>>Live from Las Vegas. It's the cube covering splunk.com 19 brought to you by Splunk. >>Okay. Welcome back. Everyone live in Las Vegas. We're here for Splunk's dot com I'm John ferry with the Q, this our seventh year covering.com but.com 10th year of their end user conference, their customer conference. That's been exciting to watch the evolution of Splunk and how a lot of it's because of their great products. We have our next guest Pang, senior director of product line management for Splunk business flow. Welcome to the cube. Well I'm glad to have you. One of the successes of Splunk has been great products. They never deviate off the core, kept building on it a year in the senior director of product land for you know, business flows, analytics. All I see everywhere is dashboards and visualizations. It looks so easy. Tell us about what your products are doing. >>Yeah, definitely and you know, I think one of the places to start is just how we moved into this area and start the new product. A lot of people know us for it and security use cases, but a lot of our customers are also using it to address business needs. So what they really saw was the value of Splunk to pull data from across different silos. Um, so in a business sense it could be, I have different systems for maybe my leads sales and closing the books, right? Those are all disparate. It's really hard to pull it together. And so they came to us saying like, we'd love a way to stitch this together and be able to visualize it. And that was really where Splunk business flow was born from. So we actually simplify it by connecting all these disparate data points, creating a full journey view or a process view that you can graphically see what's happening and then point and click and drill in. So it's really opening up a whole new set of users for us with that. And a whole new set of use cases that way. Surely. Yes. So if you think about, we have tons of data, it's tens of events. If you know a common thread like a user and how they might go to the store and then do something online and really understand the customer experience. If you could actually thread that all together, who would knows so much more about their customer experience and that's what we're able to do and we do it seamlessly for them. >>Well the database guy in me from the old eighties college saying, I gotta write a schema for that. I got to store the data. I mean in the old way it was really hard to compare like the pain or even capability >>we're hitting. Exactly the pain point. Right. That's why it's been so hard to do that because it was so rigid. The beauty of Splunk is the scheme on raid aspect of it. So because we store all the data and then we can distract it as needed, we do the search on demand and that's how we're able to actually stitch it together. Yeah. Yeah. And I think like one of the things has been the struggle of, well people have made a lot of probably more conservative decisions earlier on in their data and that's why they weren't able to get the information. And so part the main pain point we always heard was I got one piece of data, but now that I look into it, crap, I need to know what else there is. And then you have, it's another three week cycle, right, to pull that data in, bring it all in. Well now that's all in Splunk. You can just pull it as you need it on. >>It's a use case. Then from an operations standpoint, they're pretty comfortable with handling slug. They know what it means to Splunk, the data. >>Exactly. And we really see it as a partnership between the Splunk admin as well as the business users. The Splunk admin helps to get it all set up and then the business user can actually investigate on their own and they don't need to know SPL or anything like that to be able to use the product. Exactly. That's a great question. So it's a premium solution. So you do need Splunk enterprise or Splunk cloud. And then this is stacks essentially on top of it. Um, and so it uses the underlying Splunk data, but then it's also doing the additional work of doing the correlation across it, stitching it together, providing the visualizations. And then from there you can do things like AB comparison mode. You can see conversion rates, you can drag it, you can drill down all the way into the actual event. So the beauty of it is being able to see the holistic picture but then go down into the individual Avenger. >>It's definitely the business analyst and I think there is some crossover with it and security as well. So we actually had a session here where our own it internal it use focus flow to monitor their ticketing system and look for black hole tickets. So have you, I don't know if you've ever, you know, submit an it ticket. You never hear anything back because it's gotten lost. But yeah, exactly. But what are those, what are those? Zachary, you're very fortunate, but it was one of those problems where you hear a lot of it departments, you know, you might've, because you're outsourcing certain portions, you lose some of those tickets. You don't know what happened. So they were actually able to use the product to see that. But it also applies to people within. Um, one example we have, sorry, I'm thinking of some public customers that we have. So Domino's is a public customer. Um, that was a beta customer that used it for payment processing on, on, um, Superbowl. So like that's another great, >>yeah, the obviously scale is huge there. The data. So I gotta ask the cloud question. Since we brought up cloud, is this service cloud enabled in the sense of, is it on an on premise thing or is it, does the workflow kicked into the analytics? How's the cloud play? >>Yes. So it sits on top of both. Um, so it works either with the Splunk enterprise or Splunk cloud enterprise license essentially. And then the actual architecture of it is a hybrid environment. So we have a hybrid component that's in our own host of cloud that feeds the UI. And the great thing about that is that we're able to update the product very quickly and push out updates to the customers very easily though. So, um, we first announced it back in may of this year and have added additional functionality as part of COF and it did come out of customers and then seeing the opportunity with the machine data. So, um, there are a lot of great stories that we've had historically. I think Dubai airports, you can see some different stories of for pupil piece, the journey together. And so out of those conversations bore was the idea was >>every product line has a list that didn't make the cut on the product is called the roadmap is also new things. What are some of the things that you see big picture areas that you're going to focus in on to extend out the capabilities and value of the product? >>You really see the product evolving the same way that you see a lot of the portfolio for all. So Doug has talked a lot about investigate, monitoring and analyzing and act, right. And so those same concepts apply into how you think about a process as well. So right now we're really helping the investigation and monitoring, but we'll also continue to extend across that spectrum of time. Yeah, definitely in how we've built the product. But also, um, I think it can sit alongside some of the other things that you're also seeing in that realm. >>Final question for you. For people that are watching that couldn't make the conference, what's the biggest, biggest story here for dotcom this year? How would you, >>I mean overall I really think it is our data to everything message that we're discussing. Um, I think today you can really see how we apply in all of these vast areas and really the power of being able to have access and make that data actionable and do something with it. Thank you so much. It's so nice to be with you today. >>John Barry here in the cube coverage here in Las Vegas with dotcom Splunk's annual conference. It's their 10th year, March 7th year covering them. We'll be right back with more day to coverage after this show. >>Right.

>>From Miami beach, Florida. It's the queue covering a Chronis global cyber summit 2019. Brought to you by Acronis. >>Okay. Welcome back. Everyone's cubes coverage here and the Kronos is global cyber summit 2019 and Sarah inaugural event around cyber protection. I'm John Forrey hosted the cube. We're talking to all the thought leaders, experts talking about the platforms. We've got a great guest here, security analyst, author and Ted speaker. Karen Ellis, Zari who runs the besides Tel Aviv. Um, she gave a keynote here. Welcome to the queue. Thanks for coming on. >>Oh, thanks for having me. It's a pleasure. >>Love to have you on. Security obviously is hot. You've been on that wave. Even talking a lot about it. You had talked here and opposed the conference. But for us, before we get into that, I want to get in and explore what you've been doing that besides Tel Aviv, this is the global community that would be runs a cyber week. He wrote a big thing there. >>So that's something that's really important to me. So 10 years ago, hackers and security researchers thing start that somebody called security besides which was an alternative community event for hackers that couldn't find their voice in their space. In the more mainstream events like RSA conference or black hat for example. That's when security besides was born 10 years ago. Now it's a global movement and there's been more than a hundred besides events. Just this year alone, just in 2019 anywhere from Sao Paolo to Cairo, Mexico city, Athens, Colorado, Zurich, London, and in my hometown of Tel Aviv. I was very proud to bring the besides idea and the concept to Tel Aviv five years ago. This year, 2020 will be our fifth year and we'll be, I hope our biggest year yet last summer we had more than 1200 participants. We take place during something called Telaviv cyber week, which if you've never visited Tel Aviv, that's your opportunity next year of Bellevue cyber Wade brings 9,000 people to Israel. >>It's hosted by Tel Aviv university where I'm also a researcher and all of these events are free. They're in English, they are welcoming to people from all sorts of places in all walks of life. We bring people from more than 70 countries and I think it's great that we can have that platform in Israel, in Tel Aviv to share not just our knowledge but also our points of view, our different opinions about the future of cyber security. Tel Aviv university. Yeah. So Tel Aviv university hosts me cyber week and they're also the gracious hosts for the sites televi which runs as a nonprofit separate from the university. >>You know, I love these movements where you have organic, just organic growth. And then we saw that with the unconference wave couple years ago where you know, the fancy conferences got too stuffy to sponsor oriented, right? That's >>right. Yeah. Up there too. They want to have more face to face, more community oriented conversations, more or, yeah. So besides actually the first one was absolutely an unconference and to this day we maintain some of that vibe, that important community aspect of providing a stage for people that really may not have the opportunity to speak at Blackhat or here or there. They may not feel comfortable on a huge with all those lights on them. So we really need to have that community aspect of them and believe it or not. And unconference is how I got on the Ted stage because a producer from Ted actually came all the way to Israel to an unconference in the Northern city of Nazareth in Israel, and she was sitting in the room while I was giving a talk to 15 people in the lobby of a hotel. And it wasn't that, it wasn't, you know, I didn't have a big projector. >>It wasn't a fancy production on any scale, but that's where that took for loser found me and my perspective and decided that this was this sort of point of view deserves to have a bigger stage. Now with digital technologies, the lobby conference, we call it the lobby copy, cons, actions in the hallway, just always kind of cause do you have a programs? It's not about learning anymore at these events because if all you can learn online, it's a face to face communal activity. I think it's a difference between people talking at you. Two people talking with you and that's why I'm very happy to give talks and I'm here focused on sharing my point of view. But I also want to focus on having conversations with people and that's what I've been doing this morning, sharing my points of view, teaching people about how I think the security worlds could look like, learning from them, listening to them. >>And it's really about creating that sort of an atmosphere and there's a lot of tension right now in the security space. I want to get your thoughts on this because you know, I have my personal passion is I really believe that communities is where the action is in a lot of problems can be solved if tapped properly, if they want, if they're not used or if they're, if the collective intelligence of a community can be harnessed. Yes, absolutely. Purity community right now has a imperative mandate, which is there's a lot of to do better. I think good that could be happening. The adversaries are at scale. You seeing, um, you know, zero day out there yet digital warfare going on, you got all kinds of things on a national global scale happening and people are worried. Absolutely. So there's directions, there's a lot of fear, there's a lot of panic going on these days. >>If you're an average individual, you hear about cybersecurity, you're of all hackers, you're thinking, Oh my God, they should turn all of my devices off, go live in the woods with some sheep and that's going to be my future. Otherwise I'm a twist and I agree with you. It's the responsibility, all the security industry and the security community to come together and also harness the power and the potential of the many friendly hackers out there. Friendly hackers such as myself, security researchers and not all security researchers are working in a lab at the university or in the big company and they might want to, you know, be wherever they are in the world, but still contributing. This is why I talk about the hackers immune system, how hackers can actually contribute to an immune system helping us identify vulnerabilities and fix them. And in many cases I found that it's not just a friendly hackers, even the unfriendly ones, even the criminals have a lot to teach us and we can actually not afford not to pay attention, not to be really more immersed, more closely connected with what is happening in the hacker's world, whether it's criminal hackers underground or the friendly hackers who get together at community events, who share their work, who participate on bug bounty platforms, which is a big part of my personal work and my passion bug bounty programs for the viewers who are not familiar with it are frameworks that will help companies that you might rely on like Google or Facebook, United airlines or Starbucks or any company that you can imagine. >>So many big companies now have bug bounty programs in place, allowing them to actively reward individual hackers that are identifying vulnerabilities. Yeah. And they pay him a lot of money to up to millions of dollars. Yes, they do, but it's not just about the money, you know, don't, it's not just amount of money. There's all kinds of other rewards that place as well. Whether it's a fancy, you know, a tee shirt or a sticker, or in the case of Tesla for example, they give out challenge coins, the challenge coins that only go out to the top hackers. I've worked with them now you can't find anything with these challenge coins. You keep the tray, you can trade them in in the store for money. But what you can do is that you get a lot of reputational and you know, unmonitored value out of that as well. Additionally, you know another organization that's called them, the Pentagon has a similar program, so depending on his giving out, not just monetary rewards but challenge coins for hackers that are working with them. >>This reputation kind of system is really cutting edge and I think that's a great point. I personally believe that that will be a big movement in all community behavior because when you start getting into having people arbitrator who's reputable, that's an incentive beyond money. Well, what I've found great I guess, but like reputation also is important. I can tell you this because I've, I've this, I've really dissected and researched this in my academic work and the look at the data from several bug bounty programs and the data that was available. There's all kinds of value on the table. Some of the value is money and you get paid. And you know, last month I heard about the first bug bounty millionaire and he's a guy from Argentina. But the value is not just in the money, it's also reputational value. It's also work value. So some hackers, some security researchers just want to build up their resume and then they get job offers and they start working for companies that may have never looked at them before because they're not graduates of this and that school didn't have this or that upbringing. >>We have to remember that from, from the global perspective, not everybody has access to, you know, the American school system or the Israeli school system. They can't just sign up for a college degree in cybersecurity or engineering if they live in parts of the world where that's not accessible to them. But through being a researcher on the bug bounty platform, they gain up their experience, they gain up their knowhow, and then companies want to work with them and want to hire them. So that's contributing to the, you've seen this really? Yeah. We've seen this and the reports are showing this. The data is showing this, all of the bug bounty programs that ha have reports that come out that show this information as well. Do you see that the hackers on bug bounty pack platforms that usually under 30 a lot of them are. They're 30 they're young people. >>They're making their way into this industry. Now, let me tell you something. When I was growing up in Israel, that was a young hacker. I didn't know any bug bounty programs. None of that stuff was around. Granted, we also didn't have a cyber crime law, so anything I did wasn't officially illegal because we didn't have, yeah, it wouldn't necessarily. Fermentation is good. It certainly was and I was very driven by curiosity, but the point I'm trying to make is that I didn't actually have a legal, legitimate alternative to, you know, the type of hacking that I was doing. There wasn't any other option for me until it was time for me to serve in the Israeli military, which is where I really got my chops. But for people living in parts of the world where they don't have any legitimate legal way to work in cybersecurity, previously, they would have turned to criminal activities to using their knowhow to make money as a cybercriminal. >>Now that alternative of being part of a global immune system is available to them on a legitimate legal pathway, and that's really important for our workforce as well. A lot of people will tell you that cybersecurity workforce needs all the help it can get. There's a shortage of talent gap. A lot of people talk about the talent gap. I believe a big part of the solution is going to come from all of these hackers all over the world that are now accessing the legitimate legal world of cybersecurity or something. I want to amplify that. Certainly after this interview, I'd love to follow up with you. Really, we will come to Tel Aviv. It's on our list for the cube stuff. We'll be there. We'd love to launch loving mutation. What you're talking about is an unforeseen democratization, the positive impact of the world. I want you to just take a minute to explain how this all came together for this. >>With your view on this reputational thing. I talk about the impact. Where does it go beyond just reputational for jobs? What? How does a community flex and organically grow from this and so one thing that I'm very happy to see, I think in the past couple of years, the reputations generally of hackers have become important and that the concept of a hacker is not what we used to think about in the past where we would automatically go to somebody who was a criminal or a bad guy. Did you know that the girl Scouts organization, the U S girl Scouts are now teaching girls Scouts to be hackers. They're teaching them cybersecurity skills. Arguably, I would claim this is a more important skill than making cookies or you know, selling cookies. Certainly a more money to survive in the wilderness. Why not in the digital wilderness? Yes, in a fire counter than that. >>More than that, it's about service. So the girl Scouts organization's always been very dedicated to values of service. Imagine these girls, they're now becoming very knowledgeable about cybersecurity. They can teach their peers, their families, so they can actually help spread. The more you build a more secure world, certainly they could probably start the fire or track a rapid in the forest or whatever it is that girl Scouts used to do that digitally too. That's called tracing. Really motivating that person. I think that's aspiring to many young women. That's very kind of, you actually have to have more voices out there. What can we do differently? What help? What can I do as a guy, as in the industry, I have two daughters. Everyone has, as I get older, I have daughters because they care now, but most men want to help. What can we do as a group? >>So I think you're absolutely right that diversity and inclusivity within the technology workforce is not a problem there. Just the underrepresented groups need to solve by. It's actually an issue for the entire group to solve. It's men or women or any underrepresented minority and overrepresented groups as well because diversity of the workforce will actually help build a more resilient, sustainable workforce and will help with that talent gap, that shortage of people of skilled employees that we mentioned. Others, a few things that you can do. I personally decided to do what I can, so I contributed to a book called women in tech at practical guide and in that book there's also a chapter for allies. So if you're a person that wants to help a woman or women in tech in your community, you are very welcome to check out the book. It's on Amazon, women in tech, a practical guide. >>I'm a contributor to that and myself. I also started a group called leading cyber ladies, which is a global meetup for women in cyber security and we have chapters on events in Israel, in New York city, in Canada, and soon I believe in United Kingdom and Silicon Valley and perhaps in your company or in your community, you could help start a similar group or maybe encourage some of the ladies that you know to start a group, help them by finding a space, creating a safe environment for them to create meetups like that by providing resources, by sponsoring events, by mentoring does a few, a lot of things. Yeah, there's a lot of things that you can do and it's certainly most important to consider that diversity in the workforce is everybody's issue with Cod. Something just one gender or one group needs to figure out how to be a big bang theory. >>You can share with three people, two people, absolutely organic growth or conditional. Yes, certainly. And as men, if you don't want to, you know, start them an event for women because that may seem disingenuous, but you can do certainly encourage the women that you find around you. In your workforce to see if they want to maybe have a meetup and if they do, what kind of help you can offer? Can you run the AB for them? Can you as sponsored lacrosse songs, whatever kind of help that you can offer to create that sort of a space. The reason we we started cyber ladies is because I didn't see enough women speaking at security events, so I wanted to fray the meet up where the women in cybersecurity could share their work network with one another and really build up also their speaking port portfolio, their speaking powers so that they can really feel more comfortable speaking and sharing their work on other events as well. >>Camaraderie there too. Yes, it very important. Thank you so much to you now, what is your, your professional and personal interests these days? What's getting you excited? So there's some of the cool things. That's a fantastic question. So one thing I'm super excited about is that I'm actually collaborating with my sister. So my sister, believe it or not is a lawyer and she's a lawyer who specializing in cyber line, intellectual property privacy, security policy work, and I'm collaborating with her to create a new book which would be a guide to the future of cybersecurity from the hacker's perspective and the lawyers perspective because we are seeing a lot of regulators, a lot of companies that are now really having to follow laws and guidelines and regulations around cybersecurity and we really want to bring these two points of view together. We've already collaborated in the past and in fact my sister has worked on the legal terms of many of the bug bounty programs that I mentioned earlier, including the Tesla program. >>So it's very exciting. I'm very proud to be able to work with my younger sister who followed me into the cyber world. I'm the hacker, she's the lawyer and we are creating something together. Dynamic duo that's going to be, I'm excited to interview her. Yeah, so in my family we call her the tour Vogue version. Can you imagine that together? It's really unstoppable. We didn't have a chance to speak together at the RSA conference earlier this year and that was really unique. Am I going to fall off on that with the book? Well, our platform is your platform. Anything we can do to help you get the word out, super exciting work that you're doing. We think cyber community will be one of the big answers to some of the challenges out there. And we need more education. Law makers and global politicians have to get more tech savvy. Yes, this is a big, everybody, it's everybody's issue. Like I said in this morning speech, everybody's on the front lines. It's not the cyber generals or you know, the hackers in the basements that are fighting. We are on that digital Battlefront and we all have to be safer together. Karen, thanks for your great insights here in energy. Bug bounties are hot. The community is growing. This is the cyber conference here that, uh, Acronis global cyber summit 2019. I'm John Barry here to be back with more coverage after this short break.