(upbeat music) >> Welcome to theCube's continuous coverage of AWS re:Invent 2021. I'm Dave Nicholson, and we are running one of the industry's most important and largest hybrid tech events this year with AWS and its partners with two live sets on the scene. In addition to two remote studios. And we'll have somewhere in the neighborhood of a hundred guests on the program this year at re:Invent. I'm extremely delighted to welcome a very, very special guest. Right now. He served as the director of the NSA under two presidents, and was the first commander of the U.S Cyber Command. He's a Cube alumni, he's founder and co-CEO of IronNet Cybersecurity. General Keith Alexander. Thanks for joining us today General. >> Thanks, David. It's an honor to be here at re:Invent, you know, with AWS. All that they're doing and all they're making possible for us to defend sector states, companies and nations in cyber. So an honor to be here. >> Well, welcome back to theCube. Let's dive right in. I'd like to know how you would describe the current cyber threat landscape that we face. >> Well, I think it's growing. Well, let's start right out. You know, the good news or the bad news, the bad news is getting worse. We're seeing that. If you think about SolarWinds, you think about the Hafnium attacks on Microsoft. You think about this rapid growth in ransomware. We're seeing criminals and nation states engaging in ways that we've never seen in the past. It's more blatant. They're going after more quickly, they're using cyber as an element of national power. Let's break that down just a little bit. Do you go back to two, July. Xi Jinping, talked about breaking heads in bloodshed when he was referring to the United States and Taiwan. And this has gone hot and cold, that's a red line for him. They will do anything to keep Taiwan from breaking away. And this is a huge existential threat to us into the region. And when this comes up, they're going to use cyber to go after it. Perhaps even more important and closer right now is what's going on with Russia in the Donbas region of eastern Ukraine. We saw this in 2014, when Russia took over the Crimea. The way they did it, staging troops. They did that in 2008 against Georgia. And now there are, by some reports over a hundred thousand troops on the border of Eastern Ukraine. Some call it an exercise, but that's exactly what they did in Georgia. That's what they did in the Crimea. And in both those cases, they preceded those attacks, those physical attacks with cyber attacks. If you go to 2017, when Russia hit the Ukrainian government with the NotPetya attack that had global repercussions. Russia was responsible for SolarWinds, they have attacked our infrastructure to find out what our government is doing and they continue going. This is getting worse. You know, it's interesting when you think about, so what do you do about something like that? How do we stop that? And the answer is we've got to work together. You know, Its slam commissioner addressed it. The meeting with the president on August 25th. This is a great statement by the CEO and chairman of Southern Company, Tom Fanning. He said this, "the war is being waged on our nation's critical infrastructure in particular, our energy sector, our telecommunications sector and financial sector." The private sector owns and operates 87% of the critical infrastructure in the United States, making collaboration between industry and the federal government imperative too, for these attacks. SO >> General, I want to dig just a little bit on that point that you make for generations, people have understood that the term is 'kinetic war', right? Not everyone has heard that phrase, but for generations we've understood the concept of someone dropping a bomb on a building as being an attack. You've just mentioned that, that a lot of these attacks are directed towards the private sector. The private sector doesn't have an army to respond to those attacks. Number one, that's our government's responsibility. So the question I have is, how seriously are people taking these kinds of threats when compared to the threat of kinetic war? Because my gosh, you can take down the entire electrical grid now. That's not something you can do with a single bomb. What are your, what are your thoughts on that? >> So you're hitting on a key point, a theoretical and an operational point. If you look back, what's the intent of warfare? It's to get the mass of people to give up. The army protects the mass of people in that fight. In cyber, there's no protection. Our critical infrastructure is exposed to our adversaries. That's the problem that we face. And because it's exposed, we have a tremendous vulnerability. So those who wish us harm, imagine the Colonial Pipeline attack an order of magnitude or two orders of magnitude bigger. The impact on our country would paralyze much of what we do today. We are not ready for that. That's the issue that Tom Fanning and others have brought up. We don't practice between the public sector and the private sector working together to defend this country. We need to do that. That's the issue that we have to really get our hands around. And when we talk about practice, what do we mean? It means we have to let that federal government, the ones that are going to protect us, see what's going on. There is no radar picture. Now, since we're at re:Invent, the cloud, where AWS and others have done, is create an infrastructure that allows us to build that bridge between the public and private sector and scale it. It's amazing what we can now do. We couldn't do that when I was running Cyber Command. And running Cyber Command, we couldn't see threats on the government. And we couldn't see threats on critical infrastructure. We couldn't see threats on the private sector. And so it all went and all the government did was say, after the fact you've been attacked. That's not helpful. >> So >> It's like they dropped a bomb. We didn't know. >> Yeah, so what does IronNet doing to kind of create this radar capability? >> So, well, thanks. That's a great question because there's four things that you really got to do. First. You've got to be able to detect the SolarWinds type attacks, which we did. You've got to have a hunt platform that can see what it is. You've got to be able to use machine learning and AI to really cut down the number of events. And the most important you need to be able to anonymize and share that into the cloud and see where those attacks are going to create that radar picture. So behavioral analytics, then you use signature based as well, but you need those sets of analytics to really see what's going on. Machine learning, AI, a hunt platform, and cloud. And then analytics in the cloud to see what's going on, creates that air traffic control, picture radar, picture for cyber. That's what we're doing. You see, I think that's the important part. And that's why we really value the partnership with AWS. They've been a partner with us for six years, helping us build through that. You can see what we can do in the cloud. We could never do in hardware alone. Just imagine trying to push out equipment and then do that for hundreds of companies. It's not viable. So SaaS, what we are as a SaaS company, you can now do that at scale, and you can push this out and we can create, we can defend this nation in cyber if we work together. And that's the thing, you know, I really, had a great time in the military. One of the things I learned in the military, you need to train how you're going to fight. They're really good at that. We did that in the eighties, and you can see what happened in 1990 in the Gulf war. We need to now do that between the public and private sector. We have to have those training. We need to continuously uplift our capabilities. And that's where the cloud and all these other things make that possible. That's the future of cybersecurity. You know, it's interesting David, our country developed the internet. We're the ones that pioneered that. We ought to be the first to secure. >> Seems to make sense. And when you talk about collective defense in this private public partnership, that needs to happen, you get examples of some folks in private industry and what they're doing, but, but talk a little bit more about, maybe what isn't happening yet. What do we need to do? I don't want you to necessarily get political and start making budgetary suggestions, but unless you want to, but what, but where do you see, where do we really need to push forward from a public perspective in order to make these connections? And then how is that connection actually happen? This isn't someone from the IronNet security service desk, getting on a red phone and calling the White House, how are the actual connections made? >> So it has to be, the connections have to be just like we do radar. You know, when you think about radars across our nation or radar operator doesn't call up one of the towers and say, you've got an aircraft coming at you at such and such a speed. I hope you can distinguish between those two aircraft and make sure they don't bump into each other. They get a picture and they get a way of tracking it. And multiple people can see that radar picture at a speed. And that's how we do air traffic control safety. We need the same thing in cyber, where the government has a picture. The private sector has a picture and they can see what's going on. The private sector's role is I'm going to do everything I can, you know, and this is where the energy sector, I use that quote from Tom Fanning, because what they're saying is, "it's our job to keep the grid up." And they're putting the resources to do it. So they're actually jumping on that in a great way. And what they're saying is "we'll share that with the government", both the DHS and DOD. Now we have to have that same picture created for DHS and DOD. I think one of the things that we're doing is we're pioneering the building of that picture. So that's what we do. We build the picture to bring people together. So think of that is that's the capability. Everybody's going to own a piece of that, and everybody's going to be operating in it. But if you can share that picture, what you can begin to do is say, I've got an attack coming against company A. Company A now sees what it has to do. It can get fellow companies to help them defend, collective defense, knowledge sharing, crowdsourcing. At the same time, the government can see that attack going on and say, "my job is to stop that." If it's DHS, I could see what I have to do. Within the country, DOD can say, "my job is to shoot the archers." How do we go do what we're authorized to do under rules of engagement? So now you have a way of the government and the private sector working together to create that picture. Then we train them and we train them. We should never have had an event like SolarWinds happen in the future. We got to get out in front. And if we do that, think of the downstream consequences, not only can we detect who's doing it, we can hold them accountable and make them pay a price. Right now. It's pretty free. They get in, pap, that didn't work. They get away free. That didn't work, we get away free. Or we broke in, we got, what? 18,000 companies in 30,000 companies. No consequences. In the future there should be consequences. >> And in addition to the idea of consequences, you know, in the tech sector, we have this concept of a co-op petition, where we're often cooperating and competing. The adversaries from, U.S perspective are also great partners, trading partners. So in a sense, it sounds like what you're doing is also kind of adhering to the old adage that, that good fences make for great neighbors. If we all know that our respective infrastructures are secure, we can sort of get on with the honest business of being partners, because you want to make the cost of cyber war too expensive. Is that, is that a fair statement? >> Yes. And I would take that analogy and bend it slightly to the following. Today every company defends itself. So you take 90 companies with 10 people, each doing everything they can to defend themselves. Imagine in the world we trying to build, those 90 companies work together. You have now 900 people working together for the collective defense. If you're in the C-suite or the board of those companies, which would rather have? 900 help new security or 10? This isn't hard. And so what we say is, yes. That neighborhood watch program for cyber has tremendous value. And beyond neighborhood watch, I can also share collaboration because, I might not have the best people in every area of cyber, but in those 900, there will be, and we can share knowledge crowdsource. So it's actually let's work together. I would call it Americans working together to defend America. That's what we need to do. And the states we going to have a similar thing what they're doing, and that's how we'll work this together. >> Yeah. That makes a lot of sense. General Alexander it's been a pleasure. Thanks so much for coming on to theCube as part of our 2021 AWS re:Invent coverage. Are you going to get a chance to spend time during the conference in Las Vegas? So you just flying in, flying out. Any chance? >> Actually yeah. >> It's there, we're still negotiating working that. I've registered, but I just don't know I'm in New York city for two meetings and seeing if I can get to Las Vegas. A lot of friends, you know, Adam Solski >> Yes >> and the entire AWS team. They're amazing. And we really liked this partnership. I'd love to see you there. You're going to be there, David? Absolutely. Yes, absolutely. And I look forward to that, so I hope hopefully we get that chance again. Thank you so much, General Alexander, and also thank you to our title sponsor AMD for sponsoring this year's re:Invent. Keep it right here for more action on theCube, you're leader in hybrid tech event coverage, I'm Dave Nicholson for the Cube. Thanks. (upbeat music)

(bright music) >> Hello and welcome to today's session of the 2021 AWS Global Public Sector Partner Awards for the award for Best Partner Transformation, Best Cybersecurity Solution. I'm now honored to welcome our next guests, General Keith Alexander, Founder, and Co-CEO of IronNet Cybersecurity, as well as Gil Quiniones, President and CEO of the New York Power Authority. Welcome to the program gentlemen, delighted to have you here. >> Good to be here. >> Terrific. Well, General Alexander, I'd like to start with you. Tell us about the collective defense program or platform and why is it winning awards? >> Well, great question and it's great to have Gil here because it actually started with the energy sector. And the issue that we had is how do we protect the grid? The energy sector CEOs came together with me and several others and said, how do we protect this grid together? Because we can't defend it each by ourselves. We've got to defend it together. And so the strategy that IronNet is using is to go beyond what the conventional way of sharing information known as signature-based solutions to behavioral-based so that we can see the events that are happening, the unknown unknowns, share those among companies and among both small and large in a way that helps us defend because we can anonymize that data. We can also share it with the government. The government can see a tax on our country. That's the future, we believe, of cybersecurity and that collective defense is critical for our energy sector and for all the companies within it. >> Terrific. Well, Gil, I'd like to shift to you. As the CEO of the largest state public power utility in the United States, why do you think it's so important now to have a collective defense approach for utility companies? >> Well, the utility sector lied with the financial sector as number one targets by our adversaries and you can't really solve cybersecurity in silos. We, NYPA, my company, New York Power Authority alone cannot be the only one and other companies doing this in silos. So what's really going to be able to be effective if all of the utilities and even other sectors, financial sectors, telecom sectors cooperate in this collective defense situation. And as we transform the grid, the grid is getting transformed and decentralized. We'll have more electric cars, smart appliances. The grid is going to be more distributed with solar and batteries charging stations. So the threat surface and the threat points will be expanding significantly and it is critical that we address that issue collectively. >> Terrific. Well, General Alexander, with collective defense, what industries and business models are you now disrupting? >> Well, we're doing the energy sector, obviously. Now the defense industrial base, the healthcare sector, as well as international partners along the way. And we have a group of what we call technical and other companies that we also deal with and a series of partner companies, because no company alone can solve this problem, no cybersecurity company alone. So partners like Amazon and others partner with us to help bring this vision to life. >> Terrific. Well, staying with you, what role does data and cloud scale now play in solving these security threats that face the businesses, but also nations? >> That's a great question. Because without the cloud, bringing collective security together is very difficult. But with the cloud, we can move all this information into the cloud. We can correlate and show attacks that are going on against different companies. They can see that company A, B, C or D, it's anonymized, is being hit with the same thing. And the government, we can share that with the government. They can see a tax on critical infrastructure, energy, finance, healthcare, the defense industrial base or the government. In doing that, what we quickly see is a radar picture for cyber. That's what we're trying to build. That's where everybody's coming together. Imagine a future where attacks are coming against our country can be seen at network speed and the same for our allies and sharing that between our nation and our allies begins to broaden that picture, broaden our defensive base and provide insights for companies like NYPA and others. >> Terrific. Well, now Gil, I'd like to move it back to you. If you could describe the utility landscape and the unique threats that both large ones and small ones are facing in terms of cybersecurity and the risks, the populous that live there. >> Well, the power grid is an amazing machine, but it is controlled electronically and more and more digitally. So as I mentioned before, as we transform this grid to be a cleaner grid, to be more of an integrated energy network with solar panels and electric vehicle charging stations and wind farms, the threat is going to be multiple from a cyber perspective. Now we have many smaller utilities. There are towns and cities and villages that own their poles and wires. They're called municipal utilities, rural cooperative systems, and they are not as sophisticated and well-resourced as a company like the New York Power Authority or our investor on utilities across the nation. But as the saying goes, we're only as strong as our weakest link. And so we need- >> Terrific. >> we need to address the issues of our smaller utilities as well. >> Yeah, terrific. Do you see a potential for more collaboration between the larger utilities and the smaller ones? What do you see as the next phase of defense? >> Well, in fact, General Alexander's company, IronNet and NYPA are working together to help bring in the 51 smaller utilities here in New York in their collective defense tool, the IronDefense or the IronDome as we call it here in New York. We had a meeting the other day, where even thinking about bringing in critical state agencies and authorities. The Metropolitan Transportation Authority, Port Authority of New York and New Jersey, and other relevant critical infrastructure state agencies to be in this cloud and to be in this radar of cybersecurity. And the beauty of what IronNet is bringing to this arrangement is they're trying to develop a product that can be scalable and affordable by those smaller utilities. I think that's important because if we can achieve that, then we can replicate this across the country where you have a lot of smaller utilities and rural cooperative systems. >> Yeah. Terrific. Well, Gil, staying with you. I'd love to learn more about what was the solution that worked so well for you? >> In cybersecurity, you need public-private partnerships. So we have private companies like IronNet that we're partnering with and others, but also partnering with state and federal government because they have a lot of resources. So the key to all of this is bringing all of that information together and being able to react, the General mentioned, network speed, we call it machine speed, has to be quick and we need to protect and or isolate and be able to recover it and be resilient. So that's the beauty of this solution that we're currently developing here in New York. >> Terrific. Well, thank you for those points. Shifting back to General Alexander. With your depth of experience in the defense sector, in your view, how can we stay in front of the attacks, mitigate them, and then respond to them before any damage is done? >> So having run our nations, the offense. I know that the offense has the upper hand almost entirely because every company and every agency defends itself as an isolated entity. Think about 50 mid-sized companies, each with 10 people, they're all defending themselves and they depend on that defense individually and they're being attacked individually. Now take those 50 companies and their 10 people each and put them together and collect the defense where they share information, they share knowledge. This is the way to get out in front of the offense, the attackers that you just asked about. And when people start working together, that knowledge sharing and crowdsourcing is a solution for the future because it allows us to work together where now you have a unified approach between the public and private sectors that can share information and defend each of the sectors together. That is the future of cybersecurity. What makes it possible is the cloud, by being able to share this information into the cloud and move it around the cloud. So what Amazon has done with AWS has exactly that. It gives us the platform that allows us to now share that information and to go at network speed and share it with the government in an anonymized way. I believe that will change radically how we think about cybersecurity. >> Yeah. Terrific. Well, you mention data sharing, but how is it now a common tactic to get the best out of the data? And now, how is it sharing data among companies accelerated or changed over the past year? And what does it look like going forward when we think about moving out of the pandemic? >> So first, this issue of sharing data, there's two types of data. One about the known threats. So sharing that everybody knows because they use a signature-based system and a set of rules. That shared and that's the common approach to it. We need to go beyond that and share the unknown. And the way to share the unknown is with behavioral analytics. Detect behaviors out there that are anonymous or anomalous, are suspicious and are malicious and share those and get an understanding for what's going on in company A and see if there's correlations in B, C and D that give you insights to suspicious activity. Like solar winds, recognizes solar winds at 18,000 companies, each defending themselves. None of them were able to recognize that. Using our tools, we did recognize it in three of our companies. So what you can begin to see is a platform that can now expand and work at network speed to defend against these types of attacks. But you have to be able to see that information, the unknown unknowns, and quickly bring people together to understand what that means. Is this bad? Is this suspicious? What do I need to know about this? And if I can share that information anonymized with the government, they can reach in and say, this is bad. You need to do something about it. And we'll take the responsibility from here to block that from hitting our nation or hitting our allies. I think that's the key part about cybersecurity for the future. >> Terrific. General Alexander, ransomware of course, is the hottest topic at the moment. What do you see as the solution to that growing threat? >> So I think, a couple things on ransomware. First, doing what we're talking about here to detect the phishing and the other ways they get in is an advanced way. So protect yourself like that. But I think we have to go beyond, we have to attribute who's doing it, where they're doing it from and hold them accountable. So helping provide that information to our government as it's going on and going after these guys, making them pay a price is part of the future. It's too easy today. Look at what happened with the DarkSide and others. They hit Colonial Pipeline and they said, oh, we're not going to do that anymore. Then they hit a company in Japan and prior to that, they hit a company in Norway. So they're attacking and they pretty much operate at will. Now, let's indict some of them, hold them accountable, get other governments to come in on this. That's the way we stop it. And that requires us to work together, both the public and private sector. It means having these advanced tools, but also that public and private partnership. And I think we have to change the rhetoric. The first approach everybody takes is, Colonial, why did you let this happen? They're a victim. If they were hit with missiles, we wouldn't be asking that, but these were nation state like actors going after them. So now our government and the private sector have to work together and we need to change that to say, they're victim, and we're going to go after the guys that did this as a nation and with our allies. I think that's the way to solve it. >> Yeah. Well, terrific. Thank you so much for those insights. Gil, I'd also like to ask you some key questions and of course, certainly people today have a lot of concerns about security, but also about data sharing. How are you addressing those concerns? >> Well, data governance is critical for a utility like the New York Power Authority. A few years ago, we declared that we aspire to be the first end-to-end digital utility. And so by definition, protecting the data of our system, our industrial controls, and the data of our customers are paramount to us. So data governance, considering data or treating data as an asset, like a physical asset is very, very important. So we in our cybersecurity, plans that is a top priority for us. >> Yeah. And Gil thinking about industry 4.0, how has the surface area changed with Cloud and IoT? >> Well, it's grown significantly. At the power authority, we're installing sensors and smart meters at our power plants, at our substations and transmission lines, so that we can monitor them real time, all the time, know their health, know their status. Our customers we're monitoring about 15 to 20,000 state and local government buildings across our states. So just imagine the amount of data that we're streaming real time, all the time into our integrated smart operations center. So it's increasing and it will only increase with 5G, with quantum computing. This is just going to increase and we need to be prepared and integrate cyber into every part of what we do from beginning to end of our processes. >> Yeah. And to both of you actually, as we see industry 4.0 develop even further, are you more concerned about malign actors developing more sophistication? What steps can we take to really be ahead of them? Let's start with General Alexander. >> So, I think the key differentiator and what the energy sector is doing, the approach to cybersecurity is led by CEOs. So you bring CEOs like Gil Quiniones in, you've got other CEOs that are actually bringing together forums to talk about cybersecurity. It is CEO led. That the first part. And then the second part is how do we train and work together, that collective defense. How do we actually do this? I think that's another one that NYPA is leading with West Point in the Army Cyber Institute. How can we start to bring this training session together and train to defend ourselves? This is an area where we can uplift our people that are working in this process, our cyber analysts if you will at the security operations center level. By training them, giving them hard tests and continuing to go. That approach will uplift our cybersecurity and our cyber defense to the point where we can now stop these types of attacks. So I think CEO led, bring in companies that give us the good and bad about our products. We'd like to hear the good, we need to hear the bad, and we needed to improve that, and then how do we train and work together. I think that's part of that solution to the future. >> And Gil, what are your thoughts as we embrace industry 4.0? Are you worried that this malign actors are going to build up their own sophistication and strategy in terms of data breaches and cyber attacks against our utility systems? What can we do to really step up our game? >> Well, as the General said, the good thing with the energy sector is that on the foundational level, we're the only sector with mandatory regulatory requirements that we need to meet. So we are regulated by the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation to meet certain standards in cyber and critical infrastructure. But as the General said, the good thing with the utility is by design, just like storms, we're used to working with each other. So this is just an extension of that storm restoration and other areas where we work all the time together. So we are naturally working together when it comes to to cyber. We work very closely with our federal government partners, Department of Homeland Security, Department of Energy and the National Labs. The National Labs have a lot of expertise. And with the private sector, like great companies like IronNet, NYPA, we stood up an excellence, center of excellence with private partners like IronNet and Siemens and others to start really advancing the art of the possible and the technology innovation in this area. And as the governor mentioned, we partnered with West Point because just like any sporting or just any sport, actual exercises of the red team, green team, and doing that constantly, tabletop exercises, and having others try and breach your walls. Those are good exercises to really be ready against the adversaries. >> Yeah. Terrific. Thank you so much for those insights. General Alexander, now I'd like to ask you this question. Can you share the innovation strategy as the world moves out of the pandemic? Are we seeing new threats, new realities? >> Well, I think, it's not just coming out of the pandemic, but the pandemic actually brought a lot of people into video teleconferences like we are right here. So more people are working from home. You add in the 5G that Gil talked about that gives you a huge attack surface. You're thinking now about instead of a hundred devices per square kilometer up to a million devices. And so you're increasing the attack surface. Everything is changing. So as we come out of the pandemic, people are going to work more from home. You're going to have this attack surface that's going on, it's growing, it's changing, it's challenging. We have to be really good about now, how we trained together, how we think about this new area and we have to continue to innovate, not only what are the cyber tools that we need for the IT side, the internet and the OT side, operational technology. So those kinds of issues are facing all of us and it's a constantly changing environment. So that's where that education, that training, that communication, working between companies, the customers, the NYPA's and the IronNet's and others and then working with the government to make sure that we're all in sync. It's going to grow and is growing at an increased rate exponentially. >> Terrific. Thank you for that. Now, Gil, same question for you. As a result of this pandemic, do you see any kind of new realities emerging? What is your position? >> Well, as the General said, most likely, many companies will be having this hybrid setup. And for company's life like mine, I'm thinking about, okay, how many employees do I have that can access our industrial controls in our power plants, in our substations, and transmission system remotely? And what will that mean from a risk perspective, but even on the IT side, our business information technology. You mentioned about the Colonial Pipeline type situation. How do we now really make sure that our cyber hygiene of our employees is always up-to-date and that we're always vigilant from potential entry whether it's through phishing or other techniques that our adversaries are using. Those are the kinds of things that keep myself like a CEO of a utility up at night. >> Yeah. Well, shifting gears a bit, this question for General Alexander. How come supply chain is such an issue? >> Well, the supply chain, of course, for a company like NYPA, you have hundreds or thousands of companies that you work with. Each of them have different ways of communicating with your company. And in those communications, you now get threats. If they get infected and they reach out to you, they're normally considered okay to talk to, but at the same time that threat could come in. So you have both suppliers that help you do your job. And smaller companies that Gil has, he's got the 47 munis and four co-ops out there, 51, that he's got to deal with and then all the state agencies. So his ecosystem has all these different companies that are part of his larger network. And when you think about that larger network, the issue becomes, how am I going to defend that? And I think, as Gil mentioned earlier, if we put them all together and we operate and train together and we defend together, then we know that we're doing the best we can, especially for those smaller companies, the munis and co-ops that don't have the people and a security ops centers and other things to defend them. But working together, we can help defend them collectively. >> Terrific. And I'd also like to ask you a bit more on IronDefense. You spoke about its behavioral capabilities, it's behavioral detection techniques, excuse me. How is it really different from the rest of the competitive landscape? What sets it apart from traditional cybersecurity tools? >> So traditional cybersecurity tools use what we call a signature-based system. Think of that as a barcode for the threat. It's a specific barcode. We use that barcode to identify the threat at the firewall or at the endpoint. Those are known threats. We can stop those and we do a really good job. We share those indicators of compromise in those barcodes, in the rules that we have, Suricata rules and others, those go out. The issue becomes, what about the things we don't know about? And to detect those, you need behavioral analytics. Behavioral analytics are a little bit noisier. So you want to collect all the data and anomalies with behavioral analytics using an expert system to sort them out and then use collected defense to share knowledge and actually look across those. And the great thing about behavioral analytics is you can detect all of the anomalies. You can share very quickly and you can operate at network speed. So that's going to be the future where you start to share that, and that becomes the engine if you will for the future radar picture for cybersecurity. You add in, as we have already machine learning and AI, artificial intelligence, people talk about that, but in this case, it's a clustering algorithms about all those events and the ways of looking at it that allow you to up that speed, up your confidence in and whether it's malicious, suspicious or benign and share that. I think that is part of that future that we're talking about. You've got to have that and the government can come in and say, you missed something. Here's something you should be concerned about. And up the call from suspicious to malicious that gives everybody in the nation and our allies insights, okay, that's bad. Let's defend against it. >> Yeah. Terrific. Well, how does the type of technology address the President's May 2021 executive order on cybersecurity as you mentioned the government? >> So there's two parts of that. And I think one of the things that I liked about the executive order is it talked about, in the first page, the public-private partnership. That's the key. We got to partner together. And the other thing it went into that was really key is how do we now bring in the IT infrastructure, what our company does with the OT companies like Dragos, how do we work together for the collective defense for the energy sector and other key parts. So I think it is hit two key parts. It also goes on about what you do about the supply chain for software were all needed, but that's a little bit outside what we're talking about here today. The real key is how we work together between the public and private sector. And I think it did a good job in that area. >> Terrific. Well, thank you so much for your insights and to you as well, Gil, really lovely to have you both on this program. That was General Keith Alexander, Founder and Co-CEO of IronNet Cybersecurity, as well as Gil Quiniones, the President and CEO of the New York Power Authority. That's all for this session of the 2021 AWS Global Public Sector Partner Awards. I'm your host for theCUBE, Natalie Erlich. Stay with us for more coverage. (bright music)

(upbeat music) >> Live, from Washington DC. It's theCUBE. Covering AWS Public Sector Summit. Brought to you by Amazon Web Services. >> Welcome back everyone to theCUBE's live coverage of the AWS Public Sector Summit here in Washington DC. I'm your host Rebecca Knight, co-hosting alongside of John Furrier. We are excited to welcome to the program, General Keith Alexander former NSA Director, the first Commander to lead the US Cyber Command, Four-star General with a 40 year career. Thank you so much for coming theCUBE, we are honored, we are honored to have you. >> It is an honor to be here. Thank you. >> So let's talk about cyber threats. Let's start there and have you just give us your observations, your thoughts on what are the most pressing cyber threats that keep you up at night? >> Well, so, when you think about threats, you think about Nation States, so you can go to Iran, Russia, China, North Korea. And then you think about criminal threats, well all the things like ransomware. Some of the Nation State actors are also criminals at night so they can use Nation State tools. And my concern about all the evolution of cyber-threats, is that the attacks are getting more destructive, the malware has more legs with worms and the impact on our commercial sector and our nation, increasingly bigger. So you have all those from cyber. And then I think the biggest impact to our country is the theft of intellectual property, right. That's our future. So you look out on this floor here, think about all the technical talent. Now imagine that every idea that we have, somebody else is stealing, making a product out of it, competing with us, and beating us. That's kind of what Huawei did, taking CISCO code to make Huawei, and now they're racing down that road. So we have a couple of big issues here to solve, protect our future, that intellectual property, stop the theft of money and other ideas, and protect our nation. So when you think about cyber, that's what I think about going to. Often times I'll talk about the Nation State threat. The most prevalent threats is this criminal threat and the most, I think, right now, important for us strategically is the theft of intellectual property. >> So why don't we just have a digital force to counter all this? Why doesn't, you know, we take the same approach we did when we, you know, we celebrated the 75th anniversary D-day, okay, World War II, okay, that was just recently in the news. That's a physical war, okay. We have a digital war happening whether you call it or not. I think it is, personally my opinion. I think it is. You're seeing the misinformation campaigns, financial institutions leaving England, like it's nobody's business. I mean it crippled the entire UK, that like a big hack. Who knows? But its happening digitally. Where's the forces? Is that Cyber Command? What do you do? >> So that's Cyber Command. You bring out an important issue. And protecting the nation, the reason we set up Cyber Command not just to get me promoted, but that was a good outcome. (laughing) But it was actually how do we defend the country? How do we defend ourselves in cyber? So you need a force to do it. So you're right, you need a force. That force is Cyber Command. There's an issue though. Cyber Command cannot see today, attacks on our country. So they're left to try to go after the offense, but all the offense has to do is hit over here. They're looking at these sets of targets. They don't see the attacks. So they wouldn't have seen the attack on Sony. They don't see these devastating attacks. They don't see the thefts. So the real solution to what you bring up is make it visible, make it so our nation can defend itself from cyber by seeing the attacks that are hitting us. That should help us protect companies in sectors and help us share that information. It has to be at speed. So we talk about sharing, but it's senseless for me to send you for air traffic control, a letter, that a plane is located overhead. You get it in the mail seven days later, you think, well-- >> Too late. >> That's too late. >> Or fighting blindfolded. >> That's right. >> I mean-- >> So you can't do either. And so what it gets you to, is we have to create the new norm for visibility in cyber space. This does a whole host of things and you were good to bring out, it's also fake news. It's also deception. It's all these other things that are going on. We have to make that visible. >> How do you do that, though? >> What do you do? I do that. (laughing) So the way you do it, I think, is start at the beginning. What's happening to the network? So, on building a defensible framework, you've got to be able to see the attacks. Not what you expect, but all the attacks. So that's anomaly detection. So that's one of the things we have to do. And then you have to share that at network speed. And then you have to have a machine-learning expert system AI to help you go at the speeds the attacker's going to go at. On fake-news, this is a big problem. >> Yeah. >> You know. This has, been throughout time. Somebody pointed out about, you know, George Washington, right, seven fake letters, written to say, "Oh no, I think the King's good." He never wrote that. And the reason that countries do it, like Russia, in the elections, is to change something to more beneficial for them. Or at least what they believe is more beneficial. It is interesting, MIT has done some studies, so I've heard, on this. And that people are 70% more like to re-Tweet, re-Tweet fake news than they are the facts. So. >> Because it's more sensational, because it's-- >> That's food. It's good for you, in a way. But it's tasty. >> Look at this. It's kind of something that you want to talk about. "Can you believe what these guys are doing? "That's outrageous, retweet." >> Not true. >> Not true. Oh, yeah, but it makes me mad just thinking about it. >> Right, right. >> And so, you get people going, and you think, You know, it's like going into a bar and you know, you go to him, "He thinks you're ugly." and you go to me, and you go, "He thinks you're ugly." (laughs) And so we get going and you started it and we didn't even talk. >> Right, right. >> And so that's what Russia does. >> At scale too. >> At scale. >> At the scale point. >> So part of the solution to that is understanding where information is coming from, being able to see the see the environment like you do the physical environment at speed. I think step one, if I were to pick out the logical sequence of what'll happen, we'll get to a defensible architecture over the next year or two. We're already starting to see that with other sectors, so I think we can get there. As soon as you do that, now you're into, how do I know that this news is real. It's kind of like a block-chain for facts. How do we now do that in this way. We've got to figure that out. >> We're doing our part there. But I want to get back to this topic of infrastructure, because digital, okay, there's roads, there's digital roads, there's packets moving round. You mentioned Huawei ripping off CISCO, which takes their R and D and puts it in their pockets. They have to get that. But we let fake news and other things, you've got payload, content or payload, and then you've got infrastructure distribution. Right, so, we're getting at here as that there are literally roads and bridges and digital construction apparatus, infrastructure, that needs to be understood, addressed, monitored, or reset, because you've had email that's been around for awhile. But these are new kinds of infrastructure, but the payload, malware, fake news, whatever it is. There's an interaction between payload and infrastructure. Your thoughts and reaction to that as a Commander, thinking about how to combat all this? >> I, my gut reaction, is that you're going to have to change, we will have to change, how we think about that. It's not any more roads and avenues in. It's all the environment. You know, it's like this whole thing. Now the whole world is opened up. It's like the Matrix. You open it up and there it is. It's everything. So what we have to do is think about is if it's everything, how do we now operate in a world where you have both truths and fiction? That's the harder problem. So that's where I say, if we solve the first problem, we're so far along in establishing perhaps the level so it raises us up to a level where we're now securing it, where we can begin to see now the ideas for the pedigree of information I think will come out. If you think about the amount of unique information created every year, there are digital videos that claim it's doubling every year or more. If that's true, that half of, 75% of it is fiction, we've got a big road to go. And you know there is a lot of fiction out there, so we've got to fix it. And the unfortunate part is both sides of that, both the fiction and the finding the fiction, has consequences because somebody says that "A wasn't true, "That person, you know, they're saying, he was a rapist, "he was a robber, he was a drugger," and then they find out it was all fake, but he still has that stigma. And then the person over here says, "See, they accused me of that. "They're out to get me in other areas. "They can exclaim what they want." >> But sometimes the person saying that is also a person who has a lot of power in our government, who is saying that it's fake news, when it's not fake news, or, you know what, I-- >> So that's part of the issue. >> It's a very different climate >> Some of it is fake. Some of it's not. And that's what makes it so difficult for the public. So you could say, "That piece was fake, "maybe not the other six." But the reality is, and I think this is where the media can really help. This is where you can help. How do we set up the facts? And I think that's the hardest part. >> It's the truth. >> Yeah, yeah. >> It's a data problem. And you know, we've talked about this off camera in the past. Data is critical for the systems to work. The visibility of the data. Having contextual data, the behavioral data. This gets a lot of the consequences. There's real consequences to this one. Theft, IP, freedom, lives. My son was video-gaming the other day and I could hear his friends all talking, "What's your ping start word? "What's your ping time? "I got lag, I'm dead." And this is a video game. Military, lagging, is not a game. People are losing their lives, potentially if they don't have the right tactical edge, access to technology. I know this is near and dear to your heart. I want to get your reaction. The Department of Defense is deploying strategies to make our military in the field, which represents 85% infantry, I believe, some statistic around that number, is relying on equipment. Technology can help, you know, that. Your thoughts on, the same direction. >> Going to the Cloud. Their effort to go to the Cloud is a great step forward, because it addresses just what you're saying. You know, everybody used to have their own data centers. But a data center has a fixed amount of computational capability. Once you reach it, you have to get another data center, or you just live with what you've got. In the Cloud if the problem's bigger, elasticity. Just add more corridors. And you can do things now that we could never do before. Perhaps even more importantly, you can make the Clouds global. And you can see around the world. Now you're talking about encrypted data. You're talking about ensuring that you have a level of encryption that you need, accesses and stuff. For mobile forces, that's the future. You don't carry a data center around with an infantry battalion. So you want that elasticity and you need the connectivity and you need the training to go with it. And the training gets you to what we were just talking about. When somebody serves up something wrong, and this happened to me in combat, in Desert Storm. We were launched on, everybody was getting ready to launch on something, and I said, "This doesn't sound right." And I told the Division Commander, "I don't agree. "I think this is crazy. "The Iraqis are not attacking us down this line. "I think it's old news. "I think somebody's taken an old report that we had "and re-read it and said oh my God, they're coming." And when we found out that was a JSTARS, remember how the JSTARS MTI thing would off of a wire, would look like a convoy. And that's what it was. So you have to have both. >> So you were on the cusp of an attack, deploying troops. >> That's right. >> On fake information, or misinformation, not accurate-- >> Old information. >> Old information. >> Old information. >> Old, fake, it's all not relevant. >> Well what happens is somebody interprets that to be true. So it gets back to you, how do you interpret the information? So there's training. It's a healthy dose of skepticism, you know. There are aliens in this room. Well, maybe not. (laughing) >> As far as we know. >> That's what everybody. >> But what a fascinating anecdote that you just told, about being in Desert Storm and having this report come and you saying, "Guys, this doesn't sound right." I mean, how often do you harken back to your experience in the military and when you were actually in combat, versus what you are doing today in terms of thinking about these threats? >> A lot. Because in the military, when you have troops in danger your first thought is how can I do more, how can I do better, what can I do to get them the intelligence they need? And you can innovate, and pressure is great innovator. (crunching sound) And it was amazing. And our Division Commander, General Griffith, was all into that. He said, "I trust you. "Do whatever you want." And we, it was amazing. So, I think that's a good thing. Note that when you go back and look at military campaigns, there's always this thing, the victor writes the history. (laughing) So you know, hopefully, the victor will write the truthful history. But that's not always the case. Sometimes history is re-written to be more like what they would like it to be. So, this fake news isn't new. This is something where I think journalists, historians, and others, can come together and say, "You know, that don't make sense. "Let's get the facts." >> But there's so much pressure on journalists today in this 24-hour news cycle, where you're not only expected to write the story, but you're expected to be Tweeting about it, or do a podcast about it later, to get that first draft of history right. >> So it may be part of that is as the reporter is saying it, step back and say, "Here's what we've been told." You know, we used to call those a certain type of sandwich, not a good-- (laughing) If memory serves it's a sandwich. One of these sandwiches. You're getting fed that, you're thinking, "You know, this doesn't make sense. "This time and day that this would occur." "So while we've heard this report. "It's sensational. "We need to go with the facts." And that's one of the areas that I think we really got to work. >> Journalism's changing too. I can tell you, from we've talked, data drives us. We've no advertising. Completely different model. In-depth interviews. The truth is out there. The key is how do you get the truth in context to real-time information for those right opportunities. Well, I want to get before we go, and thanks for coming on, and spending the time, General, I really appreciate it. Your company that you've formed, IronNet, okay, you're applying a lot of your discipline and knowledge in military cyber and cutting-edge tech. Tell us about your company. >> So one of the things that you, we brought up, and discussed here. When I had Cyber Command, one of the frustrations that I discussed with both Secretary Gates and Secretary Panetta, we can't see attacks on our country. And that's the commercial sector needs to help go fix that. The government can't fix that. So my thought was now that I'm in the commercial sector, I'll help fix the ability to see attacks on the commercial sector so we can share it with the government. What that entails is creating a behavioral analytic system that creates events, anomalies, an expert system with machine-learning and AI, that helps you understand what's going on and the ability to correlate and then give that to the government, so they can see that picture, so they have a chance of defending our country. So step one is doing that. Now, truth and lending, it's a lot harder than I thought it would be. (laughing) You know, I had this great saying, "Nothing is too hard "for those of us who don't have to do it." "How hard can this be?" Those were two of my favorite sayings. Now that I have to do it, I can say that it's hard, but it's doable. We can do this. And it's going to take some time. We are getting traction. The energy sector has been great to work with in this area. I think within a year, what we deploy with the companies, and what we push up to the Cloud and the ability to now start sharing that with government will change the way we think about cyber security. I think it's a disruptor. And we have to do that because that's the way they're going to attack us, with AI. We have to have a fast system to defend. >> I know you got to go, tight schedule here, but I want to get one quick question in. I know you're not a policy, you know, wonk, as they say, or expert. Well, you probably are an expert on policy, but if we can get a re-do on reshaping policy to enable these hard problems to be solved by entrepreneurs like yourself expertise that are coming into the space, quickly, with ideas to solve these big problems, whether it's fake news or understanding attacks. What do the policy makers need to do? Is it get out of the way? Do they rip up everything? Do they reshape it? What's your vision on this? What's your opinion? >> I think and I think the acting Secretary of Defense is taking this on and others. We've got to have a way of quickly going, this technology changes every two years or better. Our acquisition cycle is in many years. Continue to streamline the acquisition process. Break through that. Trust that the military and civilian leaders will do the right thing. Hold 'em accountable. You know, making the mistake, Amazon, Jeff Bezos, says a great thing, "Go quickly to failure so we can get "to success." And we in the military say, "If you fail, you're a dummy." No, no, try it. If it doesn't work, go on to success. So don't crush somebody because they failed, because they're going to succeed at some point. Try and try again. Persevere. The, so, I think a couple of things, ensure we fix the acquisition process. Streamline it. And allow Commanders and thought leaders the flexibility and agility to bring in the technology and ideas we need to make this a better military, a better intelligence community, and a better country. We can do this. >> All right. All right, I'm thinking Rosie the Riveter. We can do this. (laughing) >> We can do it. Just did it. >> General Alexander, thank you so much for coming on the show. >> Thank you. >> I'm Rebecca Knight for John Furrier. Stay tuned for more of theCUBE. (electronic music)

>>Okay, welcome back everyone. To the cubes coverage here, coop con cloud native con 2021 in person. The Cuba's here. I'm John farrier hosted the queue with Dave Nicholson, my cohost and cloud analyst, man. It's great to be back, uh, in person. We also have a hybrid event. We've got two great guests here, the founders of deep fence, sham, Krista Swami, C co-founder and CTO, and said deep line founder. It's great to have you on. This is a super important topic. As cloud native is crossed over. Everyone's talking about it mainstream, blah, blah, blah. But security is driving the agenda. You guys are in the middle of it. Cutting edge approach and news >>Like, like we were talking about John, we had operating at the intersection of the awesome desk, right? Open source security and cloud cloud native, essentially. Absolutely. And today's a super exciting day for us. We're launching something called track pepper, Apache V2, completely open source. Think of it as an x-ray or MRI scan for your cloud scan, you know, visualize this cloud at scale, all of the modalities, essentially, we look at cloud as a continuum. It's not a single modality it's containers. It's communities, it's William to settle we'll list all of them. Co-exist side by side. That's how we look at it and threat map. It essentially allows you to visualize all of this in real time, think of fed map, but as something that you, that, that takes over the Baton from the CIS unit, when the lift shift left gets over, that's when the threat pepper comes into picture. So yeah, super excited. >>It's like really gives that developer and the teams ops teams visibility into kind of health statistics of the cloud. But also, as you said, it's not just software mechanisms. The cloud is evolving, new sources being turned on and off. No one even knows what's going on. Sometimes this is a really hidden problem, right? Yeah, >>Absolutely. The basic problem is, I mean, I would just talk to, you know, a gentleman 70 of this morning is two 70 billion. Plus public cloud spent John two 70 billion plus even 3 billion, 30 billion they're saying right. Uh, projected revenue. And there is not even a single community tool to visualize all the clouds and all the cloud modalities at scale, let's start there. That's what we sort of decided, you know what, let's start with utilizing everything else there. And then look for known badness, which is the vulnerabilities, which still remains the biggest attack vector. >>Sure. Tell us about some of the hood. How does this all work cloud scale? Is it a cloud service managed service it's code? Take us out, take us through product. Absolutely. >>So, so, but before that, right, there's one small point that Sandeep mentioned. And Richard, I'd like to elaborate here, right? He spoke about the whole cloud spending such a large volume, right? If you look at the way people look at applications today, it's not just single clone anymore. It's multicloud multi regions across diverse plants, right? What does the solution to look at what my interests are to this point? That is a missing piece here. And that is what we're trying to tackle. And that is where we are going as open source. Coming back to your question, right? How does this whole thing work? So we have a completely on-prem model, right? Where customers can download the code today, install it. It can bill, we give binary stool and Shockley just as the exciting announcement that came out today, you're going to see somewhat exciting entrepreneurs. That's going to make a lot more easy for folks out there all day. Yeah, that's fine. >>So how does this, how does this all fit into security as a micro service and your, your vision of that? >>Absolutely. Absolutely. You know, I'll tell you, this has to do with the one of the continual conferences I would sort of when I was trying to get an idea, trying to shape the whole vision really? Right. Hey, what about syncretism? Microservice? I would go and ask people. They mentioned that sounds, that makes sense. Everything is becoming a microservice. Really. So what you're saying is you're going to deploy one more microservice, just like I deploy all of my other microservices. And that's going to look after my microservices. That compute back makes logical sense, essentially. That was the Genesis of that terminology. So defense essentially is deployed as a microservice. You go to scale, it's deployed, operated just like you to your microservices. So no code changes, no other tool chain changes. It just is yet another microservice. That's going to look after you talk about >>The, >>So there's one point I would like to add here, which is something very interesting, right? The whole concept of microservice came from, if you remember the memo from Jeff Bezos, that everybody's going to go, Microsoft would be fired. That gave rise to a very conventional unconditionally of thinking about their applications. Our deep friends, we believe that security should be. Now. You should bring the same unconventional way of thinking to security. Your security is all bottom up. No, it has to start popping up. So your applications on microservice, your security should also be a micro. >>So you need a microservice for a microservice security for the security. You're starting to get into a paradigm shift where you starting to see the API economy that bayzos and Amazon philosophy and their approach go Beanstream. So when I got to ask you, because this is a trend we've been watching and reporting on the actual application development processes, changing from the old school, you know, life cycle, software defined life cycle to now you've got machine learning and bots. You have AI. Now you have people are building apps differently. And the speed of which they want to code is high. And then other teams are slowing them down. So I've heard security teams just screw people over a couple of days. Oh my God, I can wait five days. No, it used to be five weeks. Now it's five days. They think that's progress. They want five minutes, the developers in real time. So this is a real deal optimum. >>Well, you know what? Shift left was a good thing. Instill a good thing. It helps you sort of figure out the issues early on in the development life cycle, essentially. Right? And so you started weaving in security early on and it stays with you. The problem is we are hydrating. So frequently you end up with a few hundred vulnerabilities every time you scan oftentimes few thousand and then you go to runtime and you can't really fix all these thousand one. You know? So this is where, so there is a little bit of a gap there. If you're saying, if look at the CIC cycle, the in financial cycle that they show you, right. You've got the far left, which is where you have the SAS tools, snake and all of that. And then you've got the center where, which is where you hand off this to ops. >>And then on the right side, you've got tech ops defense essentially starts in the middle and says, look, I know you've had thousand one abilities. Okay. But at run time, I see only one of those packages is loaded in memory. And only that is getting traffic. You go and fix that one because that's going to heart. You see what I'm saying? So that gap is what we're doing. So you start with the left, we come in in the middle and stay with you throughout, you know, till the whole, uh, she asks me. Yeah, well that >>Th that, that touches on a subject. What are the, what are the changes that we're seeing? What are the new threats that are associated with containerization and kind of coupled with that, look back on traditional security methods and how are our traditional security methods failing us with those new requirements that come out of the microservices and containerized world. And so, >>So having, having been at FireEye, I'll tell you I've worked on their windows products and Juniper, >>And very, very deeply involved in. >>And in fact, you know what I mean, at the company, we even sold a product to Palo Alto. So having been around the space, really, I think it's, it's, it's a, it's a foregone conclusion to say that attackers have become more sophisticated. Of course they have. Yeah. It's not a single attack vector, which gets you down anymore. It's not a script getting somewhere shooting who just sending one malicious HTP request exploiting, no, these are multi-vector multi-stage attacks. They, they evolve over time in space, you know? And then what happens is I could have shot a revolving with time and space, one notable cause of piling up. Right? And on the other side, you've got the infrastructure, which is getting fragmented. What I mean by fragmented is it's not one data center where everything would look and feel and smell similar it's containers and tuberosities and several lessons. All of that stuff is hackable, right? So you've got that big shift happening there. You've got attackers, how do you build visibility? So, in fact, initially we used to, we would go and speak with, uh, DevSecOps practitioner say, Hey, what is the coalition? Is it that you don't have enough scanners to scan? Is it that at runtime? What is the main problem? It's the lack of visibility, lack of observability throughout the life cycle, as well as through outage, it was an issue with allegation. >>And the fact that the attackers know that too, they're exploiting the fact that they can't see they're blind. And it's like, you know what? Trying to land a plane that flew yesterday and you think it's landing tomorrow. It's all like lagging. Right? Exactly. So I got to ask you, because this has comes up a lot, because remember when we're in our 11th season with the cube, and I remember conversations going back to 2010, a cloud's not secure. You know, this is before everyone realized shit, the club's better than on premises if you have it. Right. So a trend is emerged. I want to get your thoughts on this. What percentage of the hacks are because the attackers are lazier than the more sophisticated ones, because you see two buckets I'm going to get, I'm going to work hard to get this, or I'm going to go for the easy low-hanging fruit. Most people have just a setup that's just low hanging fruit for the hackers versus some sort of complex or thought through programmatic cloud system, because now is actually better if you do it. Right. So the more sophisticated the environment, the harder it is for the hackers, AK Bob wire, whatever you wanna call it, what level do we cross over? >>When does it go from the script periods to the, the, >>Katie's kind of like, okay, I want to go get the S3 bucket or whatever. There's like levels of like laziness. Yeah. Okay. I, yeah. Versus I'm really going to orchestrate Spearfish social engineer, the more sophisticated economy driven ones. Yeah. >>I think, you know what, this attackers, the hacks aren't being conducted the way they worked in the 10, five years ago, isn't saying that they been outsourced, there are sophisticated teams for building exploiters. This is the whole industry up there. Even the nation, it's an economy really. Right. So, um, the known badness or the known attacks, I think we have had tools. We have had their own tools, signature based tools, which would know, look for certain payloads and say, this is that I know it. Right. You get the stuff really starts sort of, uh, getting out of control when you have so many sort of different modalities running side by side. So much, so much moving attack surfaces, they will evolve. And you never know that you've scanned enough because you never happened because we just pushed the code. >>Yeah. So we've been covering the iron debt. Kim retired general, Keith Alexander, his company. They have this iron dome concept where there's more collective sharing. Um, how do you see that trend? Because I can almost imagine that the open-source man is going to love what you guys got. You're going to probably feed on it, like it's nobody's business, but then you start thinking, okay, we're going to be open. And you have a platform approach, not so much a tool based approach. So just give me tools. We all know that when does it, we cross over to the Nirvana of like real security sharing. Real-time telemetry data. >>And I want to answer this in two parts. The first part is really a lot of this wisdom is only in the community. It's a tribal knowledge. It's their informal feeds in from get up tickets. And you know, a lot of these things, what we're really doing with threat map, but as we are consolidating that and giving it out as a sort of platform that you can use, I like to go for free. This is the part you will never go to monetize this. And we are certain about disaster. What we are monetizing instead is you have, like I said, the x-ray or MRI scan of the cloud, which tells you what the pain points are. This is feel free. This is public collective good. This is a Patrick reader. This is for free. It's shocking. >>I took this long to get to that point, by the way, in this discussion. >>Yeah, >>This is this timing's perfect. >>Security is collective good. Right? And if you're doing open source, community-based, you know, programs like this is for the collector group. What we do look, this whole other set map is going to be open source. We going to make it a platform and our commercial version, which is called fetch Stryker, which is where we have our core IP, which is basically think about this way, right? If you figured out all the pain points and using tech map, or this was a free, and now you wanted the remedy for that pain feed to target a defense, we targeted quarantining of those statin workloads and all that stuff. And that's what our IP is. What we really do there is we said, look, you figured out the attack surface using tech fabric. Now I'm going to use threat Stryker to protect their attacks and stress >>Free. Not free to, or is that going to be Fort bang? >>Oh, that's for, okay. >>That's awesome. So you bring the goodness to the party, the goods to the party, again, share that collective, see where that goes. And the Stryker on top is how you guys monetize. >>And that's where we do some uniquely normal things. I would want to talk about that. If, if, if, if you know public probably for 30 seconds or so unique things we do in industry, which is basically being able to monitor what comes in, what goes out and what changes across time and space, because look, most of the modern attacks evolve over time and space, right? So you go to be able to see things like this. Here's a party structure, which has a vulnerability threats. Mapper told you that to strike. And what it does is it tells you a bunch of stress has a vulnerable again, know that somebody is sending a Melissa's HTP request, which has a malicious payload. And you know what, tomorrow there's a file system change. And there is outbound connection going to some funny place. That is the part that we're wanting this. >>Yeah. And you give away the tool to identify the threats and sell the hammer. >>That's giving you protection. >>Yeah. Yeah. Awesome. I love you guys love this product. I love how you're doing it. I got to ask you to define what is security as a microservice. >>So security is a microservice is a deployment modality for us. So defense, what defense has is one console. So defense is currently self posted by the customers within the infrastructure going forward. We'll also be launching a SAS version, the cloud version of it. But what happens as part of this deployment is they're running the management console, which is the gooey, and then a tiny sensor, which is collecting telemetric that is deployed as a microservice is what I'm saying. So you've got 10 containers running defenses level of container. That's, that's an eight or the Microsoft risk. And it utilizes, uh, EDP F you know, for tracing and all that stuff. Yeah. >>Awesome. Well, I think this is the beginning of a shift in the industry. You start to see dev ops and cloud native technologies become the operating model, not just dev dev ops are now in play and infrastructure as code, which is the ethos of a cloud generation is security is code. That's true. That's what you guys are doing. Thanks for coming on. Really appreciate it. Absolutely breaking news here in the queue, obviously great stuff. Open source continues to grow and win in the new model. Collaboration is the cube bringing you all the cover day one, the three days. I'm Jennifer, your host with Dave Nicholson. Thanks for watching.

(upbeat music) >> Welcome to the special CUBE presentation of the AWS Global Public Sector Partner Awards Program. I'm here with the leader of the partner program, Sandy Carter, Vice President, AWS, Amazon Web Services @Sandy_Carter on Twitter, prolific on social and great leader. Sandy, great to see you again. And congratulations on this great program we're having here. In fact, thanks for coming out for this keynote. Well, thank you, John, for having me. You guys always talk about the coolest thing. So we had to be part of it. >> Well, one of the things that I've been really loving about this success of public sector we talked to us before is that as we start coming out of the pandemic, is becoming very clear that the cloud has helped a lot of people and your team has done amazing work, just want to give you props for that and say, congratulations, and what a great time to talk about the winners. Because everyone's been working really hard in public sector, because of the pandemic. The internet didn't break. And everyone stepped up with cloud scale and solve some problems. So take us through the award winners and talk about them. Give us an overview of what it is. The criteria and all the specifics. >> Yeah, you got it. So we've been doing this annually, and it's for our public sector partners overall, to really recognize the very best of the best. Now, we love all of our partners, John, as you know, but every year we'd like to really hone in on a couple who really leverage their skills and their ability to deliver a great customer solution. They demonstrate those Amazon leadership principles like working backwards from the customer, having a bias for action, they've engaged with AWS and very unique ways. And as well, they've contributed to our customer success, which is so very important to us and to our customers as well. >> That's awesome. Hey, can we put up a slide, I know we have slide on the winners, I want to look at them, with the tiles here. So here's a list of some of the winners. I see a nice little stars on there. Look at the gold star. I knows IronNet, CrowdStrike. That's General Keith Alexander's company, I mean, super relevant. Presidio, we've interviewed them before many times, got Palantir in there. And is there another one, I want to take a look at some of the other names here. >> In overall we had 21 categories. You know, we have over 1900 public sector partners today. So you'll notice that the awards we did, a big focus on mission. So things like government, education, health care, we spotlighted some of the brand new technologies like Containers, Artificial Intelligence, Amazon Connect. And we also this year added in awards for innovative use of our programs, like think big for small business and PTP as well. >> Yeah, well, great roundup, they're looking forward to hearing more about those companies. I have to ask you, because this always comes up, we're seeing more and more ecosystem discussions when we talk about the future of cloud. And obviously, we're going to, you know, be at Mobile World Congress, theCUBE, back in physical form, again, (indistinct) will continue to go on. The notion of ecosystem is becoming a key competitive advantage for companies and missions. So I have to ask you, why are partners so important to your public sector team? Talk about the importance of partners in context to your mission? >> Yeah, you know, our partners are critical. We drive most of our business and public sector through partners. They have great relationships, they've got great skills, and they have, you know, that really unique ability to meet the customer needs. If I just highlighted a couple of things, even using some of our partners who won awards, the first is, you know, migrations are so critical. Andy talked at Reinvent about still 96% of applications still sitting on premises. So anybody who can help us with the velocity of migrations is really critical. And I don't know if you knew John, but 80% of our migrations are led by partners. So for example, we gave awards to Collibra and Databricks as best lead migration for data as well as Datacom for best data lead migration as well. And that's because they increase the velocity of migrations, which increases customer satisfaction. They also bring great subject matter expertise, in particular around that mission that you're talking about. So for instance, GDIT won best Mission Solution For Federal, and they had just an amazing solution that was a secure virtual desktop that reduced a federal agencies deployment process, from months to days. And then finally, you know, our partners drive new opportunities and innovate on behalf of our customers. So we did award this year for P to P, Partnering to Partner which is a really big element of ecosystems, but it was won by four points and in quizon, and they were able to work together to implement a data, implement a data lake and an AI, ML solution, and then you just did the startup showcase, we have a best startup delivering innovation too, and that was EduTech (indistinct) Central America. And they won for implementing an amazing student registration and early warning system to alert and risks that may impact a student's educational achievement. So those are just some of the reasons why partners are important. I could go on and on. As you know, I'm so passionate about my partners, >> I know you're going to talk for an hour, we have to cut you off a little there. (indistinct) love your partners so much. You have to focus on this mission thing. It was a strong mission focus in the awards this year. Why are customers requiring much more of a mission focused? Is it because, is it a part of the criteria? I mean, we're seeing a mission being big. Why is that the case? >> Well, you know, IDC, said that IT spend for a mission or something with a purpose or line of business was five times greater than IT. We also recently did our CTO study where we surveyed thousands of CTOs. And the biggest and most changing elements today is really not around the technology. But it's around the industry, healthcare, space that we talked about earlier, or government. So those are really important. So for instance, New Reburial, they won Best Emission for Healthcare. And they did that because of their new smart diagnostic system. And then we had a partner when PA consulting for Best Amazon Connect solution around a mission for providing support for those most at risk, the elderly population, those who already had pre existing conditions, and really making sure they were doing what they called risk shielding during COVID. Really exciting and big, strong focus on mission. >> Yeah, and it's also, you know, we've been covering a lot on this, people want to work for a company that has purpose, and that has missions. I think that's going to be part of the table stakes going forward. I got to ask you on the secrets of success when this came up, I love asking this question, because, you know, we're starting to see the playbooks of what I call post COVID and cloud scale 2.0, whatever you want to call it, as you're starting to see this new modern era of success formulas, obviously, large scale value creation mission. These are points we're hearing and keep conversations across the board. What do you see as the secret of success for these parties? I mean, obviously, it's indirect for Amazon, I get that, but they're also have their customers, they're your customers, customers. That's been around for a while. But there's a new model emerging. What are the secrets from your standpoint of success? you know, it's so interesting, John, that you asked me this, because this is the number one question that I get from partners too. I would say the first secret is being able to work backwards from your customer, not just technology. So take one of our award winners Cognizant. They won for their digital tolling solution. And they work backwards from the customer and how to modernize that, or Pariveda, who is one of our best energy solution winners. And again, they looked at some of these major capital projects that oil companies were doing, working backwards from what the customer needed. I think that's number one, working backwards from the customer. Two, is having that mission expertise. So given that you have to have technology, but you also got to have that expertise in the area. We see that as a big secret of our public sector partners. So education cloud, (indistinct) one for education, effectual one for government and not for profit, Accenture won, really leveraging and showcasing their global expansion around public safety and disaster response. Very important as well. And then I would say the last secret of success is building repeatable solutions using those strong skills. So Deloitte, they have a great solution for migration, including mainframes. And then you mentioned early on, CloudStrike and IronNet, just think about the skill sets that they have there for repeatable solutions around security. So I think it's really around working backwards from the customer, having that mission expertise, and then building a repeatable solution, leveraging your skill sets. >> That's a great formula for success. I got you mentioned IronNet, and cybersecurity. One of things that's coming up is, in addition to having those best practices, there's also like real problems to solve, like, ransomware is now becoming a government and commercial problem, right. So (indistinct) seeing that happen a lot in DC, that's a front burner. That's a societal impact issue. That's like a cybersecurity kind of national security defense issue, but also, it's a technical one. And also public sector, through my interviews, I can tell you the past year and a half, there's been a lot of creativity of new solutions, new problems or new opportunities that are not yet identified as problems and I'd love to get your thoughts on my concern is with Jeff Bar yesterday from AWS, who's been blogging all the the news and he is a leader in the community. He was saying that he sees like 5G in the edge as new opportunities where it's creative. It's like he compared to the going to the home improvement store where he just goes to buy one thing. He does other things. And so there's a builder culture. And I think this is something that's coming out of your group more, because the pandemic forced these problems, and they forced new opportunities to be creative, and to build. What's your thoughts? >> Yeah, so I see that too. So if you think about builders, you know, we had a partner, Executive Council yesterday, we had 900, executives sign up from all of our partners. And we asked some survey questions like, what are you building with today? And the number one thing was artificial intelligence and machine learning. And I think that's such a new builders tool today, John, and, you know, one of our partners who won an award for the most innovative AI&ML was Kablamo And what they did was they use AI&ML to do a risk assessment on bushfires or wildfires in Australia. But I think it goes beyond that. I think it's building for that need. And this goes back to, we always talk about #techforgood. Presidio, I love this award that they won for best nonprofit, the Cherokee Nation, which is one of our, you know, Native American heritage, they were worried about their language going out, like completely out like no one being able to speak yet. And so they came to Presidio, and they asked how could we have a virtual classroom platform for the Cherokee Nation? And they created this game that's available on your phone, so innovative, so much of a builder's culture to capture that young generation, so they don't you lose their language. So I do agree. I mean, we're seeing builders everywhere, we're seeing them use artificial intelligence, Container, security. And we're even starting with quantum, so it is pretty powerful of what you can do as a public sector partner. >> I think the partner equation is just so wide open, because it's always been based on value, adding value, right? So adding value is just what they do. And by the way, you make money doing it if you do a good job of adding value. And, again, I just love riffing on this, because Dave and I talked about this on theCUBE all the time, and it comes up all the time in cloud conversations. The lock in isn't proprietary technology anymore, its value, and scale. So you starting to see builders thrive in that environment. So really good points. Great best practice. And I think I'm very bullish on the partner ecosystems in general, and people do it right, flat upside. I got to ask you, though, going forward, because this is the big post COVID kind of conversation. And last time we talked on theCUBE about this, you know, people want to have a growth strategy coming out of COVID. They want to be, they want to have a tail win, they want to be on the right side of history. No one wants to be in the losing end of all this. So last year in 2021 your goals were very clear, mission, migrations, modernization. What's the focus for the partners beyond 2021? What are you guys thinking to enable them, 21 is going to be a nice on ramp to this post COVID growth strategy? What's the focus beyond 2021 for you and your partners? >> Yeah, it's really interesting, we're going to actually continue to focus on those three M's mission, migration and modernization. But we'll bring in different elements of it. So for example, on mission, we see a couple of new areas that are really rising to the top, Smart Cities now that everybody's going back to work and (indistinct) down, operations and maintenance and global defense and using gaming and simulation. I mean, think about that digital twin strategy and how you're doing that. For migration, one of the big ones we see emerging today is data-lead migration. You know, we have been focused on applications and mainframes, but data has gravity. And so we are seeing so many partners and our customers demanding to get their data from on premises to the cloud so that now they can make real time business decisions. And then on modernization. You know, we talked a lot about artificial intelligence and machine learning. Containers are wicked hot right now, provides you portability and performance. I was with a startup last night that just moved everything they're doing to ECS our Container strategy. And then we're also seeing, you know, crippin, quantum blockchain, no code, low code. So the same big focus, mission migration, modernization, but the underpinnings are going to shift a little bit beyond 2021. >> That's great stuff. And you know, you have first of all people don't might not know that your group partners and Amazon Web Services public sector, has a big surface area. You talking about government, health care, space. So I have to ask you, you guys announced in March the space accelerator and you recently announced that you selected 10 companies to participate in the accelerated program. So, I mean, this is this is a space centric, you know, targeting, you know, low earth orbiting satellites to exploring the surface of the Moon and Mars, which people love. And because the space is cool, let's say the tech and space, they kind of go together, right? So take us through, what's this all about? How's that going? What's the selection, give us a quick update, while you're here on this space accelerated selection, because (indistinct) will have had a big blog post that went out (indistinct). >> Yeah, I would be thrilled to do that. So I don't know if you know this. But when I was young, I wanted to be an astronaut. We just helped through (indistinct), one of our partners reach Mars. So Clint, who is a retired general and myself got together, and we decided we needed to do something to help startups accelerate in their space mission. And so we decided to announce a competition for 10 startups to get extra help both from us, as well as a partner Sarafem on space. And so we announced it, everybody expected the companies to come from the US, John, they came from 44 different countries. We had hundreds of startups enter, and we took them through this six week, classroom education. So we had our General Clint, you know, helping and teaching them in space, which he's done his whole life, we provided them with AWS credits, they had mentoring by our partner, Sarafem. And we just down selected to 10 startups, that was what Vernors blog post was. If you haven't read it, you should look at some of the amazing things that they're going to do, from, you know, farming asteroids to, you know, helping with some of the, you know, using small vehicles to connect to larger vehicles, when we all get to space. It's very exciting. Very exciting, indeed, >> You have so much good content areas and partners, exploring, it's a very wide vertical or sector that you're managing. Is there any pattern? Well, I want to get your thoughts on post COVID success again, is there any patterns that you're seeing in terms of the partner ecosystem? You know, whether its business model, or team makeup, or more mindset, or just how they're organizing that that's been successful? Is there like a, do you see a trend? Is there a certain thing, then I've got the working backwards thing, I get that. But like, is there any other observations? Because I think people really want to know, am I doing it right? Am I being a good manager, when you know, people are going to be working remotely more? We're seeing more of that. And there's going to be now virtual events, hybrid events, physical events, the world's coming back to normal, but it's never going to be the same. Do you see any patterns? >> Yeah, you know, we're seeing a lot of small partners that are making an entrance and solving some really difficult problems. And because they're so focused on a niche, it's really having an impact. So I really believe that that's going to be one of the things that we see, I focus on individual creators and companies who are really tightly aligned and not trying to do everything, if you will. I think that's one of the big trends. I think the second we talked about it a little bit, John, I think you're going to see a lot of focus on mission. Because of that purpose. You know, we've talked about #techforgood, with everything going on in the world. As people have been working from home, they've been reevaluating who they are, and what do they stand for, and people want to work for a company that cares about people. I just posted my human footer on LinkedIn. And I got my first over a million hits on LinkedIn, just by posting this human footer, saying, you know what, reply to me at a time that's convenient for you, not necessarily for me. So I think we're going to see a lot of this purpose driven mission, that's going to come out as well. >> Yeah, and I also noticed that, and I was on LinkedIn, I got a similar reaction when I started trying to create more of a community model, not so much have people attend our events, and we need butts in the seats. It was much more personal, like we wanted you to join us, not attend and be like a number. You know, people want to be part of something. This seem to be the new mission. >> Yeah, I completely agree with that. I think that, you know, people do want to be part of something and they want, they want to be part of the meaning of something too, right. Not just be part of something overall, but to have an impact themselves, personally and individually, not just as a company. And I think, you know, one of the other trends that we saw coming up too, was the focus on technology. And I think low code, no code is giving a lot of people entry into doing things I never thought they could do. So I do think that technology, artificial intelligence Containers, low code, no code blockchain, those are going to enable us to even do greater mission-based solutions. >> Low code, no code reduces the friction to create more value, again, back to the value proposition. Adding value is the key to success, your partners are doing it. And of course, being part of something great, like the Global Public Sector Partner Awards list is a good one. And that's what we're talking about here. Sandy, great to see you. Thank you for coming on and sharing your insights and an update and talking more about the 2021, Global Public Sector partner Awards. Thanks for coming on. >> Thank you, John, always a pleasure. >> Okay, the Global Leaders here presented on theCUBE, again, award winners doing great work in mission, modernization, again, adding value. That's what it's all about. That's the new competitive advantage. This is theCUBE. I'm John Furrier, your host, thanks for watching. (upbeat music)

(upbeat music) >> Hello, welcome back to this cube conversation, on cube on cloud startups. I'm John Furrier host of theCUBE. We're wrapping up the closing keynote fireside chat of the AWS showcase, the hottest startups in data and cloud. We've got some great guests here to eluminate what's happened and why it's important. And Michael Skok who's the founding partner, Michael Skok founding partner of Underscore VC, Mike Feinstein, principal business development manager, and the best Ben Haynes CIO advisor Lincoln Center for the Performing Arts. Gentlemen, thank you for joining me for this closing keynote for the AWS showcase. >> Pleasure to be here. >> So, first of all-- >> Happy to be here >> Guys, do you guys have a unique background from startup funding, growing companies, managing these partners at AWS and being a practitioner with Ben here. The first question I have is, what is the real market opportunity? We've heard from McKinsey that there's a trillion dollars of unlocked value in cloud and that really is going to come from all enterprises big and small. So the question is that that's what every wants to know. What's the secret answer key to the to the test if you are a business. 'Cause you don't want to be on the wrong side of cloud history here. There is a playbook, there's some formation of patterns and there's some playbook things happening out there. How do you guys see this? >> Well, I can try to take a crack at that. First of all I think, there's not only one playbook, you know, only one recipe. If it's a trillion dollar opportunity, that's in the aggregate. There's many different types of opportunities. I think you could have existing companies that are maybe older line companies that need to change the way they're doing things. You can have the younger companies that are trying to take advantage of all the data they've already collected and try to get more value out of it. There could be some radically different types of opportunities with newer technology. I think, you know, for each company just like each of the companies here at the showcase today, they are targeting some, you know, segment of this. Each of those segments is already large. And I think you're going to see a wide range of solutions taking hold here. >> Yeah, cloud drives a lot of value. Michael, I want to get your thoughts. You know, you've seen the software revolution you know, over the years. This time it seems to be accelerated, the time to value, if you're a startup. I mean, you couldn't ask for the perfect storm for our innovation if you're coming out of MIT, Stanford, any college. If you're not even going to school you can get in cloud, do anything. Starting software now is not as hard as it was or its different. What's your perspective because you know, these companies are adding treated value and they're going into an enterprise market that wants scale, they want the reliability. How do you see this evolving? >> You know, the very first time I saw Bezos get on stage and pitch AWS he said one thing which is, "We take away all the hard stuff about starting a software business and let you focus on the innovation." And I think that's still applies. So you're dead right John. And honestly, most founders don't want to spend any time on anything other than unique piece of innovation that they're going to deliver for their customers. So, I think that is fabulous news. I'm going to joke for a second, so I think we're all under shooting on this number. I mean, the reality is that every part of compute infrastructure that we talk about today was built from an infrastructure that's you know, decades old. By which I mean 30 to 50 decades in some 30 to 50 years in some cases. And we look forward in 30 to 50 years, we won't be talking about cloud or everything else. We'll be just talking about computing or whatever it is that we want to talk about at the edge. Or the application of data that you know, in a car and an ARVR heads up display that's helping surgeons work across the world. The fact is the only way this is really going to work is on the cloud. So I think it's a multi-trillion dollar opportunity, we're just taking a snapshot of it right now. And we're in an interesting point because of course digital transformation has been rapidly accelerated. I mean, there's all these jokes about you know, we've had five years of transformation in five months. I don't really care what the number is but what is obvious is that we couldn't have gone off to work and to play and to teach and all these other things without the cloud. And we just took it for granted but a year ago, that's what we all did and look, they're thriving. This whole thing is that, you know, a live broadcast that we're doing on the cloud. So yeah, I think it's a very big opportunity and whatever sector I think to Mike's point, that you look at and all the companies that you've seen this morning prove that, if you want to innovate today, you start on the cloud. Your cloud native as I would say. And as you grow, you will be a cloud assumed. It will be the basis on which everybody wants to access your products and services. So I'm excited about the future if you can't tell. >> I totally subscribe to that. Ben, I want to get your take as the CIO, now advisor to companies. If you're going to look at what Michael's laying out, which is born in the cloud native, they have an advantage, an inherent advantage right out of the gate. They have speed agility and scale. If you're an existing business you say, "Wait a minute I'm going to be competed against these hot startups." There's some serious fear of missing out and fear of getting screwed, right? I mean, you might go out of business. So this is the real threat. This is not just talked about, there's real examples now playing out. So as a practitioner, thinking about re-architecting or rejuvenating or pivoting or just being competitive. It's really the pressure's there. How do you see this? >> Yeah I know it really is. And every enterprise company and through every decade is it's a buyer versus build conversation. And with the cloud opportunities, you can actually build a lot quicker or you can leverage companies that can even go quicker than you that have a focus on innovation. 'Cause sometimes enterprise companies, it's hard to focus on the really cool stuff and that's going to bring value but maybe it won't. So if you can partner with someone and some of these companies that you just showcase, start doing some amazing things. That can actually help accelerate your own internal innovation a lot quicker than trying to spool up your own team. >> We heard some companies talking about day two operations lift and shift, not a layup either. I mean, lift and shift if not done properly as it's well discussed. And McKinsey actually puts that in their report as there's other point outs. It's not a no brainer. I mean, it's a no brainer to go to the cloud but if you lift and shift without really thinking it through or remediating anything, it could be, it could cost more. And you got the CAPEX and OPEX dynamics. So, certainly cloud is happening and this kind of gives a great segue into our next topic that I'd love to get you guys to weigh in on. And that is the business model, the business structure, business organization. Michael you brought up some interesting topics around, some of the new ideas that could be, you know, decentralized or just different consumption capabilities on both sides of the equation. So, the market's there, trillions and trillions of dollars are shifting and the spoils will go to the ones who are smart and agile and fast. But the business model, you could have it, you could be in the right market, but the wrong business model. Who wants to take the first cut at that? >> Mike do you want to go? >> Sure, I'd be happy to. I think that, you know, I mean again, there's not there only going to be one answer but I think one of the things that really make sense is that the business models can be much more consumption-based. You're certainly not going to see annual software licenses that you saw in the old world. Things are going to be much more consumption-based obviously software is a service type of models. And you're going to see, I think lots of different innovations. I've also seen a lot of companies that are starting up kind of based on open source as like a first foray. So there's an open source project that really catches hold. And then a company comes up behind it to both enhance it and to also provide support and to make it a real enterprise offering. But they get there early quick adoption of the frontline engineers by starting off with an open source project. And that's a model that I've seen work quite well. And I think it's a very interesting one. So, you know, the most important thing is that the business model has to be one that's as flexible as what the solutions are that you're trying to get the customers to adopt. The old way of everything being kind of locked in and rigid isn't going to work in this world 'cause you have to just really be agile. >> I want to come back to you Mike in a second on this 'cause I know Amazon's got some innovative go to market stuff. Michael you've written about this, I've read many blog posts on your side about SaaS piece. What's your take on business structure. I mean, obviously with remote, it's clear people are recognizing virtual companies are available. You mentioned you know, edge and compute, and these new app, these emerging technologies. Does the business structure and models shift? Do you have to be on certain side of this business model innovation? How do you view? 'Cause you're seeing the startups who are usually crazy at first, but then they become correct at the end of the day. What's your take? >> Well first of all, I love this debate because it's over. We used to have things that were not successful that would become shelfware. And that just doesn't work in the cloud. There is no shelfware. You're either live and being used or you're dead. So the great news about this is, it's very visible. You know, you can measure every person's connection to you for how long and what they're doing. And so the people that are smart, don't start with this question, the business model. They start with what am I actually doing for my user that's in value them? So I'll give you some examples like build on Mike's team. So, you know, I backed a company called Acquia. But it was based on an open source project called Drupal. Which was initially used for content management. Great, but people started building on it and over time, it became used for everything from the Olympics and hosting, you know, theirs to the Grammy's, to you know, pick your favorite consumer brand that was using it to host all of their different brands and being very particular about giving people the experiences. So, it's now a digital experience platform. But the reason that it grew successfully as a company is because on top of the open source project, we could see what people were doing. And so we built what in effect was the basis for them to get comfortable. By the way, Amazon is very fundamental partner in this was, became an investor extremely helpful. And again, took away all the heavy lifting so we could focus on the innovation. And so that's an example of what's going on. And the model there is very simple. People are paying for what they use to put that digital experience of that, to create a great customer journey. And for people to have the experience that obviously you know, makes the brand look good or makes the audience feel great if it's the Grammy's or whatever it is. So I think that's one example, but I'll give you two others because they are totally different. And one of the most recent investments we made is in a company called Coder. Which is a doc spelled backwards. and it's a new kind of doc that enables people to collaborate and to bring data and graphics and workflow and everything else, all into the simplicity of what's like opening up a doc. And they don't actually charge anybody who uses their docs. They just charge for people who make their docs. So its a make a best pricing, which is very interesting. They've got phenomenal metrics. I mean they're like over 140% net dollar retention, which is astoundingly good. And they grew over three and a half times last year. So that's another model, but it's consumer and it's, you know, as I said, make a price. And then, you know, another company we've been involved with if I look at it way back was Demand Web. It was the first e-commerce on demand company. We didn't charge for the software at all. We didn't charge for anything in fact. what we did was to take a percentage of the sales that went through the platform. And of course everybody loved that because, you know, if we were selling more or getting better uplift then everybody started to do very well. So, you know, the world's biggest brands moved online and started using our platform because they didn't want to create all that infrastructure. Another totally different model. And I could go on but the point is, if you start from the customer viewpoint like what are you doing for the customer? Are you helping them sell more? Or are you helping them build more effective business processes or better experiences? I think you've got a fantastic opportunity to build a great model in the cloud. >> Yeah, it's a great point. I think that's a great highlight also call out for expectations become the experience, as the old saying goes. If a customer sees value in something, you don't have to be tied to old ways of selling or pricing. And this brings up, Ben, I want to tie in you in here and maybe bring Mike back in. As an enterprise, it used to be the old adage of, well startups are unreliable, blah, blah, blah, you know, they got to get certified and enterprise usually do things more complicated than say consumer businesses. But now Amazon has all kinds of go to market. They have the marketplace, they have all kinds of the partner networks. This certification integration is a huge part of this. So back to, you know, Michael's point of, if you're dead you're dead or knows it, but if you're alive you usually have some momentum it's usually well understood, but then you have to integrate. So it has to be consumable for the enterprise. So Ben, how do you see that? Because at the end of the day, there's this desire for the better product and the better use case. That can, how do I procure it? Integration? These used to be really hard problems. Seems to be getting easier or are they? What's your take? >> Not 100%. I mean, even five years ago you would have to ask a lot of startups for a single sign on and as table stakes now. So the smart ones are understanding the enterprise principles that we need and a lot of it is around security. And then, they're building that from the start, from the start of their products. And so if you get out of that security hurdle, the stability so far is a lot more improved because they are, you know, a lot more focused and moving in a really, really quick way which can help companies, you know, move quickly. So definitely seen an improvement and there's still, the major entry point is credit card, small user base, small pricing, so you're not dealing with procurement. And building your way up into the big purchase model, right? And that model hasn't changed except the start is a lot lot quicker and a lot easier to get going. >> You know, I remember the story of the Amazon web stores, how they won the CIA contract is someone put a test on a credit card and IBM had the deal in their back pocket. They had the Ivory Tower sales call, Michael, you know the playbook on enterprise sales, you know, you got the oracles and you guys call it the top golf tournament smoothing and then you got the middle and then you got the bottoms up you got the, you know, the data dogs of the world who can just come in with freemium. So there's different approaches. How do you guys see that? Michael and Mike, I'd love for you to weigh in on this because this is really where there's no one answer, but depending upon the use case, there's certain motions that work better. Can you elaborate on which companies should pay attention to what and how customers should understand how they're buying? >> Yeah, I can go first on that. I think that first of all, with every customer it's going to be a little different situation, depends on the scale of the solution. But I find that, these very large kind of, you know, make a huge decision and buy some really big thing all at once. That's not happening very much anymore. As you said John, people are kind of building up it's either a grassroots adoption that then becomes an enterprise sale, or there is some trials or smaller deployments that then build up at enterprise sales. Companies can't make those huge mistake. So if they're going to make a big commitment it's based on confidence, that's come from earlier success. And one of the things that we do at AWS in addition to kind of helping enterprises choose the right technology partners, such as many of the companies here today. We also have solutions partners that can help them analyze the market and make the choice and help them implement it. So depending on the level of help that they need, there's lots of different resources that are going to be available to help them make the right choice the first time. >> Michael, your thoughts on this, because ecosystems are a part of the entire thing and partnering with Amazon or any cloud player, you need to be secure. You need to have all the certifications. But the end of the day, if it works, it works. And you can consume it whatever way you can. I mean, you can buy download through the marketplace. You can go direct, it's free. What do you see as the best mix of go to market from a cloud standpoint? Given that there's a variety of different use cases. >> Well, I'm going to play off Ben and Mike on this one and say, you know, there's a perfect example of what Ben brought up, which is single sign on. For some companies, if you don't have that you just can't get in the door. And at the other extreme to what Mike is saying, you know, there are reasons why people want to try stuff before they buy it. And so, you've got to find some way in between these two things to either partner with the right people that have the whole product solution to work with you. So, you know, if you don't have single sign on, you know, go work with Okta. And if you don't have all the certification that's needed well, work with AWS and you know, take it on that side of cash and have better security than anybody. So there's all sorts of ways to do this. But the bottom line is I think you got to be able to share value before you charge. And I'll give you two examples that are extreme in our portfolio, because I think it will show the sort of the edge with these two things. You know, the first one is a company called Popcart. It's been featured a lot in the press because when COVID hit, nobody could find whatever it was, that TP or you know, the latest supplies that they wanted. And so Popcart basically made it possible for people to say, "Okay, go track all the favorite suppliers." Whether it's your Walmarts or your Targets or your Amazons, et cetera. And they would come back and show you the best price and (indistinct) it cost you nothing. Once you started buying of course they were getting (indistinct) fees and they're transferring obviously values so everybody's doing well. It's a win-win, doesn't cost the consumer anything. So we love those strategies because, you know, whenever you can make value for people without costing them anything, that is great. The second one is the complete opposite. And again, it's an interesting example, you know, to Ben's point about how you have to work with existing solutions in some cases, or in some cases across more things to the cloud. So it's a company called Cloud Serum. It's also one we've partnered with AWS on. They basically help you save money as you use AWS. And it turns out that's important on the way in because you need to know how much it's going to cost to run what you're already doing off premises, sorry off the cloud, into the cloud. And secondly, when you move it there to optimize that spend so you don't suddenly find yourself in a situation where you can't afford to run the product or service. So simply put, you know, this is the future. We have to find ways to specifically make it easy again from the customer standpoint. The get value as quickly as possible and not to push them into anything that feels like, Oh my God, that's a big elephant of a risk that I don't obviously want to take on. >> Well, I'd like to ask the next question to Michael and Ben. This is about risk management from an enterprise perspective. And the reason Michael we just want to get you in here 'cause you do risk for living. You take risks, you venture out and put bets on horses if you will. You bet on the startups and the growing companies. So if I'm a customer and this is a thing that I'm seeing both in the public and private sector where partnerships are super critical. Especially in public right now. Public private partnerships, cybersecurity and data, huge initiatives. I saw General Keith Alexander talking about this, about his company and a variety of reliance on the private problem. No one winning formula anymore. Now as an enterprise, how do they up level their skill? How do you speak to enterprises who are watching and learning as they're taking the steps to be cloud native. They're training their people, they're trying to get their IT staff to be superpowers. They got to do all these. They got to rejuvenate, they got to innovate. So one of the things that they got to take in is new partnerships. How can an enterprise look at these 10 companies and others as partners? And how should the startups that are growing, become partners for the enterprise? Because if they can crack that code, some say that's the magical formula. Can you guys weigh in on that? (overlapping chatter) >> Look, the unfortunate starting point is that they need to have a serious commitment to wanting to change. And you're seeing a lot of that 'cause it is popping up now and they're all nodding their heads. But this needs people, it needs investment, and it needs to be super important, not just to prior, right? And some urgency. And with that behind you, you can find the right companies and start partnering to move things forward. A lot of companies don't understand their risk profile and we're still stuck in this you know, the old days of global network yet infiltrated, right? And that's sort of that its like, "Oh my God, we're done." And it's a lot more complicated now. And there needs to be a lot of education about the value of privacy and trust to our consumers. And once the executive team understands that then the investments follow. The challenge there is everyone's waiting, hoping that nothing goes wrong. When something goes wrong, oh, we better address that, right? And so how do we get ahead of that? And you need a very proactive CSO and CIO and CTO and all three if you have them really pushing this agenda and explaining what these risks are. >> Michael, your thoughts. Startups can be a great enabler for companies to change. They have their, you know, they're faster. They bring in new tech to the scenario scene. What's your analysis? >> Again, I'll use an example to speak to some of the things that Ben's talking about. Which is, let's say you decide you want to have all of your data analysis in the cloud. It turns out Amazon's got a phenomenal set of services that you can use. Do everything from ingest and then wrangle your data and get it cleaned up, and then build one of the apps to gain insight on it and use AI and ML to make that whole thing work. But even Amazon will be the first to tell you that if you have all their services, you need a team understand the development, the operations and the security, DevSecOps, it's typically what it's referred to. And most people don't have that. If you're sure and then say you're fortune 1000, you'll build that team. You'll have, you know, a hundred people doing that. But once you get below that, even in the mid tier, even in a few billion dollar companies, it's actually very hard to have those skills and keep them up to date. So companies are actually getting built that do all of that for you, that effectively, you know, make your services into a product that can be run end to end. And we've invested in one and again we partnered with Amazon on gold Kazina. They effectively make the data lake as a service. And they're effectively building on top of all the Amazon services in orchestrating and managing all that DevSecOps for you. So you don't need that team. And they do it in, you know, days or weeks, not months or years. And so I think that the point that Ben made is a really good one. Which is, you know, you've got to make it a priority and invest in it. And it doesn't just happen. It's a new set of skills, they're different. They require obviously everything from the very earliest stage of development in the cloud, all the way through to the sort of managing and running a bit. And of course maintaining it all securely and unscalable, et cetera. (overlapping chatter) >> It's interesting you bring up that Amazon's got great security. You mentioned that earlier. Mike, I wanted to bring you in because you guys it's graduating a lot of startups, graduating, it's not like they're in school or anything, but they're really, you're building on top of AWS which is already, you know, all the SOC report, all the infrastructure's there. You guys have a high bar on security. So coming out of the AWS ecosystem is not for the faint of heart. I mean, you got to kind of go through and I've heard from many startups that you know, that's a grueling process. And this is, should be good news for the enterprise. How are you guys seeing that partnership? What's the pattern recognition that we can share with enterprises adopting startups coming on the cloud? What can they expect? What are some best practices? What are the things to look for in adopting startup technologies? >> Yeah, so as you know we have a shared security model where we do the security for the physical infrastructure that we're operating, and then we try to share best practices to our partners who really own the security for their applications. Well, one of the benefits we have particularly with the AWS partner network is that, we will help vet these companies, we will review their security architecture, we'll make recommendations. We have a lot of great building blocks of services they can use to build their applications, so that they have a much better chance of really delivering a more secure total application to the enterprise customer. Now of course the enterprise customers still should be checking this and making sure that all of these products meet their needs because that is their ultimate responsibility. But by leveraging the ecosystem we have, the infrastructure we have and the strength of our partners, they can start off with a much more secure application or use case than they would if they were trying to build it from scratch. >> All right. Also, I want to get these guys out of the way in on this last question, before we jump into the wrap up. products and technologies, what is the most important thing enterprises should be focused on? It could be a list of three or four or five that they should be focused on from emerging technologies or a technology secret sauce perspective. Meaning, I'm going to leverage some new things we're going to build and do or buy from cloud scale. What are the most important product technology issues they need to be paying attention to? >> I think I'll run with that first. There's a major, major opportunity with data. We've gone through this whole cycle of creating data lakes that tended to data's forms and big data was going to solve everything. Enterprises are sitting on an amazing amount of information. And anything that can be done to, I actually get insights out of that, and I don't mean dashboards, PI tools, they're like a dime a dozen. How can we leverage AI and ML to really start getting some insights a lot quicker and a lot more value to the company from the data they owns. Anything around that, to me is a major opportunity. >> Now I'm going to go just a little bit deeper on that 'cause I would agree with all those points that Ben made. I think one of the real key points is to make sure that they're really leveraging the data that they have in kind of in place. Pulling in data from all their disparate apps, not trying to generate some new set of data, but really trying to leverage what they have so they can get live information from the disparate apps. Whether it's Salesforce or other systems they might have. I also think it's important to give users the tools to do a lot of their own analytics. So I think definitely, you know, kind of dashboards are a dime a dozen as Ben said, but the more you can do to make it really easy for users to do their own thing, so they're not relying on some central department to create some kind of report for them, but they can innovate on their own and do their own analytics of the data. I think its really critical to help companies move faster. >> Michael? >> I'll just build on that with an example because I think Ben and Mike gave two very good things, you know, data and making it self service to the users et cetera So, an example is one of our companies called Salsify, which is B2B commerce. So they're enabling brands to get their products out into the various different channels the day that people buy them on. Which by the way, an incredible number of channels have been created, whether it's, you know, Instagram at one extreme or of course you know, traditional commerce sites is another. And it's actually impossible to get all of the different capabilities of your product fully explained in the right format in each of those channels humanly. You actually have to use a computer. So that highlights the first thing I was thinking is very important is, what could you not do before that you can now do in the cloud? And you know, do in a distributed fashion. So that's a good example. The second thing is, and Mike said it very well, you know, if you can give people the data that Ben was referring to in a way that they line a business user, in this case, a brand manager, or for example the merchandiser can actually use, they'll quickly tell you, "Oh, these three channels are really not worth us spending a lot of money on. We need waste promotion on them. But look at this one, this one's really taking up. This TikTok thing is actually worth paying attention to. Why don't we enable people to buy, you know, products there?" And then focus in on it. And Salsify, by the way, is you know, I can give you stats with every different customer they've got, but they've got huge brands. The sort of Nestlés, the L'Oreals et cetera. Where they're measuring in terms of hundreds of percent of sales increase, because of using the data of Ben's point and making itself service to Mike's point. >> Awesome. Thought exercise for this little toss up question, for anyone who wants to grab it. If you had unlimited budget for R&D, and you wanted to play the long game and you wanted to take some territory down in the future. What technology and what area would you start carving out and protecting and owning or thinking about or digging into. There's a variety of great stuff out there and you know, being prepared for potentially any wildcards, what would it be? >> Well, I don't mind jumping in. That's a tough question. Whatever I did, I would start with machine learning. I think we're still just starting to see the benefits of what this can do across all of different applications. You know, if you look at what AWS has been doing, we, you know, we recently, many of our new service offerings are integrating machine learning in order to optimize automatically, to find the right solution automatically, to find errors in code automatically. And I think you're going to see more and more machine learning built into all types of line of business applications. Sales, marketing, finance, customer service. You know, you already see some of it but I think it's going to happen more and more. So if I was going to bet on one core thing, it would be that. >> I'll jump on that just because I-- >> You're VC, do you think about this as an easy one for you. >> Well, yes or no (indistinct) that I've been a VC now for too long. I was you know (indistinct) for 21 years. I could have answered that question pretty well but in the last 19 of becoming a VC, I've become ruined by just capital being put behind things. But in all seriousness, I think Mike is right. I think every single application is going to get not just reinvented completely reimagined by ML. Because there's so much of what we do that there is indeed managing the data to try to understand how to improve the business process. And when you can do that in an automated fashion and with a continuous close loop that improves it, it takes away all the drudgery and things like humans or the other extreme, you know, manufacturing. And in-between anything that goes from border to cash faster is going to be good for business. And that's going to require ML. So it's an exciting time ahead. That's where we're putting our money. >> Ben, are you going to go off the board here or you're going to stay with machine learning and dating, go wild card here. Blockchain? AR? VR? (overlapping chatter) >> Well I'd have to say ML and AI applying to privacy and trust. Privacy and trust is going to be a currency that a lot of companies need to deal with for a long time coming. And anything you can do to speed that up and honestly remove the human element, and like Michael said, there's a lot of, before there's a lot of services on AWS that are very creative. There's a lot of security built-in But it's that one S3 bucket that someone left open on the internet, that causes the breach. So how are we automating that? Like how do we take the humans out of this process? So we don't make human errors to really get some security happening. >> I think trust is an interesting one. Trust is kind of data as well. I mean, communities are, misinformation, we saw that with elections, huge. Again, that's back to data. We're back to data again. >> You know, John if I may, I'd like to add to that though. It's a good example of something that none of us can predict. Which is, what will be a fundamentally new way of doing this that we haven't really thought of? And, you know, the blockchain is effectively created a means for people to do distributed computing and also, you know, sharing of data, et cetera. Without the human being in the middle and getting rid of many of the intermediaries that we thought were necessary. So, I don't know whether it's the next blockchain or there's blockchain itself, but I have a feeling that this whole issue of trust will become very different when we have new infrastructure. >> I think I agree with everyone here. The data's key. I come back down to data whether you're telling the sovereignty misinformation, the data is there. Okay. Final, final question before we wrap up. This has been amazing on a more serious note for the enterprise folks out there and people in general and around the world. If you guys could give a color commentary answer to, what the post COVID world will look like. With respect to technology adoption, societal impact and technology for potentially good and aura for business. Now that we're coming closer to vaccines and real life again, what is the post COVID world going to look like? What do we learn from it? And how does that translate into everyday in real life benefits? >> Well, I think one of the things that we've seen is that people have realized you can do a lot of work without being in the office. You could be anywhere as long as you can access the data and make the insights from it that you need to. And so I think there's going to be an expectation on the part of users, that there'll be able to do that all the time. They'll be able to do analytics on their phone. They'll be able to do it from wherever they are. They'll be able to do it quickly and they'll be able to get access to the information that they need. And that's going to force companies to continue to be responsive to the expectations and the needs of their users, so that they can keep people productive and have happy employees. Otherwise they're going to go work somewhere else. >> Michael, any thoughts? Post COVID, what do we learn? What happens next? >> You said one key thing Mike, expectations. And I think we're going to live in a very difficult world because expectations are completely unclear. And you might think it's based on age, or you might think it's based on industry or geography, etc. The reality is people have such wildly different expectations and you know, we've tried to do surveys and to try and understand, you know, whether there are some patterns here. I think it's going to be one word, hybrid. And how we deal with hybrid is going to be a major leadership challenge. Because it's impossible to predict what people will do and how they will behave and how they want to for example, go to school or to you know, go to work or play, et cetera. And so I think the third word that I would use is flexibility. You know, we just have to be agile and flexible until we figure out, you know, how this is going to settle out, to get the best of both worlds, because there's so much that we've learned that has been to your point, really beneficial. The more productivity taking out the community. But there's also a lot of things that people really want to get back to such as social interaction, you know, connecting with their friends and living their lives. >> Ben, final word. >> So I'll just drill in on that a little bit deeper. The war on talent, if we talk about tech, if we talk a lot about data, AI, ML. That it's going to be a big differentiator for the companies that are willing to maintain a work from home and your top level resources are going to be dictating where they're working from. And they've seen our work now. And you know, if you're not flexible with how you're running your organization, you will start to lose talent. And companies are going to have to get their head around that as we move forward. >> Gentlemen, thank you very much for your time. That's a great wrap up to this cube on cloud, the AWS startup showcase. Thank you very much on behalf of Dave Vellante, myself, the entire cube team and Amazon web services. Thank you very much for closing out the keynote. Thanks for your time. >> Thank you John and thanks Amazon for a great day. >> Yeah, thank you John. >> Okay, that's a wrap for today. Amazing event. Great keynote, great commentary, 10 amazing companies out there growing, great traction. Cloud startup, cloud scale, cloud value for the enterprise. I'm John Furrier on behalf of theCUBE and Dave Vellante, thanks for watching. (bright music)

>>from around the globe. It's the Cube covering space and cybersecurity. Symposium 2020 hosted by Cal Poly >>Oven. Welcome back to the Space and Cyber Security Symposium. 2020 I'm John for your host with the Cuban silicon angle, along with Cal Poly, representing a great session here on industry success in developing space and cybersecurity. Resource is Got a great lineup. Brigadier General Steve Hotel, whose are also known as Bucky, is Call Sign director of Space Portfolio Defense Innovation Unit. Preston Miller, chief information security officer at JPL, NASA and Major General retired Clint Crozier, director of aerospace and satellite solutions at Amazon Web services, also known as a W s. Gentlemen, thank you for for joining me today. So the purpose of this session is to spend the next hour talking about the future of workforce talent. Um, skills needed and we're gonna dig into it. And Spaces is an exciting intersection of so many awesome disciplines. It's not just get a degree, go into a track ladder up and get promoted. Do those things. It's much different now. Love to get your perspectives, each of you will have an opening statement and we will start with the Brigadier General Steve Hotel. Right? >>Thank you very much. The Defense Innovation Unit was created in 2015 by then Secretary of Defense Ash Carter. To accomplish three things. One is to accelerate the adoption of commercial technology into the Department of Defense so that we can transform and keep our most relevant capabilities relevant. And also to build what we call now called the national Security Innovation Base, which is inclusive all the traditional defense companies, plus the commercial companies that may not necessarily work with focus exclusively on defense but could contribute to our national security and interesting ways. Um, this is such an exciting time Azul here from our other speakers about space on and I can't, uh I'm really excited to be here today to be able to share a little bit of our insight on the subject. >>Thank you very much. Precedent. Miller, Chief information security officer, Jet Propulsion Lab, NASA, Your opening statement. >>Hey, thank you for having me. I would like to start off by providing just a little bit of context of what brings us. Brings us together to talk about this exciting topic for space workforce. Had we've seen In recent years there's been there's been a trend towards expanding our space exploration and the space systems that offer the great things that we see in today's world like GPS. Um, but a lot of that has come with some Asian infrastructure and technology, and what we're seeing as we go towards our next generation expects of inspiration is that we now want to ensure that were secured on all levels. And there's an acknowledgement that our space systems are just a susceptible to cyber attacks as our terrestrial assistance. We've seen a recent space, uh, policy Directive five come out from our administration, that that details exactly how we should be looking at the cyber principle for our space systems, and we want to prevent. We want to prevent a few things as a result of that of these principles. Spoofing and jamming of our space systems are not authorized commands being sent to those space systems, lots of positive control of our space vehicles on lots of mission data. We also acknowledge that there's a couple of frameworks we wanna adopt across the board of our space systems levers and things like our nice miss cybersecurity frameworks. eso what has been a challenge in the past adopted somebody Cyber principles in space systems, where there simply has been a skill gap in a knowledge gap. We hire our space engineers to do a few things. Very well designed space systems, the ploy space systems and engineer space systems, often cybersecurity is seen as a after thought and certainly hasn't been a line item and in any budget for our spaces in racing. Uh, in the past in recent years, the dynamic started to change. We're now now integrating cyber principles at the onset of development of these life cycle of space. Systems were also taking a hard look of how we train the next generation of engineers to be both adequate. Space engineers, space system engineers and a cyber engineers, as a result to Mrs success on DWI, also are taking a hard look at What do we mean when we talk about holistic risk management for our space assistance, Traditionally risk management and missing insurance for space systems? I've really revolved around quality control, but now, in recent years we've started to adopt principles that takes cyber risk into account, So this is a really exciting topic for me. It's something that I'm fortunate to work with and live with every day. I'm really excited to get into this discussion with my other panel members. Thank you. >>You Preston. Great insight there. Looking forward. Thio chatting further. Um, Clint Closure with a W. S now heading up. A director of aerospace and satellite Solutions, formerly Major General, Your opening statement. >>Thanks, John. I really appreciate that introduction and really appreciate the opportunity to be here in the Space and Cybersecurity Symposium. And thanks to Cal Poly for putting it together, you know, I can't help, but as I think to Cal Poly there on the central California coast, San Luis Obispo, California I can't help but to think back in this park quickly. I spent two years of my life as a launch squadron commander at Vandenberg Air Force Base, about an hour south of Cal Poly launching rockets, putting satellites in orbit for the national intelligence community and so some really fond memories of the Central California coast. I couldn't agree more with the theme of our symposium this week. The space and cyber security we've all come to know over the last decade. How critical spaces to the world, whether it's for national security intelligence, whether it's whether communications, maritime, agriculture, development or a whole host of other things, economic and financial transactions. But I would make the case that I think most of your listeners would agree we won't have space without cybersecurity. In other words, if we can't guaranteed cybersecurity, all those benefits that we get from space may not be there. Preston in a moment ago that all the threats that have come across in the terrestrial world, whether it be hacking or malware or ransomware or are simple network attacks, we're seeing all those migrate to space to. And so it's a really important issue that we have to pay attention to. I also want to applaud Cow Pauling. They've got some really important initiatives. The conference here, in our particular panel, is about developing the next generation of space and cyber workers, and and Cal Poly has two important programs. One is the digital transformation hub, and the other is space data solutions, both of which, I'm happy to say, are in partnership with a W. S. But these were important programs where Cal Poly looks to try to develop the next generation of space and cyber leaders. And I would encourage you if you're interested in that toe. Look up the program because that could be very valuable is well, I'm relatively new to the AWS team and I'm really happy Thio team, as John you said recently retired from the U. S. Air Force and standing up the U. S. Space force. But the reason that I mentioned that as the director of the aerospace and satellite team is again it's in perfect harmony with the theme today. You know, we've recognized that space is critically important and that cyber security is critically important and that's been a W s vision as well. In fact, a W s understands how important the space domain is and coupled with the fact that AWS is well known that at a W s security is job zero and stolen a couple of those to fax A. W. S was looking to put together a team the aerospace and satellite team that focus solely and exclusively every single day on technical innovation in space and more security for the space domain through the cloud and our offerings there. So we're really excited to reimagine agree, envision what space networks and architectures could look like when they're born on the cloud. So that's important. You know, talk about workforce here in just a moment, but but I'll give you just a quick sneak. We at AWS have also recognized the gap in the projected workforce, as Preston mentioned, Um, depending on the projection that you look at, you know, most projections tell us that the demand for highly trained cyber cyber security cloud practitioners in the future outweighs what we think is going to be the supply. And so a ws has leaned into that in a number of ways that we're gonna talk about the next segment. I know. But with our workforce transformation, where we've tried to train free of charge not just a W s workers but more importantly, our customers workers. It s a W s we obsessed over the customer. And so we've provided free training toe over 7000 people this year alone toe bring their cloud security and cyber security skills up to where they will be able to fully leverage into the new workforce. So we're really happy about that too? I'm glad Preston raised SPD five space policy Directive five. I think it's gonna have a fundamental impact on the space and cyber industry. Uh, now full disclosure with that said, You know, I'm kind of a big fan of space policy directives, ESPN, Or was the space policy directive that directed to stand up of the U. S. Space Force and I spent the last 18 months of my life as the lead planner and architect for standing up the U. S. Space force. But with that said, I think when we look back a decade from now, we're going to see that s p d five will have as much of an impact in a positive way as I think SPD for on the stand up of the space Force have already done so. So I'll leave it there, but really look forward to the dialogue and discussion. >>Thank you, gentlemen. Clint, I just wanna say thank you for all your hard work and the team and the people who were involved in standing up Space force. Um, it is totally new. It's a game changer. It's modern, is needed. And there's benefits on potential challenges and opportunities that are gonna be there, so thank you very much for doing that. I personally am excited. I know a lot of people are excited for what the space force is today and what it could become. Thank you very much. >>Yeah, Thanks. >>Okay, So >>with >>that, let me give just jump in because, you know, as you're talking about space force and cybersecurity and you spend your time at Vanderburgh launching stuff into space, that's very technical. Is operation okay? I mean, it's complex in and of itself, but if you think about like, what's going on beyond in space is a lot of commercial aspect. So I'm thinking, you know, launching stuff into space on one side of my brain and the other side of brain, I'm thinking like air travel. You know, all the logistics and the rules of the road and air traffic control and all the communications and all the technology and policy and, you >>know, landing. >>So, Major General Clint, what's your take on this? Because this is not easy. It's not just one thing that speaks to the diversity of workforce needs. What's your reaction to that? >>Yeah. I mean, your observation is right on. We're seeing a real boom in the space and aerospace industry. For all the good reasons we talked about, we're recognizing all the value space from again economic prosperity to exploration to being ableto, you know, improve agriculture and in weather and all those sorts of things that we understand from space. So what I'm really excited about is we're seeing this this blossom of space companies that we sort of referred to his new space. You know, it used to be that really only large governments like the United States and a handful of others could operate in the space domain today and largely infused because of the technological innovation that have come with Cyber and Cyrus Space and even the cloud we're seeing more and more companies, capabilities, countries, all that have the ability, you know. Even a well funded university today can put a cube sat in orbit, and Cal Poly is working on some of those too, by the way, and so it's really expanded the number of people that benefits the activity in space and again, that's why it's so critically important because we become more and more reliant and we will become more and more reliant on those capabilities that we have to protect him. It's fundamental that we do. So, >>Bucky, I want you to weigh in on this because actually, you you've flown. Uh, I got a call sign which I love interviewing people. Anyone who's a call sign is cool in my book. So, Bucky, I want you to react to that because that's outside of the technology, you know, flying in space. There's >>no >>rule. I mean, is there like a rules? I mean, what's the rules of the road? I mean, state of the right. I mean, what I mean, what what's going? What's gonna have toe happen? Okay, just logistically. >>Well, this is very important because, uh and I've I've had access thio information space derived information for most of my flying career. But the amount of information that we need operate effectively in the 21st century is much greater than Thanet has been in the past. Let me describe the environment s so you can appreciate a little bit more what our challenges are. Where, from a space perspective, we're going to see a new exponential increase in the number of systems that could be satellites. Uh, users and applications, right? And so eso we're going we're growing rapidly into an environment where it's no longer practical to just simply evolved or operate on a perimeter security model. We and with this and as I was brought up previously, we're gonna try to bring in MAWR commercial capabilities. There is a tremendous benefit with increasing the diversity of sources of information. We use it right now. The military relies very heavily on commercial SAT com. We have our military capabilities, but the commercial capabilities give us capacity that we need and we can. We can vary that over time. The same will be true for remote sensing for other broadband communications capabilities on doing other interesting effects. Also, in the modern era, we doom or operations with our friends and allies, our regional partners all around the world, in order to really improve our interoperability and have rapid exchange of information, commercial information, sources and capabilities provides the best means of doing that. So that so that the imperative is very important and what all this describes if you want to put one word on it. ISS, we're involving into ah hybrid space architectures where it's gonna be imperative that we protect the integrity of information and the cyber security of the network for the things most important to us from a national security standpoint. But we have to have the rules that that allows us to freely exchange information rapidly and in a way that that we can guarantee that the right users are getting the right information at the right. >>We're gonna come back to that on the skill set and opportunities for people driving. That's just looking. There's so much opportunity. Preston, I want you to react to this. I interviewed General Keith Alexander last year. He formerly ran Cyber Command. Um, now he's building Cyber Security Technologies, and his whole thesis is you have to share. So the question is, how do you share and lock stuff down at the same time when you have ah, multi sided marketplace in space? You know, suppliers, users, systems. This is a huge security challenge. What's your reaction to this? Because we're intersecting all these things space and cybersecurity. It's just not easy. What's your reaction? >>Absolutely, Absolutely. And what I would say in response to that first would be that security really needs to be baked into the onset of how we develop and implement and deploy our space systems. Um, there's there's always going to be the need to collect and share data across multiple entities, particularly when we're changing scientific data with our mission partners. Eso with that necessitates that we have a security view from the onset, right? We have a system spaces, and they're designed to share information across the world. How do we make sure that those, uh, those other those communication channels so secure, free from interception free from disruption? So they're really done? That necessitates of our space leaders in our cyber leaders to be joining the hip about how to secure our space systems, and the communications there in Clinton brought up a really good point of. And then I'm gonna elaborate on a little bit, just toe invite a little bit more context and talk about some the complexities and challenges we face with this advent of new space and and all of our great commercial partners coming into therefore way, that's going to present a very significant supply chain risk management problems that we have to get our hands around as well. But we have these manufacturers developing these highly specialized components for the space instruments, Um, that as it stands right now, it's very little oversight And how those things air produced, manufactured, put into the space systems communication channels that they use ports protocols that they use to communicate. And that's gonna be a significant challenge for us to get get our hands around. So again, cybersecurity being brought in. And the very onset of these development thes thes decisions in these life cycles was certainly put us in a best better position to secure that data in our in our space missions. >>Yeah, E just pick up on that. You don't mind? Preston made such a really good point there. But you have to bake security in up front, and you know there's a challenge and there's an opportunity, you know, with a lot of our systems today. It was built in a pre cyber security environment, especially our government systems that were built, you know, in many cases 10 years ago, 15 years ago are still on orbit today, and we're thankful that they are. But as we look at this new environment and we understand the threats, if we bake cybersecurity in upfront weaken balance that open application versus the risk a long as we do it up front. And you know, that's one of the reasons that our company developed what we call govcloud, which is a secure cloud, that we use thio to manage data that our customers who want to do work with the federal government or other governments or the national security apparatus. They can operate in that space with the built in and baked in cybersecurity protocols. We have a secret region that both can handle secret and top secret information for the same reasons. But when you bake security into the upfront applications, that really allows you to balance that risk between making it available and accessible in sort of an open architecture way. But being sure that it's protected through things like ITAR certifications and fed ramp, uh, another ice T certifications that we have in place. So that's just a really important point. >>Let's stay high level for a man. You mentioned a little bit of those those govcloud, which made me think about you know, the tactical edge in the military analogy, but also with space similar theater. It's just another theater and you want to stand stuff up. Whether it's communications and have facilities, you gotta do it rapidly, and you gotta do it in a very agile, secure, I high availability secure way. So it's not the old waterfall planning. You gotta be fast is different. Cloud does things different? How do you talk to the young people out there, whether it's apparent with with kids in elementary and middle school to high school, college grad level or someone in the workforce? Because there are no previous jobs, that kind of map to the needs out there because you're talking about new skills, you could be an archaeologist and be the best cyber security guru on the planet. You don't have to have that. There's no degree for what, what we're talking about here. This >>is >>the big confusion around education. I mean, you gotta you like math and you could code you can Anything who wants to comment on that? Because I think this >>is the core issue. I'll say there are more and more programs growing around that educational need, and I could talk about a few things we're doing to, but I just wanna make an observation about what you just said about the need. And how do you get kids involved and interested? Interestingly, I think it's already happening, right. The good news. We're already developing that affinity. My four year old granddaughter can walk over, pick up my iPad, turn it on. Somehow she knows my account information, gets into my account, pulls up in application, starts playing a game. All before I really even realized she had my iPad. I mean, when when kids grow up on the cloud and in technology, it creates that natural proficiency. I think what we have to do is take that natural interest and give them the skill set the tools and capabilities that go with it so that we're managing, you know, the the interest with the technical skills. >>And also, like a fast I mean, just the the hackers are getting educated. Justus fast. Steve. I mean e mean Bucky. What do you do here? You CIt's the classic. Just keep chasing skills. I mean, there are new skills. What are some of those skills? >>Why would I amplify eloquent? Just said, First of all, the, uh, you know, cyber is one of those technology areas where commercial side not not the government is really kind of leading away and does a significant amount of research and development. Ah, billions of dollars are spent every year Thio to evolve new capabilities. And a lot of those companies are, you know, operated and and in some cases, led by folks in their early twenties. So the S O. This is definitely an era and a generation that is really poised in position. Well, uh, Thio take on this challenge. There's some unique aspects to space. Once we deploy a system, uh, it will be able to give me hard to service it, and we're developing capabilities now so that we could go up and and do system upgrades. But that's not a normal thing in space that just because the the technical means isn't there yet. So having software to find capabilities, I's gonna be really paramount being able to dio unique things. The cloud is huge. The cloud is centric to this or architectural, and it's kind of funny because d o d we joke because we just discovered the cloud, you know, a couple years ago. But the club has been around for a while and, uh, and it's going to give us scalability on and the growth potential for doing amazing things with a big Data Analytics. But as Preston said, it's all for not if if we can't trust the data that we receive. And so one of the concepts for future architectures is to evolve into a zero trust model where we trust nothing. We verify and authenticate everyone. And, uh, and that's that's probably a good, uh, point of departure as we look forward into our cybersecurity for space systems into the future. >>Block everyone. Preston. Your reaction to all this gaps, skills, What's needed. I mean it Z everyone's trying to squint through this >>absolutely. And I wanna want to shift gears a little bit and talk about the space agencies and organizations that are responsible for deploying these spaces into submission. So what is gonna take in this new era on, and what do we need from the workforce to be responsive to the challenges that we're seeing? First thing that comes to mind is creating a culture of security throughout aerospace right and ensuring that Azzawi mentioned before security isn't an afterthought. It's sort of baked into our models that we deploy and our rhetoric as well, right? And because again we hire our spaces in years to do it very highly. Specialized thing for a highly specialized, uh, it's topic. Our effort, if we start to incorporate rhetorically the importance of cybersecurity two missing success and missing assurance that's going to lend itself toe having more, more prepared on more capable system engineers that will be able to respond to the threats accordingly. Traditionally, what we see in organizational models it's that there's a cyber security team that's responsible for the for the whole kit kaboodle across the entire infrastructure, from enterprise systems to specialize, specialize, space systems and then a small pocket of spaces, years that that that are really there to perform their tasks on space systems. We really need to bridge that gap. We need to think about cybersecurity holistically, the skills that are necessary for your enterprise. I t security teams need to be the same skills that we need to look for for our system engineers on the flight side. So organizationally we need we need to address that issue and approach it, um todo responsive to the challenges we see our our space systems, >>new space, new culture, new skills. One of the things I want to bring up is looking for success formulas. You know, one of the things we've been seeing in the past 10 years of doing the Cube, which is, you know, we've been called the ESPN of Tech is that there's been kind of like a game ification. I want to. I don't wanna say sports because sports is different, but you're seeing robotics clubs pop up in some schools. It's like a varsity sport you're seeing, you know, twitch and you've got gamers out there, so you're seeing fun built into it. I think Cal Poly's got some challenges going on there, and then scholarships air behind it. So it's almost as if, you know, rather than going to a private sports training to get that scholarship, that never happens. There's so many more scholarship opportunities for are not scholarship, but just job opportunities and even scholarships we've covered as part of this conference. Uh, it's a whole new world of culture. It's much different than when I grew up, which was you know, you got math, science and English. You did >>it >>and you went into your track. Anyone want to comment on this new culture? Because I do believe that there is some new patterns emerging and some best practices anyone share any? >>Yeah, I do, because as you talked about robotics clubs and that sort of things, but those were great and I'm glad those air happening. And that's generating the interest, right? The whole gaming culture generating interest Robotic generates a lot of interest. Space right has captured the American in the world attention as well, with some recent NASA activities and all for the right reasons. But it's again, it's about taking that interested in providing the right skills along the way. So I'll tell you a couple of things. We're doing it a w s that we found success with. The first one is a program called A W s Academy. And this is where we have developed a cloud, uh, program a cloud certification. This is ah, cloud curriculum, if you will, and it's free and it's ready to teach. Our experts have developed this and we're ready to report it to a two year and four year colleges that they can use is part of the curriculum free of charge. And so we're seeing some real value there. And in fact, the governor's in Utah and Arizona recently adopted this program for their two year schools statewide again, where it's already to teach curriculum built by some of the best experts in the industry s so that we can try to get that skills to the people that are interested. We have another program called A W s educate, and this is for students to. But the idea behind this is we have 12 cracks and you can get up to 50 hours of free training that lead to A W s certification, that sort of thing. And then what's really interesting about that is all of our partners around the world that have tied into this program we manage what we call it ws educate Job board. And so if you have completed this educate program now, you can go to that job board and be linked directly with companies that want people with those skills we just helped you get. And it's a perfect match in a perfect marriage there. That one other piece real quickly that we're proud of is the aws Uh restart program. And that's where people who are unemployed, underemployed or transitioning can can go online. Self paced. We have over 500 courses they can take to try to develop those initial skills and get into the industry. And that's been very popular, too, So that those air a couple of things we're really trying to lean into >>anyone else want to react. Thio that question patterns success, best practices, new culture. >>I'd like Thio. The the wonderful thing about what you just touched on is problem solving, right, And there's some very, very good methodologies that are being taught in the universities and through programs like Hacking for Defense, which is sponsored by the National Security Innovation Network, a component of the I you where I work but the But whether you're using a lien methodologies or design school principals or any other method, the thing that's wonderful right now and not just, uh, where I work at the U. The Space force is doing this is well, but we're putting the problem out there for innovators to tackle, And so, rather than be prescriptive of the solutions that we want to procure, we want we want the best minds at all levels to be able to work on the problem. Uh, look at how they can leverage other commercial solutions infrastructure partnerships, uh, Thio to come up with a solution that we can that we can rapidly employ and scale. And if it's a dual use solution or whether it's, uh, civil military or or commercial, uh, in any of the other government solutions. Uh, that's really the best win for for the nation, because that commercial capability again allows us to scale globally and share those best practices with all of our friends and allies. People who share our values >>win win to this commercial. There's a business model potential financial benefits as well. Societal impact Preston. I want to come to you, JPL, NASA. I mean, you work in one of the most awesome places and you know, to me, you know, if you said to me, Hey, John, come working JP like I'm not smart enough to go there like I mean, like, it's a pretty It's intimidating, it might seem >>share folks out there, >>they can get there. I mean, it's you can get there if you have the right skills. I mean I'm just making that up. But, I mean, it is known to be super smart And is it attainable? So share your thoughts on this new culture because you could get the skills to get there. What's your take on all this >>s a bucket. Just missing something that really resonated with me, right? It's do it your love office. So if you put on the front engineer, the first thing you're gonna try to do is pick it apart. Be innovative, be creative and ways to solve that issue. And it has been really encouraging to me to see the ground welcome support an engagement that we've seen across our system. Engineers in space. I love space partners. A tackling the problem of cyber. Now that they know the West at risk on some of these cyber security threats that that they're facing with our space systems, they definitely want to be involved. They want to take the lead. They want to figure things out. They wanna be innovative and creative in that problem solving eso jpl We're doing a few things. Thio Raise the awareness Onda create a culture of security. Andi also create cyber advocates, cybersecurity advocates across our space engineers. We host events like hacked the lad, for example, and forgive me. Take a pause to think about the worst case scenarios that could that could result from that. But it certainly invites a culture of creative problem solving. Um, this is something that that kids really enjoy that are system engineers really enjoyed being a part off. Um, it's something that's new refreshing to them. Eso we were doing things like hosting a monthly cybersecurity advocacy group. When we talk about some of the cyber landscape of our space systems and invite our engineers into the conversation, we do outweighs programs specifically designed to to capture, um, our young folks, uh, young engineers to deceive. They would be interested and show them what this type of security has to offer by ways of data Analytic, since the engineering and those have been really, really successful identifying and bringing in new talent to address the skill gaps. >>Steve, I want to ask you about the d. O. D. You mentioned some of the commercial things. How are you guys engaging the commercial to solve the space issue? Because, um, the normalization in the economy with GPS just seeing spaces impacts everybody's lives. We we know that, um, it's been talked about. And and there's many, many examples. How are you guys the D o. D. From a security standpoint and or just from an advancement innovation standpoint, engaging with commercials, commercial entities and commercial folks? >>Well, I'll throw. I'll throw a, uh, I'll throw ah, compliment to Clint because he did such an outstanding job. The space forces already oriented, uh, towards ah, commercial where it's appropriate and extending the arms. Leveraging the half works on the Space Enterprise Consortium and other tools that allow for the entrepreneurs in the space force Thio work with their counterparts in a commercial community. And you see this with the, uh, you know, leveraging space X away to, uh, small companies who are doing extraordinary things to help build space situational awareness and, uh, s So it's it's the people who make this all happen. And what we do at at the D. O. D level, uh, work at the Office of Secretary defense level is we wanna make sure that they have the right tools to be able to do that in a way that allows these commercial companies to work with in this case of a space force or with cyber command and ways that doesn't redefine that. The nature of the company we want we want We want commercial companies to have, ah, great experience working with d o d. And we want d o d toe have the similar experience working, working with a commercial community, and and we actually work interagency projects to So you're going to see, uh, General Raymond, uh, hey, just recently signed an agreement with the NASA Esa, you're gonna see interagency collaborations on space that will include commercial capabilities as well. So when we speak as one government were not. You know, we're one voice, and that's gonna be tremendous, because if you're a commercial company on you can you can develop a capability that solves problems across the entire space enterprise on the government side. How great is that, Right. That's a scaling. Your solution, gentlemen. Let >>me pick you back on that, if you don't mind. I'm really excited about that. I mentioned new space, and Bucky talked about that too. You know, I've been flying satellites for 30 years, and there was a time where you know the U. S. Government national security. We wouldn't let anybody else look at him. Touch him. Plug into, um, anything else, right. And that probably worked at the time. >>But >>the world has changed. And more >>importantly, >>um, there is commercial technology and capability available today, and there's no way the U. S government or national security that national Intel community can afford economically >>to >>fund all that investment solely anymore. We don't have the manpower to do it anymore. So we have this perfect marriage of a burgeoning industry that has capabilities and it has re sources. And it has trained manpower. And we are seeing whether it's US Space Force, whether it's the intelligence community, whether it's NASA, we're seeing that opened up to commercial providers more than I've ever seen in my career. And I can tell you the customers I work with every day in a W s. We're building an entire ecosystem now that they understand how they can plug in and participate in that, and we're just seeing growth. But more importantly, we're seeing advanced capability at cheaper cost because of that hybrid model. So that really is exciting. >>Preston. You know you mentioned earlier supply chain. I don't think I think you didn't use the word supply chain. Maybe you did. But you know about the components. Um, you start opening things up and and your what you said baking it in to the beginning, which is well known. Uh, premise. It's complicated. So take me through again, Like how this all gonna work securely because And what's needed for skill sets because, you know, you're gonna open. You got open source software, which again, that's open. We live in a free society in the United States of America, so we can't lock everything down. You got components that are gonna be built anywhere all around the world from vendors that aren't just a certified >>or maybe >>certified. Um, it's pretty crazy. So just weigh in on this key point because I think Clint has it right. And but that's gonna be solved. What's your view on this? >>Absolutely. And I think it really, really start a top, right? And if you look back, you know, across, um in this country, particularly, you take the financial industry, for example, when when that was a burgeoning industry, what had to happen to ensure that across the board. Um, you know, your your finances were protected these way. Implemented regulations from the top, right? Yeah. And same thing with our health care industry. We implemented regulations, and I believe that's the same approach we're gonna need to take with our space systems in our space >>industry >>without being too directive or prescriptive. Instance she ating a core set of principles across the board for our manufacturers of space instruments for deployment and development of space systems on for how space data and scientific data is passed back and forth. Eso really? We're gonna need to take this. Ah, holistic approach. Thio, how we address this issue with cyber security is not gonna be easy. It's gonna be very challenging, but we need to set the guard rails for exactly what goes into our space systems, how they operate and how they communicate. >>Alright, so let's tie this back to the theme, um, Steve and Clint, because this is all about workforce gaps, opportunities. Um, Steve, you mentioned software defined. You can't do break fix in space. You can't just send a technician up in the space to fix a component. You gotta be software defined. We're talking about holistic approach, about commercial talk about business model technology with software and policy. We need people to think through, like you know. What the hell are you gonna do here, right? Do you just noticed road at the side of the road to drive on? There's no rules of engagement. So what I'm seeing is certainly software Check. If you wanna have a job for the next millennial software policy who solves two problems, what does freedom looked like in space Congestion Contention and then, obviously, business model. Can you guys comment on these three areas? Do you agree? And what specific person might be studying in grad school or undergraduate or in high school saying, Hey, I'm not a techie, but they can contribute your thoughts. I'll >>start off with, uh, speak on on behalf of the government today. I would just say that as policy goes, we need to definitely make sure that we're looking towards the future. Ah, lot of our policy was established in the past under different conditions, and, uh, and if there's anything that you cannot say today is that space is the same as it was even 10 years ago. So the so It's really important that our policy evolves and recognizes that that technology is going to enable not just a new ways of doing things, but also force us to maybe change or or get rid of obsolete policies that will inhibit our ability to innovate and grow and maintain peace with with a rapid, evolving threat. The for the for the audience today, Uh, you know, you want some job assurance, cybersecurity and space it's gonna be It's gonna be an unbelievable, uh, next, uh, few decades and I couldn't think of a more exciting for people to get into because, you know, spaces Ah, harsh environment. We're gonna have a hard time just dud being able differentiate, you know, anomalies that occur just because of the environment versus something that's being hacked. And so JPL has been doing this for years on they have Cem Cem great approaches, but but this is this is gonna be important if you put humans on the moon and you're going to sustain them there. Those life support systems are gonna be using, you know, state of the art computer technology, and which means, is also vulnerable. And so eso the consequences of us not being prepared? Uh, not just from our national security standpoint, but from our space exploration and our commercial, uh, economic growth in space over the long term all gonna be hinged on this cyber security environment. >>Clint, your thoughts on this too ill to get. >>Yeah. So I certainly agree with Bucky. But you said something a moment ago that Bucky was talking about as well. But that's the idea that you know in space, you can't just reach out and touch the satellite and do maintenance on the satellite the way you can't a car or a tank or a plane or a ship or something like that. And that is true. However, right, comma, I want to point out. You know, the satellite servicing industry is starting to develop where they're looking at robotic techniques in Cape abilities to go up in services satellite on orbit. And that's very promising off course. You got to think through the security policy that goes with that, of course. But the other thing that's really exciting is with artificial intelligence and machine learning and edge computing and database analytics and all those things that right on the cloud. You may not even need to send a robotic vehicle to a satellite, right? If you can upload and download software defined, fill in the blank right, maybe even fundamentally changing the mission package or the persona, if you will, of the satellite or the spacecraft. And that's really exciting to, ah, lot >>of >>security policy that you've gotta work through. But again, the cloud just opens up so many opportunities to continue to push the boundaries. You know, on the AWS team, the aerospace and satellite team, which is, you know, the new team that I'm leading. Now our motto is to the stars through the cloud. And there are just so many exciting opportunities right for for all those capabilities that I just mentioned to the stars through the cloud >>President, your thoughts on this? >>Yes, eso won >>a >>little bit of time talking about some of the business model implications and some of the challenges that exists there. Um, in my experience, we're still working through a bit of a language barrier of how we define risk management for our space systems. Traditionally traditionally risk management models is it is very clear what poses a risk to a flight mission. Our space mission, our space system. Um, and we're still finding ways to communicate cyber risk in the same terms that are system engineers are space engineers have traditionally understood. Um, this is a bit of a qualitative versus quantitative, a language barrier. But however adopting a risk management model that includes cybersecurity, a za way to express wish risk to miss the success, I think I think it would be a very good thing is something that that we have been focused on the J. P o as we Aziz, we look at the 34 years beyond. How do >>we >>risk that gap and not only skills but communication of cyber risk and the way that our space engineers and our project engineers and a space system managers understand >>Clinton, like Thio talk about space Force because this is the most popular new thing. It's only a couple of nine months in roughly not even a year, uh, already changing involving based on some of the reporting we've done even here at this symposium and on the Internet. Um, you know, when I was growing up, you know, I wasn't there when JFK said, you know, we're gonna get to the moon. I was born in the sixties, so, you know, when I was graduating my degree, you know, Draper Labs, Lincoln Lab, JPL, their pipeline and people wasn't like a surge of job openings. Um, so this kind of this new space new space race, you know, Kennedy also said that Torch has been passed to a new generation of Americans. So in a way that's happening right now with space force. A new generation is here is a digital generation. It's multi disciplinary generation. Could you take a minute and share, uh, for for our audience? And here at this symposium, um, the mission of Space Force and where you see it going because this truly is different. And I think anyone who's young e I mean, you know, if this was happening when I was in college would be like dropping everything. I'm in there, I think, cause there's so many areas thio jump into, um, it's >>intellectually challenging. >>It's intoxicating in some level. So can you share your thoughts? >>Yeah. Happy to do that. Of course. I I need to remind everybody that as a week ago I'm formally retired. So I'm not an official spokesman for US forces. But with that, you know, it said I did spend the last 18 months planning for it, designing and standing it up. And I'll tell you what's really exciting is you know, the commander of, uh, US Base Force General J. Raymond, who's the right leader at the right time. No question in my >>mind. But >>he said, I want to stand up the Space Force as the first fully digital service in the United States. Right? So he is trying >>to bake >>cloud baked cybersecurity, baked digital transformational processes and everything we did. And that was a guidance he gave us every day, every day. When we rolled in. He said, Remember, guys, I don't wanna be the same. I don't wanna be stale. I want new thinking, new capabilities and I want it all to be digital on. That's one of the reasons When we brought the first wave of people into the space force, we brought in space operations, right. People like me that flew satellites and launch rockets, we brought in cyber space experts, and we brought in intelligence experts. Those were the first three waves of people because of that, you know, perfect synergy between space and cyber and intel all wrapped in >>it. >>And so that was really, really smart. The other thing I'll say just about, you know, Kennedy's work. We're going to get to the moon. So here we are. Now we're going back to the Moon Project Artemus that NASA is working next man first woman on the moon by 2024 is the plan and >>then >>with designs to put a permanent presence on the moon and then lean off to march. So there was a lot to get excited about. I will tell you, as we were taking applications and looking at rounding out filling out the village in the U. S. Space Force, we were overwhelmed with the number of people that wanted, and that was a really, really good things. So they're off to a good start, and they're just gonna accomplishment major things. I know for sure. >>Preston, your thoughts on this new generation people out there were like I could get into this. This is a path. What's your what's your opinion on this? And what's your >>E could, uh, you so bold as to say >>that >>I feel like I'm a part of that new generation eso I grew up very much into space. Uh, looking at, um, listen to my, uh, folks I looked up to like Carl Sagan. Like like Neil Tyson. DeGrasse on did really feeling affinity for what What this country has done is for is a space program are focused on space exploration on bond. Through that, I got into our security, as it means from the military. And I just because I feel so fortunate that I could merge both of those worlds because of because of the generational, um, tailoring that we do thio promote space exploration and also the advent of cybersecurity expertise that is needed in this country. I feel like that. We are We are seeing a conversions of this too. I see a lot of young people really getting into space exploration. I see a lot of young people as well. Um uh, gravitating toward cybersecurity as a as a course of study. And to see those two worlds colliding and converse is something that's very near and dear to me. And again, I I feel like I'm a byproduct of that conversion, which is which, Really, Bothwell for space security in the future, >>we'll your great leader and inspiration. Certainly. Senior person as well. Congratulations, Steve. You know, young people motivational. I mean, get going. Get off the sidelines. Jump in Water is fine, Right? Come on in. What's your view on motivating the young workforce out there and anyone thinking about applying their skills on bringing something to the table? >>Well, look at the options today. You have civil space President represents you have military space. Uh, you have commercial space on and even, you know, in academia, the research, the potential as a as an aspiring cyber professional. All of you should be thinking about when we when we When? When we first invented the orbit, which eventually became the Internet, Uh, on Lee, we were, uh if all we had the insight to think Well, geez, you know whether the security implications 2030 years from now of this thing scaling on growing and I think was really good about today's era. Especially as Clint said, because we were building this space infrastructure with a cyber professionals at ground zero on dso the So the opportunity there is to look out into the future and say we're not just trying to secure independent her systems today and assure the free for all of of information for commerce. You know, the GPS signal, Uh, is Justus much in need of protection as anything else tied to our economy, But the would have fantastic mission. And you could do that. Uh, here on the ground. You could do it, uh, at a great companies like Amazon Web services. But you can also one of these states. Perhaps we go and be part of that contingency that goes and does the, uh, the se's oh job that that president has on the moon or on Mars and, uh, space will space will get boring within a generation or two because they'll just be seen as one continuum of everything we have here on Earth. And, uh, and that would be after our time. But in the meantime, is a very exciting place to be. And I know if I was in in my twenties, I wanna be, uh, jumping in with both feet into it. >>Yeah, great stuff. I mean, I think space is gonna be around for a long long time. It's super exciting and cybersecurity making it secure. And there's so many areas defeating on. Gentlemen, thank you very much for your awesome insight. Great panel. Um, great inspiration. Every one of you guys. Thank you very much for for sharing for the space and cybersecurity symposium. Appreciate it. Thank you very much. >>Thanks, John. Thank you. Thank you. Okay, >>I'm >>John for your host for the Space and Cybersecurity Symposium. Thanks for watching.

from around the globe it's thecube covering space and cyber security symposium 2020 hosted by cal poly hello and welcome to thecube's coverage we're here hosting with cal poly an amazing event space in the intersection of cyber security this session is defending satellite and space infrastructure from cyber threats got two great guests we've got major general john shaw combined four space component commander u.s space command and vandenberg air force base in california and roland cuello who's the ceo of maverick space systems gentlemen thank you for spending the time to come on to this session for the cal poly space and cyber security symposium appreciate it absolutely um guys defending satellites and space infrastructure is the new domain obviously it's a war warfighting domain it's also the future of the world and this is an important topic because we rely on space now for our everyday life and it's becoming more and more critical everyone knows how their phones work and gps just small examples of all the impacts i'd like to discuss with this hour this topic with you guys so if we can have you guys do an opening statement general if you can start with your opening statement we'll take it from there thanks john and greetings from vandenberg air force base we are just down the road from cal poly here on the central coast of california and uh very proud to be part of this uh effort and part of the partnership that we have with with cal poly on a number of fronts um i should uh so in in my job here i actually uh have two hats that i wear and it's i think worth talking briefly about those to set the context for our discussion you know we had two major organizational events within our department of defense with regard to space last year in 2019 and probably the one that made the most headlines was the stand-up of the united states space force that happened uh december 20th last year and again momentous the first new branch in our military since 1947 uh and uh it is a it's just over nine months old now as we're making this recording uh and already we're seeing a lot of change uh with regard to how we're approaching uh organizing training and equipping on a service side or space capabilities and so i uh in that with regard to the space force the hat i wear there is commander of space operations command that was what was once 14th air force when we were still part of the air force here at vandenberg and in that role i'm responsible for the operational capabilities that we bring to the joint warfighter and to the world from a space perspective didn't make quite as many headlines but another major change that happened last year was the uh the reincarnation i guess i would say of united states space command and that is a combatant command it's how our department of defense organizes to actually conduct warfighting operations um most people are more familiar perhaps with uh central command centcom or northern command northcom or even strategic command stratcom well now we have a space com we actually had one from 1985 until 2002 and then stood it down in the wake of the 9 11 attacks and a reorganization of homeland security but we've now stood up a separate command again operationally to conduct joint space operations and in that organization i wear a hat as a component commander and that's the combined force-based component command uh working with other all the additional capabilities that other services bring as well as our allies that combined in that title means that uh i under certain circumstances i would lead an allied effort uh in space operations and so it's actually a terrific job to have here on the central coast of california uh both working the uh how we bring space capabilities to the fight on the space force side and then how we actually operate those capabilities it's a point of joint in support of joint warfighters around the world um and and national security interests so that's the context now what el i i also should mention you kind of alluded to john you're beginning that we're kind of in a change situation than we were a number of years ago and that space we now see space as a warfighting domain for most of my career going back a little ways most of my my focus in my jobs was making sure i could bring space capabilities to those that needed them bringing gps to that special operations uh soldier on the ground somewhere in the world bringing satellite communications for our nuclear command and control bringing those capabilities for other uses but i didn't have to worry in most of my career about actually defending those space capabilities themselves well now we do we've actually gone to a point where we're are being threatened in space we now are treating it more like any other domain normalizing in that regard as a warfighting domain and so we're going through some relatively emergent efforts to protect and defend our capabilities in space to to design our capabilities to be defended and perhaps most of all to train our people for this new mission set so it's a very exciting time and i know we'll get into it but you can't get very far into talking about all these space capabilities and how we want to protect and defend them and how we're going to continue their ability to deliver to warfighters around the globe without talking about cyber because they fit together very closely so anyway thanks for the chance to be here today and i look forward to the discussion general thank you so much for that opening statement and i would just say that not only is it historic with the space force it's super exciting because it opens up so much more challenges and opportunities for to do more and to do things differently so i appreciate that statement roland your opening statement your your job is to put stuff in space faster cheaper smaller better your opening statement please um yes um thank you john um and yes you know to um general shaw's point you know with with the space domain and the need to protect it now um is incredibly important and i hope that we are more of a help um than a thorn in your side um in terms of you know building satellites smaller faster cheaper um you know and um definitely looking forward to this discussion and you know figuring out ways where um the entire space domain can work together you know from industry to to us government even to the academic environment as well so first would like to say and preface this by saying i am not a cyber security expert um we you know we build satellites um and uh we launch them into orbit um but we are by no means you know cyber security experts and that's why um you know we like to partner with organizations like the california cyber security institute because they help us you know navigate these requirements um so um so i'm the ceo of um of maverick space systems we are a small aerospace business in san luis obispo california and we provide small satellite hardware and service solutions to a wide range of customers all the way from the academic environment to the us government and everything in between we support customers through an entire you know program life cycle from mission architecture and formulation all the way to getting these customer satellites in orbit and so what we try to do is um provide hardware and services that basically make it easier for customers to get their satellites into orbit and to operate so whether it be reducing mass or volume um creating greater launch opportunities or providing um the infrastructure and the technology um to help those innovations you know mature in orbit you know that's you know that's what we do our team has experienced over the last 20 years working with small satellites and definitely fortunate to be part of the team that invented the cubesat standard by cal poly and stanford uh back in 2000 and so you know we are in you know vandenberg's backyard um we came from cal poly san luis obispo um and you know our um our hearts are fond you know of this area and working with the local community um a lot of that success um that we have had is directly attributable um to the experiences that we learned as students um working on satellite programs from our professors and mentors um you know that's you know all you know thanks to cal poly so just wanted to tell a quick story so you know back in 2000 just imagine a small group of undergraduate students you know myself included with the daunting task of launching multiple satellites from five different countries on a russian launch vehicle um you know many of us were only 18 or 19 not even at the legal age to drink yet um but as you know essentially teenagers we're managing million dollar budgets um and we're coordinating groups um from around the world um and we knew that we knew what we needed to accomplish um yet we didn't really know um what we were doing when we first started um the university was extremely supportive um and you know that's the cal poly learn by doing philosophy um i remember you know the first time we had a meeting with our university chief legal counsel and we were discussing the need to to register with the state department for itar nobody really knew what itar was back then um and you know discussing this with the chief legal counsel um you know she was asking what is itar um and we essentially had to explain you know this is um launching satellites as part of the um the u.s munitions list and essentially we have a similar situation you know exporting munitions um you know we are in similar categories um you know as you know as weapons um and so you know after that initial shock um everybody jumped in you know both feet forward um the university um you know our head legal counsel professors mentors and the students um you know knew we needed to tackle this problem um because you know the the need was there um to launch these small satellites and um you know the the reason you know this is important to capture the entire spectrum of users of the community um is that the technology and the you know innovation of the small satellite industry occurs at all levels you know so we have academia commercial national governments we even have high schools and middle schools getting involved and you know building satellite hardware um and the thing is you know the the importance of cyber security is incredibly important because it touches all of these programs and it touches you know people um at a very young age um and so you know we hope to have a conversation today um to figure out you know how do we um create an environment where we allow these programs to thrive but we also you know protect and you know keep their data safe as well thank you very much roland appreciate that uh story too as well thanks for your opening statement gentlemen i mean i love this topic because defending the assets in space is is as obvious um you look at it but there's a bigger picture going on in our world right now and generally you kind of pointed out the historic nature of space force and how it's changing already operationally training skills tools all that stuff is revolving you know in the tech world that i live in you know change the world is a topic they use that's thrown around a lot you can change the world a lot of young people we have just other panels on this where we're talking about how to motivate young people changing the world is what it's all about with technology for the better evolution is just an extension of another domain in this case space is just an extension of other domains similar things are happening but it's different there's a huge opportunity to change the world so it's faster there's an expanded commercial landscape out there certainly government space systems are moving and changing how do we address the importance of cyber security in space general we'll start with you because this is real it's exciting if you're a young person there's touch points of things to jump into tech building hardware to changing laws and and everything in between is an opportunity and it's exciting and it's truly a chance to change the world how does the commercial government space systems teams address the importance of cyber security so john i think it starts with with the realization that as i like to say that cyber and space are bffs uh there's nothing that we do on the cutting edge of space that isn't heavy reliant heavily reliant on the cutting edge of cyber and frankly there's probably nothing on the cutting edge of cyber that doesn't have a space application and when you realize that you see how how closely those are intertwined as we need to move forward at at speed it becomes fundamental to to the to answering your question let me give a couple examples we one of the biggest challenges i have on a daily basis is understanding what's going on in the space domain those on the on the on the surface of the planet talk about tyranny of distance across the oceans across large land masses and i talk about the tyranny of volume and you know right now we're looking out as far as the lunar sphere there's activity that's extending out to the out there we expect nasa to be conducting uh perhaps uh human operations in the lunar environment in the next few years so it extends out that far when you do the math that's a huge volume how do you do that how do you understand what's happening in real time in within that volume it is a big data problem by the very definition of that that kind of effort to that kind of challenge and to do it successfully in the years ahead it's going to require many many sensors and the fusion of data of all kinds to present a picture and then analytics and predictive analytics that are going to deliver an idea of what's going on in the space arena and that's just if people are not up to mischief once you have threats introduced into that environment it is even more challenging so i'd say it's a big data problem that we'll be enjoying uh tackling in the years ahead a second example is you know we if i if i had to if we had to take a vote of what were the most uh amazing robots that have ever been designed by humans i think that spacecraft would have to be up there on the list whether it's the nasa spacecraft that explore other planets or the ones that we or gps satellites that that amazingly uh provide a wonderful service to the entire globe uh and beyond they are amazing technological machines that's not going to stop i mean all the work that roland talked about at the at the even even that we're doing it at the kind of the microsoft level is is putting cutting-edge technology into smaller packages you can to get some sort of capability out of that as we expand our activities further and further into space for national security purposes or for exploration or commercial or civil the the cutting edge technologies of uh artificial intelligence uh and machine to machine engagements and machine learning are going to be part of that design work moving forward um and then there's the threat piece as we try to as we operate these these capabilities how these constellations grow that's going to be done via networks and as i've already pointed out space is a warfighting domain that means those networks will come under attack we expect that they will and that may happen early on in a conflict it may happen during peace time in the same way that we see cyber attacks all the time everywhere in many sectors of of activity and so by painting that picture you kind of get you we start to see how it's intertwined at the very very base most basic level the cutting edge of cyber and cutting edge of space with that then comes the need to any cutting edge cyber security capability that we have is naturally going to be needed as we develop space capabilities and we're going to have to bake that in from the very beginning we haven't done that in the past as well as we should but moving forward from this point on it will be an essential ingredient that we work into all of our new capability roland we're talking about now critical infrastructure we're talking about new capabilities being addressed really fast so it's kind of chaotic now there's threats so it's not as easy as just having capabilities because you've got to deal with the threats the general just pointed out but now you've got critical infrastructure which then will enable other things down down the line how do you protect it how do we address this how do you see this being addressed from a security standpoint because you know malware these techniques can be mapped in as extended into into space and takeovers wartime peacetime these things are all going to be under threat that's pretty well understood i think people kind of get that how do we address it what's your what's your take yeah you know absolutely and you know i couldn't agree more with general shaw you know with cyber security and space being so intertwined um and you know i think with fast and rapid innovation um comes you know the opportunity for threats especially um if you have bad actors um that you know want to cause harm and so you know as a technology innovator and you're pushing the bounds um you kind of have a common goal of um you know doing the best you can um and you know pushing the technology balance making it smaller faster cheaper um but a lot of times what entrepreneurs and you know small businesses and supply chains um are doing and don't realize it is a lot of these components are dual use right i mean you could have a very benign commercial application but then a small you know modification to it and turn it into a military application and if you do have these bad actors they can exploit that and so you know i think the the big thing is um creating a organization that is you know non-biased that just wants to kind of level the playing field for everybody to create a set standard for cyber security in space i think you know one group that would be perfect for that you know is um cci um you know they understand both the cybersecurity side of things and they also have you know at cal poly um you know the the small satellite group um and you know just having kind of a a clearinghouse or um an agency where um can provide information that is free um you know you don't need a membership for and to be able to kind of collect that but also you know reach out to the entire value chain you know for a mission and um making them aware um of you know what potential capabilities are and then how it might um be you know potentially used as a weapon um and you know keeping them informed because i think you know the the vast majority of people in the space industry just want to do the right thing and so how do we get that information free flowing to you know to the us government so that they can take that information create assessments and be able to not necessarily um stop threats from occurring presently but identify them long before that they would ever even happen um yeah that's you know general i want to i want to follow up on that real quick before we go to the next talk track critical infrastructure um you mentioned you know across the oceans long distance volume you know when you look at the physical world you know you had you know power grids here united states you had geography you had perimeters uh the notion of a perimeter and the moat this is and then you had digital comes in then you have we saw software open up and essentially take down this idea of a perimeter and from a defense standpoint and that everything changed and we had to fortify those critical assets uh in the u.s space increases the same problem statement significantly because it's you can't just have a perimeter you can't have a moat it's open it's everywhere like what digital's done and that's why we've seen a slurge of cyber in the past two decades attacks with software so this isn't going to go away you need the critical infrastructure you're putting it up there you're formulating it and you've got to protect it how do you view that because it's going to be an ongoing problem statement what's the current thinking yeah i i think my sense is a mindset that you can build a a firewall or a defense or some other uh system that isn't dynamic in his own right is probably not heading in the right direction i think cyber security in the future whether it's for our space systems or for other critical infrastructure is going to be a dynamic fight that happens at a machine-to-machine um a speed and dynamic um i don't think it's too far off where we will have uh machines writing their own code in real time to fight off attacks that are coming at them and by the way the offense will probably be doing the same kind of thing and so i i guess i would not want to think that the answer is something that you just build it and you leave it alone and it's good enough it's probably going to be a constantly evolving capability constantly reacting to new threats and staying ahead of those threats that's the kind of use case just to kind of you know as you were kind of anecdotal example is the exciting new software opportunities for computer science majors i mean i tell my young kids and everyone man it's more exciting now i wish i was 18 again it's so so exciting with ai bro i want to get your thoughts we were joking on another panel with the dod around space and the importance of it obviously and we're going to have that here and then we had a joke it's like oh software's defined everything it says software's everything ai and and i said well here in the united states companies had data centers and they went to the cloud and they said you can't do break fix it's hard to do break fix in space you can't just send a tech up i get that today but soon maybe robotics the general mentions robotics technologies and referencing some of the accomplishments fixing things is almost impossible in space but maybe form factors might get better certainly software will play a role what's your thoughts on that that landscape yeah absolutely you know for for software in orbit um you know there's there's a push for you know software-defined radios um to basically go from hardware to software um and you know that's that that's a critical link um if you can infiltrate that and a small satellite has propulsion on board you could you know take control of that satellite and cause a lot of havoc and so you know creating standards and you know that kind of um initial threshold of security um you know for let's say you know these radios you know communications and making that um available um to the entire supply chain to the satellite builders um and operators you know is incredibly key and you know that's again one of the initiatives that um that cci is um is tackling right now as well general i want to get your thoughts on best practices around cyber security um state of the art today uh and then some guiding principles and kind of how the if you shoot the trajectory forward what what might happen uh around um supply chain there's been many stories where oh we outsourced the chips and there's a little chip sitting in a thing and it's built by someone else in china and the software is written from someone in europe and the united states assembles it it gets shipped and it's it's corrupt and it has some cyber crime making i'm oversimplifying the the statement but this is what when you have space systems that involve intellectual property uh from multiple partners whether it's from software to creation and then deployment you get supply chain tiers what are some of the best practices that you see involving that don't stunt the innovation but continues to innovate but people can operate safely what's your thoughts yeah so on supply chain i think i think the symposium here is going to get to hear from lieutenant general jt thompson uh from space missile system center down in los angeles and and uh he's a he's just down the road from us there uh on the coast um and his team is is the one that we look to really focus on as he acquires and develop again bake in cyber security from the beginning and knowing where the components are coming from and and properly assessing those as you as you put together your space systems is a key uh piece of what his team is focused on so i expect we'll hear him talk about that when it talks to i think she asked the question a little more deeply about how do the best practices in terms of how we now develop moving forward well another way that we don't do it right is if we take a long time to build something and then you know general general jt thompson's folks take a while to build something and then they hand it over to to to me and my team to operate and then they go hands-free and and then and then that's you know that's what i have for for years to operate until the next thing comes along that's a little old school what we're going to have to do moving forward with our space capabilities and with the cyber piece baked in is continually developing new capability sets as we go we actually have partnership between general thompson's team and mine here at vandenberg on our ops floor or our combined space operations center that are actually working in real time together better tools that we can use to understand what's going on the space environment to better command and control our capabilities anywhere from military satellite communications to space domain awareness sensors and such and so and we're developing those capabilities in real time it's a dev and and with the security pieces so devsecops is we're practicing that in in real time i think that is probably the standard today that we're trying to live up to as we continue to evolve but it has to be done again in close partnership all the time it's not a sequential industrial age process while i'm on the subject of partnerships so general thompson's and team and mine have good partnerships it's part partnerships across the board are going to be another way that we are successful and that uh it means with with academia in some of the relationships that we have here with cal poly it's with the commercial sector in ways that we haven't done before the old style business was to work with just a few large um companies that had a lot of space experience well we need we need a lot of kinds of different experience and technologies now in order to really field good space capabilities and i expect we'll see more and more non-traditional companies being part of and and organizations being part of that partnership that will work going forward i mentioned at the beginning that um uh allies are important to us so everything that uh that role and i've been talking about i think you have to extrapolate out to allied partnerships right it doesn't help me uh as a combined force component commander which is again one of my jobs it doesn't help me if the united states capabilities are cyber secure but i'm trying to integrate them with capabilities from an ally that are not cyber secure so that partnership has to be dynamic and continually evolving together so again close partnering continually developing together from the acquisition to the operational sectors with as many um different sectors of our economy uh as possible are the ingredients to success general i'd love to just follow up real quick i was having just a quick reminder for a conversation i had with last year with general keith alexander who was does a lot of cyber security work and he was talking about the need to share faster and the new school is you got to share faster and to get the data you mentioned observability earlier you need to see what everything's out there he's a real passionate person around getting the data getting it fast and having trusted partners so that's not it's kind of evolving as i mean sharing is a well-known practice but with cyber it's sensitive data potentially so there's a trust relationship there's now a new ecosystem that's new for uh government how do you view all that and your thoughts on that trend of the sharing piece of it on cyber so it's i don't know if it's necessarily new but it's at a scale that we've never seen before and by the way it's vastly more complicated and complex when you overlay from a national security perspective classification of data and information at various levels and then that is again complicated by the fact you have different sharing relationships with different actors whether it's commercial academic or allies so it gets very very uh a complex web very quickly um so that's part of the challenge we're working through how can we how can we effectively share information at multiple classification levels with multiple partners in an optimal fashion it is certainly not optimal today it's it's very difficult even with maybe one industry partner for me to be able to talk about data at an unclassified level and then various other levels of classification to have the traditional networks in place to do that i could see a solution in the future where our cyber security is good enough that maybe i only really need one network and the information that is allowed to flow to the players within the right security environment um to uh to make that all happen as quickly as possible so you've actually uh john you've hit on yet another big challenge that we have is um is evolving our networks to properly share with the right people at the right uh clearance levels as at speed of war which is what we're going to need yeah and i wanted to call that out because this is an opportunity again this discussion here at cal poly and around the world is for new capabilities and new people to solve the problems and um it's again it's super exciting if you you know you're geeking out on this it's if you have a tech degree or you're interested in changing the world there's so many new things that could be applied right now roland will get your thoughts on this because one of the things in the tech trends we're seeing this is a massive shift all the theaters of the tech industry are are changing rapidly at the same time okay and it affects policy law but also deep tech the startup communities are super important in all this too we can't forget them obviously the big trusted players that are partnering certainly on these initiatives but your story about being in the dorm room now you got the boardroom and now you got everything in between you have startups out there that want to and can contribute and you know what's an itar i mean i got all these acronym certifications is there a community motion to bring startups in in a safe way but also give them a ability to contribute because you look at open source that proved everyone wrong on software that's happening now with this now open network concept the general is kind of alluding to which is it's a changing landscape your thoughts i know you're passionate about this yeah absolutely you know and i think um you know as general shaw mentioned you know we need to get information out there faster more timely and to the right people um and involving not only just stakeholders in the us but um internationally as well you know and as entrepreneurs um you know we have this very lofty vision or goal uh to change the world and um oftentimes um you know entrepreneurs including myself you know we put our heads down and we just run as fast as we can and we don't necessarily always kind of take a breath and take a step back and kind of look at what we're doing and how it's touching um you know other folks and in terms of a community i don't know of any formal community out there it's mostly ad hoc and you know these ad hoc communities are folks who let's say have you know was was a student working on a satellite um you know in college and they love that entrepreneurial spirit and so they said well i'm gonna start my own company and so you know a lot of the these ad hoc networks are just from relationships um that are that have been built over the last two decades um you know from from colleagues that you know at the university um i do think formalizing this and creating um kind of a you know clearinghouse to to handle all of this is incredibly important yeah um yeah there's gonna be a lot of entrepreneurial activity no doubt i mean just i mean there's too many things to work on and not enough time so i mean this brings up the question though while we're on this topic um you got the remote work with covid everyone's working remotely we're doing this remote um interview rather than being on stage works changing how people work and engage certainly physical will come back but if you looked at historically the space industry and the talent you know they're all clustered around the bases and there's always been these areas where you're you're a space person you're kind of working there and there's jobs there and if you were cyber you were 10 in other areas over the past decade there's been a cross-pollination of talent and location as you see the intersection of space general start with you you know first of all central coast is a great place to live i know that's where you guys live but you can start to bring together these two cultures sometimes they're you know not the same maybe they're getting better we know they're being integrated so general can you just share your thoughts because this is uh one of those topics that everyone's talking about but no one's actually kind of addressed directly um yeah john i i think so i think i want to answer this by talking about where i think the space force is going because i think if there was ever an opportunity or inflection point in our department of defense to sort of change culture and and try to bring in non-traditional kinds of thinking and and really kind of change uh maybe uh some of the ways that the department of defense has does things that are probably archaic space force is an inflection point for that uh general raymond our our chief of space operations has said publicly for a while now he wants the us space force to be the first truly digital service and uh you know what we what we mean by that is you know we want the folks that are in the space force to be the ones that are the first adopters or the early adopters of of technology um to be the ones most fluent in the cutting edge technological developments on space and cyber and and other um other sectors of the of of the of the economy that are technologically focused uh and i think there's some can that can generate some excitement i think and it means that we probably end up recruiting people into the space force that are not from the traditional recruiting areas that the rest of the department of defense looks to and i think it allows us to bring in a diversity of thought and diversity of perspective and a new kind of motivation um into the service that i think is frankly is is really exciting so if you put together everything i mentioned about how space and cyber are going to be best friends forever and i think there's always been an excitement in them you know from the very beginning in the american psyche about space you start to put all these ingredients together and i think you see where i'm going with this that really changed that cultural uh mindset that you were describing it's an exciting time for sure and again changing the world and this is what you're seeing today people do want to change world they want a modern world that's changing roy look at your thoughts on this i was having an interview a few years back with a tech entrepreneur um techie and we were joking we were just kind of riffing and we and i said everything that's on star trek will be invented and we're almost there actually if you think about it except for the transporter room you got video you got communicators so you know not to bring in the star trek reference with space force this is digital and you start thinking about some of the important trends it's going to be up and down the stack from hardware to software to user experience everything your thoughts and reaction yeah abs absolutely and so you know what we're seeing is um timeline timelines shrinking dramatically um because of the barrier to entry for you know um new entrants and you know even your existing aerospace companies is incredibly low right so if you take um previously where you had a technology on the ground and you wanted it in orbit it would take years because you would test it on the ground you would verify that it can operate in space in a space environment and then you would go ahead and launch it and you know we're talking tens if not hundreds of millions of dollars to do that now um we've cut that down from years to months when you have a prototype on the ground and you want to get it launched you don't necessarily care if it fails on orbit the first time because you're getting valuable data back and so you know we're seeing technology being developed you know for the first time on the ground and in orbit in a matter of a few months um and the whole kind of process um you know that that we're doing as a small business is you know trying to enable that and so allowing these entrepreneurs and small small companies to to get their technology in orbit at a price that is sometimes even cheaper than you know testing on the ground you know this is a great point i think this is really an important point to call out because we mentioned partnerships earlier the economics and the business model of space is doable i mean you do a mission study you get paid for that you have technology you can get stuff up up quickly and there's a cost structure there and again the alternative was waterfall planning years and millions now the form factors are different now again there may be different payloads involved but you can standardize payloads you got robotic arms all this is all available this brings up the congestion problem this is going to be on the top of mind the generals of course but you got the proliferation okay of these constellation systems you have more and more tech vectors i mean essentially that's malware i mean that's a probe you throw something up in space that could cause some interference maybe a takeover general this is the this is the real elephant in the room the threat matrix from new stuff and new configurations so general how does the proliferation of constellation systems change the threat matrix so i i think the uh you know i guess i'm gonna i'm gonna be a little more optimistic john than i think you pitched that i'm actually excited about these uh new mega constellations in leo um i'm excited about the the growing number of actors that are that are going into space for various reasons and why is that it's because we're starting to realize a new economic engine uh for the nation and for human society so the question is so so i think we want that to happen right when uh um when uh we could go to almost any any other domain in history and and and you know there when when air traffic air air travel started to become much much more commonplace with many kinds of uh actors from from private pilots flying their small planes all the way up to large airliners uh you know there there was a problem with congestion there was a problem about um challenges about uh behavior and are we gonna be able to manage this and yes we did and it was for the great benefit of society i could probably look to the maritime domain for similar kinds of things and so this is actually exciting about space we are just going to have to find the ways as a society and it's not just the department of defense it's going to be civil it's going to be international find the mechanisms to encourage this continued investment in the space domain i do think the space force uh will play a role in in providing security in the space environment as we venture further out as as economic opportunities emerge uh wherever they are um in the in the lunar earth lunar system or even within the solar system space force is going to play a role in that but i'm actually really excited about the those possibilities hey by the way i got to say you made me think of this when you talked about star trek and and and space force and our technologies i remember when i was younger watching the the next generation series i thought one of the coolest things because being a musician in my in my spare time i thought one of the coolest things was when um commander riker would walk into his quarters and and say computer play soft jazz and there would just be the computer would just play music you know and this was an age when you know we had we had hard uh um uh media right like how will that that is awesome man i can't wait for the 23rd century when i can do that and where we are today is is so incredible on those lines the things that i can ask alexa or siri to play um well that's the thing everything that's on star trek think about it almost invented i mean you got the computers you got the only thing really is the holograms are starting to come in you got now the transporter room now that's physics we'll work on that right right so there's a there is this uh a balance between physics and imagination but uh we have not exhausted either well um personally everyone that knows me knows i'm a huge star trek fan all the series of course i'm an original purist but at that level but this is about economic incentive as well roland i want to get your thoughts because you know the gloom and doom you got to think about the the bad stuff to make it good if i if i put my glass half full on the table there's economic incentives just like the example of the plane and the air traffic there's there's actors that are more actors that are incented to have a secure system what's your thoughts to general's comments around the optimism and and the potential threat matrix that needs to be managed absolutely so and you know one of the things that we've seen over the years um as you know we build these small satellites is a lot of the technology you know that the general is talking about um you know voice recognition miniaturized chips and sensors um started on the ground and i mean you know you have you know your iphone um that about 15 years ago before the first iphone came out um you know we were building small satellites in the lab and we were looking at cutting-edge state-of-the-art magnetometers and sensors um that we were putting in our satellites back then we didn't know if they were going to work and then um a few years later as these students graduate they go off and they go out to under you know other industries and so um some of the technology that was first kind of put in these cubesats in the early 2000s you know kind of ended up in the first generation iphone smartphones um and so being able to take that technology rapidly you know incorporate that into space and vice versa gives you an incredible economic advantage because um not only are your costs going down um because you know you're mass producing you know these types of terrestrial technologies um but then you can also um you know increase you know revenue and profit um you know by by having you know smaller and cheaper systems general let's talk about that for real quickly it's a good point i want to just shift it into the playbook i mean everyone talks about playbooks for management for tech for startups for success i mean one of the playbooks that's clear from in history is investment in r d around military and or innovation that has a long view spurs innovation commercially i mean just there's a huge many decades of history that shows that hey we got to start thinking about these these challenges and you know next you know it's in an iphone this is history this is not like a one-off and now with space force you get you're driving you're driving the main engine of innovation to be all digital you know we we riff about star trek which is fun but the reality is you're going to be on the front lines of some really new cool mind-blowing things could you share your thoughts on how you sell that people who write the checks or recruit more talent well so i first i totally agree with your thesis that the that you know national security well could probably go back an awful long way hundreds to thousands of years that security matters tend to drive an awful lot of innovation and creativity because um you know i think the the probably the two things that drive drive people the most are probably an opportunity to make money uh but only by beating that out are trying to stay alive um and uh and so i don't think that's going to go away and i do think that space force can play a role um as it pursues uh security uh structures you know within the space domain to further encourage economic investment and to protect our space capabilities for national security purposes are going to be at the cutting edge this isn't the first time um i think we can point back to the origins of the internet really started in the department of defense and with a partnership i should add with academia that's how the internet got started that was the creativity in order to to meet some needs there cryptography has its roots in security but we use it uh in in national security but now we use it in for economic reasons and meant and a host of other kinds of reasons and then space itself right i mean we still look back to uh apollo era as an inspiration for so many things that inspired people to to either begin careers in in technical areas or in space and and so on so i think i think in that same spirit you're absolutely right i guess i'm totally agreeing with your thesis the space force uh will be and a uh will have a positive inspirational influence in that way and we need to to realize that so when we are asking for when we're looking for how we need to meet capability needs we need to spread that net very far look for the most creative solutions and partner early and often with those that that can that can work on those when you're on the new frontier you've got to have a team sport it's a team effort you mentioned the internet just anecdotally i'm old enough to remember this because i remember the days that was going on and said the government if the policy decisions that the u.s made at that time was to let it go a little bit invisible hand they didn't try to commercialize it too fast and but there was some policy work that was done that had a direct effect to the innovation versus take it over and next you know it's out of control so i think you know i think this this just a cross-disciplinary skill set becomes a big thing where you need to have more people involved and that's one of the big themes of this symposium so it's a great point thank you for sharing that roland your thoughts on this because you know you got policy decisions we all want to run faster we want to be more innovative but you got to have some ops view now mostly ops people want things very tight very buttoned up secure the innovators want to go faster it's the yin and yang that's that's the world we live in how's it all balanced in your mind yeah um you know one of the things um that may not be apparently obvious is that you know the us government and department of um of defense is one of the biggest investors in technology in the aerospace sector um you know they're not the traditional venture capitalists but they're the ones that are driving technology innovation because there's funding um you know and when companies see that the us governments is interested in something businesses will will re-vector um you know to provide that capability and in the i would say the more recent years we've had a huge influx of private equity venture capital um coming into the markets to kind of help augment um you know the government investment and i think having a good partnership and a relationship with these private equity venture capitalists and the us government is incredibly important because the two sides you know can can help collaborate and kind of see a common goal but then also too on um you know the other side is you know there's that human element um and as general shaw was saying it's like not you know not only do companies you know obviously want to thrive and do really well some companies just want to stay alive um to see their technology kind of you know grow into what they've always dreamed of and you know oftentimes entrepreneurs um are put in a very difficult position because they have to make payroll they have to you know keep the lights on and so sometimes they'll take investment um from places where they may normally would not have you know from potentially foreign investment that could potentially you know cause issues with you know the you know the us supply chain well my final question is the best i wanted to say for last because i love the idea of human space flight i'd love to be on mars i'm not sure i'll be able to make it someday but how do you guys see the possible impacts of cyber security on expanding human space flight operations i mean general this is your wheelhouse this is urine command putting humans in space and certainly robots will be there because they're easy to go because they're not human but humans in space i mean you're starting to see the momentum the discussion uh people are are scratching that itch what's your take on that how do we see making this more possible well i i think we will see we will see uh commercial space tourism uh in the future i'm not sure how wide and large a scale it will become but we'll we will see that and um part of uh i think the mission of the space force is going to be probably to again do what we're doing today is have really good awareness of what's going on the domain to uh to to to ensure that that is done safely and i think a lot of what we do today will end up in civil organizations to do space traffic management and safety uh in in that uh arena um and uh um it is only a matter of time uh before we see um humans going even beyond the you know nasa has their plan the the artemis program to get back to the moon and the gateway initiative to establish a a space station there and that's going to be an exploration initiative but it is only a matter of time before we have um private citizens or private corporations putting people in space and not only for tourism but for economic activity and so it'll be really exciting to watch it would be really exciting and space force will be a part of it general roland i want to thank you for your valuable time to come on this symposium i really appreciate it final uh comment i'd love to you to spend a minute to share your personal thoughts on the importance of cyber security to space and we'll close it out we'll start with you roland yeah so i think that the biggest thing um i would like to try to get out of this you know from my own personal perspective is um creating that environment that allows um you know the the aerospace supply chain small businesses you know like ourselves be able to meet all the requirements um to protect um and safeguard our data but also um create a way that you know we can still thrive and it won't stifle innovation um you know i'm looking forward um to comments and questions um you know from the audience um to really kind of help um you know you know basically drive to that next step general final thoughts the importance of cyber security to space i'll just i'll go back to how i started i think john and say that space and cyber are forever intertwined they're bffs and whoever has my job 50 years from now or 100 years from now i predict they're going to be saying the exact same thing cyber and space are are intertwined for good we will always need the cutting edge cyber security capabilities that we develop as a nation or as a as a society to protect our space capabilities and our cyber capabilities are going to need space capabilities in the future as well general john shaw thank you very much roland cleo thank you very much for your great insight thank you to cal poly for putting this together i want to shout out to the team over there we couldn't be in person but we're doing a virtual remote event i'm john furrier with thecube and siliconangle here in silicon valley thanks for watching

>> Announcer: From around the globe, it's "theCUBE" covering Space and Cybersecurity Symposium 2020 hosted by Cal Poly. >> I want to welcome to theCUBE's coverage, we're here hosting with Cal Poly an amazing event, space and the intersection of cyber security. This session is Defending Satellite and Space Infrastructure from Cyber Threats. We've got two great guests. We've got Major General John Shaw of combined force space component commander, U.S. space command at Vandenberg Air Force Base in California and Roland Coelho, who's the CEO of Maverick Space Systems. Gentlemen, thank you for spending the time to come on to this session for the Cal Poly Space and Cybersecurity Symposium. Appreciate it. >> Absolutely. >> Guys defending satellites and space infrastructure is the new domain, obviously it's a war-fighting domain. It's also the future of the world. And this is an important topic because we rely on space now for our everyday life and it's becoming more and more critical. Everyone knows how their phones work and GPS, just small examples of all the impacts. I'd like to discuss with this hour, this topic with you guys. So if we can have you guys do an opening statement. General if you can start with your opening statement, we'll take it from there. >> Thanks John and greetings from Vandenberg Air Force Base. We are just down the road from Cal Poly here on the central coast of California, and very proud to be part of this effort and part of the partnership that we have with Cal Poly on a number of fronts. In my job here, I actually have two hats that I wear and it's I think, worth talking briefly about those to set the context for our discussion. You know, we had two major organizational events within our Department of Defense with regard to space last year in 2019. And probably the one that made the most headlines was the standup of the United States Space Force. That happened December 20th, last year, and again momentous, the first new branch in our military since 1947. And it's just over nine months old now, as we're makin' this recording. And already we're seein' a lot of change with regard to how we are approaching organizing, training, and equipping on a service side for space capabilities. And so, with regard to the Space Force, the hat I wear there is Commander of Space Operations Command. That was what was once 14th Air Force, when we were still part of the Air Force here at Vandenberg. And in that role, I'm responsible for the operational capabilities that we bring to the joint warfighter and to the world from a space perspective. Didn't make quite as many headlines, but another major change that happened last year was the reincarnation, I guess I would say, of United States Space Command. And that is a combatant command. It's how our Department of Defense organizes to actually conduct war-fighting operations. Most people are more familiar perhaps with Central Command, CENTCOM or Northern Command, NORTHCOM, or even Strategic Command, STRATCOM. Well, now we have a SPACECOM. We actually had one from 1985 until 2002, and then stood it down in the wake of the 9/11 attacks and a reorganization of Homeland Security. But we've now stood up a separate command again operationally, to conduct joint space operations. And in that organization, I wear a hat as a component commander, and that's the combined force-based component command working with other, all the additional capabilities that other services bring, as well as our allies. The combined in that title means that under certain circumstances, I would lead in an allied effort in space operations. And so it's actually a terrific job to have here on the central coast of California. Both working how we bring space capabilities to the fight on the Space Force side, and then how we actually operate those capabilities in support of joint warfighters around the world and national security interests. So that's the context. Now what also I should mention and you kind of alluded to John at your beginning, we're kind of in a changed situation than we were a number of years ago, in that we now see space as a war-fighting domain. For most of my career, goin' back a little ways, most of my focus in my jobs was making sure I could bring space capabilities to those that needed them. Bringing GPS to that special operations soldier on the ground somewhere in the world, bringing satellite communications for our nuclear command and control, bringing those capabilities for other uses. But I didn't have to worry in most of my career, about actually defending those space capabilities themselves. Well, now we do. We've actually gone to a point where we're are being threatened in space. We now are treating it more like any other domain, normalizing in that regard as a war-fighting domain. And so we're going through some relatively emergent efforts to protect and defend our capabilities in space, to design our capabilities to be defended, and perhaps most of all, to train our people for this new mission set. So it's a very exciting time, and I know we'll get into it, but you can't get very far into talking about all these space capabilities and how we want to protect and defend them and how we're going to continue their ability to deliver to warfighters around the globe, without talking about cyber, because they fit together very closely. So anyway, thanks for the chance to be here today. And I look forward to the discussion. >> General, thank you so much for that opening statement. And I would just say that not only is it historic with the Space Force, it's super exciting because it opens up so much more challenges and opportunities to do more and to do things differently. So I appreciate that statement. Roland in your opening statement. Your job is to put stuff in space, faster, cheaper, smaller, better, your opening statement, please. >> Yes, thank you, John. And yes, to General Shaw's point with the space domain and the need to protect it now is incredibly important. And I hope that we are more of a help than a thorn in your side in terms of building satellites smaller, faster, cheaper. Definitely looking forward to this discussion and figuring out ways where the entire space domain can work together, from industry to U.S. government, even to the academic environment as well. So first, I would like to say, and preface this by saying, I am not a cybersecurity expert. We build satellites and we launch them into orbit, but we are by no means cybersecurity experts. And that's why we like to partner with organizations like the California Cybersecurity Institute because they help us navigate these requirements. So I'm the CEO of Maverick Space Systems. We are a small aerospace business in San Luis Obispo, California. And we provide small satellite hardware and service solutions to a wide range of customers. All the way from the academic environment to the U.S. government and everything in between. We support customers through an entire program life cycle, from mission architecture and formulation, all the way to getting these customer satellites in orbit. And so what we try to do is provide hardware and services that basically make it easier for customers to get their satellites into orbit and to operate. So whether it be reducing mass or volume, creating greater launch opportunities, or providing the infrastructure and the technology to help those innovations mature in orbit, that's what we do. Our team has experience over the last 20 years, working with small satellites. And I'm definitely fortunate to be part of the team that invented the CubeSat standard by Cal Poly and Stanford back in 2000. And so, we are in VandenBerg's backyard. We came from Cal Poly San Luis Obispo and our hearts are fond of this area, and working with the local community. A lot of that success that we have had is directly attributable to the experiences that we learned as students, working on satellite programs from our professors and mentors. And that's all thanks to Cal Poly. So just wanted to tell a quick story. So back in 2000, just imagine a small group of undergraduate students, myself included, with the daunting task of launching multiple satellites from five different countries on a Russian launch vehicle. Many of us were only 18 or 19, not even at the legal age to drink yet, but as essentially teenagers we were managing million-dollar budgets. And we were coordinating groups from around the world. And we knew what we needed to accomplish, yet we didn't really know what we were doing when we first started. The university was extremely supportive and that's the Cal Poly learn-by-doing philosophy. I remember the first time we had a meeting with our university chief legal counsel, and we were discussing the need to register with the State Department for ITAR. Nobody really knew what ITAR was back then. And discussing this with the chief legal counsel, she was asking, "What is ITAR?" And we essentially had to explain, this is, launching satellites is part of the U.S. munitions list. And essentially we had a similar situation exporting munitions. We are in similar categories as weapons. And so, after that initial shock, everybody jumped in both feet forward, the university, our head legal counsel, professors, mentors, and the students knew we needed to tackle this problem because the need was there to launch these small satellites. And the reason this is important to capture the entire spectrum of users of the community, is that the technology and the innovation of the small satellite industry occurs at all levels, so we have academia, commercial, national governments. We even have high schools and middle schools getting involved and building satellite hardware. And the thing is the importance of cybersecurity is incredibly important because it touches all of these programs and it touches people at a very young age. And so, we hope to have a conversation today to figure out how do we create an environment where we allow these programs to thrive, but we also protect and keep their data safe as well. >> Thank you very much Roland. Appreciate that a story too as well. Thanks for your opening statement. Gentlemen, I mean I love this topic because defending the assets in space is obvious, if you look at it. But there's a bigger picture going on in our world right now. And general, you kind of pointed out the historic nature of Space Force and how it's changing already, operationally, training, skills, tools, all that stuff is evolving. You know in the tech world that I live in, change the world is a topic they use, gets thrown around a lot, you can change the world. A lot of young people, and we have other panels on this where we're talkin' about how to motivate young people, changing the world is what it's all about technology, for the better. Evolution is just an extension of another domain. In this case, space is just an extension of other domains, similar things are happening, but it's different. There's huge opportunity to change the world, so it's faster. There's an expanded commercial landscape out there. Certainly government space systems are moving and changing. How do we address the importance of cybersecurity in space? General, we'll start with you because this is real, it's exciting. If you're a young person, there's touch points of things to jump into, tech, building hardware, to changing laws, and everything in between is an opportunity, and it's exciting. And it is truly a chance to change the world. How does the commercial government space systems teams, address the importance of cybersecurity? >> So, John, I think it starts with the realization that as I like to say, that cyber and space are BFFs. There's nothing that we do on the cutting edge of space that isn't heavily reliant on the cutting edge of cyber. And frankly, there's probably nothing on the cutting edge of cyber that doesn't have a space application. And when you realize that and you see how closely those are intertwined as we need to move forward at speed, it becomes fundamental to answering your question. Let me give a couple examples. One of the biggest challenges I have on a daily basis is understanding what's going on in the space domain. Those on the surface of the planet talk about tyranny of distance across the oceans or across large land masses. And I talk about the tyranny of volume. And right now, we're looking out as far as the lunar sphere. There's activity that's extending out there. We expect NASA to be conducting perhaps human operations in the lunar environment in the next few years. So it extends out that far. When you do the math that's a huge volume. How do you do that? How do you understand what's happening in real time within that volume? It is a big data problem by the very definition of that kind of effort and that kind of challenge. And to do it successfully in the years ahead, it's going to require many, many sensors and the fusion of data of all kinds, to present a picture and then analytics and predictive analytics that are going to deliver an idea of what's going on in the space arena. And that's just if people are not up to mischief. Once you have threats introduced into that environment, it is even more challenging. So I'd say it's a big data problem that we'll enjoy tackling in the years ahead. Now, a second example is, if we had to take a vote of what were the most amazing robots that have ever been designed by humans, I think that spacecraft would have to be up there on the list. Whether it's the NASA spacecraft that explore other planets, or GPS satellites that amazingly provide a wonderful service to the entire globe and beyond. They are amazing technological machines. That's not going to stop. I mean, all the work that Roland talked about, even that we're doin' at the kind of the microsat level is putting cutting-edge technology into small a package as you can to get some sort of capability out of that. As we expand our activities further and further into space for national security purposes, or for exploration or commercial or civil, the cutting-edge technologies of artificial intelligence and machine-to-machine engagements and machine learning are going to be part of that design work moving forward. And then there's the threat piece. As we operate these capabilities, as these constellations grow, that's going to be done via networks. And as I've already pointed out space is a war-fighting domain. That means those networks will come under attack. We expect that they will and that may happen early on in a conflict. It may happen during peace time in the same way that we see cyber attacks all the time, everywhere in many sectors of activity. And so by painting that picture, we start to see how it's intertwined at the very, very most basic level, the cutting edge of cyber and cutting edge of space. With that then comes the need to, any cutting edge cybersecurity capability that we have is naturally going to be needed as we develop space capabilities. And we're going to have to bake that in from the very beginning. We haven't done that in the past as well as we should, but moving forward from this point on, it will be an essential ingredient that we work into all of our capability. >> Roland, we're talkin' about now, critical infrastructure. We're talkin' about new capabilities being addressed really fast. So, it's kind of chaotic now there's threats. So it's not as easy as just having capabilities, 'cause you've got to deal with the threats the general just pointed out. But now you've got critical infrastructure, which then will enable other things down the line. How do you protect it? How do we address this? How do you see this being addressed from a security standpoint? Because malware, these techniques can be mapped in, extended into space and takeovers, wartime, peace time, these things are all going to be under threat. That's pretty well understood, and I think people kind of get that. How do we address it? What's your take? >> Yeah, yeah, absolutely. And I couldn't agree more with General Shaw, with cybersecurity and space being so intertwined. And, I think with fast and rapid innovation comes the opportunity for threats, especially if you have bad actors that want to cause harm. And so, as a technology innovator and you're pushing the bounds, you kind of have a common goal of doing the best you can, and pushing the technology bounds, making it smaller, faster, cheaper. But a lot of times what entrepreneurs and small businesses and supply chains are doing, and don't realize it, is a lot of these components are dual use. I mean, you could have a very benign commercial application, but then a small modification to it, can turn it into a military application. And if you do have these bad actors, they can exploit that. And so, I think that the big thing is creating a organization that is non-biased, that just wants to kind of level the playing field for everybody to create a set standard for cybersecurity in space. I think one group that would be perfect for that is CCI. They understand both the cybersecurity side of things, and they also have at Cal Poly the small satellite group. And just having kind of a clearing house or an agency where can provide information that is free, you don't need a membership for. And to be able to kind of collect that, but also reach out to the entire value chain for a mission, and making them aware of what potential capabilities are and then how it might be potentially used as a weapon. And keeping them informed, because I think the vast majority of people in the space industry just want to do the right thing. And so, how do we get that information free flowing to the U.S. government so that they can take that information, create assessments, and be able to, not necessarily stop threats from occurring presently, but identify them long before that they would ever even happen. Yeah, that's- >> General, I want to follow up on that real quick before we move to the next top track. Critical infrastructure you mentioned, across the oceans long distance, volume. When you look at the physical world, you had power grids here in the United States, you had geography, you had perimeters, the notion of a perimeter and a moat, and then you had digital comes in. Then you have, we saw software open up, and essentially take down this idea of a perimeter, and from a defense standpoint, and everything changed. And we have to fortify those critical assets in the U.S. Space increases the same problem statement significantly, because you can't just have a perimeter, you can't have a moat, it's open, it's everywhere. Like what digital's done, and that's why we've seen a surge of cyber in the past two decades, attacks with software. So, this isn't going to go away. You need the critical infrastructure, you're putting it up there, you're formulating it, and you got to protect it. How do you view that? Because it's going to be an ongoing problem statement. What's the current thinking? >> Yeah, I think my sense is that a mindset that you can build a firewall, or a defense, or some other system that isn't dynamic in its own right, is probably not headed in the right direction. I think cybersecurity in the future, whether it's for space systems, or for other critical infrastructure is going to be a dynamic fight that happens at a machine-to-machine speed and dynamic. I don't think that it's too far off where we will have machines writing their own code in real time to fight off attacks that are coming at them. And by the way, the offense will probably be doing the same kind of thing. And so, I guess I would not want to think that the answer is something that you just build it and you leave it alone and it's good enough. It's probably going to be a constantly-evolving capability, constantly reacting to new threats and staying ahead of those threats. >> That's the kind of use case, you know as you were, kind of anecdotal example is the exciting new software opportunities for computer science majors. I mean, I tell my young kids and everyone, man it's more exciting now. I wish I was 18 again, it's so exciting with AI. Roland, I want to get your thoughts. We were joking on another panel with the DoD around space and the importance of it obviously, and we're going to have that here. And then we had a joke. It's like, oh software's defined everything. Software's everything, AI. And I said, "Well here in the United States, companies had data centers and then they went to the cloud." And then he said, "You can do break, fix, it's hard to do break, fix in space. You can't just send a tech up." I get that today, but soon maybe robotics. The general mentions robotics technologies, in referencing some of the accomplishments. Fixing things is almost impossible in space. But maybe form factors might get better. Certainly software will play a role. What's your thoughts on that landscape? >> Yeah, absolutely. You know, for software in orbit, there's a push for software-defined radios to basically go from hardware to software. And that's a critical link. If you can infiltrate that and a small satellite has propulsion on board, you could take control of that satellite and cause a lot of havoc. And so, creating standards and that kind of initial threshold of security, for let's say these radios, or communications and making that available to the entire supply chain, to the satellite builders, and operators is incredibly key. And that's again, one of the initiatives that CCI is tackling right now as well. >> General, I want to get your thoughts on best practices around cybersecurity, state-of-the-art today, and then some guiding principles, and kind of how the, if you shoot the trajectory forward, what might happen around supply chain? There's been many stories where, we outsource the chips and there's a little chip sittin' in a thing and it's built by someone else in China, and the software is written from someone in Europe, and the United States assembles it, it gets shipped and it's corrupt, and it has some cyber, I'm making it up, I'm oversimplifying the statement. But this is what when you have space systems that involve intellectual property from multiple partners, whether it's from software to creation and then deployment. You got supply chain tiers. What are some of best practices that you see involving, that don't stunt the innovation, but continues to innovate, but people can operate safely. What's your thoughts? >> Yeah, so on supply chain, I think the symposium here is going to get to hear from General JT Thompson from space and missile system center down in Los Angeles, and he's just down the road from us there on the coast. And his team is the one that we look to to really focus on, as he fires and develops to again bake in cybersecurity from the beginning and knowing where the components are coming from, and properly assessing those as you put together your space systems, is a key piece of what his team is focused on. So I expect, we'll hear him talk about that. When it talks to, I think, so you asked the question a little more deeply about how do the best practices in terms of how we now develop moving forward. Well, another way that we don't do it right, is if we take a long time to build something and then General JT Thompson's folks take a while to build something, and then they hand it over to me, and my team operate and then they go hands free. And then that's what I have for years to operate until the next thing comes along. That's a little old school. What we're going to have to do moving forward with our space capabilities, and with the cyber piece baked in is continually developing new capability sets as we go. We actually have partnership between General Thompson's team and mine here at Vandenberg on our ops floor, or our combined space operation center, that are actually working in real time together, better tools that we can use to understand what's going on in the space environment to better command and control our capabilities anywhere from military satellite communications, to space domain awareness, sensors, and such. And we're developing those capabilities in real time. And with the security pieces. So DevSecOps is we're practicing that in real time. I think that is probably the standard today that we're trying to live up to as we continue to evolve. But it has to be done again, in close partnership all the time. It's not a sequential, industrial-age process. While I'm on the subject of partnerships. So, General Thompson's team and mine have good partnerships. It's partnerships across the board are going to be another way that we are successful. And that it means with academia and some of the relationships that we have here with Cal Poly. It's with the commercial sector in ways that we haven't done before. The old style business was to work with just a few large companies that had a lot of space experience. Well, we need a lot of kinds of different experience and technologies now in order to really field good space capabilities. And I expect we'll see more and more non-traditional companies being part of, and organizations, being part of that partnership that will work goin' forward. I mentioned at the beginning that allies are important to us. So everything that Roland and I have been talking about I think you have to extrapolate out to allied partnerships. It doesn't help me as a combined force component commander, which is again, one of my jobs. It doesn't help me if the United States capabilities are cybersecure, but I'm tryin' to integrate them with capabilities from an ally that are not cybersecure. So that partnership has to be dynamic and continually evolving together. So again, close partnering, continually developing together from the acquisition to the operational sectors, with as many different sectors of our economy as possible, are the ingredients to success. >> General, I'd love to just follow up real quick. I was having just a quick reminder for a conversation I had with last year with General Keith Alexander, who does a lot of cybersecurity work, and he was talking about the need to share faster. And the new school is you got to share faster to get the data, you mentioned observability earlier, you need to see what everything's out there. He's a real passionate person around getting the data, getting it fast and having trusted partners. So that's not, it's kind of evolving as, I mean, sharing's a well known practice, but with cyber it's sensitive data potentially. So there's a trust relationship. There's now a new ecosystem. That's new for government. How do you view all that and your thoughts on that trend of the sharing piece of it on cyber? >> So, I don't know if it's necessarily new, but it's at a scale that we've never seen before. And by the way, it's vastly more complicated and complex when you overlay from a national security perspective, classification of data and information at various levels. And then that is again complicated by the fact you have different sharing relationships with different actors, whether it's commercial, academic, or allies. So it gets very, very complex web very quickly. So that's part of the challenge we're workin' through. How can we effectively share information at multiple classification levels with multiple partners in an optimal fashion? It is certainly not optimal today. It's very difficult, even with maybe one industry partner for me to be able to talk about data at an unclassified level, and then various other levels of classification to have the traditional networks in place to do that. I could see a solution in the future where our cybersecurity is good enough that maybe I only really need one network and the information that is allowed to flow to the players within the right security environment to make that all happen as quickly as possible. So you've actually, John you've hit on yet another big challenge that we have, is evolving our networks to properly share, with the right people, at the right clearance levels at the speed of war, which is what we're going to need. >> Yeah, and I wanted to call that out because this is an opportunity, again, this discussion here at Cal Poly and around the world is for new capabilities and new people to solve the problems. It's again, it's super exciting if you're geeking out on this. If you have a tech degree or you're interested in changin' the world, there's so many new things that could be applied right now. Roland, I want to get your thoughts on this, because one of the things in the tech trends we're seeing, and this is a massive shift, all the theaters of the tech industry are changing rapidly at the same time. And it affects policy law, but also deep tech. The startup communities are super important in all this too. We can't forget them. Obviously, the big trusted players that are partnering certainly on these initiatives, but your story about being in the dorm room. Now you've got the boardroom and now you got everything in between. You have startups out there that want to and can contribute. You know, what's an ITAR? I mean, I got all these acronym certifications. Is there a community motion to bring startups in, in a safe way, but also give them ability to contribute? Because you look at open source, that proved everyone wrong on software. That's happening now with this now open network concept, the general was kind of alluding to. Which is, it's a changing landscape. Your thoughts, I know you're passionate about this. >> Yeah, absolutely. And I think as General Shaw mentioned, we need to get information out there faster, more timely and to the right people, and involving not only just stakeholders in the U.S., but internationally as well. And as entrepreneurs, we have this very lofty vision or goal to change the world. And oftentimes, entrepreneurs, including myself, we put our heads down and we just run as fast as we can. And we don't necessarily always kind of take a breath and take a step back and kind of look at what we're doing and how it's touching other folks. And in terms of a community, I don't know of any formal community out there, it's mostly ad hoc. And, these ad hoc communities are folks who let's say was a student working on a satellite in college. And they loved that entrepreneurial spirit. And so they said, "Well, I'm going to start my own company." And so, a lot of these ad hoc networks are just from relationships that have been built over the last two decades from colleagues at the university. I do think formalizing this and creating kind of a clearing house to handle all of this is incredibly important. >> And there's going to be a lot of entrepreneurial activity, no doubt, I mean there's too many things to work on and not enough time. I mean this brings up the question that I'm going to, while we're on this topic, you got the remote work with COVID, everyone's workin' remotely, we're doin' this remote interview rather than being on stage. Work's changing, how people work and engage. Certainly physical will come back. But if you looked at historically the space industry and the talent, they're all clustered around the bases. And there's always been these areas where you're a space person. You kind of work in there and the job's there. And if you were cyber, you were generally in other areas. Over the past decade, there's been a cross-pollination of talent and location. As you see the intersection of space, general we'll start with you, first of all, central coast is a great place to live. I know that's where you guys live. But you can start to bring together these two cultures. Sometimes they're not the same. Maybe they're getting better. We know they're being integrated. So general, can you just share your thoughts because this is one of those topics that everyone's talkin' about, but no one's actually kind of addressed directly. >> Yeah, John, I think so. I think I want to answer this by talkin' about where I think the Space Force is going. Because I think if there was ever an opportunity or an inflection point in our Department of Defense to sort of change culture and try to bring in non-traditional kinds of thinking and really kind of change maybe some of the ways that the Department of Defense does things that are probably archaic, Space Force is an inflection point for that. General Raymond, our Chief of Space Operations, has said publicly for awhile now, he wants the U.S. Space Force to be the first truly digital service. And what we mean by that is we want the folks that are in the Space Force to be the ones that are the first adopters, the early adopters of technology. To be the ones most fluent in the cutting edge, technologic developments on space and cyber and other sectors of the economy that are technologically focused. And I think there's some, that can generate some excitement, I think. And it means that we'll probably ended up recruiting people into the Space Force that are not from the traditional recruiting areas that the rest of the Department of Defense looks to. And I think it allows us to bring in a diversity of thought and diversity of perspective and a new kind of motivation into the service, that I think is frankly really exciting. So if you put together everything I mentioned about how space and cyber are going to be best friends forever. And I think there's always been an excitement from the very beginning in the American psyche about space. You start to put all these ingredients together, and I think you see where I'm goin' with this. That this is a chance to really change that cultural mindset that you were describing. >> It's an exciting time for sure. And again, changing the world. And this is what you're seeing today. People do want to change the world. They want a modern world that's changing. Roland, I'll get your thoughts on this. I was having an interview a few years back with a technology entrepreneur, a techie, and we were joking, we were just kind of riffing. And I said, "Everything that's on "Star Trek" will be invented." And we're almost there actually, if you think about it, except for the transporter room. You got video, you got communicators. So, not to bring in the "Star Trek" reference with Space Force, this is digital. And you start thinking about some of the important trends, it's going to be up and down the stack, from hardware to software, to user experience, everything. Your thoughts and reaction. >> Yeah, absolutely. And so, what we're seeing is timelines shrinking dramatically because of the barrier to entry for new entrants and even your existing aerospace companies is incredibly low, right? So if you take previously where you had a technology on the ground and you wanted it in orbit, it would take years. Because you would test it on the ground. You would verify that it can operate in a space environment. And then you would go ahead and launch it. And we're talking tens, if not hundreds of millions of dollars to do that. Now, we've cut that down from years to months. When you have a prototype on the ground and you want to get it launched, you don't necessarily care if it fails on orbit the first time, because you're getting valuable data back. And so, we're seeing technology being developed for the first time on the ground and in orbit in a matter of a few months. And the whole kind of process that we're doing as a small business is trying to enable that. And so, allowing these entrepreneurs and small companies to get their technology in orbit at a price that is sometimes even cheaper than testing on the ground. >> You know this is a great point. I think this is really an important point to call out because we mentioned partnerships earlier, the economics and the business model of space is doable. I mean, you do a mission study. You get paid for that. You have technology that you get stuff up quickly, and there's a cost structure there. And again, the alternative was waterfall planning, years and millions. Now the form factors are doing, now, again, there may be different payloads involved, but you can standardize payloads. You've got robotic arms. This is all available. This brings up the congestion problem. This is going to be on the top of mind of the generals of course, but you've got the proliferation of these constellation systems. You're going to have more and more tech vectors. I mean, essentially that's malware. I mean, that's a probe. You throw something up in space that could cause some interference. Maybe a takeover. General, this is the real elephant in the room, the threat matrix from new stuff and new configurations. So general, how does the proliferation of constellation systems change the threat matrix? >> So I think the, you know I guess I'm going to be a little more optimistic John than I think you pitched that. I'm actually excited about these new mega constellations in LEO. I'm excited about the growing number of actors that are going into space for various reasons. And why is that? It's because we're starting to realize a new economic engine for the nation and for human society. So the question is, so I think we want that to happen. When we could go to almost any other domain in history and when air travel started to become much, much more commonplace with many kinds of actors from private pilots flying their small planes, all the way up to large airliners, there was a problem with congestion. There was a problem about, challenges about behavior, and are we going to be able to manage this? And yes we did. And it was for the great benefit of society. I could probably look to the maritime domain for similar kinds of things. And so this is actually exciting about space. We are just going to have to find the ways as a society, and it's not just the Department of Defense, it's going to be civil, it's going to be international, find the mechanisms to encourage this continued investment in the space domain. I do think that Space Force will play a role in providing security in the space environment, as we venture further out, as economic opportunities emerge, wherever they are in the lunar, Earth, lunar system, or even within the solar system. Space Force is going to play a role in that. But I'm actually really excited about those possibilities. Hey, by the way, I got to say, you made me think of this when you talked about "Star Trek" and Space Force and our technologies, I remember when I was younger watchin' the Next Generation series. I thought one of the coolest things, 'cause bein' a musician in my spare time, I thought one of the coolest things was when Commander Riker would walk into his quarters and say, "Computer play soft jazz." And there would just be, the computer would just play music. And this was an age when we had hard media. Like how will that, that is awesome. Man, I can't wait for the 23rd century when I can do that. And where we are today is so incredible on those lines. The things that I can ask Alexa or Siri to play. >> Well that's the thing, everything that's on "Star Trek," think about it, it's almost invented. I mean, you got the computers, you got, the only thing really is, holograms are startin' to come in, you got, now the transporter room. Now that's physics. We'll work on that. >> So there is this balance between physics and imagination, but we have not exhausted either. >> Well, firstly, everyone that knows me knows I'm a huge "Star Trek" fan, all the series. Of course, I'm an original purist, but at that level. But this is about economic incentive as well. Roland, I want to get your thoughts, 'cause the gloom and doom, we got to think about the bad stuff to make it good. If I put my glass half full on the table, this economic incentives, just like the example of the plane and the air traffic. There's more actors that are incented to have a secure system. What's your thoughts to general's comments around the optimism and the potential threat matrix that needs to be managed. >> Absolutely, so one of the things that we've seen over the years, as we build these small satellites is a lot of that technology that the General's talking about, voice recognition, miniaturized chips, and sensors, started on the ground. And I mean, you have your iPhone, that, about 15 years ago before the first iPhone came out, we were building small satellites in the lab and we were looking at cutting-edge, state-of-the-art magnetometers and sensors that we were putting in our satellites back then. We didn't know if they were going to work. And then a few years later, as these students graduate, they go off and they go out to other industries. And so, some of the technology that was first kind of put in these CubeSats in the early 2000s, kind of ended up in the first generation iPhone, smartphones. And so being able to take that technology, rapidly incorporate that into space and vice versa gives you an incredible economic advantage. Because not only are your costs going down because you're mass producing these types of terrestrial technologies, but then you can also increase revenue and profit by having smaller and cheaper systems. >> General, let's talk about that real quickly, that's a good point, I want to just shift it into the playbook. I mean, everyone talks about playbooks for management, for tech, for startups, for success. I mean, one of the playbooks that's clear from your history is investment in R&D around military and/or innovation that has a long view, spurs innovation, commercially. I mean, just there's a huge, many decades of history that shows that, hey we got to start thinking about these challenges. And next thing you know it's in an iPhone. This is history, this is not like a one off. And now with Space Force you're driving the main engine of innovation to be all digital. You know, we riff about "Star Trek" which is fun, the reality is you're going to be on the front lines of some really new, cool, mind-blowing things. Could you share your thoughts on how you sell that to the people who write the checks or recruit more talent? >> First, I totally agree with your thesis that national security, well, could probably go back an awful long way, hundreds to thousands of years, that security matters tend to drive an awful lot of innovation and creativity. You know I think probably the two things that drive people the most are probably an opportunity to make money, but beating that out are trying to stay alive. And so, I don't think that's going to go away. And I do think that Space Force can play a role as it pursues security structures, within the space domain to further encourage economic investment and to protect our space capabilities for national security purposes, are going to be at the cutting edge. This isn't the first time. I think we can point back to the origins of the internet, really started in the Department of Defense, with a partnership I should add, with academia. That's how the internet got started. That was the creativity in order to meet some needs there. Cryptography has its roots in security, in national security, but now we use it for economic reasons and a host of other kinds of reasons. And then space itself, I mean, we still look back to Apollo era as an inspiration for so many things that inspired people to either begin careers in technical areas or in space and so on. So I think in that same spirit, you're absolutely right. I guess I'm totally agreeing with your thesis. The Space Force will have a positive, inspirational influence in that way. And we need to realize that. So when we are asking for, when we're looking for how we need to meet capability needs, we need to spread that net very far, look for the most creative solutions and partner early and often with those that can work on those. >> When you're on the new frontier, you got to have a team sport, it's a team effort. And you mentioned the internet, just anecdotally I'm old enough to remember this 'cause I remember the days that it was goin' on, is that the policy decisions that the U.S. made at that time was to let it go a little bit invisible hand. They didn't try to commercialize it too fast. But there was some policy work that was done, that had a direct effect to the innovation. Versus take it over, and the next thing you know it's out of control. So I think there's this cross-disciplinary skillset becomes a big thing where you need to have more people involved. And that's one of the big themes of this symposium. So it's a great point. Thank you for sharing that. Roland, your thoughts on this because you got policy decisions. We all want to run faster. We want to be more innovative, but you got to have some ops view. Now, most of the ops view people want things very tight, very buttoned up, secure. The innovators want to go faster. It's the ying and yang. That's the world we live in. How's it all balance in your mind? >> Yeah, one of the things that may not be apparently obvious is that the U.S. government and Department of Defense is one of the biggest investors in technology in the aerospace sector. They're not the traditional venture capitalists, but they're the ones that are driving technology innovation because there's funding. And when companies see that the U.S. government is interested in something, businesses will revector to provide that capability. And, I would say the more recent years, we've had a huge influx of private equity, venture capital coming into the markets to kind of help augment the government investment. And I think having a good partnership and a relationship with these private equity, venture capitalists and the U.S. government is incredibly important because the two sides can help collaborate and kind of see a common goal. But then also too, on the other side there's that human element. And as General Shaw was saying, not only do companies obviously want to thrive and do really well, some companies just want to stay alive to see their technology kind of grow into what they've always dreamed of. And oftentimes entrepreneurs are put in a very difficult position because they have to make payroll, they have to keep the lights on. And so, sometimes they'll take investment from places where they may normally would not have, from potentially foreign investment that could potentially cause issues with the U.S. supply chain. >> Well, my final question is the best I wanted to save for last, because I love the idea of human space flight. I'd love to be on Mars. I'm not sure I'm able to make it someday, but how do you guys see the possible impacts of cybersecurity on expanding human space flight operations? I mean, general, this is your wheelhouse. This is your in command, putting humans in space and certainly robots will be there because they're easy to go 'cause they're not human. But humans in space. I mean, you startin' to see the momentum, the discussion, people are scratchin' that itch. What's your take on that? How do we see makin' this more possible? >> Well, I think we will see commercial space tourism in the future. I'm not sure how wide and large a scale it will become, but we will see that. And part of the, I think the mission of the Space Force is going to be probably to again, do what we're doin' today is have really good awareness of what's going on in the domain to ensure that that is done safely. And I think a lot of what we do today will end up in civil organizations to do space traffic management and safety in that arena. And, it is only a matter of time before we see humans going, even beyond the, NASA has their plan, the Artemis program to get back to the moon and the gateway initiative to establish a space station there. And that's going to be a NASA exploration initiative. But it is only a matter of time before we have private citizens or private corporations putting people in space and not only for tourism, but for economic activity. And so it'll be really exciting to watch. It'll be really exciting and Space Force will be a part of it. >> General, Roland, I want to thank you for your valuable time to come on this symposium. Really appreciate it. Final comment, I'd love you to spend a minute to share your personal thoughts on the importance of cybersecurity to space and we'll close it out. We'll start with you Roland. >> Yeah, so I think the biggest thing I would like to try to get out of this from my own personal perspective is creating that environment that allows the aerospace supply chain, small businesses like ourselves, be able to meet all the requirements to protect and safeguard our data, but also create a way that we can still thrive and it won't stifle innovation. I'm looking forward to comments and questions, from the audience to really kind of help, basically drive to that next step. >> General final thoughts, the importance of cybersecurity to space. >> I'll go back to how I started I think John and say that space and cyber are forever intertwined, they're BFFs. And whoever has my job 50 years from now, or a hundred years from now, I predict they're going to be sayin' the exact same thing. Cyber and space are intertwined for good. We will always need the cutting edge, cybersecurity capabilities that we develop as a nation or as a society to protect our space capabilities. And our cyber capabilities are going to need space capabilities in the future as well. >> General John Shaw, thank you very much. Roland Coelho, thank you very much for your great insight. Thank you to Cal Poly for puttin' this together. I want to shout out to the team over there. We couldn't be in-person, but we're doing a virtual remote event. I'm John Furrier with "theCUBE" and SiliconANGLE here in Silicon Valley, thanks for watching. (upbeat music)

(upbeat electronic music) >> Narrator: From theCUBE studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a CUBE conversation. >> Okay, hello everyone. I'm John Furrier with theCUBE. We're here with Meet the Analysts segment Sunday morning. We've got everyone around the world here to discuss a bit of the news around the EU killing the privacy deal, striking it down, among other topics around, you know, data privacy and global commerce. We got great guests here, Ray Wang, CEO of Constellation Research. Bill Mew, founder and CEO of Cyber Crisis Management from the Firm Crisis Team. And JD, CEO of Spearhead Management. JD, I can let you say your name because I really can't pronounce it. How do I (laughs) pronounce it, doctor? >> I wouldn't even try it unless you are Dutch, otherwise it will seriously hurt your throat. (Ray laughing) So, JD works perfect for me. >> Doctor Drooghaag. >> And Sarbjeet Johal, who's obviously an influencer, a cloud awesome native expert. Great, guys. Great to have you on, appreciate it, thanks for comin' on. And Bill, thank you for initiating this, I appreciate all your tweets. >> Happy Sunday. (Bill laughing) >> You guys have been really tweeting up a storm, I want to get everyone together, kind of as an analyst, Meet the Analyst segment. Let's go through with it. The news is the EU and U.S. Privacy Shield for data struck down by the court, that's the BBC headline. Variety of news, different perspectives, you've got an American perspective and you've got an international perspective. Bill, we'll start with you. What does this news mean? I mean, basically half the people in the world probably don't know what the Privacy Shield means, so why is this ruling so important, and why should it be discussed? >> Well, thanks to sharing between Europe and America, it's based on a two-way promise that when data goes from Europe to America, the Americans promise to respect our privacy, and when data goes form America to Europe, the Europeans promise to respect the American privacy. Unfortunately, there are big cultural differences between the two blocks. The Europeans have a massive orientation around privacy as a human right. And in the U.S., there's somewhat more of a prioritization on national security, and therefore for some time there's been a mismatch here, and it could be argued that the Americans haven't been living up to their promise because they've had various different laws, and look how much talk about FISA and the Cloud Act that actually contravene European privacy and are incompatible with the promise Americans have given. That promise, first of all, was in the form of a treaty called Safe Harbor. This went to court and was struck down. It was replaced by Privacy Shield, which was pretty much the same thing really, and that has recently been to the court as well, and that has been struck down. There now is no other means of legally sharing data between Europe and America other than what are being called standard contractual clauses. This isn't a broad treaty between two nations, these are drawn by each individual country. But also in the ruling, they said that standard contractual clauses could not be used by any companies that were subject to mass surveillance. And actually in the U.S., the FISA courts enforce a level of mass surveillance through all of the major IT firms, of all major U.S. telcos, cloud firms, or indeed, social media firms. So, this means that for all of the companies out there and their clients, business should be carrying on as usual apart from if you're one of those major U.S. IT firms, or one of their clients. >> So, why did this come about? Was there like a major incident? Why now, was it in the court, stuck in the courts? Were people bitchin' and moanin' about it? Why did this go down, what's the real issue? >> For those of us who have been following this attentively, things have been getting more and more precarious for a number of years now. We've had a situation where there are different measures being taken in the U.S., that have continued to erode the different protections that there were for Europeans. FISA is an example that I've given, and that is the sort of secret courts and secret warrants that are issued to seize data without anyone's knowledge. There's the Cloud Act, which is a sort of extrajudicial law that means that warrants can be served in America to U.S. organizations, and they have to hand over data wherever that data resides, anywhere in the world. So, data could exist on a European server, if it was under the control of an American company, they'd have to hand that over. So, whilst FISA is in direct conflict with the promises that the Americans made, things like the Cloud Act are not only in controversion with the promise they've made, there's conflicting law here, because if you're a U.S. subsidiary of a big U.S. firm, and you're based in Europe, who do you obey, the European law that says you can't hand it over because of GDPR, or the American laws that says they've got extrajudicial control, and that you've got to hand it over. So, it's made things a complete mess. And to say has this stuff, hasn't really happened? No, there's been a gradual erosion, and this has been going through the courts for a number of years. And many of us have seen it coming, and now it just hit us. >> So, if I get you right in what you're saying, it's basically all this mishmash of different laws, and there's no coherency, and consistency, is that the core issue? >> On the European side you could argue there's quite a lot of consistency, because we uphold people's privacy, in theory. But there have been incidents which we could talk about with that, but in theory, we hold your rights dear, and also the rights of Europeans, so everyone's data should be safe here from the sort of mass surveillance we're seeing. In the U.S., there's more of a direct conflict between everything, including there's been a, in his first week in the White House, Donald Trump signed an executive order saying that the Privacy Act in the U.S., which had been the main protection for people in the U.S., no longer applied to non-U.S. citizens. Which was, if you wanted try and cause a storm, and if you wanted to try and undermine the treaty, there's no better way of doing it than that. >> A lot of ways, Ray, I mean simplify this for me, because I'm a startup, I'm hustlin', or I'm a big company, I don't even know who runs the servers anymore, and I've got data stored in multiple clouds, I got in regions, and Oracle just announced more regions, you got Amazon, a gazillion regions, I could be on-premise. I mean bottom line, what is this about? I mean, and -- >> Bill's right, I mean when Max Schrems, the Austrian. Bill's right, when Max Schrems the Austrian activist actually filed his case against Facebook for where data was being stored, data residency wasn't as popular. And you know, what it means for companies that are in the cloud is that you have to make sure your data's being stored in the region, and following those specific region rules, you can't skirt those rules anymore. And I think the cloud companies know that this has been coming for some time, and that's why there's been announced in a lot of regions, a lot of areas that are actually happening, so I think that's the important part. But going back to Bill's earlier point, which is important, is America is basically the Canary Islands of privacy, right? Privacy is there, but it isn't there in a very, very explicit sense, and I think we've been skirting the rules for quite some time, because a lot of our economy depends on that data, and the marketing of the data. And so we often confuse privacy with consent, and also with value exchange, and I think that's part of the problem of what's going on here. Companies that have been building their business models on free data, free private data, free personally identifiable data information are the ones that are at risk! And I think that's what's going on here. >> It's the classic Facebook issue, you're the product, and the data is your product. Well, I want to get into what this means, 'cause my personal take away, not knowing the specifics, and just following say, cyber security for instance, one of the tenets there is that data sharing is an invaluable, important ethos in the community. Now, everyone has their own privacy, or security data, they don't want to let everyone know about their exploits but, but it's well known in the security world that sharing data with each other, different companies and countries is actually a good thing. So, the question that comes in my mind, is this really about data sharing or data privacy, or both? >> I think it's about both. And actually what the ruling is saying here is, all we're asking from the European side is please stop spying on us and please give us a level of equal protection that you give to your own citizens. Because data comes from America to Europe, whatever that data belongs to, a U.S. citizen or a European citizen, it's given equal protection. It is only if data goes in the other direction, where you have secret courts, secret warrants, seizure of data on this massive scale, and also a level of lack of equivalence that has been imposed. And we're just asking that once you've sorted out a few of those things, we'd say everything's back on the table, away we go again! >> Why don't we merge the EU with the United States? Wouldn't that solve the problem? (Bill laughing) >> We just left Europe! (laughs heartily) >> Actually I always -- >> A hostile takeover of the UK maybe, the 52nd state. (Bill laughing loudly) >> I always pick on Bill, like Bill, you got all screaming loud and clear about all these concerns, but UKs trying to get out of that economic union. It is a union at the end of the day, and I think the problem is the institutional mismatch between the EU and U.S., U.S. is old democracy, bigger country, population wise, bigger economy. Whereas Europe is several countries trying to put together, band together as one entity, and the institutions are new, like you know, they're 15 years old, right? They're maturing. I think that's where the big mismatch is and -- >> Well, Ray, I want to get your thoughts on this, Ray wrote a book, I forget what year it was, this digital disruption, basically it was digital transformation before it was actually a trend. I mean to me it's like, do you do the process first and then figure out where the value extraction is, and this may be a Silicon Valley or an American thing, but go create value, then figure out how to create process or understand regulations. So, if data and entrepreneurship is going to be a new modern era of value, why wouldn't we want to create a rule based system that's open and enabling, and not restrictive? >> So, that's a great point, right? And the innovation culture means you go do it first, and you figure out the rules later, and that's been a very American way of getting things done, and very Silicon Valley in our perspective, not everyone, but I think in general that's kind of the trend. I think the challenge here is that we are trading privacy for security, privacy for convenience, privacy for personalization, right? And on the security level, it's a very different conversation than what it is on the consumer end, you know, personalization side. On the security side I think most Americans are okay with a little bit of "spying," at least on your own side, you know, to keep the country safe. We're not okay with a China level type of spying, which we're not sure exactly what that means or what's enforceable in the courts. We look like China to the Europeans in the way we treat privacy, and I think that's the perspective we need to understand because Europeans are very explicit about how privacy is being protected. And so this really comes back to a point where we actually have to get to a consent model on privacy, as to knowing what data is being shared, you have the right to say no, and when you have the right to say no. And then if you have a value exchange on that data, then it's really like sometimes it's monetary, sometimes it's non-monetary, sometimes there's other areas around consensus where you can actually put that into place. And I think that's what's missing at this point, saying, you know, "Do we pay for your data? Do we explicitly get your consent first before we use it?" And we haven't had that in place, and I think that's where we're headed towards. And you know sometimes we actually say privacy should be a human right, it is in the UN Charter, but we haven't figured out how to enforce it or talk about it in the digital age. And so I think that's the challenge. >> Okay, people, until they lose it, they don't really understand what it means. I mean, look at Americans. I have to say that we're idiots on this front, (Bill chuckling) but you know, the thing is most people don't even understand how much value's getting sucked out of their digital exhaust. Like, our kids, TikTok and whatnot. So I mean, I get that, I think there's some, there's going to be blow back for America for sure. I just worry it's going to increase the cost of doing business, and take away from the innovation for citizen value, the people, because at the end of the day, it's for the people right? I mean, at the end of the day it's like, what's my privacy mean if I lose value? >> Even before we start talking about the value of the data and the innovation that we can do through data use, you have to understand the European perspective here. For the European there's a level of double standards and an erosion of trust. There's double standards in the fact that in California you have new privacy regulations that are slightly different to GDPR, but they're very much GDPR like. And if the boot was on the other foot, to say if we were spying on Californians and looking at their personal data, and contravening CCPA, the Californians would be up in arms! Likewise if we having promised to have a level of equality, had enacted a local rule in Europe that said that when data from America's over here, actually the privacy of Americans counts for nothing, we're only going to prioritize the privacy of Europeans. Again, the Americans would be up in arms! And therefore you can see that there are real double standards here that are a massive issue, and until those addressed, we're not going to trust the Americans. And likewise, the very fact that on a number of occasions Americans have signed up to treaties and promised to protect our data as they did with Safe Harbor, as they did with Privacy Shield, and then have blatantly, blatantly failed to do so means that actually to get back to even a level playing field, where we were, you have a great deal of trust to overcome! And the thing from the perspective of the big IT firms, they've seen this coming for a long time, as Ray was saying, and they sought to try and have a presence in Europe and other things. But the way this ruling has gone is that, I'm sorry, that isn't going to be sufficient! These big IT firms based in the U.S. that have been happy to hand over data, well some of them maybe more happy than others, but they all need to hand over data to the NSA or the CIA. They've been doing this for some time now without actually respecting this data privacy agreement that has existed between the two trading blocks. And now they've been called out, and the position now is that the U.S. is no longer trusted, and neither are any of these large American technology firms. And until the snooping stops and equality is introduced, they can now no longer, even from their European operations, they can no longer use standard contractual clauses to transfer data, which is going to be a massive restriction on their business. And if they had any sense, they'd be lobbying very, very hard right now to the Senate, to the House, to try and persuade U.S. lawmakers actually to stick to some these treaties! To stop introducing really mad laws that ride roughshod over other people's privacy, and have a certain amount of respect. >> Let's let JD weigh in, 'cause he just got in, sorry on the video, I made him back on a host 'cause he dropped off. Just, Bill, real quick, I mean I think it's like when, you know, I go to Europe there's the line for Americans, there's the line for EU. Or EU and everybody else. I mean we might be there, but ultimately this has to be solved. So, JD, I want to let you weigh in, Germany has been at the beginning forefront of privacy, and they've been hardcore, and how's this all playing out in your perspective? >> Well, the first thing that we have to understand is that in Germany, there is a very strong law for regulation. Germans panic as soon as they know regulation, so they need to understand what am I allowed to do, and what am I not allowed to do. And they expect the same from the others. For the record I'm not German, but I live in Germany for some 20 years, so I got a bit of a feeling for them. And that sense of need for regulation has spread very fast throughout the European Union, because most of the European member states of the European Union consider this, that it makes sense, and then we found that Britain had already a very good framework for privacy, so GDPR itself is very largely based on what the United Kingdom already had in place with their privacy act. Moving forward, we try to find agreement and consensus with other countries, especially the United States because that's where most of the tech providers are, only to find out, and that is where it started to go really, really bad, 2014, when the mass production by Edward Snowden came out, to find out it's not data from citizens, it's surveillance programs which include companies. I joined a purchasing conference a few weeks ago where the purchase of a large European multinational, where the purchasing director explicitly stated that usage of U.S. based tech providers for sensitive data is prohibited as a result of them finding out that they have been under surveillance. So, it's not just the citizens, there's mass -- >> There you have it, guys! We did trust you! We did have agreements there that you could have abided by, but you chose not to, you chose to abuse our trust! And you're now in a position where you are no longer trusted, and unless you can lobby your own elected representatives to actually recreate a level playing field, we're not going to continue trusting you. >> So, I think really I -- >> Well I mean that, you know, innovation has to come from somewhere, and you know, has to come from America if that's the case, you guys have to get on board, right? Is that what it -- >> Innovation without trust? >> Is that the perspective? >> I don't think it's a country thing, I mean like, it's not you or them, I think everybody -- >> I'm just bustin' Bill's chops there. >> No, but I think everybody, everybody is looking for what the privacy rules are, and that's important. And you can have that innovation with consent, and I think that's really where we're going to get to. And this is why I keep pushing that issue. I mean, privacy should be a fundamental right, and how you get paid for that privacy is interesting, or how you get compensated for that privacy if you know what the explicit value exchange is. What you're talking about here is the surveillance that's going on by companies, which shouldn't be happening, right? That shouldn't be happening at the company level. At the government level I can understand that that is happening, and I think those are treaties that the governments have to agree upon as to how much they're going to impinge on our personal privacy for the trade off for security, and I don't think they've had those discussions either. Or they decided and didn't tell any of their citizens, and I think that's probably more likely the case. >> I mean, I think what's happening here, Bill, you guys were pointing out, and Ray, you articulated there on the other side, and my kind of colorful joke aside, is that we're living a first generation modern sociology problem. I mean, this is a policy challenge that extends across multiple industries, cyber security, citizen's rights, geopolitical. I mean when would look, and even when we were doing CUBE events overseas in Europe, in North American companies we'd call it abroad, we'd just recycle the American program, and we found there's so much localization value. So, Ray, this is the digital disruption, it's the virtualization of physical for digital worlds, and it's a lot of network theory, which is computer science, a lot of sociology. This is a modern challenge, and I don't think it so much has a silver bullet, it's just that we need smart people working on this. That's my take away! >> I think we can describe the ideal endpoint being somewhere we have meaningful protection alongside the maximization of economic and social value through innovation. So, that should be what we would all agree would be the ideal endpoint. But we need both, we need meaningful protection, and we need the maximization of economic and social value through innovation! >> Can I add another axis? Another axis, security as well. >> Well, I could -- >> I put meaningful protection as becoming both security and privacy. >> Well, I'll speak for the American perspective here, and I won't speak, 'cause I'm not the President of the United States, but I will say as someone who's been from Silicon Valley and the east coast as a technical person, not a political person, our lawmakers are idiots when it comes to tech, just generally. (Ray laughing) They're not really -- (Bill laughing loudly) >> They really don't understand. They really don't understand the tech at all! >> So, the problem is -- >> I'm not claiming ours are a great deal better. (laughs) >> Well, this is why I think this is a modern problem. Like, the young people I talk to are like, "Why do we have this rules?" They're all lawyers that got into these positions of Congress on the American side, and so with the American JEDI Contract you guys have been following very closely is, it's been like the old school Oracle, IBM, and then Amazon is leading with an innovative solution, and Microsoft has come in and re-pivoted. And so what you have is a fight for the digital future of citizenship! And I think what's happening is that we're in a massive societal transition, where the people in charge don't know what the hell they're talkin' about, technically. And they don't know who to tap to solve the problems, or even shape or frame the problems. Now, there's pockets of people that are workin' on it, but to me as someone who looks at this saying, it's a pretty simple solution, no one's ever seen this before. So, there's a metaphor you can draw, but it's a completely different problem space because it's, this is all digital, data's involved. >> We've got a lobbyists out there, and we've got some tech firms spending an enormous amount of lobbying. If those lobbyists aren't trying to steer their representatives in the right direction to come up with law that aren't going to massively undermine trade and data sharing between Europe and America, then they're making a big mistake, because we got here through some really dumb lawmaking in the U.S., I mean, there are none of the laws in Europe that are a problem here. 'Cause GDPR isn't a great difference, a great deal different from some of the laws that we have already in California and elsewhere. >> Bill, Bill. >> The laws that are at issue here -- >> Bill, Bill! You have to like, back up a little bit from that rhetoric that EU is perfect and U.S. is not, that's not true actually. >> I'm not saying we're perfect! >> No, no, you say that all the time. >> But I'm saying there's a massive lack of innovation. Yeah, yeah. >> I don't, I've never said it! >> Arm wrestle! >> Yes, yes. >> When I'm being critical of some of the dumb laws in the U.S, (Sarbjeet laughing) I'm not saying Europe is perfect. What we're trying to say is that in this particular instance, I said there was an equal balance here between meaningful protection and the maximization of economic and social value. On the meaningful protection side, America's got it very wrong in terms of the meaningful protection it provides to civil European data. On the maximization of economic and social value, I think Europe's got it wrong. I think there are a lot of things we could do in Europe to actually have far more innovation. >> Yeah. >> It's a cultural issue. The Germans want rules, that's what they crave for. America's the other way, we don't want rules, I mean, pretty much is a rebel society. And that's kind of the ethos of most tech companies. But I think you know, to me the media, there's two things that go on with this tech business. The company's themselves have to be checked by say, government, and I believe in not a lot of regulation, but enough to check the power of bad actors. Media so called "checking power", both of these major roles, they don't really know what they're talking about, and this is back to the education piece. The people who are in the media so called "checking power" and the government checking power assume that the companies are bad. Right, so yeah, because eight out of ten companies like Amazon, actually try to do good things. If you don't know what good is, you don't really, (laughs) you know, you're in the wrong game. So, I think media and government have a huge education opportunity to look at this because they don't even know what they're measuring. >> I support the level of innovation -- >> I think we're unreeling from the globalization. Like, we are undoing the globalization, and that these are the side effects, these conflicts are a side effect of that. >> Yeah, so all I'm saying is I support the focus on innovation in America, and that has driven an enormous amount of wealth and value. What I'm questioning here is do you really need to spy on us, your allies, in order to help that innovation? And I'm starting to, I mean, do you need mass surveillance of your allies? I mean, I can see you may want to have some surveillance of people who are a threat to you, but wait, guys, we're meant to be on your side, and you haven't been treating our privacy with a great deal of respect! >> You know, Saudi Arabia was our ally. You know, 9/11 happened because of them, their people, right? There is no ally here, and there is no enemy, in a way. We don't know where the rogue actors are sitting, like they don't know, they can be within the walls -- >> It's well understood I think, I agree, sorry. it's well understood that nation states are enabling terrorist groups to take out cyber attacks. That's well known, the source enables it. So, I think there's the privacy versus -- >> I'm not sure it's true in your case that it's Europeans that's doing this though. >> No, no, well you know, they share -- >> I'm a former officer in the Royal Navy, I've stood shoulder to shoulder with my U.S. counterparts. I put my life on the line on NATO exercises in real war zones, and I'm now a disabled ex-serviceman as a result of that. I mean, if I put my line on the line shoulder to shoulder with Americans, why is my privacy not respected? >> Hold on -- >> I feel it's, I was going to say actually that it's not that, like even the U.S., right? Part of the spying internally is we have internal actors that are behaving poorly. >> Yeah. >> Right, we have Marxist organizations posing as, you know, whatever it is, I'll leave it at that. But my point being is we've got a lot of that, every country has that, every country has actors and citizens and people in the system that are destined to try to overthrow the system. And I think that's what that surveillance is about. The question is, we don't have treaties, or we didn't have your explicit agreements. And that's why I'm pushing really hard here, like, they're separating privacy versus security, which is the national security, and privacy versus us as citizens in terms of our data being basically taken over for free, being used for free. >> John: I agree with that. >> That I think we have some agreement on. I just think that our governments haven't really had that conversation about what surveillance means. Maybe someone agreed and said, "Okay, that's fine. You guys can go do that, we won't tell anybody." And that's what it feels like. And I don't think we deliberately are saying, "Hey, we wanted to spy on your citizens." I think someone said, "Hey, there's a benefit here too." Otherwise I don't think the EU would have let this happen for that long unless Max had made that case and started this ball rolling, so, and Edward Snowden and other folks. >> Yeah, and I totally support the need for security. >> I want to enter the -- >> I mean we need to, where there are domestic terrorists, we need to stop them, and we need to have local action in UK to stop it happening here, and in America to stop it happening there. But if we're doing that, there is absolutely no need for the Americans to be spying on us. And there's absolutely no need for the Americans to say that privacy applies to U.S. citizens only, and not to Europeans, these are daft, it's just daft! >> That's a fair point. I'm sure GCHQ and everyone else has this covered, I mean I'm sure they do. (laughs) >> Oh, Bill, I know, I've been involved, I've been involved, and I know for a fact the U.S. and the UK are discussing I know a company called IronNet, which is run by General Keith Alexander, funded by C5 Capital. There's a lot of collaboration, because again, they're tryin' to get their arms around how to frame it. And they all agree that sharing data for the security side is super important, right? And I think IronNet has this thing called Iron Dome, which is essentially like they're saying, hey, we'll just consistency around the rules of shared data, and we can both, everyone can have their own little data. So, I think there's recognition at the highest levels of some smart people on both countries. (laughs) "Hey, let's work together!" The issue I have is just policy, and I think there's a lot of clustering going on. Clustered here around just getting out of their own way. That's my take on that. >> Are we a PG show? Wait, are we a PG show? I just got to remember that. (laughs) (Bill laughing) >> It's the internet, there's no regulation, there's no rules! >> There's no regulation! >> The European rules or is it the American rules? (Ray laughing) >> I would like to jump back quickly to the purpose of the surveillance, and especially when mass surveillance is done under the cover of national security and terror prevention. I worked with five clients in the past decade who all have been targeted under mass surveillance, which was revealed by Edward Snowden, and when they did their own investigation, and partially was confirmed by Edward Snowden in person, they found out that their purchasing department, their engineering department, big parts of their pricing data was targeted in mass surveillance. There's no way that anyone can explain me that that has anything to do with preventing terror attacks, or finding the bad guys. That is economical espionage, you cannot call it in any other way. And that was authorized by the same legislation that authorizes the surveillance for the right purposes. I'm all for fighting terror, and anything that can help us prevent terror from happening, I would be the first person to welcome it. But I do not welcome when that regulation is abused for a lot of other things under the cover of national interest. I understand -- >> Back to the lawmakers again. And again, America's been victim to the Chinese some of the individual properties, well documented, well known in tech circles. >> Yeah, but just 'cause the Chinese have targeted you doesn't give you free right to target us. >> I'm not saying that, but its abuse of power -- >> If the U.S. can sort out a little bit of reform, in the Senate and the House, I think that would go a long way to solving the issues that Europeans have right now, and a long way to sort of reaching a far better place from which we can all innovate and cooperate. >> Here's the challenge that I see. If you want to be instrumenting everything, you need a closed society, because if you have a free country like America and the UK, a democracy, you're open. If you're open, you can't stop everything, right? So, there has to be a trust, to your point, Bill. As to me that I'm just, I just can't get my arms around that idea of complete lockdown and data surveillance because I don't think it's gettable in the United States, like it's a free world, it's like, open. It should be open. But here we've got the grids, and we've got the critical infrastructure that should be protected. So, that's one hand. I just can't get around that, 'cause once you start getting to locking down stuff and measuring everything, that's just a series of walled gardens. >> So, to JD's point on the procurement data and pricing data, I have been involved in some of those kind of operations, and I think it's financial espionage that they're looking at, financial security, trying to figure out a way to track down capital flows and what was purchased. I hope that was it in your client's case, but I think it's trying to figure out where the money flow is going, more so than trying to understand the pricing data from competitive purposes. If it is the latter, where they're stealing the competitive information on pricing, and data's getting back to a competitor, that is definitely a no-no! But if it's really to figure out where the money trail went, which is what I think most of those financial analysts are doing, especially in the CIA, or in the FBI, that's really what that probably would have been. >> Yeah, I don't think that the CIA is selling the data to your competitors, as a company, to Microsoft or to Google, they're not selling it to each other, right? They're not giving it to each other, right? So, I think the one big problem I studied with FISA is that they get the data, but how long they can keep the data and how long they can mine the data. So, they should use that data as exhaust. Means like, they use it and just throw it away. But they don't, they keep mining that data at a later date, and FISA is only good for five years. Like, I learned that every five years we revisit that, and that's what happened this time, that we renewed it for six years this time, not five, for some reason one extra year. So, I think we revisit all these laws -- >> Could be an election cycle. >> Huh? >> Could be an election cycle maybe. (laughs) >> Yes, exactly! So, we revisit all these laws with Congress and Senate here periodically just to make sure that they are up to date, and that they're not infringing on human rights, or citizen's rights, or stuff like that. >> When you say you update to check they're not conflicting with anything, did you not support that it was conflicting with Privacy Shield and some of the promises you made to Europeans? At what point did that fail to become obvious? >> It does, because there's heightened urgency. Every big incident happens, 9/11 caused a lot of new sort of like regulations and laws coming into the picture. And then the last time, that the Russian interference in our election, that created some sort of heightened urgency. Like, "We need to do something guys here, like if some country can topple our elections, right, that's not acceptable." So, yeah -- >> And what was it that your allies did that caused you to spy on us and to downgrade our privacy? >> I'm not expert on the political systems here. I think our allies are, okay, loose on their, okay, I call it village politics. Like, world is like a village. Like it's so only few countries, it's not millions of countries, right? That's how I see it, a city versus a village, and that's how I see the countries, like village politics. Like there are two camps, like there's Russia and China camp, and then there's U.S. camp on the other side. Like, we used to have Russia and U.S., two forces, big guys, and they managed the whole world balance somehow, right? Like some people with one camp, the other with the other, right? That's how they used to work. Now that Russia has gone, hold on, let me finish, let me finish. >> Yeah. >> Russia's gone, there's this void, right? And China's trying to fill the void. Chinese are not like, acting diplomatic enough to fill that void, and there's, it's all like we're on this imbalance, I believe. And then Russia becomes a rogue actor kind of in a way, that's how I see it, and then they are funding all these bad people. You see that all along, like what happened in the Middle East and all that stuff. >> You said there are different camps. We thought we were in your camp! We didn't expect to be spied on by you, or to have our rights downgraded by you. >> No, I understand but -- >> We thought we were on your side! >> But, but you have to guys to trust us also, like in a village. Let me tell you, I come from a village, that's why I use the villager as a hashtag in my twitter also. Like in village, there are usually one or two families which keep the village intact, that's our roles. >> Right. >> Like, I don't know if you have lived in a village or not -- >> Well, Bill, you're making some great statements. Where's the evidence on the surveillance, where can people find more information on this? Can you share? >> I think there's plenty of evidence, and I can send some stuff on, and I'm a little bit shocked given the awareness of the FISA Act, the Cloud Act, the fact that these things are in existence and they're not exactly unknown. And many people have been complaining about them for years. I mean, we've had Safe Harbor overturned, we've had Privacy Shield overturned, and these weren't just on a whim! >> Yeah, what does JD have in his hand? I want to know. >> The Edward Snowden book! (laughs) >> By Edward Snowden, which gives you plenty. But it wasn't enough, and it's something that we have to keep in mind, because we can always claim that whatever Edward Snowden wrote, that he made it up. Every publication by Edward Snowden is an avalanche of technical confirmation. One of the things that he described about the Cisco switches, which Bill prefers to quote every time, which is a proven case, there were bundles of researchers saying, "I told you guys!" Nobody paid attention to those researchers, and Edward Snowden was smart enough to get the mass media representation in there. But there's one thing, a question I have for Sabjeet, because in the two parties strategy, it is interesting that you always take out the European Union as part. And the European Union is a big player, and it will continue to grow. It has a growing amount of trade agreements with a growing amount of countries, and I still hope, and I think think Bill -- >> Well, I think the number of countries is reducing, you've just lost one! >> Only one. (Bill laughing loudly) Actually though, those are four countries under one kingdom, but that's another point. (Bill chortling heartily) >> Guys, final topic, 5G impact, 'cause you mentioned Cisco, couldn't help think about -- >> Let me finish please my question, John. >> Okay, go ahead. How would you the United States respond if the European Union would now legalize to spy on everybody and every company, and every governmental institution within the United States and say, "No, no, it's our privilege, we need that." How would the United States respond? >> You can try that and see economically what happens to you, that's how the village politics work, you have to listen to the mightier than you, and we are economically mightier, that's the fact. Actually it's hard to swallow fact for, even for anybody else. >> If you guys built a great app, I would use it, and surveil all you want. >> Yeah, but so this is going to be driven by the economics. (John laughing) But the -- >> That's exactly what John said. >> This is going to be driven by the economics here. The big U.S. cloud firms are got to find this ruling enormously difficult for them, and they are inevitably going to lobby for a level of reform. And I think a level of a reform is needed. Nobody on your side is actually arguing very vociferously that the Cloud Act and the discrimination against Europeans is actually a particularly good idea. The problem is that once you've done the reform, are we going to believe you when you say, "Oh, it's all good now, we've stopped it!" Because with Crypto AG scandal in Switzerland you weren't exactly honest about what you were doing. With the FISA courts, so I mean FISA secret courts, the secret warrants, how do we know and what proof can we have that you've stopped doing all these bad things? And I think one of the challenges, A, going to be the reform, and then B, got to be able to show that you actually got your act together and you're now clean. And until you can solve those two, many of your big tech companies are going to be at a competitive disadvantage, and they're going to be screaming for this reform. >> Well, I think that, you know, General Mattis said in his book about Trump and the United states, is that you need alliances, and I think your point about trust and executing together, without alliances, it really doesn't work. So, unless there's some sort of real alliance, (laughs) like understanding that there's going to be some teamwork here, (Bill laughing) I don't think it's going to go anywhere. So, otherwise it'll continue to be siloed and network based, right? So to the village point, if TikTok can become a massively successful app, and they're surveilling, so and then we have to decide that we're going to put up with that, I mean, that's not my decision, but that's what's goin' on here. It's like, what is TikTok, is it good or bad? Amazon sent out an email, and they've retracted it, that's because it went public. I guarantee you that they're talkin' about that at Amazon, like, "Why would we want infiltration by the Chinese?" And I'm speculating, I have no data, I'm just saying, you know. They email those out, then they pull it back, "Oh, we didn't mean to send that." Really, hmm? (laughs) You know, so this kind of -- >> But the TRA Balin's good, you always want to get TRA Balin out there. >> Yeah, exactly. There's some spying going on! So, this is the reality. >> So, John, you were talking about 5G, and I think you know, the role of 5G, you know, the battle between Cisco and Huawei, you just have to look at it this way, would you rather have the U.S. spy on you, or would you rather have China? And that's really your binary choice at this moment. And you know both is happening, and so the question is which one is better. Like, the one that you're in alliance with? The one that you're not in alliance with, the one that wants to bury you, and decimate your country, and steal all your secrets and then commercialize 'em? Or the one kind of does it, but doesn't really do it explicitly? So, you've got to choose. (laughs) >> It's supposed to be -- >> Or you can say no, we're going to create our own standard for 5G and kick both out, that's an option. >> It's probably not as straightforward a question as, or an answer to that question as you say, because if we were to fast-forward 50 years, I would argue that China is going to be the largest trading nation in the world. I believe that China is going to have the upper hand on many of these technologies, and therefore why would we not want to use some of their innovation, some of their technology, why would we not actually be more orientated around trading with them than we might be with the U.S.? I think the U.S. is throwing its weight around at this moment in time, but if we were to fast-forward I think looking in the longterm, if I had to put my money on Huawei or some of its competitors, I think given its level of investments in research and whatever, I think the better longterm bet is Huawei. >> No, no, actually you guys need to pick a camp. It's a village again. You have to pick a camp, you can't be with both guys. >> Global village. >> Oh, right, so we have to go with the guys that have been spying on us? >> How do you know the Chinese haven't been spying on you? (Ray and John laughing loudly) >> I think I'm very happy, you find a backdoor in the Huawei equipment and you show it to us, we'll take them to task on it. But don't start bullying us into making decisions based on what-ifs. >> I don't think I'm, I'm not qualified to represent the U.S., but what we would want to say is that if you look at the dynamics of what's going on, China, we've been studying that as well in terms of the geopolitical aspects of what happens in technology, they have to do what they're doing right now. Because in 20 years our population dynamics go like this, right? You've got the one child policy, and they won't have the ability to go out and fight for those same resources where they are, so what they're doing makes sense from a country perspective and country policy. But I think they're going to look like Japan in 20 years, right? Because the xenophobia, the lack of immigration, the lack of inside stuff coming in, an aging population. I mean, those are all factors that slow down your economy in the long run. And the lack of bringing new people in for ideas, I mean that's part of it, they're a closed system. And so I think the longterm dynamics of every closed system is that they tend to fail versus open systems. So, I'm not sure, they may have better technology along the way. But I think a lot of us are probably in the camp now thinking that we're not going to aid and abet them, in that sense to get there. >> You're competing a country with a company, I didn't say that China had necessarily everything rosy in its future, it'll be a bigger economy, and it'll be a bigger trading partner, but it's got its problems, the one child policy and the repercussions of that. But that is not one of the things, Huawei, I think Huawei's a massively unlimited company that has got a massive lead, certainly in 5G technology, and may continue to maintain a lead into 6G and beyond. >> Oh yeah, yeah, Huawei's done a great job on the 5G side, and I don't disagree with that. And they're ahead in many aspects compared to the U.S., and they're already working on the 6G technologies as well, and the roll outs have been further ahead. So, that's definitely -- >> And they've got a great backer too, the financer, the country China. Okay guys, (Ray laughing) let's wrap up the segment. Thanks for everyone's time. Final thoughts, just each of you on this core issue of the news that we discussed and the impact that was the conversation. What's the core issue? What should people think about? What's your solution? What's your opinion of how this plays out? Just final statements. We'll start with Bill, Ray, Sarbjeet and JD. >> All I'm going to ask you is stop spying on us, treat us equally, treat us like the allies that we are, and then I think we've got to a bright future together! >> John: Ray? >> I would say that Bill's right in that aspect in terms of how security agreements work, I think that we've needed to be more explicit about those. I can't represent the U.S. government, but I think the larger issue is really how do we view privacy, and how we do trade offs between security and convenience, and you know, what's required for personalization, and companies that are built on data. So, the sooner we get to those kind of rules, an understanding of what's possible, what's a consensus between different countries and companies, I think the better off we will all be a society. >> Yeah, I believe the most important kind of independence is the economic independence. Like, economically sound parties dictate the terms, that's what U.S. is doing. And the smaller countries have to live with it or pick the other bigger player, number two in this case is China. John said earlier, I think, also what JD said is the fine balance between national security and the privacy. You can't have, you have to strike that balance, because the rogue actors are sitting in your country, and across the boundaries of the countries, right? So, it's not that FISA is being fought by Europeans only. Our internal people are fighting that too, like how when you are mining our data, like what are you using it for? Like, I get concerned too, when you can use that data against me, that you have some data against me, right? So, I think it's the fine balance between security and privacy, we have to strike that. Awesome. JD? I'll include a little fake check, fact check, at the moment China is the largest economy, the European Union is the second largest economy, followed directly by the USA, it's a very small difference, and I recommend that these two big parties behind the largest economy start to collaborate and start to do that eye to eye, because if you want to balance the economical and manufacturing power of China, you cannot do that as being number two and number three. You have to join up forces, and that starts with sticking with the treaties that you signed, and that has not happened in the past, almost four years. So, let's go back to the table, let's work on rules where from both sides the rights and the privileges are properly reflected, and then do the most important thing, stick to them! >> Yep, I think that's awesome. I think I would say that these young kids in high school and college, they need to come up and solve the problems, this is going to be a new generational shift where the geopolitical landscape will change radically, you mentioned the top three there. And new alliances, new kinds of re-imagination has to be there, and from America's standpoint I'll just say that I'd like to see lawmakers have, instead of a LinkedIn handle, a GitHub handle. You know, when they all go out on campaign talk about what code they've written. So, I think having a technical background or some sort of knowledge of computer science and how the internet works with sociology and societal impact will be critical for our citizenships to advance. So, you know rather a lawyer, right so? (laughs) Maybe get some law involved in that, I mean the critical lawyers, but today most people are lawyers in American politics, but show me a GitHub handle of that congressman, that senator, I'd be impressed. So, that's what we need. >> Thanks, good night! >> Ray, you want to say something? >> I wanted to say something, because I thought the U.S. economy was 21 trillion, the EU is sittin' at about 16, and China was sitting about 14, but okay, I don't know. >> You need to do math man. >> Hey, we went over our 30 minutes time, we can do an hour with you guys, so you're still good. (laughs) >> Can't take anymore. >> No go on, get in there, go at it when you've got something to say. >> I don't think it's immaterial the exact size of the economy, I think that we're better off collaborating on even and fair terms, we are -- >> We're all better off collaborating. >> Yeah. >> Gentlemen -- >> But the collaboration has to be on equal and fair terms, you know. (laughs) >> How do you define fair, good point. Fair and balanced, you know, we've got the new -- >> We did define fair, we struck a treaty! We absolutely defined it, absolutely! >> Yeah. >> And then one side didn't stick to it. >> We will leave it right there, and we'll follow up (Bill laughing) in a later conversation. Gentlemen, you guys are good. Thank you. (relaxing electronic music)

>> Woman: From theCUBE studios in Palo Alto in Boston, connecting without leaders all around the world, this is a CUBE conversation. >> Hello everyone, welcome to the special CUBE conversation, I'm John Furrier, host theCUBE here in Palo Alto, California, and doing a remote interview in our quarantine studio where we're getting the stories out there and sharing the content during the time of crisis when we're sheltering in place, as we get through this and get through the other side of the new normal. It's not necessarily normal, but it'll certainly create some normalcy around some of the new work at home, but also cybersecurity, I want to bring in a special guest who's going to talk with me about the impact of COVID-19 on cybersecurity, work at home, work in general, and also businesses practices. So, welcome Bill Welsh, who's the CEO of IronNet, who has taken over the helm run of the operations with General Keith Alexander, CUBE alumni as well, former NSA and former Cyber Command who's now leading a new innovative company called IronNet, which is deploying something really clever, but also something really realistic around cybersecurity so, Bill, thanks for joining me. >> Hey John, thanks for being with you. >> So, obviously, the COVID-19 crisis has created, essentially, a lot of exposure to the real world and, in general, around what it's like to work at home. Obviously, the economy's are crippled. This is an invisible threat. I've been chirping on Twitter and saying we've been fighting a digital war for a long time. There's been, the Internet has provided nation states the opportunity to attack folks using other mechanisms, open source and others, but if you look at this COVID-19, whether it's a bio weapon or not, it has crippled the country in the United States and caused crippling around the world, but it's just a threat and causing disruption, this is almost like a nuke, if you will, digital nuke. This is changing the game. You guys are in the cyber intelligence, cybersecurity area, what's your take on all of this and what are you hearing? >> Well I agree with you, John, I think that this is the invisible enemy, and as you know, right now with that going on, there's going to be adversaries that are going to take advantage of it. You see right now in some of the nation states where they're looking at opportunities to use this, to go after other countries, maybe just to test and see what their vulnerabilities are. You're seeing some activity overseas with nation states where they're looking at some of the military incursions, they're thinking about possible weaknesses with this invisible enemy. You know, it's affecting us in so many ways, whether it's economic, financial, our healthcare system, our supply chains, whether it's our, the supplies and groceries that we get to our people, so these are all challenging times that the adversaries are not going to just sit back and say oh well, you're in a crisis right now, we'll wait for the crisis to be alieved, we are now going to take advantage of it. >> And certainly the death toll is also the human impact as well, this is real world. This is something that we can have a longer conversation on, the time when we get more data in, and we'll certainly want to track this new, kind of digital warfare kind of paradigm, whether it's bio and or packets in cybersecurity, but the real impact has been this at scale exposure of problems and opportunities. For instance, IT folks were telling me that they underprovisioned their VPN access, now it's 100% everyone's at home. That's a disruption, that's not a hurricane, that's not a flood, this is now a new distraction to their operations. Other folks are seeing more hacks and more surface area, more threats from the old side getting hit. This has certainly impacted the cyber, but also people's anxiety at home. How are you guys looking at this, what are you guys doing, what's going on IronNet right now around cyber and COVID-19. >> Yeah, and what we're seeing right now is that our customers are seeing increasing awareness of their employees to understand what is going on around them and one of the things that we formed the company was the ability to assist enterprises of all sizes to collectively defend against threats that target their industries. We believe that collective defense is our collective responsibility. And it can't be just about technology, it's about some of the IT systems you talked about, being able to leverage them together. When I look at our top energy companies that we partner with, these individuals have great operators, but when you think about it, they have operators just for their company. What we're able to do within our environment, in our Iron Dome, is bring all that in together. We bring the human element and the IT element in order to help them solve positive outcomes for their industries. >> I want to dig into that because I think one of the things that I'm seeing coming out of this trend, post-pandemic is going to be the real emphasis on community. You're seeing people realizing through, whether it's doing Zoomification or Cubification, doing CUBE interviews and zooming and talking, I think you're going to see this element of I could do better, I can contribute either to society or to the collective at whole, and I think this collective idea you guys have with Iron Dome is very relevant because I think people are going to say wow, if I contribute, we might not have this kind of crisis again. This is something that's new, you guys have been on this collective thing with Iron Dome for a long time. I think this is pretty clever and I think it's going to be very relevant. Can you explain the Iron Dome collective, intelligence paradigm in the vision? >> Yeah, absolutely. And just to back up a little bit, what I will tell you is that we observed, as far as the problem statement, was that cyber is an element of national power, and people are using it to achieve their political, economic, and military objectives and now what you're seeing is are there other ways, cause while this COVID-19 may or may not have been anything as far as a bio-weapon, now others will see, well here's a way to bring down a country or an economy or something like that. We're also seeing that the cyber attacks are getting more and more destructive, whether it's WannaCry or NotPetya, we're also seeing the toolkits being more advanced, we're seeing how slow the response is by their cyber tools, so what we've looked at is we said wait, stop defending in isolation. That's what enterprises have been doing, they've been defending in isolation, no sharing, no collective intelligence as I would call it. And what we've been able to do is bring the power of those people to come together to collectively defend when something happens. So instead of having one security operation center defending a company, you can bring five or six or seven to defend the entire energy grid, this is one example. And over in Asia, we have the same thing. We have one of our largest customers over there, they have 450 companies, so if you think about it, 450 companies times the number of stock operators that they have in the security operation centers, you can think about the magnitude that we can bring the bearer of the arms, the warriors, to attack this crisis. >> So you're getting more efficiency, more acute response than before, so you got speed. So what you're saying is the collective intelligence provides what value? Speed, quality-- Yeah, it's at cloud scale, network speed, you get the benefit of all these operators, individuals that have incredible backgrounds in offensive and defensive operator experience including the people that we have, and then our partnership with either national governments or international governments that are allies, to make sure that we're sharing that collective intelligence so they can take action because what we're doing is we're making sure that we analyze the traffic, we're bringing the advanced analytics, we're bringing the expert systems, and we're bringing the experts to there, both at a technology level and also a personnel level. >> You know, General Alexander, one of the architects behind the vision here, who's obviously got a background in the military, NSA, Cyber Command, et cetera, uses the analogy of an airport radar, and I think that's a great metaphor because you need to have real-time communications on anything going on in as telemetry to what's landing or approaching or almost like landing that airplane, so he uses that metaphor and he says if there's no communication but it lags, you don't have it. He was using that example. Do you guys still use that example or can you explain further this metaphor? >> Absolutely, and I think another example that we have seen some of our customers really, in our prospects and partners really embrace is this concept of an immersive visualization, almost gaming environment. You look at what is happening now where people have the opportunity, even at home because of COVID-19, my teenage boys are spending way too much time probably on Call of Duty and Fortnite and that, but apply that same logic to cyber. Apply that logic to where you could have multiple players, multiple individuals, you can invite people in, you can invite others that might have subject matter expertise, you might be able to go and invite some of the IT partners that you have whether it's other companies to come in that are partners of yours, to help solve a problem and make it visualized, immersive, and in a gaming environment, and that is what we're doing in our Iron Dome. >> I think that's compelling and I've always loved the vision of abstracting away gaming to real world problems because it's very efficient, those kids are great, and the new Call of Duty came out so everyone's-- >> And they're also the next generation, they're the next generation of individuals that are going to be taking over security for us. So this is a great in mind... Cause this is something they already know, something they're already practicing, and something they're experts at and if you look at how the military is advancing, they've gone from having these great fighter pilots to putting people in charge of drones. It's the same thing with us is that possibility of having a cyber avatar go and fight that initiative is going to be something that we're doing. >> I think you guys are really rethinking security and this brings up my next topic I want to get your thoughts on is this crisis of COVID-19 has really highlighted old and new, and it's really kind of exposed again, at scale because it's an at scale problem, everyone's been forced to shelter in place and it exposes everything from deliveries to food to all the services and you can see what's important, what's not in life and it exposes kind of the old and new. So you have a lot of old antiquated, outdated systems and you have new emerging ones. How do you see those two sides of the street, old and new, what's emerging, what's your vision on what you think will be important post-pandemic? >> Well, I think the first thing is the individuals that are really the human element. So one, we have to make sure that individuals at home are, have all the things that they require in order to be successful and drive great outcomes, because I believe that the days of going into an office and sitting into a cube is yes, that is the old norm, but the new norm is individuals who either at home or on a plane, on a train, on a bus, or wherever they might be, practicing and being a part of it. So I think that the one thing we have to get our arms around is the ability to invite people into this experience no matter where they are and meet them where they are, so that's number one. Number two is making sure that those networks are available and that they're high speed, right? That we are making sure that they're not being used necessarily for streaming of Netflix, but being able to solve the cyber attacks. So there might be segmentation, there might be, as you said, this collective intelligent sharing that'll go across these entities. >> You know, it's interesting, Bill, you're bringing up something that we've been riffing on and I want to just expose that to you and kind of think out loud here. You're mentioning the convergence of physical, hybrid, 100% virtual as it kind of comes together. And then community and collective intelligence, we just talked about that, certainly relevant, you can see more movement on that side and more innovation. But the other thing that comes out of the woodwork and I want to get your thoughts on this is the old IoT Edge, Internet of things. Because if you think about that convergence of operational technologies and Internet technologies, ID, you now have that world's been going on for awhile, so obviously, you got to have telemetry on physical devices, you got to bring it in IT, so as you guys have this Iron Dome, collective view, hallux of view of things, it's really physical and virtual coming together. The virtualization-- >> It's all the above, it's all the above. The whole concept of IoT and OT and whether it's a device that's sitting in a solar wind panel or whether it's a device that's sitting in your network, it could be the human element, or it could actually be a device, that is where you require that cyber posture, that ability to do analytics on it, the ability to respond. And the ability to collectively see all of it, and that goes to that whole visualization I talked to you about, is being able to see your entire network, you can't protect something if you can't see it, and that's something that we've done across IronDome, and with our customers and prospects and with IronDefense, so it's something that absolutely is part of the things we're seeing in the cyber world. >> I want to get your reaction to some commentary that we've been having, Dave Vellante and myself on the team, and we were talking about how events have been shut down, the physical space, the venues where they have events. Obviously, we go to a lot of events with theCUBE, you know that. So, obviously that's kind of our view, but when you think about Internet of things, you think about collective intelligence with community, whether it's central to gamification or Iron Dome that you're innovating on, as we go through the pandemic, there's going to be a boomerang back, we think, to the importance of the physical space, cause at some point, we're going to get back to the real world, and so, the question is what operational technology, what version of learnings do we get from this shelter in place that gets applied to the physical world? This is the convergence of physical and virtual. We see as a big way, want to get your reaction to that. >> I absolutely agree with you, I think that we're going to learn some incredible lessons in so many different ways whether it's healthcare, financial, but I also, believe that's what you said, is that convergence of physical and virtual will become almost one in the same. We will see individuals that will leverage the physical when they need to and leverage the virtual when they need to. And I think that that's something that we will see more and more of of companies looking at how they actually respond and support their customer base. You know, some might decide to have more individuals in an at-home basis, to support a continuity of operations, some might decide that we're going to have some physical spaces and not others, and then we're going to leverage physical IT and some virtual IT, especially the cloud infrastructures are going to become more and more valuable as we've seen within our IronDome infrastructure. >> You know, we were riffing the other day in the remote interviews, theCUBE is going virtual, and we were joking that Amazon Web Services was really created through the trend of virtualization. I mean, VMware and the whole server virtualization created the opportunity for Amazon to abstract and create value. And we think that this next wave is going to be this pandemic has woken us up to this remote, virtual contribution, and it might create a lot of opportunities, for us, for instance, virtual CUBE, for virtual business. I'm sure you, as the CEO of IronNet, are thinking about how you guys recover post-pandemic, is it going to be a different world, are you going to have a mix of virtual, digital, integrated into your physical, whether it's how you market your products and engage customers to solving technical problems. This is a new management challenge, and it's an opportunity if you get it right, it could be a headwind or a tailwind, depending on how you look at it. So I want to get your thoughts on this virtualization post-pandemic management structure, management philosophy, obviously, dislocation with spacial economics, I get that and I always go to work in the office much but, beyond that, management style, posture, incentives. >> Yes, I think that there's a lot of things unpacked there. I mean, one is it is going to be about a lot of more communication. You know, I will tell you that since we have gone into this quarantine, we're holding weekly all hands, every Friday, all in a virtual environment. I think that the transparency will be even more. You know, one of the things that I'm most encouraged by and inspired by is the productivity. I will tell you, getting access to individuals has gotten easier and easier for us. The ability to get people into this virtual environment. They're not spending hours upon hours on commuting or flying on planes or going different places, and it doesn't mean that that won't be an important element of business, but I think it's going to give time back to individuals to focus on what is the most important priorities for the companies that they're driving. So this is an opportunity, I will tell you, our productivity has increased exponentially. We've seen more and more meetings, where more and more access to very high level individuals, who have said we want to hear what you guys are doing, and they have the time to do it now instead of jumping on a plane and wasting six hours and not being productive. >> It's interesting, it's also a human element too, you can hear babies crying, kids playing, dogs barking, you kind of laugh and chuckle in the old days, but now this is a humanization piece of it, and that should foster real communities, so I think... Obviously, we're going to be watching this virtualization of communities, collective intelligence and congratulations, I think Iron Dome, and iron offense, obviously which is core product, I think your Iron Dome is a paradigm that is super relevant, you guys are visionaries on this and I think it's turning out to be quite the product, so I want to congratulate you on that. Thanks for-- >> Thank you, John. Thanks for your time today and stay safe. >> Bill, thanks for joining us and thanks for your great insights on cyber COVID-19, and we'll follow up more on this trend of bio weaponry and kind of the trajectory of how cyber and scale cloud is going to shape how we defend and take offense in the future on how to defend our country and to make the world a safer place. I'm John Furrier, you're watching theCUBE here and our remote interviews in our quarantine studio in Palo Alto, thanks for watching. (lively music)

>>Bye from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angle media. >>Hey, welcome back. Everyone's keeps coverage here in San Francisco at the Moscone center for RSA conference 2020 I'm John, your host, as cybersecurity goes to the next generation as the new cloud scale, cyber threats are out there, the real impact a company's business and society will be determined by the industry. This technology and the people that a cube alumni here, caramel Jaffer, SVP, senior vice president of strategy and corporate development for iron net. Welcome back. Thanks to Shawn. Good to be here. Thanks for having so iron net FC general Keith Alexander and you got to know new CEO of there. Phil Welsh scaler and duo knows how to scale up a company. He's right. Iron is doing really well. The iron dome, the vision of collaboration and signaling. Congratulations on your success. What's a quick update? >> Well look, I mean, you know, we have now built the capability to share information across multiple companies, multiple industries with the government in real time at machine speed. >>Really bringing people together, not just creating collected security or clip to defense, but also collaborating real time to defend one another. So you're able to divide and conquer Goliath, the enemy the same way they come after you and beat them at their own game. >> So this is the classic case of offense defense. Most corporations are playing defense, whack-a-mole, redundant, not a lot of efficiencies, a lot of burnout. Exactly. Not a lot of collaboration, but everyone's talking about the who the attackers are and collaborating like a team. Right? And you guys talk about this mission. Exactly. This is really the new way to do it. It has, the only way it works, >> it is. And you know, you see kids doing it out there when they're playing Fortnite, right? They're collaborating in real time across networks, uh, to, you know, to play a game, right? You can imagine that same construct when it comes to cyber defense, right? >>There's no reason why one big company, a second big company in a small company can't work together to identify all the threats, see that common threat landscape, and then take action on it. Trusting one another to take down the pieces they have folk to focus on and ultimately winning the battle. There's no other way a single company is gonna be able defend itself against a huge decency that has virtually unlimited resources and virtually unlimited human capital. And you've got to come together, defend across multiple industries, uh, collectively and collaboratively. >> Do you mean, we talked about this last time and I want to revisit this and I think it's super important. I think it's the most important story that's not really being talked about in the industry. And that is that we were talking last time about the government protects businesses. If someone dropped troops on the ground in your neighborhood, the government would protect you digitally. >>That's not happening. So there's really no protection for businesses. Do they build their own militia? Do they build their own army? Who was going to, who's going to be their heat shield? So this is a big conversation and a big, it brings a question. The role of the government. We're going to need a digital air force. We're going to need a digital army, Navy, Navy seals. We need to have that force, and this has to be a policy issue, but in the short term, businesses and individuals are sitting out there being attacked by sophisticated mission-based teams of hackers and nation States, right? Either camouflaging or hiding, but attacking still. This is a huge issue. What's going on? Are people talking about this in D C well, >> John, look not enough. People are talking about it, right? And forget DC. We need to be talking about here, out here in the Silicon Valley with all these companies here at the RSA floor and bring up the things you're bringing up because this is a real problem we're facing as a nation. >>The Russians aren't coming after one company, one state. They're coming after our entire election infrastructure. They're coming after us as a nation. The Chinese maybe come after one company at a time, but their goal is to take our electoral properties, a nation, repurpose it back home. And when the economic game, right, the Iranians, the North Koreans, they're not focused on individual actors, but they are coming after individual actors. We can't defend against those things. One man, one woman, one company on an Island, one, one agency, one state. We've got to come together collectively, right? Work state with other States, right? If we can defend against the Russians, California might be really good at it. Rhode Island, small States can be real hard, defends against the Russians, but if California, Rhode Island come together, here's the threats. I see. Here's what it's. You see share information, that's great. Then we collaborate on the defense and work together. >>You take these threats, I'll take those threats and now we're working as a team, like you said earlier, like those kids do when they're playing fortnight and now we're changing the game. Now we're really fighting the real fight. >> You know, when I hear general Keith Alexander talking about his vision with iron net and what you guys are doing, I'm inspired because it's simply put, we have a mission to protect our nation, our people, and a good businesses, and he puts it into kind of military, military terms, but in reality, it's a simple concept. Yeah, we're being attacked, defend and attack back. Just basic stuff. But to make it work as the sharing. So I got to ask you, I'm first of all, I love the, I love what he has, his vision. I love what you guys are doing. How real are we? What's the progression? >>Where are we on the progress bar of that vision? Well, you know, a lot's changed to the last year and a half alone, right? The threats gotten a lot, a lot more real to everybody, right? Used to be the industry would say to us, yeah, we want to share with the government, but we want something back for, right. We want them to show us some signal to today. Industry is like, look, the Chinese are crushing us out there, right? We can beat them at a, at some level, but we really need the governor to go do its job too. So we'll give you the information we have on, on an anonymized basis. You do your thing. We're going to keep defending ourselves and if you can give us something back, that's great. So we've now stood up in real time of DHS. We're sharing with them huge amounts of data about what we're seeing across six of the top 10 energy companies, some of the biggest banks, some of the biggest healthcare companies in the country. >>Right? In real time with DHS and more to come on that more to come with other government agencies and more to come with some our partners across the globe, right? Partners like those in Japan, Singapore, Eastern Europe, right? Our allies in the middle East, they're all the four lenses threat. We can bring their better capability. They can help us see what's coming at us in the future because as those enemies out there testing the weapons in those local areas. I want to get your thoughts on the capital markets because obviously financing is critical and you're seeing successful venture capital formulas like forge point really specialized funds on cyber but not classic industry formation sectors. Like it's not just security industry are taking a much more broader view because there's a policy implication is that organizational behavior, this technology up and down the stack. So it's a much broad investment thesis. >>What's your view of that? Because as you do, you see that as a formula and if so, what is this new aperture or this new lens of investing to be successful in funding? Companies will look, it's really important what companies like forge point are doing. Venture capital funds, right? Don Dixon, Alberta Pez will land. They're really innovating here. They've created a largest cybersecurity focused fund. They just closed the recently in the world, right? And so they really focus on this industry. Partners like, Kleiner Perkins, Ted Schlein, Andrea are doing really great work in this area. Also really important capital formation, right? And let's not forget other funds. Ron Gula, right? The founder of tenable started his own fund out there in DC, in the DMV area. There's a lot of innovation happening this country and the funding on it's critical. Now look, the reality is the easy money's not going to be here forever, right? >>It's the question is what comes when that inevitable step back. We don't. Nobody likes to talk about it. I said the guy who who bets on the other side of the craps game in Vegas, right? You don't wanna be that guy, but let's be real. I mean that day will eventually come. And the question is how do you bring some of these things together, right? Bring these various pieces together to really create long term strategies, right? And that's I think what's really innovative about what Don and Alberto are doing is they're building portfolio companies across a range of areas to create sort of an end to end capability, right? Andrea is doing things like that. Ted's doing stuff like that. It's a, that's really innovation. The VC market, right? And we're seeing increased collaboration VC to PE. It's looking a lot more similar, right? And now we're seeing innovative vehicles like stacks that are taking some of these public sort of the reverse manner, right? >>There's a lot of interests. I've had to be there with Hank Thomas, the guys chief cyber wrenches. So a lot of really cool stuff going on in the financing world. Opportunities for young, smart entrepreneurs to really move out in this field and to do it now. And money's still silver. All that hasn't come as innovation on the capital market side, which is awesome. Let's talk about the ecosystem in every single market sector that I've been over, my 30 year career has been about a successful entrepreneurship check, capital two formation of partnerships. Okay. You're on the iron net, front lines here. As part of that ecosystem, how do you see the ecosystem formula developing? Is it the same kind of model? Is it a little bit different? What's your vision of the ecosystem? Look, I mean partnerships channel, it's critical to every cyber security company. You can't scale on your own. >>You've got to do it through others, right? I was at a CrowdStrike event the other day. 91% of the revenue comes from the channel. That's an amazing number. You think about that, right? It's you look at who we're trying to talk about partnering with. We're talking about some of the big cloud players. Amazon, Microsoft, right? Google, right on the, on the vendor side. Pardon me? Splunk crashes, so these big players, right? We want to build with them, right? We want to work with them because there's a story to tell here, right? When we were together, the AECOS through self is defendant stronger. There's no, there's no anonymity here, right? It's all we bring a specialty, you bring specialty, you work together, you run out and go get the go get the business and make companies safer. At the end of the day, it's all about protecting the ecosystem. What about the big cloud player? >>Cause he goes two big mega trends. Obviously cloud computing and scale, right? Multi-cloud on the horizon, hybrids, kind of the bridge between single public cloud and multi-cloud and then AI you've got the biggies are generally will be multiple generations of innovation and value creation. What's your vision on the impact of the big waves that are coming? Well, look, I mean cloud computing is a rate change the world right? Today you can deploy capability and have a supercomputer in your fingertips in in minutes, right? You can also secure that in minutes because you can update it in real time. As the machine is functioning, you have a problem, take it down, throw up a new virtual machine. These are amazing innovations that are creating more and more capability out there in industry. It's game changing. We're happy, we're glad to be part of that and we ought to be helping defend that new amazing ecosystem. >>Partnering with companies like Microsoft. They didn't AWS did, you know, you know, I'm really impressed with your technical acumen. You've got a good grasp of the industry, but also, uh, you have really strong on the societal impact policy formulation side of government and business. So I want to get your thoughts for the young kids out there that are going to school, trying to make sense of the chaos that's going on in the world, whether it's DC political theater or the tech theater, big tech and in general, all of the things with coronavirus, all this stuff going on. It's a, it's a pretty crazy time, but a lot of work has to start getting done that are new problems. Yeah. What is your advice as someone who's been through the multiple waves to the young kids who have to figure out what half fatigue, what problems are out there, what things can people get their arms around to work on, to specialize in? >>What's your, what's your thoughts and expertise on that? Well, John, thanks for the question. What I really like about that question is is we're talking about what the future looks like and here's what I think the future looks like. It's all about taking risks. Tell a lot of these young kids out there today, they're worried about how the world looks right? Will America still be strong? Can we, can we get through this hard time we're going through in DC with the world challenges and what I can say is this country has never been stronger. We may have our own troubles internally, but we are risk takers and we always win. No matter how hard it gets them out of how bad it gets, right? Risk taking a study that's building the American blood. It's our founders came here taking a risk, leaving Eagle to come here and we've succeeded the last 200 years. >>There is no question in my mind that trend will continue. So the young people out there, I don't know what the future has to hold. I don't know if the new tape I was going to be, but you're going to invent it. And if you don't take the risks, we're not succeed as a nation. And that's what I think is key. You know, most people worry that if they take too many risks, they might not succeed. Right? But the reality is most people you see around at this convention, they all took risks to be here. And even when they had trouble, they got up, they dust themselves off and they won. And I believe that everybody in this country, that's what's amazing about the station is we have this opportunity to, to try, if we fail to get up again and succeed. So fail fast, fail often, and crush it. >>You know, some of the best innovations have come from times where you had the cold war, you had, um, you had times where, you know, the hippie revolution spawn the computer. So you, so you have the culture of America, which is not about regulation and stunting growth. You had risk-taking, you had entrepreneurship, but yet enough freedom for business to operate, to solve new challenges, accurate. And to me the biggest imperative in my mind is this next generation has to solve a lot of those new questions. What side of the street is the self driving cars go on? I see bike lanes in San Francisco, more congestion, more more cry. All this stuff's going on. AI could be a great enabler for that. Cyber security, a direct threat to our country and global geopolitical landscape. These are big problems. State and local governments, they're not really tech savvy. They don't really have a lot ID. >>So what do they do? How do they serve their, their constituents? You know, look John, these are really important and hard questions, but we know what has made technology so successful in America? What's made it large, successful is the governor state out of the way, right? Industry and innovators have had a chance to work together and do stuff and change the world, right? You look at California, you know, one of the reasons California is so successful and Silicon Valley is so dynamic. You can move between jobs and we don't enforce non-compete agreements, right? Because you can switch jobs and you can go to that next higher value target, right? That shows the value of, you know, innovation, creating innovation. Now there's a real tendency to say, when we're faced with challenges, well, the government has to step in and solve that problem, right? The Silicon Valley and what California's done, what technology's done is a story about the government stayed out and let innovators innovate, and that's a real opportunity for this nation. >>We've got to keep on down that path, even when it seemed like the easier answer is, come on in DC, come on in Sacramento, fix this problem for us. We have demonstrated as a country that Americans and individual are good at solve these problems. We should allow them to do that and innovate. Yeah. One of my passions is to kind of use technology and media to end communities to get to the truth faster. A lot of, um, access to smart minds out there, but young minds, young minds, uh, old minds, young minds though. It's all there. You gotta get the data out and that's going to be a big thing. That's the, one of the things that's changing is the dark arts of smear campaigns. The story of Bloomberg today, Oracle reveals funding for dark money, group biting, big tech internet accountability projects. Um, and so the classic astroturfing get the Jedi contract, Google WASU with Java. >>So articles in the middle of all this, but using them as an illustrative point. The lawyers seem to be running the kingdom right now. I know you're an attorney, so I'm recovering, recovering. I don't want to be offensive, but entrepreneurship cannot be stifled by regulation. Sarbanes Oxley slowed down a lot of the IPO shifts to the latest stage capital. So regulation, nest and every good thing. But also there's some of these little tactics out in the shadows are going to be revealed. What's the new way to get this straightened out in your mind? We'll look, in my view, the best solution for problematic speech or pragmatic people is more speech, right? Let's shine a light on it, right? If there are people doing shady stuff, let's talk about it's an outfit. Let's have it out in the open. Let's fight it out. At the end of the day, what America's really about is smart ideas. >>Winning. It's a, let's get the ideas out there. You know, we spent a lot of time, right now we're under attack by the Russians when it comes to our elections, right? We spent a lot of time harping at one another, one party versus another party. The president versus that person. This person who tells committee for zap person who tells committee. It's crazy when the real threat is from the outside. We need to get past all that noise, right? And really get to the next thing which is we're fighting a foreign entity on this front. We need to face that enemy down and stop killing each other with this nonsense and turn the lights on. I'm a big believer of if something can be exposed, you can talk about it. Why is it happening exactly right. This consequences with that reputation, et cetera. You got it. >>Thanks for coming on the queue. Really appreciate your insight. Um, I want to just ask you one final question cause you look at, look at the industry right now. What is the most important story that people are talking about and what is the most important story that people should be talking about? Yeah. Well look, I think the one story that's out there a lot, right, is what's going on in our politics, what's going on in our elections. Um, you know, Chris Krebs at DHS has been out here this week talking a lot about the threat that our elections face and the importance about States working with one another and States working with the federal government to defend the nation when it comes to these elections in November. Right? We need to get ahead of that. Right? The reality is it's been four years since 2016 we need to do more. That's a key issue going forward. What are the Iranians North Koreans think about next? They haven't hit us recently. We know what's coming. We got to get ahead of that. I'm going to come again at a nation, depending on staff threat to your meal. Great to have you on the QSO is great insight. Thanks for coming on sharing your perspective. I'm John furrier here at RSA in San Francisco for the cube coverage. Thanks for watching.

>>Fly from San Francisco. It's the cube covering RSA conference 2020 San Francisco brought to you by Silicon angled medias >>live in. Welcome to the cube coverage here in San Francisco at Moscone hall for RSA 2020 I'm John furrier, host of the cube. We're here breaking down all the actions in cyber security. I'll say three days of wall-to-wall cube coverage. You got two great guests here, experts in the cybersecurity enterprise security space. Over 25 years. We've got two gurus and experts. We've got Bob Mindell, executive vice president of North America cyber practice for cap Gemini and Joe McMahon, head of North America cyber strategy, even a practitioner in the intelligence community. Langley, you've been in the business for 25 years. You've seen the waves guys, welcome to the cube. Thank you John. Thanks for having us. So first let's just take a step back. A cyber certainly on the number one agenda kind of already kind of broken out of it in terms of status, board level conversation, every CSO, risk management and a lot of moving parts. >>Now, cyber is not just a segment in the industry. It is the industry. Bob, this is a big part of business challenge today. What's your view? What was going on? So John has a great point. It's actually a business challenge and that's one of the reasons why it's now the top challenge. It's been a tech challenge for a long time. It wasn't always a business challenge for you as was still considered an it challenge and once it started impacting business and got into a board level discussion, it's now top of mind as a business challenge and how it can really impact the business continuity. Joe is talking before we came on camera about you know CEOs can have good days here and there and bad days then but sees us all have bad days all the time because there's so much, it's so hard. You're on the operations side. >>You see a day to day in the trenches as well as the strategy. This is really an operations operationalizing model. As new technology comes out, the challenge is operationalizing them for not only a business benefit but business risk management. It's like changing an airplane engine out at 35,000 feet. It's really hard. What are you seeing as the core challenge? This is not easy. It's a really complex industry. I mean, you take the word cybersecurity, right? Ready? Cybersecurity conference. I see technology, I see a multitude of different challenges that are trying to be solved. It means something different to everybody, and that's part of the problem is it's a really broad ecosystem that we're in. If you meet one person that says, I know all of cyber, they're lying, right? It's just like saying, I know active directory and GRC and I know DNS and I know how to, how to code, right? >>Those people don't exist and cyber is a little bit the same way. So for me, it's just recognizing the intricacies. It's figuring out the complexities, how people processing technology really fit together and it's an operation. It is an ongoing, and during operation, this isn't a program that you can run. You run it for a year, you install and you're done. There's ebbs and flows. You talked about the CISOs and the bad days. There's wins and there's losses. Yeah. And I think part of that is just having the conversation with businesses. Just like in it, you have bad days and good days wins and losses. It's the same thing in cybersecurity and we've got to set that expectation. Yeah, you didn't bring up a good point. I've been saying this on the cube and we've been having conversations around this. It used to be security as part of it, right? >>But now that it's part of the business, the things that you're mentioning around people, process, technology, the class, that kind of transformational formula, it is business issues, organizational behavior. Not everyone's an expert specialism versus generalists. So this is like not just a secure thing, it's the business model of a company is changing. So that's clear. There's no doubt. And then you've got the completion of the cloud coming, public cloud, hybrid multi-cloud. Bob, this is a number one architectural challenge. So outside of the blocking and tackling basics, right, there's now the future business is at risk. What does cap Gemini do? And because you guys are well known, great brand, helping companies be successful, how do you guys go to customers and say, Hey, here's what you do. What's the, what's the cap Gemini story? >>So the cat termini stories is really about increasing your cybersecurity maturity, right? As Joe said, starting out at the basics. If you look at a lot of the breaches that have occurred today have occurred because we got away from the basics and the fundamentals, right? Shiny new ball syndrome. Really. Exactly exasperates that getting away from the basics. So the technology is an enabler, but it's not the be all and end all right, go into the cloud is absolutely a major issue. That's increasing the perimeter, right? We've gone through multiple ways as we talked about, right? So now cloud is is another way, cloud, mobile, social. How do you deal with those from on prem, off prem. But ultimately it's about increasing your cyber cyber security maturity and using the cloud as just increasing the perimeter, right? So you need to, you really need to understand, you have your first line defense and then your maturity is in place. Whether the data resides in your organization, in the cloud, on a mobile device, in a social media, you're responsible for it all. And if you don't have the basics, then you're, you're really, and you guys bring a playbook, is that what you guys come in and do? Correct. Correct. Right. So our goal is to coordinate people, process technology and leverage playbooks, leverage the run books that we had been using for many years. >>I want to get down to you on this one because of what happens when you take that to the, into the practitioner mode or at implementation. Customers want the best technology possible. They go for the shiny new choice. Bob just laid out. There's also risks too because it may or may not be big. So you've got to balance out. I got to get an edge technically because the perimeters becoming huge surface area now or some say has gone. Now you've got edge, just all one big exposed environment, surface area for vulnerabilities is massive. So I need better tech. How do you balance and obtain the best tech and making sure it works and it's in production and secure. So there's a couple of things, right, and this is not, it's not just our, and you'll hear it from other people that have been around a long time, but a lot of organizations that we see have built themselves so that their cybersecurity organization is supporting all these tools that we see. >>That's the wrong way to do it. The tools should support the mission of the organization, right? If my mission is to defend my enterprise, there are certain things that I need to do, right? There's questions I need to be able to ask and get answers to. There's data I need visibility into. There's protections and controls I need to be able to implement. If I can lay those out in some coordinated strategic fashion and say, here's all the things I'm trying to accomplish, here's who's going to do it. Here's my really good team, here's my skilled resources, here's my workflows, my processes, all that type of stuff. Then I can go find the right technology to put into that. And I can actually measure if that technology is effective in supporting my mission. But too often we start with the technology and then we hammer against it and we run into CISOs and they say, I bought all this stuff and it's not working and come hell yeah. >>And that's backing into it the wrong. So I've heard from CSOs, I'd like they buying all these tools. It's like a tool shed. Don't be the fool with the wrong tool as they I say. But that brings up the question of, okay, as you guys go to customers, what are some of the main pain points or issues that they're trying to overcome that that are opportunities that you guys are helping with? Uh, on the business side and on the technical side, what are some of the things? So on the business side, you know, one is depending on their level of maturity and the maturity of the organization and the board of directors and their belief in, in how they need to help fund this. We can start there. We can start by helping draw out the threat landscape within that organization where they are maturity-wise and where they need to go and help them craft that message to the board of directors and get executive sponsorship from the board down in order to take them from baby, a very immature organization or you know, a reactive organization to an adaptive organization, right. >>And really become defenders. So from a business perspective, we can help them there. From the technology perspective, Joe, uh, you know, or an implementation perspective. I think, you know, it's been a really interesting road like being in this a long time, you know, late two thousands when nation States were first really starting to become a thing. All the industries we were talking to, every customer is like, I want to be the best in my industry. I want to be the shining example. And boards in leadership were throwing money at it and everybody was on this really aggressive path to get there. The conversation is shifted a little bit with a lot of the leadership we talked to. It's, I just want to be good enough, maybe a little bit better than good enough, but my, my objective anymore is it to leave the industry. Cause that's really expensive and there's only one of those. >>My objective is to complete my mission maybe a little bit above and beyond, but I need the right size and right. So we spent a lot of time helping organizations, I would say optimize, right? It's what is the right level of people, what is the right amount of resources, what's the right spend, what's the right investment, the right allocation of technology and mix of everything, right? And sometimes it's finding the right partner. Sometimes it's doing certain things in house. It's, there's no one way to solve this problem, but you've got to go look at the business challenges. Look at the operational realities of the customer, their budgets, all those, their geographies mattered, right? Some places it's easy to hire talent. Some places it's not so easy to hire talent. And that's a good point, right? Some organizations, >>they just need to understand what does good look like and we can, we have so many years of experience. We have so many customers use skates is we've been there and we've done that. We can bring the band and show them this is what good looks like and this is sustainable >>of what good looks like. I want to get your reactions to, I was talking to Keith Alexander, general Keith Alexander, a former cyber command had last night and we were talking about officers, his defense and that kind of reaction. How the Sony hack was was just was just, they just went after him as an example. Everyone knows about that hack, but he really was getting at the idea of human efficiency, the human equation, which is if you have someone working on something that here, but their counterpart might be working on it maybe from a different company or in the same company, they're redundant. So there's a lot of burnout, a lot of people putting out fires. So reactive is clearly, I see as a big trend that the conversation's shifting towards let's be proactive, let's get more efficient in the collaboration as well as the technology. What you, how do you guys react to that? What's your view on that statement? So >>people is the number one issue, in my opinion. In this space, there's a shortage of people. The people that are in it are working very long hours. They're burnt out. So we constantly need to be training and bringing more people into the industry. Then there's the scenario around information sharing, right? Threat information sharing, and then what levels are you comfortable with as an organization to share that information? How can you share best practices? So that's where the ice sacks come into play. That's also where us as a practitioner and we have communities, we have customers, we bring them together to really information, share, share, best practice. It's in all of our best interests. We all have the same goal and the goal is to protect our assets, especially in the United States. We have to protect our assets. So we need, the good thing is that it's a pretty open community in that regards and sharing the information, training people, getting people more mature in their people, process technology, how they can go execute it. >>Yeah. What's your take on the whole human equation piece? Right? So sharing day, you probably heard a word and the word goes back to where I came from, from my heritage as well, but I'm sure general Alexander used the word mission at some point, right? So to me, that's the single biggest rallying point for all of the people in this. If you're in this for the right reasons, it's because you care about the mission. The mission is to defend us. Stop the bad guys from doing days, right? Whether you're defending the government, whether you're defending a commercial enterprise, whether you're defending the general public, right? Whatever the case is, if you're concerned, you know, if you believe in the mission, if you're committed to the mission, that's where the energy comes from. You know, there's a lot of, there's a lot of talk about the skill gap and the talent gap and all of those types of things. >>To me, it's more of a mindset issue than anything. Right? The skill sets can be taught. They can be picked up over time. I was a philosophy major. All right? Somehow I ended up here. I have no idea how, um, but it's because I cared about the mission and everybody has a part to play. If you build that peer network, uh, both at an individual level and at an organizational and a company level, that's really important in this. Nobody's, nobody's an expert at everything. Like we said, you brought a philosophy. I think one of the things I have observed in interviewing and talking to people is that the world's changed so much that you almost need those fresh perspectives because the problems are new problems, statements, technology is just a part of the problem set back to the culture. The customer problem, Bob, is that they got to get all this work done. >>And so what are some of the use cases that you guys are working on that that is a low hanging fruit in the industry or our customer base? How do you guys engage with customers? So our target market is fortune 500 global 1000 so the biggest of the big enterprises in the world, right? And because of that, we've seen a lot of a complex environments, multinational companies as our customers. Right? We don't go at it from a pure vertical base scenario or a vertical base solution. We believe that horizontal cybersecurity can it be applied to most verticals. Right. And there's some tweaking along the way. Like in financial services, there's regulars and FFIC that you need to be sure you adapt to. But for the most part the fundamentals are applicable. All right. With that said, you know, large multinational manufacturing organization, right? They have a major challenge in that they have manufacturing sites all over the world. >>They building something that is, you know, unique. It has significant IP to it, but it's not secure. Historically they would have said, well, nobody's really gonna just deal steal what we do because it's really not differentiated in the world, but it is differentiated and it's a large corporation making a lot of money. Unfortunately ransomware, that'd be a photographer. Ransomware immediately, right? Like exact down their operations and their network, right? So their network goes down. They can have, they can, they can not have zero downtown and their manufacturing plants around the world. So for us, we're implementing solutions and it's an SLA for them is less than six seconds downtime by two that help secure these global manufacturing environment. That's classic naive when they are it. Oh wow. We've got to think about security on a much broader level. I guess the question I have for you guys, Joe, you talk about when do you guys get called in? >>I mean what's your main value proposition that you guys, cause you guys got a broad view of the industry, that expertise. Why do, why are customers calling you guys and what do you guys deliver? They need something that actually works, right? It's, it's you mentioned earlier, I think when we were talking how important experiences, right? And it's, Bob said it too, having been there, done that I think is really important. The fact that we're not chasing hype, we're not selling widgets. That we have an idea of what good looks like and we can help an organization kind of, you know, navigate that path to get there is really important. So, uh, you know, one of our other customers, large logistics company, been operating for a very long time. You know, very, very mature in terms of their, it operations, those types of things. But they've also grown through merger and acquisition. >>That's a challenge, uh, cause you're taking on somebody else's problem set and they just realize, simply put that their existing security operations wasn't meeting their needs. So we didn't come in and do anything fancy necessarily. It's put a strategic plan in place, figure out where they are today, what are the gaps, what do they need to do to overcome those gaps? Let's go look at their daily operations, their concept of operations, their mission, their vision, all of that stuff down to the individual analysts. Like we talked about the mindset and skillset. But then frankly it's putting in the hard work, right? And nobody wants to put in the heart. I don't want to say nobody wants to put in the hard work. That's fun. There's a lot of words that's gets done I guess by the questions that you guys getting called in on from CSOs chief and Mason security officers. >>Guess who calls you? So usually we're in talking to the Cisco, right? We're having the strategic level conversation with the Cisco because the Cisco either has come in new or has been there. They may have had a breach. Then whatever that compelling event may be, they've come to the realization that they're not where they need to be from a maturity perspective and their cyber defense needs revamping. So that's our opportunity for us to help them really increase the maturity and help them become defenders. Guys, great for the insight. Thanks for coming on the cube. Really appreciate you sharing the insights. Guys. Give a quick plug for what you guys are doing. Cap Gemini, you guys are growing. What do you guys look to do? What are some of the things that's going on? Give the company plug. Thanks Sean show. It's been a very interesting journey. >>You know this business started out from Lockheed Martin to Leidos cyber. We were acquired by cap Gemini a year ago last week. It's a very exciting time. We're growing the business significantly. We have huge growth targets for 2020 and beyond, right? We're now over 800 practitioners in North America, over 2,500 practitioners globally, and we believe that we have some very unique differentiated skill sets that can help large enterprises increase their maturity and capabilities plug there. Yeah, I mean, look, nothing makes us happier than getting wins when we're working with an organization and we get to watch a mid level analyst brief the so that they just found this particular attack and Oh by the way, because we're mature and we're effective, that we were able to stop it and prevent any impact to the company. That's what makes me proud. That's what makes it so it makes it fun. >>Final question. We got a lot of CSOs in our community. They're watching. What's the pitch to the CSO? Why, why you guys, we'd love to come in to understand what are their goals, how can we help them, but ultimately where do they believe they think they are and where do they need to go and we can help them walk that journey. Whether it's six months, a year, three years, five years. We can take them along that journey and increase the cyber defense maturity. Joe, speak to the CSO. What are they getting? They're getting confidence. They're getting execution. They're getting commitment to delivery. They're getting basically a, a partner in this whole engagement. We're not a vendor. We're not a service provider. We are a partner. A trusted partner. Yeah, partnerships is key. Building out in real time. A lot new threats. Got to be on offense and defense going on. A lot of new tech to deal with. I mean, it's a board level for a long time. Guys, thanks for coming on. Cap Gemini here inside the cube, bringing their practices, cybersecurity, years of experience with big growth targets. Check them out. I'm John with the cube. Thanks for watching.

>> From the SiliconANGLE Media office in Boston, Massachusetts, it's the cube. Now, here's your host, Dave Vellante. >> Hello everyone and welcome to this week's Wikibon cube insights powered by ETR. In this breaking analysis ahead of the RSA conference, we want to update you on the cyber security sector. This year's event is underlined by coronavirus fears, IBM has pulled out of the event and cited the epidemic as the reason and it's also brings to the front the sale of RSA by Dell to STG partners and private equity firm. Now in our last security drill down, we cited several mega trends in the security sector. These included the ever escalating sophistication of the attacker, the increased risk from the data economy, the expanded attack surface with the huge number of IP addresses that are that are exploding out there, and the lack of skills and the number of cyber tools that are coming to the market. Now, as you know, in these segments, we'd like to share insights from the cube. And I want you to listen to two American statesman and what they said, on The Cube. Here's general Keith Alexander, who's the former director of the NSA, along with Dr. Robert Gates, who's the former director of the CIA and former Secretary of Defense, play the clip. >> When you think about threats, you think about nation states, so you can go to Iran, Russia, China, North Korea, and then you think about criminal threats, and all the things like ransomware. Some of the nation state actors are also criminals at night, so they can use nation state tools and my concern about all the evolution of cyber threats is that the attacks are getting more destructive. >> I think cyber and the risks associated with cyber, and IT need to be a regular part of every board's agenda. >> So you hear General Alexander really underscore the danger, as well, Dr. Gates is articulating what we've said many times on the cube that cyber security is a board level agenda item. Now, the comments from both of these individuals represent what I would consider tailwinds for cyber technology companies. Now we're going to drill into some of those today. But it's not all frictionless. There are headwinds to in this market space, cloud migration, the shift from north south south to East West network traffic, its pressure traditional appliance based perimeter security solutions, increase complexity and lack of skills and other macro factors, including questions on ROI. CFO saying, hey, we spend all this cash, why aren't we more secure? Now, I want you to hear from two chief information security officers officers on both the challenges that they face and how they're dealing with them. Roll the clip. >> Lack of talent, I mean, we're starving for talent. Cybersecurity is the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have and in that lack of talent Cecil's are starving. >> I think that the public cloud offers us a really interesting opportunity to reinvent security right. So if you think about all of the technologies and processes and many of which are manual over the years, I think we have an opportunity to leverage automation to make our work easier in some ways. >> Now I featured Brian Lozada and Katie Jenkins before and breaking analysis segments, and you can hear it from the cyber leaders, we lack the talent, and cloud computing and automation are areas we're pursuing. So this challenges security companies to respond. But at the end of the day, companies have no no choice. In other words, organizations buying security solutions, the sophistication of the attacker is very high and the answer to my CFO and ROI is fear based. If you don't do this, you might lose billions in market cap. Now, I want you to take a listen to these cubilam talking about the attacker of sophistication and the importance of communication skills in order to fund cyber initiatives, really to keep up with the bad guys, please play the clip. >> The adversary is talented and they're patient, they're well funded okay, that's that's where it starts. And so, you know why why bring an interpreter to a host when there's already one there right? Why write all this complicated software distribution when I can just use yours. And so that's that's where the play the game starts. And and the most advanced threats aren't leaving footprints because the footprints already there, you know, they'll get on a machine and behaviorally they'll check the cash to see what's hot. And what's hot in the cash means that behaviorally, it's a fast they can go they're not cutting a new trail most of the time, right? So living off the land is not only the tools that they're using the automation, your automation they're using against you, but it's also behavioral. >> That's why the most the most important talent or skill that a security professional needs is communication skills. If you can't articulate technical risk into a business risk to fund your program, it's, you know, it's very hard for you to actually be successful in security. >> Now, the really insidious thing about what TK Keanini just said is the attackers are living off the land, meaning they're using your tools and your behaviors to sneak around your data unnoticed. And so as Brian Lozada said, as a security Pro, you need to be a great communicator in order to get the funding that you need to compete with the bad guys. Which brings me to the RSA conference. This is why you as a security practitioner attend, you want to learn more, you want to obtain new skills, you want to bring back ideas to the organization. Now one of the things I did to prepare for this segment is to read the RSA conference content agenda, which was co authored by Britta Glade and I read numerous blogs and articles about what to expect at the event and from all that I put together this word cloud, which conveys some of the key themes that I would expect you're going to hear at the shows. Look at skills jump right out, just like Brian was saying, the human element is going to be a big deal this year. IoT and the IT OT schism, everyone's talking about the Olympics, and seeing that as a watershed event for cyber, how to apply machine learning and AI is a big theme, as is cloud with containers and server less. phishing, zero trust and frameworks, framework for privacy, frameworks for governance and compliance, the 2020 election and weaponizing social media with deep fakes, and expect to hear a lot about the challenges of securing 5G networks, open source risks, supply chain risks, and of course, the need for automation. And it's no surprise there's going to be a lot of talk about cyber technology, the products and of course, the companies that sell them. So let's get into the market and unpack some of the ETR spending data and drill into some of these companies. The first chart I want to show you is spending on cyber relative to other initiatives. What this chart shows is the spending on cyber security highlighted in the green in relation to other sectors in the ETR taxonomy. Notice the blue dot. It shows the change in spending expected in 2020 versus 2019. Now, two points here. First, is that despite the top of my narrative that we always hear, the reality is that other initiatives compete for budget and you just can't keep throwing cash at the security problem. As I've said before, we spend like .014% percent of our global GDP on cyber, so we barely scratched the surface. The second point is there's there's there's a solid year on year growth quite high at 12% for a sector that's estimated at 100 to 150 billion dollars worldwide, according to many sources. Now let's take a look at some of the players in this space, who are going to be presenting at the RSA conference. You might remember to my 2020 predictions in that breaking analysis I focused on two ETR metrics, Net Score, which is a measure of spending velocity and Market Share, which measures pervasiveness in the data set. And I anointed nine security players as four star players. These were Microsoft, Cisco, Palo Alto Networks, Splunk, Proofpoint, Fortinet, Oka, Cyber Ark and CrowdStrike. What we're showing here is an update of that data with the January survey data. My four star companies were defined as those in the cyber security sector that demonstrate in both net scores or spending momentum, that's the left hand chart and market share or pervasiveness on the right hand chart. Within the top 22 companies, why did I pick 22? Well, seemed like a solid number and it fit nicely in the screen and allowed more folks. So a few takeaways here. One is that there are a lot of cyber security companies in the green from the standpoint of net score. Number two is that Fortinet and Cisco fell off the four star list because of their net scores. While still holding reasonably well, they dropped somewhat. Also, some other companies like Verona's and Vera code and Carbon Black jumped up on the net score rankings, but Cisco and Fortinet are still showing some strength in the market overall, I'ma talk about that. Cisco security businesses up 9% in the quarter, and Fortinet is breaking away from Palo Alto Networks from a valuation perspective, which I'm going to drill into a bit. So we're going to give Cisco and Fortinet two stars this survey period. But look at Zscaler. They made the cut this time their net score or spending momentum jumped from 38% last quarter to nearly 45% in the January survey, with a sizable shared in at 123. So we've added Zscaler to the four star list, they have momentum, and we're going to continue to watch that quarterly horse race. Now, I'd be remiss if I didn't point out that Microsoft continues to get stronger and stronger in many sectors including cyber. So that's something to really pay attention to. Okay, I want to talk about the valuations a bit. Valuations of cyber security space are really interesting and for reasons we've discussed before the market's hot right now, some people think it's overvalued, but I think the space is going to continue to perform quite well, relative to other areas and tech. Why do I say that? Because cyber continues to be a big priority for organizations, the software and annual recurring revenue contribution ARR continues to grow, M&A is going to continue to be robust in my view, which is going to fuel valuations. So Let's look at some of the public companies within cyber. What I've compiled in this chart is eight public companies that were cited as four star or two star firms, as I defined earlier, now ranked this by market value. In the columns, we show the market cap and trailing 12 month revenue in billions, the revenue multiple and the annual revenue growth. And I've highlighted Palo Alto Networks and Fortinet because I want to drill into those two firms, as there's a valuation divergence going on between those two names, and I'll come back to that in just a minute. But first, I want to make a few points about this data. Number one is there's definitely a proportional relationship between the growth rate and the revenue multiple or premium being paid for these companies. Generally growth ranges between one and a half to three times the revenue multiple being paid. CrowdStrike for example has a 39 x revenue multiple and is growing at 110%, so they're at the high end of that range with a growth at 2.8 times their revenue multiple today. Second, and related, as you can see a wide range of revenue multiples based on these growth rates with CrowdStrike, Okta and now Zscaler as the standouts in this regard. And I have to call at Splunk as well. They're both large, and they have high growth, although they are moving beyond, you know, security, they're going into adjacencies and big data analytics, but you you have to love the performance of Splunk. The third point is this is a lucrative market. You have several companies with valuations in the double digit billions, and many with multi billion dollar market values. Cyber chaos means cash for many of these companies, and, of course for their investors. Now, Palo Alto throw some of these ratios out of whack, ie, why the lower revenue multiple with that type of growth, and it's because they've had some execution issues lately. And this annual growth rate is really not the best reflection of the stock price today. That's really being driven by quarterly growth rates and less robust management guidance. So why don't we look into that a bit. What this chart shows is the one year relative stock prices of Palo Alto Networks in the blue and compared to Fortinet in the red. Look at the divergence in the two stocks, look at they traded in a range and then you saw the split when Palo Alto missed its quarter last year. So let me share what I think is happening. First, Palo Alto has been a very solid performance since an IPO in 2012. It's delivered more than four Rex returns to shareholders over that period. Now, what they're trying to do is cloud proof their business. They're trying to transition more to an AR model, and rely less on appliance centric firewalls, and firewalls are core part of the business and that has underperformed expectations lately. And you just take Legacy Tech and Cloud Wash and Cloud native competitors like Zscaler are taking advantage of this and setting the narrative there. Now Palo Alto Network has also had some very tough compares in 2019 relative to 2018, that should somewhat abate this year. Also, Palo Alto has said some execution issues during this transition, especially related to sales and sales incentives and aligning that with this new world of cloud. And finally, Palo Alto was in the process of digesting some acquisitions like Twistlock, PureSec and some others over the past year, and that could be a distraction. Fortinet on the other hand, is benefiting from a large portfolio refresh is capitalizing on the momentum that that's bringing, in fact, all the companies I listed you know, they may be undervalued despite, of all the company sorry that I listed Fortinet may be undervalued despite the drop off from the four star list that I mentioned earlier. Fortinet is one of those companies with a large solution set that can cover a lot of market space. And where Fortinet faces similar headwinds as Palo Alto, it seems to be executing better on the cloud transition. Now the last thing I want to share on this topic is some data from the ETR regression testing. What ETR does is their data scientists run regression models and fit a linear equation to determine whether Wall Street earnings consensus estimates are consistent with the ETR spending data, they started trying to line those up and see what the divergence is. What this chart shows is the results of that regression analysis for both Fortinet and Palo Alto. And you can see the ETR spending data suggests that both companies could outperform somewhat expectations. Now, I wouldn't run and buy the stock based on this data as there's a lot more to the story, but let's watch the earnings and see how this plays out. All right, I want to make a few comments about the sale of the RSA asset. EMC bought RSA for around the same number, roughly $2 billion that SDG is paying Dell. So I'm obviously not impressed with the return that RSA has delivered since 2006. The interesting takeaway is that Dell is choosing liquidity over the RSA cyber security asset. So it says to me that their ability to pay down debt is much more important to Dell and their go forward plan. Remember, for every $5 billion that Dell pays down in gross debt, it dropped 25 cents to EPS. This is important for Dell to get back to investment grade debt, which will further lower its cost. It's a lever that Dell can turn. Now and also in thinking about this, it's interesting that VMware, which the member is acquiring security assets like crazy and most recently purchased carbon black, and they're building out a Security Division, they obviously didn't paw on the table fighting to roll RSA into that division. You know maybe they did in the financial value of the cash to Dell was greater than the value of the RSA customers, the RSA product portfolio and of course, the RSA conference. But my guess is Gelsinger and VMware didn't want the legacy tech. Gelsinger said many times that security is broken, it's his mission to fix it or die trying. So I would bet that he and VMware didn't see RSA as a path to fixing security, it's more likely that they saw it as a non strategic shrinking asset that they didn't want any part of. Now for the record, and I'm even won't bother showing you the the data but RSA and the ETR data set is an unimpressive player in cyber security, their market share or pervasiveness is middle of the pack, so it's okay but their net score spending velocities in the red, and it's in the bottom 20th percentile of the data set. But it is a known brand, certainly within cyber. It's got a great conference and it's been it's probably better that a PE company owns them than being a misfit toy inside of Dell. All right, it's time to summarize, as we've been stressing in our breaking analysis segments and on the cube, the adversaries are very capable. And we should expect continued escalation. Venture capital is going to keep pouring into startups and that's going to lead to more fragmentation. But the market is going to remain right for M&A With valuations on the rise. The battle continues for best of breed tools from upstarts like CrowdStrike and Okta and Zscaler versus sweets from big players like Cisco, Palo Alto Networks and Fortinet. Growth is going to continue to drive valuations. And so let's keep our eyes on the cloud, remains disruptive and for some provides momentum for others provides friction. Security practitioners will continue to be well paid because there's a skill shortage and that's not going away despite the push toward automation. Got in talk about machine intelligence but AI and ML those tools, there are two edged sword as bad actors are leveraging installed infrastructure, both tools and behaviors to so called live off the land, upping the stakes in the arms race. Okay, this is Dave Vellante for Wikibon's CUBE Insights powered by ETR. Thanks for watching this breaking analysis. Remember, these episodes are all available as podcasted Spotfire or wherever you listen. Connect with me at david.vellante at siliconangle.com, or comment on my LinkedIn. I'm @dvellante on Twitter. Thanks for watching everybody. We'll see you next time. (upbeat music).