, the tools, the technologies, and we feel that we're really well positioned to be able to provide clients with the insights. You know, early on when we were working heavily in the financial services sector, the biggest challenge a lot of our clients had in threat intelligence was, what do I do with it? Okay, so you're going to send me, what we call a Spot Report, and so hey we know this nation-state actor with this advanced set of TTPs is targeting my organization, so what, right? I'm the CISO, I'm the CIO, should I resign? Should I jump out the window? (laughter) What do I do? I know these guys are coming after me, how do I actually operationalize that? And so what we've spent a lot of time thinking about and investing in is how to operationalize threat intelligence, and when we started, you kind of think of it as a pitcher and a catcher, right? You know, so the threat intelligence provider throws those insights, but the receiver needs to be able to catch that information, be able to put it in context, process it, and then operationalize it, implement it within their enterprise to be able to stop those advanced threats. And so one of the reasons that we gravitated toward Splunk, Splunk is a platform, Splunk is becoming really, in our mind, one of the defacto repositories for IT and cyber data across our client space, so when you take that, all those insights that Splunk has around the cyber posture and the infrastructure of an enterprise, and you overlay the threat intelligence with that, it gives us the ability to be able to quickly operationalize that intelligence, and so what does that mean? So, you know, when a security operator is sitting at a console, they're drowning in data, and, you know, analysts, we've investigated tons of commercial breaches and in most cases what we see is the analyst, at some point, had a blinking red light on their screen that was an indicator of that particular breach. The problem is, how do you filter through the noise? That's a problem that this whole industry, it's a signal to noise ratio issue. >> So you guys bring humans to that equation, human intelligence meets analytics and machine intelligence, and your adversary has evolved, and I wonder if you can talk about that, it's gone from sort of hacktivists to organized crime and nation-states, so they've become much more sophisticated. How have the humans sort of evolved as well that your bridge to bear? >> Yeah, I mean certainly the bear to entry is lower, and so now we're seeing ransomware as a service, we're seeing attacks on industrial control systems, on IOT devices, you know, financial services now is extremely concerned about building control systems because if you can compromise and build a control system you can get into potentially laterally move into the enterprise network. And so our analysts now not only are traditional intelligence analysts that understand adversaries and TTPs, but they also need to be technologists, they need to have reverse engineering experience, they need to be malware analysts, they need to be able to look at attack factors in TTPs to be able to put all the stuff in context, and again it goes back to being able to operationalize this intelligence to get value out of it quickly. >> They need to have imaginations, right? I mean thinking like the bad guys, I guess. >> Yeah, I mean we spend a lot of time, we've started up a new capability called Dark Labs and it's our way to be able to unlock some of those folks that think like bad guys and be able to unleash them to look at the world through a different lens, and be able to help provide clients insights into attack factors, new TTPs, and it's fascinating to watch those teams work. >> How does social media come into play here? Or is that a problem at all, or is that a consideration for you at all? >> Well, you know, when we look at a lot of attacks, what's kind of interesting with the space now is you look at nation-state and nation-state activists and they have sophisticated TTPs. In general they don't have to use them. Nation-states haven't even pulled out their quote "good stuff" yet because right now, for the most part they go with low-hanging fruit, low-hanging fruit being-- >> Just pushing the door open, right? >> Yeah, I mean, why try to crash through the wall when you can just, you know, the door's not locked? And so, you know, when you talk about things like social media whether it's phishing, whether it's malware injected in images, or on Facebook, or Twitter, you know, the majority of tacts are either driven through people, or driven through just unpatched systems. And so, you know, it's kind of cliche, but it really starts with policies, training of the people in your organization, but then also putting some more proactive monitoring in place to be able to kind of start to detect some of those more advanced signatures for some of the stuff that's happening in social media. >> It's like having the best security system in the world, but you left your front door unlocked. >> That's right, that's right. >> So I wonder if, Brad, I don't know how much you can say, but I wonder if you could comment just generally, like you said, we haven't seen their best pitch yet, we had Robert Gates on, and when I was interviewing him he said, "You know, we have great offensive posture and security, but we have to be super careful how we use it because when it comes to critical infrastructure we have the most to lose." And when you think about the sort of aftermath of Stuxnet, when basically the Iranians said hey we can do this too, what's the general sort of philosophy inside the beltway around offense versus defense? >> You know, I think from, that's a great question. From an offensive cyber perspective I think where the industry is going is how do you take offensive tradecraft and apply it to defensive? And so by that I mean, think about we take folks that have experience thinking like a bad guy, but unleash them in a security operation center to do things like advanced hunting, and so what they'll do is take large sets of data and start doing hypothesis driven analytics where they'll be able to kind of think like a bad guy and then they'll have developers or techies next to them building different types of analytics to try to take their mind and put it into an analytic that you can run over a set of data to see, hey, is there an actor on your network performing like that? And so I think we see in the space now a lot of focus around hunting and red teaming, and I think that's kind of the industry's way of trying to take some of that offensive mentality, but then apply it on the defensive side. >> Dave: It just acts like kind of Navy Seal operations in security. >> Right, right, yeah. I mean the challenge is there's a finite set of people in the world that really, truly have that level of tradecraft so the question is, how do you actually deliver that at any level of scale that can make a difference across this broader industry. >> So it's the quantity of those skill sets, and they always say that the amazing thing, again I come back to Stuxnet, was that the code was perfect. >> Brad: Yeah. >> The antivirus guy said, "We've never seen anything like that where the code is just perfect." And you're saying it's just a quantity of skills that enables that, that's how you know it's nation-state, obviously, something like that. >> Yeah, I mean the level of expertise, the skill set, the time it take to be able to mature that tradecraft is many many years, and so I think that when we can crack the bubble of how we can take that expertise, deliver it in a defensive way to provide unique insights that, and do that at scale because just taking one of those folks into an organization doesn't help the whole, right? How can you actually kind of operationalize that to be able to deliver that treadecraft through things like analytics as a service, through manage, detection, and response, at scale so that one person can influence many many organizations at one time. >> And, just before we go, so cyber foresight is available today, it's something you're going to market with. >> Yeah, we just partnered with Splunk, it's available as a part of Splunk ES, it's an add-on, and it provides our analysts the ability to provide insights and be able to operationalize that within Splunk, we're super excited about it and it's been a great partnership with Splunk and their ES team. >> Dave: So you guys are going to market together on this one. >> We are partnered, we're going to market together, and delivering the best of our tradecraft and our intelligence analysts with their platform and product. >> Dave: Alright, good luck with it. >> Hey, thank you, thank you very much, guys. >> Good pair, that's for sure, yeah. Thank you, Brad, for being with us here, and Monday night, let's see how it goes, right? >> Yeah, I'm optimistic. >> Very good, alright. Coach Brad Medairy joining us with his rundown on what's happening at Booz Allen. Back with more here on theCube, you're watching live .conf 2017.