>> Announcer: TheCUBE presents Ignite '22, brought to you by Palo Alto Networks. >> Welcome back to Las Vegas. It's theCUBE covering Palo Alto Networks '22, from the MGM Grand, Lisa Martin with Dave Vellante. Dave, we are going to unpack in the next few minutes what we heard and saw at day one of Palo Alto Networks, Ignite. A lot of great conversations, some great guests on the program today. >> Yeah last event, CUBE event of the year. Probably last major tech event of the year. It's kind of an interesting choice of timing, two weeks after reInvent. But you know, this crowd is it's a lot of like network engineers, SecOps pros. There's not a lot of suits here. I think they were here yesterday, all the partners. >> Yeah. >> We talked to Carl Sunderland about, Hey, these, these guys want to know how do I grow my business? You know, so it was a lot of C level executives talking about their business, and how they partner with Palo Alto to grow. The crowd today is really, you know hardcore security professionals. >> Yeah. >> So we're hearing a story of consolidation. >> Yes. >> No surprise. We've talked about that and reported on it, you know, quite extensively. The one big takeaway, and I want, I came in, as you know, wanting to understand, okay, can you through m and a maintain, you know, build a suite of great, big portfolio and at the same time maintain best of breed? And the answer was consistent. We heard it from Nikesh, we heard it from Nir Zuk. The answer was you can't be best of breed without having that large portfolio, single data lake, you know? Single version of the truth, of there is such a thing. That was interesting, that in security, you have to have that visibility. I would imagine, that's true for a lot of things. Data, see what Snowflake and Databricks are both trying to do, now AWS. So to join, we heard that last week, so that was one of the big takeaways. What were your, some of your thoughts? >> Just impressed with the level of threat intelligence that Unit 42 has done. I mean, we had Wendy Whitmer on, and she was one of the alumni, great guest. The landscape has changed so dramatically. Every business, in any industry, nobody's safe. They have such great intelligence on what's going on with malware, with ransomware, with Smishing, that they're able to get, help organizations on their way to becoming cyber resilient. You know, we've been talking a lot about cyber resiliency lately. I always want to understand, well what does it mean? How do different organizations and customers define it? Can they actually really get there? And Wendy talked about yes, it is a journey, but organizations can achieve cyber resiliency. But they need to partner with Palo Alto Networks to be able to understand the landscape and ensure that they've got security established across their organization, as it's now growingly Multicloud. >> Yeah, she's a blonde-haired Wonder Woman, superhero. I always ask security pros that question. But you know, when you talk to people like Wendy Whitmore, Kevin Mandy is somebody else. And the people at AWS, or the big cloud companies, who are on the inside, looking at the threat intelligence. They have so much data, and they have so much knowledge. They can, they analyze, they could identify the fingerprints of nation states, different, you know, criminal organizations. And the the one thing, I think it was Wendy who said, maybe it was somebody else, I think it was Wendy, that they're they're tearing down and reforming, right? >> Yes. >> After they're discovered. Okay, they pack up and leave. They're like, you know, Oceans 11. >> Yep. >> Okay. And then they recruit them and bring them back in. So that was really fascinating. Nir Zuk, we'd never had him on theCUBE before. He was tremendous founder and and CTO of Palo Alto Networks, very opinionated. You know, very clear thinker, basically saying, look you're SOC is going to be run by AI >> Yeah. >> within the next five years. And machines are going to do things that humans can't do at scale, is really what he was saying. And then they're going to get better at that, and they're going to do other things that you have done well that they haven't done well, and then they're going to do well. And so, this is an interesting discussion about you know, I remember, you know we had an event with MIT. Eric Brynjolfsson and Andy McAfee, they wrote the book "Second Machine Age." And they made the point, machines have always replaced humans. This is the first time ever that machines are replacing humans in cognitive functions. So what does that mean? That means that humans have to rely on, you know, creativity. There's got to be new training, new thinking. So it's not like you're going to be out of a job, you're just going to be doing a different job. >> Right. I thought Nir Zuk did a great job of explaining that. We often hear people that are concerned with machines taking jobs. He did a great job of, and you did a great recap, of articulating the value that both bring, and the opportunities to the humans that the machines actually deliver as well. >> Yeah so, you know, we didn't, we didn't get deep into the products today. Tomorrow we're going to have a little bit more deep dive on products. We did, we had some partners on, AWS came on, talked about their ecosystem. BJ Jenkins so, you know, BJ Jenkins again I mean super senior executive. And if I were Nikesh, he's doing exactly what I would do. Putting him on a plane and saying, go meet with customers, go make rain, right? And that's what he's doing is, he's an individual who really knows how to interact with the C-suite, has driven value, you know, over the years. So they've got that angle goin', they're driving go to market. They've got the technology piece and they've, they got to build out the ecosystem. That I think is the big opportunity for them. You know, if they're going to double as a company, this ecosystem has to quadruple. >> Yeah, yeah. >> In my opinion. And I, we saw the same thing at CrowdStrike. We said the same thing about Service Now in 2013. And so, what's happened is the GSIs, the global system integrators start to get involved. They start to partner with them and then they get to get that flywheel effect. And then there's a supercloud, I think that, you know I think Nir Zuk said, Hey, we are basically building out that, he didn't use the term supercloud. But, we're building out that cross cloud capability. You don't need another stove pipe for the edge. You know, so they got on-prem, they got AWS, Azure, you said you have to, absolutely have to run on Microsoft. 'Cause I don't believe today, right? Today they run on, I heard somebody say they run on AWS and Google. >> Yeah. >> I haven't heard much about Microsoft. >> Right. >> Both AWS and Google are here. Microsoft, the bigger competitor in security, but Nir Zuk was unequivocal. Yes, of course you have to run, you got to run it on an Alibaba cloud. He didn't say that, but if you want to secure the China cloud, you got to run on Alibaba. >> Absolutely. >> And Oracle he said. Didn't mention IBM, but no reason they can't run on IBM's cloud. But unless IBM doesn't want 'em to. >> Well they're very customer focused and customer first. So it'll be interesting to see if customers take them in that direction. >> Well it's a good point, right? If customers say, Hey we want you running in this cloud, they will. And, but he did call out Oracle, which I thought was interesting. And so, Oracle's all about mission critical data, mission critical apps. So, you know, that's a good sign. You know, I mean there's so much opportunity in cyber, but so much confusion. You know, sneak had a raise today. It was a down round, no surprise there. But you know, these companies are going to start getting tight on cash, and you've seen layoffs, right? And so, I dunno who said it, I think it was Carl at the end said in a downturn, the strongest companies come out stronger. And that's generally, generally been the case. That kind of rich get richer. We see that in the last downturn? Yes and no, to a certain extent. It's still all about execution. I mean I think about EMC coming out of the last downturn. They did come out stronger and then they started to rocket, but then look what happened. They couldn't remain independent. They were just using m and a as a technique to hide the warts. You know so, what Nir Zuk said that was most interesting to me is when we acquire, we acquire with the intent of integrating. ServiceNow has a similar philosophy. I think that's why they've been somewhat successful. And Oracle, for sure, has had a similar philosophy. So, and that idea of shifting labor into vendor R and D has always been a winning formula. >> I think we heard that today. Excited for day two tomorrow. We've got some great conversations. We're going to be able to talk with some customers, the chief product officer is on. So we have more great content coming from our last live show over the year. Dave, it's been great co-hosting day one with you. Look forward to doing it tomorrow. >> Yeah, thanks for doing this. >> All right. >> All right. For Dave Vellante, I'm Lisa Martin. You've been watching theCUBE, the leader in live enterprise and emerging tech coverage. See you tomorrow. (gentle music fades)

(intro music) >> Hi, everybody, we're back. Dave Vellante and Dave Nicholson. We're covering Fal.Con 22. This is CrowdStrike's big user conference. CrowdStrike is a very hot company, as you probably know started on endpoint security, expanding into another, a number of other areas trying to build the next great generational company in cybersecurity. Michael Sherwood is here. He's the chief innovation and technology officer for the city of Las Vegas. >> Got to love that. >> Thanks so much for coming to theCUBE. >> Welcome! >> Yeah, we got to love that. I mean, if it weren't for Las Vegas, I'm not sure where we would have our CUBE events, but so thank you for hosting us. >> Thank you for being here. This is awesome. It's a great day and a lot of people, and it's exciting to see everything that's going on here. >> Yeah, the city is booming. Obviously the convention, the conference business is booming. Tech is a big part of that but there's so many other industries that come to Las Vegas. Talk about your role, really interesting, chief innovation, technology officer, CTO. Tell us about what you do day to day. >> Kind of all over the place. But a lot of it has to do with day to day technology within the organization. So managing all the different technology components. When you start looking at any city, it's a lot of different companies inside of it. Think of fire service as a different company. They all have different missions. And so our technology needs are expansive. So while we have operational IT, we also have our innovation unit. Innovation unit works on next generation technology. So Las Vegas was one of the first cities in the United States to have a autonomous vehicle drive in mix-flow traffic, meaning it was out there with, driving along cars. We're also the first city to have an accident in a autonomous vehicle. That happened on day two. (Vellante laughing) So, there's always a lot of firsts in Las Vegas, but. >> Despite the grid. >> Despite the grid, you know. But even today, so that was in 2017, when we first started working with autonomous vehicles. Up until today, where you have the ability, anybody in Las Vegas, including yourselves right after the show can go ahead and use Lyft, go outside and hail an autonomous taxi to come pick you up and drive you up and down the strip. Those vehicles actually communicate with our infrastructure. So the innovation is, how do cities work with private companies to start building next generation amenities, next generation technologies? And so that happens a lot of times. People don't realize. They come to Las Vegas for entertainment, and now we're known for sports but we do have a lot of technology here that permeates through the entire community. >> So I'm from Boston. We're trying to get the smart traffic lights, we're not quite there yet. But I was at a session, Dave you'll appreciate it, it was John Rose, who was the CTO. He was the CTO of, he's a CTO of Dell Technologies now. And the mayor of Boston, we were talking about the vision for a smart city. But Boston and I mean talk about, a challenge for building a smart city. So when I come out here, it's like amazing to me to see the technology that's there. So as a CTO and innovation officer, you've got a playground where... Now, of course you have legacy infrastructure, you've got technical debt, but you also have, in certain cases, an opportunity and more latitude to get creative. So what are some of the cool things that you're working on that you're really excited about? >> There's a lot of things I'm excited about. It's just great being in this city. But a lot of the things that we're excited about here in the next year to two years, we have an innovation district. So not a lot of cities have this but Downtown around the Fremont Street Experience, there's a corridor there that covers government, covers entertainment, medical. And so this innovation district is where we test out new technologies. So some of the things we're testing out, computer vision. So we're, our smart parks program is how do we provide better security and enjoyment of those amenities without providing physical labor to constantly patrol. And so we're using cameras and vision and different types of AI algorithms to kind of manage the park. And while we're doing that, we're also getting data back on how often is the park used? Are the facilities, are the sprinklers going on during the day? Water's a big deal here. And so those type of projects. Again, autonomy is still huge, vehicle autonomy, still working on driving those next generation changes where you'll actually have a driverless vehicle. Right now, there's a safety driver in a lot of the autonomous vehicles. Even the one I talked about earlier, you have the, while the vehicles driving itself, for safety reasons, there's still a human driver in the seat. But as we go forward in the next year to two, that >> That's soon. >> is getting ready to change. I believe that's soon. You can quote it here, you heard it here first. >> Wow. >> But that would be coming up. You got drones as well. We've already started looking at a few types of drone delivery systems. It may not be too far away. Your pizza or maybe some other item that you want is delivered in the general area. Probably not in the hotel corridor but in the outside areas of the city. I just think there's a lot of, again, we're building amenities for the future. We really want people to understand that Las Vegas is not just a place to come visit, but it's a place to live and have fun and be part of a community. >> So from an academic perspective, what you just described is a highly ambidextrous organization, right? >> Yes. >> Because you're not just worried about keeping the lights on, but you're also looking at innovation. How did your organization get to this place? What you're describing is sort of the gold standard that any organization public or private would seek to implement. How did you get there? >> Baby steps, small steps. It all started back when there was the Smart Cities Challenge. So we were not selected as the finalist. We were in the, I think top 15 at the time but we didn't give up on it. And we continued to move forward. The pandemic helped us do things. When you ask, what do I do? Well, my normal job is running the day to day infrastructure. I also see my role as economic development to help bring companies here and bring new ideas. We have a great community, diverse and ready to do things. But when you take, talk about the innovation and the technology and what we're doing. Like I said, during a pandemic, we came up with the idea of, Hey, we don't want to send our building inspectors or our inspectors in the people's homes, one for the inspector's health and one for the citizen's health. So we used normal tools. We took an iPhone and made it a virtual inspector. So now if you get a new water heater, you can actually do your inspection via like a FaceTime. And you hold your phone up around the water heater. We can view it, we record the video, save it, and boom give you an inspection remotely. And so you build on it. So how do you get, I wouldn't quite say we're the gold. I appreciate, we're moving there, that's the bar. You've laid out the bar for us, but we're moving in that direction. But it's building on one win and not all of our things that we've deployed. We can talk about those as well. Some of the things like trash can sensors, we looked at doing, which would monitor when the trash can was full or empty, just didn't pan out. So a lot of the times I talk about the wins a lot not as much about the things that didn't pan out. >> So what're the big challenges, generally of building out a smart city and then specifically around cyber? >> So there's, community acceptance number one. Las Vegas, I'm very lucky cameras are everywhere. So there's not as much resistance to using video technology. But a lot of times it's just getting the constituents, getting people to understand the value of what we're trying to do. Not everybody is interested in autonomous vehicles or believes they're ready for that. But when you start looking at the increments, more than any other city I know, the community here is so robust and so supportive of bringing on these technologies. Look, what other city do you know that builds new buildings and knocks them down five years later to build something new again? Or, who has a volcano in the middle of their downtown? So different things like that. But when you start looking at all the advancements we're making, you brought up one of the biggest concerns. When people ask me, what keeps you up at night? It's not the autonomous vehicle not performing, its the cyber, it's the cyber issues that go along with becoming more advanced. And as you bring innovation in, you start bleeding the lines of what's government, what's private. And then how do you continue to have the data transmission between these multiple entities? How do you keep the endpoint secure? And that is something that you learn as you go, but it's always out there. And endpoint security and security in general is a huge, huge area. >> And how about the data? You were talking before about you can get actually approval for an inspection. That's data, it's video data. How have you changed the way in which you're using data? What are you doing with that data? How do you leverage it? How do you secure it? >> It's all great questions. One of the things we've undertaken is called an open data initiative. So we have an open data portal. It's opendata.lasvegasnevada.gov, where we publish a lot of the data sets that we collect. If it's air quality, if it's ambulance runs, and we make that data available. A lot of that is, one for the public for transparency, two though, it's, we hope enables the private sector to build apps off of the data that we have. A lot of times, you either you have the data but you don't have the app or you have the app, but no data. So in our way, it's trying to help the community build up new ideas. Our push has been moving to the cloud a lot. So we're pushing a lot more data into the cloud where before I think a lot of governments keep a lot of that internal, but obviously look, the cloud's here to stay and it's not going anywhere. And so now it's more about as we migrate, using our partners, our relationship with CrowdStrike, to start securing not only our endpoints but start looking at the cloud space as well. And then we have this new technology. It's not really new, but edge compute. You've heard a lot of, there's different people talking about it. When you start talking about autonomous vehicles, autonomous delivery, drones. We own a large private wireless network. A lot of data now is computed at the edge and we're only taking the metadata and sending it up to the cloud. So it becomes rather complicated with security being at the forefront. >> Yeah, so that very small portion of the actual amount of data that's created goes back but it's such a massive amount of data. It's not to trivialize it, it's still a lot. And some of it is probably ephemeral. Do you persist at all? Or probably not. >> Not always, I mean. A lot of it, what we're learning is, it's a learning process as you go through this smart city or what we call just basically emerging into, 'cause I believe all cities are smart. Not one city smarter than another necessarily. So I'm not really a fan of the term smart city. It's more in line with me as we're building amenities for the future and building amenities for people. And a lot of that is built upon data and then built upon providing things that citizens want. And we all know, we all live somewhere and we live there because it's safe community, it has good education, good infrastructure whatever it might be. And so we're trying to build out that smart community to be as many things as we can to as many people. >> Yeah, that's fair. And there's automation, there's certainly machine intelligence that's heavily involved. Of course, you talking autonomous. Now I understand your work transcends the city of Las Vegas into the broader state of Nevada helping make Nevada a safer state. What's that all about? >> So we have a great partnership. One of the great things, I come from California, so a rather large state. Here in Nevada, it's a very close knit state. So we have a lot of communications with the state. We get to work with them very closely. One of the initiatives we've been working on is how do we, a lot of organizations spend a lot of time doing cybersecurity for just their organization. So it's focused internal on the employees that might work in that organization. We're kind of now looking outwards and saying, how do we not only do that for our internal government employees but how do we involve the entire community? One of the things is, is Las Vegas over 40,000 conventions per year. You're here a lot. What happens in Vegas stays in Vegas and a lot of people bring malware with them and it stays here. We're trying to educate people. We do a lot in government to help people with police and fire and services. What is local government doing to help the community prepare for the next generation of cyber threats and issues? So our initiative is really working with the community, bringing in CrowdStrike and other partners to help us not only work with small business, but work with those entrepreneurs as well as the midsize businesses. >> So what do you do with Crowd? You got the cool little CrowdStrike, not CrowdStrike, but you got the red splash in your lapel. Very cool cuff links, I noticed that you have there. I love the red. >> Little poker chips there. >> They're Very nice, very nice. >> They're very cool. So what do you do with CrowdStrike? >> So CrowdStrike is one of our major components in our security posture. We use them as endpoint protection. I can tell you a quick story. I know my CISO's listening probably was going to cringe now when I tell this story, but our journey with CrowdStrike has been amazing. We deployed the product and when that first week of deployment, we had a malicious actor and CrowdStrike was able to catch it. I would probably would not be here today with you two gentlemen if it wasn't for CrowdStrike. That's not an endorsement it's just a, that's a fact of how things rolled out. But we depend on CrowdStrike and their capabilities to ensure the safety of our digital assets. >> You wouldn't be here 'cause we, it used to be failure means fire. Is that what you mean? >> That's what I mean. I'm not going to, I don't like to use that word in my terminology, but basically failure is not an option in my job. It's just not there. >> Well, it's funny, we had Kevin Mandy on early, he was like, look I started my company in 2004 with the assumption that breaches will happen, you are going to get breached. >> Yes >> So that's why I say, I think there was a day when, if you got breached, oh, you're fired. Well that, then everybody got breached. So I think that that sentiment changing 'cause CrowdStrike saying that the unstoppable breach is a myth. Well, we're not there yet, but. >> I'd say damage control now. At least we have a little bit more control but, again, look, government is about trust. And so when you have that trust level, from my perspective, I keep a high standard and try to prevent any loss of data or any type of malicious activity from happening. I hope the mayor's listening and she doesn't fire me if anything would happen, but you know. >> You got a fun job. How'd you get into this? >> It was a great opportunity. I worked in law enforcement prior to here. I was a Deputy Police Chief in city of Irvine. I oversaw technology as part of that role. I've always loved Las Vegas, always liked the energy of the city and I had a great opportunity to apply and I applied and was lucky enough to be selected. I have a great team that supports me. >> Deputy Police Chief, it sounds like, what you just described, the technology role. You had an operations role essentially, is that right? >> Correct. And so kind of gave me a lot of insights and really helped me, as you progress in government, having different roles in your portfolio makes you a little bit more adaptive and it's kind of, it helps in, especially now with so much video and cameras prevalent in cities, having that law enforcement role, understanding a little of the legal aspects and understanding some of the, what law enforcement wants kind of makes that bridge from technology to the actual end user. >> A really interesting story, Michael. Thanks so much for sharing on theCUBE, appreciate it. >> Thank you for having me here. >> You're very welcome. All right, keep it right there. Dave Nicholson and Dave Vellante will be back from Las Vegas at the Aria from Fal.Con 22. You're watching theCUBE. (outro music)

(upbeat music) >> Welcome back to Fal.Con 22. We're here at the ARIA hotel in Las Vegas. We're here in Las Vegas, a lot. Dave Nicholson, Dave Alante. Fal.Con 22, wall to wall coverage, you're watching theCUBE. Anthony Kunya is here. He's the chief information security officer at Mercury Financial. And he's joined by his deputy CISO, Alex Arengo. Welcome, gentlemen. >> Good to see you. >> Thank you very much. Good to be here. Thank you for the opportunity to speak. >> Yeah, so this is a great event. This is our first time being at the, a CrowdStrike customer event. We do a lot of security shows, but this is really intimate. We got a high flying company. Tell us first about, of Mercury Financial. What are you guys all about? >> Oh, that's a fantastic question. Let's leeway into that. So Mercury Financial is a credit card company that serves people who are near prime. So be it some kind of hardship in their life. They had something impacted, be a financial impact, maybe a medical impact, an emergency, something, a death family where somehow their credit was impacted. We give 'em the opportunity through our motto, better credit, better life, to build up that credit score to add livelihood to their ability to be financially stable. >> I mean, I think this is huge because you know, so many people it's like, okay, one strike and you're out. >> Right. >> You know, that's just not right. You got- >> No, not at all. >> You got to give people another chance. And so there's so much talent out there. I think about some of the mistakes I made, Dave, when I was a younger man, but- >> No comment. >> Right. So I heard a stat today that I thought was great. Did you guys see the keynote? >> Yes. >> Of course. >> So in the keynote, the, they did the thing at Black Hat but they said what's XDR and I thought- Anthony] Oh goodness. >> My favorite, and I'm not going to ask you what XDR is. >> Okay, good, thank God. >> But my favorite answer was a holistic approach to endpoint security. And, you know, I think as a CISO you have to take a holistic approach to a security- >> Of course. >> Okay. >> Maybe talk about, a little bit about how you do that. >> Wow, a holistic approach I would say and I could, I'll give you an opportunity to speak as well, but a holistic approach it's people processes in technology. So a holistic approach would be, it isn't one box that you check. It's not a technology that is a silver bullet that fixes anything. Those technologies, those services are implemented by people. So good training, our human firewall, the forefront of implementing those technologies to build those processes and incorporate people and a level of sincerity and integrity that we build. So I feel like a holistic approach is both cyber culture to build the cyber resilience program that we so dearly need. >> And I could spend all day talking about security organizations, SecOps, DevSecOps, data SecOps, et cetera, but, but Alex, how, what is your role as the deputy CISO? How do you compliment what Anthony does? >> I got to bring it all together, right? So technically, what are we putting in place? What are the requirements that these stakeholders have? Their needs, their wants. We all have something that we need and want in our environment as an employee, as a customer, as a stakeholder. How do do we get that to market? How can we get it there quickly? You know, and it's really about finding the partners that can get us there, right? That can leverage us, that can force multiply us. >> Yes. >> You know, give my people more time to get the work done, the good work. >> Right, the hard work, of course. >> So paint a picture. You know, we hear a lot about all the different, the bevy of tools, the, how complicated CISOs tell us all the time, that we just don't have enough talent. We're looking for partners to help us compromise, but paint a picture of your environment and how you guys use CrowdStrike. >> Oh, that's a good one. Do you want to take this one? >> Great one, right? I mean, we leverage CrowdStrike at every way we can. We're a Fal.Con complete customer. So they're an extension of our team. They're an extension of our SOC right? >> Yeah. >> We leverage them for many things. We leverage them to understand the risk in our environment. Where we're at in zero trust. How we can really bring a lot of the new processes that the business wants to market, right? How can we get there as fast as possible? Can we make it secure, right? I'm a Mercury card customer also. So I'm, I have a vested interested in that. And I like to drive that, that's, so it comes down to can you align your holistic approach, or your organizational goals and bring that to a really good security product that is world class? >> And I can add a little bit to that as well. So I look at it as a triangle. So we leverage Fal.Con complete as that first level, tier one triage, people who do and understand the product extremely well, we leverage them quite a bit. We also have a VSOC service that we have this like, consider tier two or the middle of the triangle, by Verse, right? >> Yeah. >> Fantastic boutique security company that just has been working with us year over year, innovation, strategic initiatives, always there to play. And then Alex Arengo, and the threat management team, is our top tier, that's tier three, that's the top of the pyramid. By the time it bubbles up to Alex, that's when the real work happens, everyone's triaging, collecting data, putting together pieces. And then Alex and his teammates, and people that he's trained, fantastic, comes and puts it all together and paints a picture so we can then take that information and describe it in layman's terms, simple terms, to the business, to make them understand the level of risk, what we have to do to get to, and through that attack, or that indication of compromise, et cetera, so that we can remediate it, rectify it. >> Right, it's building that security culture foundation, right? It's getting everyone to buy into that. >> Yeah. >> It's a holistic approach and it's really the best way to do it, right? You get bought in from the stakeholders understand what they need to do, and what the goals of the business are. And it really works really well >> We journey together. >> We build a program together. >> Dave, I think that that cultural aspect is critical. Cause I've said many times, bad user behavior trumps good security every time. >> Yeah, absolutely. >> Oh goodness. >> Every time. >> Nicely put, I like that. >> So, I know we're early in the week still, but we did have the keynote. Is there anything that you are hearing, in terms of vision, that peaks your interest specifically, and then also sort of the follow up question is, are you guys kind of like lifeguards who can't ever relax at the beach? >> That's why I have a deputy CISO. Well, nobody can take time off, we have to share this. Of course we do. Most definitely. What would you say would be the next, most innovative thing that were looking for? >> Yeah, what's the next big thing, as far as you're concerned? >> The next biggest thing is definitely building the relationships we have. As we bring in new technologies, we go even more Cloud native. How do we leverage that expertise, that of the partners that we're bringing on board like Zscaler, CrowdStrike, Verse, right? How do we make them a part of the team, and make them perform, bring that world class quality talent across the spectrum, you know, from DevOps to that security analyst, picking up the phone and saying, I'm not really sure what's going on, but there's a culture that's built there where everybody comes to the table to feed, right? We all eat together. >> The ecosystem. >> Yes. >> That is the tooling that we leverage day in and day out. That's how we sleep at night. We have to pick our partners. >> You know, we talked about the ecosystem up front, and you look around, you can see the ecosystem and it's growing. >> Yes. >> And I predict it's going to grow a lot more. >> Yes. >> That's, and it has to, right? I mean, exactly what you're saying is that no one company can do it alone. And we heard, you know, we heard, it is confusing. You hear CrowdStrike's doing Identity, but then they partner with Okta. Right, and they're here out on the floor. So that's what you guys need. Talk a little bit more about the importance of ecosystem and partnerships from your perspective. >> Oh I got a good one for this. So I use the metaphor of having a restaurant. So we run a restaurant really well. We know what we want in the menu. We have a chef, we know how we want to put together, but we need excellent ingredients. You make muffins well. Bring your muffin into the restaurant. That brings and builds that rapport. That I want the menu to be rich and empower people to come in and say, you know, I've never had scallops or octopus before, I hear you guys make it better than anyone else, well, our ingredients are fantastic. Therefore, no matter what we do when we present it, it's perfect, it's palatable. >> Yeah. That's great. You're not making ice cream, but you're serving it. >> I can't, if you ever want to show us. >> We're just converging our bakery, you know? >> Yeah, yeah, yeah, salt, salt is the key. >> We're just working the bakery part out, yeah. >> Okay, I want to ask you about Cloud because you know, in 2010, 2011, when you talk to a financial services firm, Cloud, no, that's an evil word, now everybody's Cloud first. George Kurts talks about how, I mean essentially CrowdStrike is dogmatic. We are Cloud native. We have a Cloud native architecture. I know Gartner has this term CNAP or Cloud native application platform. So what does the Cloud mean to you guys? How does it fit in? What does Cloud native architecture do for you? >> It lets us converge everything we've been talking about. How do we, you know, that's a really big struggle that all security teams are having at, having today. How do I converge threat intelligence? How do I converge the environment that I'm in? How do I converge the threat intel that's coming in, right? All this, you're getting, security teams are constantly on a swivel, right? They're looking left, they're looking right. They're trying to identify what to do first. And you bring in the right partners. >> Yes. >> And you get in, you build the right program. You cement that culture internally. And it really provides dividends. >> You know what I think as well, Dave, is in the past, everyone was more data center based. >> Right. >> The Cloud was like a thing we'd forklift, we'd move over, we were born in the Cloud. So Cloud native Application protection is something that we need and will drive innovation. Will align with our strategic initiatives. We need people to think like the Cloud is what's happening. Super Cloud, some of the things that we spoke about. >> Yeah, so I was at, when we were at reinforced, I had this new mental model emerge, and it sort of hit me in the face. And you tell me, I'd love to talk to practitioners to say, yeah, that makes sense or, no, that's crap. So it seems like the Cloud has become the first line of defense for CISOs. Now you're Cloud first or Cloud native, so, okay. But then now you've got the shared responsibility model. And I don't know if you use multiple Clouds. Do you use multiple Clouds? >> We cannot say. >> Cannot say, okay, let's assume for a second, your, some of your colleagues, CISO colleagues, use multiple Clouds. >> They should, okay, sure. >> Now they've got multiple shared responsibility models. Now you've got also the application development team. They're being asked to be the pivot point to actually execute, they got to secure the platform. They got to secure the containers, their run time. >> Workloads, yes. >> And then you got audit behind you is kind of the last line of defense. So things are shifting. Describe sort of the organizational dynamic that you see, not necessarily specific to Mercury Financial, or that would be cool, but generally in the industry. >> Oh, I would say, I could say this, that having Cloud, multitenancy Cloud or the super Cloud model where we could abstract our services our protection, the different levels of security tooling, being able to abstract and speak a common language where you could run in Azure, GCP or AWS, and still have a common language that you can interpret and leverage between all the tooling would be something I would love to see. >> That's Super Cloud >> A magical, that is that. >> That is a Cloud interpreter essentially. >> I think we use different words, but yes. >> A PAs layer, super PAs layer, sorry to take it too far. >> Yeah, like, I want to be able to abstract it and speak a language that would work in any of the- >> What does that do for you as a technology practitioner? >> Well, imagine if you had to speak three different languages with three different people, get lost in translation. If we could speak a common language across all the different platforms and all the different footprints, it would be easier to define our security posture. Where are we? Are we secure? You might say security groups in AWS, it might be, mean something else, but it's still a level of protection that surrounds the end point, right? Something that would abstract that level would be very fun. Very good for me. >> It's, you know, it's pretty easy to understand your use case for this. When you're talking about here we are, Mercury Financial, you have the most sensitive financial information about people, right? >> Right, absolutely. >> A data breach where all of the information about your customers getting out there on the dark web. Right? Heart attack time. >> Instantly. >> What are some things that people might not think about though, that are going on in your world? What would surprise someone who maybe isn't a security specialist in terms of the things that you're dealing with as far as threats are concerned? >> I'm going to leave that on you. >> Can you think of some examples of things that you could, you know, obviously generic examples. >> Right. >> Yes. >> I'm going to point to the number one and two most common ways that applications and businesses are getting owned right now. And that's misconfigurations on your web app or a vulnerable application or phishing. And those are both very important things, right? A lot of development teams, they want to get things to market as soon as possible. And maybe security's on the back foot. It's about building that culture and to, you know, being Cloud native helps you have a, you can provide different tool sets to your organization that helps you understand that posture and makes you help those business decisions. Are we in a good posture to go forward right now? That's a big question that I think most security organizations need to ask themselves and the need to hold other stakeholders accountable. >> So phishing and the concept of social engineering, still alive and well? >> Oh, goodness. >> Always. >> Everything starts with people. The human firewall has to be front of mind. Security can't be an afterthought or a bolt on, that's something that you think about, well, I guess if I have to meet our compliance, it doesn't work with us. >> Comes back to the culture that you're actually talking about before. >> 100%, yeah, cyber resiliency starts with cyber culture. >> Kevin Mandy has said it today. I, never underestimate the adversary. The adversary- >> Of course. >> Is highly capable, motivated, big ROI and it just keeps getting bigger. The more technology gets embedded into our lives. The more lucrative hacking becomes. >> And more attack vectors. We have more areas that we could be potentially penetrated. >> They have a lot of time. Those threat actors have a lot of time. >> They do have a lot of time, yeah. >> Right. >> Right and to your point, you're constantly on the swivel. Right, you don't have time. >> Right. >> No, we don't. >> So do your responsibilities touch on things like fraud detection as well? >> Yeah, oh, that- >> Is that a silly question? I'm thinking- >> Yeah, no, it really is, so- >> No, not at all. >> Or there isn't segregation between what we would think of as IT and the credit card transaction that fires up a red flag. >> Those are integrated. >> It's definitely important. And in any business, right? Is to, like I mentioned, I use this word a lot converge, right? It's converging that intel, that fraud intelligence and making it into a process where we're reducing the risk and the losses that the business is incurring. >> Yes. >> It's so important, right? That we build that culture within the fraud teams, the operational teams, the, you know really anybody who has a really large stake in whatever the business product is. And, you know, being Cloud native, bringing in the right partners, building that security culture. I mean, that's the biggest one. >> Yeah, we've flown. >> It's last and definitely not least, it is, the culture's where you need to be. >> Absolutely. >> You know, you guys, I'm sure, you know, work with a lot of different vendors, a lot of tools, or sometimes the tools are point tools, they're best to breed. CrowdStrike says it wants to be a generational company. >> Oh, yeah. >> It says this notion of an unstoppable breach is a myth. You guys can't live that way. You have to assume you're going to breach but can CrowdStrike be a generational company? >> I think they've proven themselves. They've been around over a decade now. it's 11 years. They just had their birthday yesterday, right? >> Yeah. >> Or anniversary, the company started? >> Yeah. 11 years, yeah. >> I absolutely, and I also agree to add it a little bit part, from the fraud part. I think CrowdStrike would be an integral piece of the overall solution that we have. It hits so many different aspects and looks at so many different potential attack vectors. I keep using that word, but I think integrating fraud in other parts and other functions of the business will start to see that they can leverage CrowdStrike. That there's tooling within CrowdStrike innovatively, like ahead of the game. And I always like that about CrowdStrike, being way ahead of the game and thinking in front of our adversaries. I think other departments will be like, what tools do you have, how can we use them? This is fantastic, this makes us feel better. We don't have to worry about that. We can focus in on what we're good at and build that best of breed solution. So fraud can focus on fraud and you can leverage the tooling and the infrastructure that we provide them together holistically to build a security program that's beyond reproach. >> Guys, we got to go, great perspectives. Always love having the practitioners on. >> Yeah, thank you. >> I really appreciate your time, thank you. >> Yeah, absolutely, always a pleasure. Thank you so much for your time. >> Anthony, Alex, Dave and Dave will be right back, right after this short break. You're watching theCUBE from Fal.Con 2022 from the ARIA in Las Vegas. >> Cheers my friend. >> Yeah, of course. (cheerful music)