(bright upbeat music) >> Hello and welcome to theCUBE's coverage of International Women's Day. I'm your host, John Furrier here in Palo Alto, California Studio and remoting is a great guest CUBE alumni, co-founder, technical co-founder and she's also the VP of Product at Platform9 Systems. It's a company pioneering Kubernetes infrastructure, been doing it for a long, long time. Madhura Maskasky, thanks for coming on theCUBE. Appreciate you. Thanks for coming on. >> Thank you for having me. Always exciting. >> So I always... I love interviewing you for many reasons. One, you're super smart, but also you're a co-founder, a technical co-founder, so entrepreneur, VP of product. It's hard to do startups. (John laughs) Okay, so everyone who started a company knows how hard it is. It really is and the rewarding too when you're successful. So I want to get your thoughts on what's it like being an entrepreneur, women in tech, some things you've done along the way. Let's get started. How did you get into your career in tech and what made you want to start a company? >> Yeah, so , you know, I got into tech long, long before I decided to start a company. And back when I got in tech it was very clear to me as a direction for my career that I'm never going to start a business. I was very explicit about that because my father was an entrepreneur and I'd seen how rough the journey can be. And then my brother was also and is an entrepreneur. And I think with both of them I'd seen the ups and downs and I had decided to myself and shared with my family that I really want a very well-structured sort of job at a large company type of path for my career. I think the tech path, tech was interesting to me, not because I was interested in programming, et cetera at that time, to be honest. When I picked computer science as a major for myself, it was because most of what you would consider, I guess most of the cool students were picking that as a major, let's just say that. And it sounded very interesting and cool. A lot of people were doing it and that was sort of the top, top choice for people and I decided to follow along. But I did discover after I picked computer science as my major, I remember when I started learning C++ the first time when I got exposure to it, it was just like a light bulb clicking in my head. I just absolutely loved the language, the lower level nature, the power of it, and what you can do with it, the algorithms. So I think it ended up being a really good fit for me. >> Yeah, so it clicked for you. You tried it, it was all the cool kids were doing it. I mean, I can relate, I did the same thing. Next big thing is computer science, you got to be in there, got to be smart. And then you get hooked on it. >> Yeah, exactly. >> What was the next level? Did you find any blockers in your way? Obviously male dominated, it must have been a lot of... How many females were in your class? What was the ratio at that time? >> Yeah, so the ratio was was pretty, pretty, I would say bleak when it comes to women to men. I think computer science at that time was still probably better compared to some of the other majors like mechanical engineering where I remember I had one friend, she was the single girl in an entire class of about at least 120, 130 students or so. So ratio was better for us. I think there were maybe 20, 25 girls in our class. It was a large class and maybe the number of men were maybe three X or four X number of women. So relatively better. Yeah. >> How about the job when you got into the structured big company? How did that go? >> Yeah, so, you know, I think that was a pretty smooth path I would say after, you know, you graduated from undergrad to grad school and then when I got into Oracle first and VMware, I think both companies had the ratios were still, you know, pretty off. And I think they still are to a very large extent in this industry, but I think this industry in my experience does a fantastic job of, you know, bringing everybody and kind of embracing them and treating them at the same level. That was definitely my experience. And so that makes it very easy for self-confidence, for setting up a path for yourself to thrive. So that was it. >> Okay, so you got an undergraduate degree, okay, in computer science and a master's from Stanford in databases and distributed systems. >> That's right. >> So two degrees. Was that part of your pathway or you just decided, "I want to go right into school?" Did it go right after each other? How did that work out? >> Yeah, so when I went into school, undergrad there was no special major and I didn't quite know if I liked a particular subject or set of subjects or not. Even through grad school, first year it wasn't clear to me, but I think in second year I did start realizing that in general I was a fan of backend systems. I was never a front-end person. The backend distributed systems really were of interest to me because there's a lot of complex problems to solve, and especially databases and large scale distributed systems design in the context of database systems, you know, really started becoming a topic of interest for me. And I think luckily enough at Stanford there were just fantastic professors like Mendel Rosenblum who offered operating system class there, then started VMware and later on I was able to join the company and I took his class while at school and it was one of the most fantastic classes I've ever taken. So they really had and probably I think still do a fantastic curriculum when it comes to distributor systems. And I think that probably helped stoke that interest. >> How do you talk to the younger girls out there in elementary school and through? What's the advice as they start to get into computer science, which is changing and still evolving? There's backend, there's front-end, there's AI, there's data science, there's no code, low code, there's cloud. What's your advice when they say what's the playbook? >> Yeah, so I think two things I always say, and I share this with anybody who's looking to get into computer science or engineering for that matter, right? I think one is that it's, you know, it's important to not worry about what that end specialization's going to be, whether it's AI or databases or backend or front-end. It does naturally evolve and you lend yourself to a path where you will understand, you know, which systems, which aspect you like better. But it's very critical to start with getting the fundamentals well, right? Meaning all of the key coursework around algorithm, systems design, architecture, networking, operating system. I think it is just so crucial to understand those well, even though at times you make question is this ever going to be relevant and useful to me later on in my career? It really does end up helping in ways beyond, you know, you can describe. It makes you a much better engineer. So I think that is the most important aspect of, you know, I would think any engineering stream, but definitely true for computer science. Because there's also been a trend more recently, I think, which I'm not a big fan of, of sort of limited scoped learning, which is you decide early on that you're going to be, let's say a front-end engineer, which is fine, you know. Understanding that is great, but if you... I don't think is ideal to let that limit the scope of your learning when you are an undergrad phrase or grad school. Because later on it comes back to sort of bite you in terms of you not being able to completely understand how the systems work. >> It's a systems kind of thinking. You got to have that mindset of, especially now with cloud, you got distributed systems paradigm going to the edge. You got 5G, Mobile World Congress recently happened, you got now all kinds of IOT devices out there, IP of devices at the edge. Distributed computing is only getting more distributed. >> That's right. Yeah, that's exactly right. But the other thing is also happens... That happens in computer science is that the abstraction layers keep raising things up and up and up. Where even if you're operating at a language like Java, which you know, during some of my times of programming there was a period when it was popular, it already abstracts you so far away from the underlying system. So it can become very easier if you're doing, you know, Java script or UI programming that you really have no understanding of what's happening behind the scenes. And I think that can be pretty difficult. >> Yeah. It's easy to lean in and rely too heavily on the abstractions. I want to get your thoughts on blockers. In your career, have you had situations where it's like, "Oh, you're a woman, okay seat at the table, sit on the side." Or maybe people misunderstood your role. How did you deal with that? Did you have any of that? >> Yeah. So, you know, I think... So there's something really kind of personal to me, which I like to share a few times, which I think I believe in pretty strongly. And which is for me, sort of my personal growth began at a very early phase because my dad and he passed away in 2012, but throughout the time when I was growing up, I was his special little girl. And every little thing that I did could be a simple test. You know, not very meaningful but the genuine pride and pleasure that he felt out of me getting great scores in those tests sort of et cetera, and that I could see that in him, and then I wanted to please him. And through him, I think I build that confidence in myself that I am good at things and I can do good. And I think that just set the building blocks for me for the rest of my life, right? So, I believe very strongly that, you know, yes, there are occasions of unfair treatment and et cetera, but for the most part, it comes from within. And if you are able to be a confident person who is kind of leveled and understands and believes in your capabilities, then for the most part, the right things happen around you. So, I believe very strongly in that kind of grounding and in finding a source to get that for yourself. And I think that many women suffer from the biggest challenge, which is not having enough self-confidence. And I've even, you know, with everything that I said, I've myself felt that, experienced that a few times. And then there's a methodical way to get around it. There's processes to, you know, explain to yourself that that's actually not true. That's a fake feeling. So, you know, I think that is the most important aspect for women. >> I love that. Get the confidence. Find the source for the confidence. We've also been hearing about curiosity and building, you mentioned engineering earlier, love that term. Engineering something, like building something. Curiosity, engineering, confidence. This brings me to my next question for you. What do you think the key skills and qualities are needed to succeed in a technical role? And how do you develop to maintain those skills over time? >> Yeah, so I think that it is so critical that you love that technology that you are part of. It is just so important. I mean, I remember as an example, at one point with one of my buddies before we started Platform9, one of my buddies, he's also a fantastic computer scientists from VMware and he loves video games. And so he said, "Hey, why don't we try to, you know, hack up a video game and see if we can take it somewhere?" And so, it sounded cool to me. And then so we started doing things, but you know, something I realized very quickly is that I as a person, I absolutely hate video games. I've never liked them. I don't think that's ever going to change. And so I was miserable. You know, I was trying to understand what's going on, how to build these systems, but I was not enjoying it. So, I'm glad that I decided to not pursue that. So it is just so important that you enjoy whatever aspect of technology that you decide to associate yourself with. I think that takes away 80, 90% of the work. And then I think it's important to inculcate a level of discipline that you are not going to get sort of... You're not going to get jaded or, you know, continue with happy path when doing the same things over and over again, but you're not necessarily challenging yourself, or pushing yourself, or putting yourself in uncomfortable situation. I think a combination of those typically I think works pretty well in any technical career. >> That's a great advice there. I think trying things when you're younger, or even just for play to understand whether you abandon that path is just as important as finding a good path because at least you know that skews the value in favor of the choices. Kind of like math probability. So, great call out there. So I have to ask you the next question, which is, how do you keep up to date given all the changes? You're in the middle of a world where you've seen personal change in the past 10 years from OpenStack to now. Remember those days when I first interviewed you at OpenStack, I think it was 2012 or something like that. Maybe 10 years ago. So much changed. How do you keep up with technologies in your field and resources that you rely on for personal development? >> Yeah, so I think when it comes to, you know, the field and what we are doing for example, I think one of the most important aspect and you know I am product manager and this is something I insist that all the other product managers in our team also do, is that you have to spend 50% of your time talking to prospects, customers, leads, and through those conversations they do a huge favor to you in that they make you aware of the other things that they're keeping an eye on as long as you're doing the right job of asking the right questions and not just, you know, listening in. So I think that to me ends up being one of the biggest sources where you get tidbits of information, new things, et cetera, and then you pursue. To me, that has worked to be a very effective source. And then the second is, you know, reading and keeping up with all of the publications. You guys, you know, create a lot of great material, you interview a lot of people, making sure you are watching those for us you know, and see there's a ton of activities, new projects keeps coming along every few months. So keeping up with that, listening to podcasts around those topics, all of that helps. But I think the first one I think goes in a big way in terms of being aware of what matters to your customers. >> Awesome. Let me ask you a question. What's the most rewarding aspect of your job right now? >> So, I think there are many. So I think I love... I've come to realize that I love, you know, the high that you get out of being an entrepreneur independent of, you know, there's... In terms of success and failure, there's always ups and downs as an entrepreneur, right? But there is this... There's something really alluring about being able to, you know, define, you know, path of your products and in a way that can potentially impact, you know, a number of companies that'll consume your products, employees that work with you. So that is, I think to me, always been the most satisfying path, is what kept me going. I think that is probably first and foremost. And then the projects. You know, there's always new exciting things that we are working on. Even just today, there are certain projects we are working on that I'm super excited about. So I think it's those two things. >> So now we didn't get into how you started. You said you didn't want to do a startup and you got the big company. Your dad, your brother were entrepreneurs. How did you get into it? >> Yeah, so, you know, it was kind of surprising to me as well, but I think I reached a point of VMware after spending about eight years or so where I definitely packed hold and I could have pushed myself by switching to a completely different company or a different organization within VMware. And I was trying all of those paths, interviewed at different companies, et cetera, but nothing felt different enough. And then I think I was very, very fortunate in that my co-founders, Sirish Raghuram, Roopak Parikh, you know, Bich, you've met them, they were kind of all at the same journey in their careers independently at the same time. And so we would all eat lunch together at VMware 'cause we were on the same team and then we just started brainstorming on different ideas during lunchtime. And that's kind of how... And we did that almost for a year. So by the time that the year long period went by, at the end it felt like the most logical, natural next step to leave our job and to, you know, to start off something together. But I think I wouldn't have done that had it not been for my co-founders. >> So you had comfort with the team as you knew each other at VMware, but you were kind of a little early, (laughing) you had a vision. It's kind of playing out now. How do you feel right now as the wave is hitting? Distributed computing, microservices, Kubernetes, I mean, stuff you guys did and were doing. I mean, it didn't play out exactly, but directionally you were right on the line there. How do you feel? >> Yeah. You know, I think that's kind of the challenge and the fun part with the startup journey, right? Which is you can never predict how things are going to go. When we kicked off we thought that OpenStack is going to really take over infrastructure management space and things kind of went differently, but things are going that way now with Kubernetes and distributed infrastructure. And so I think it's been interesting and in every path that you take that does end up not being successful teaches you so much more, right? So I think it's been a very interesting journey. >> Yeah, and I think the cloud, certainly AWS hit that growth right at 2013 through '17, kind of sucked all the oxygen out. But now as it reverts back to this abstraction layer essentially makes things look like private clouds, but they're just essentially DevOps. It's cloud operations, kind of the same thing. >> Yeah, absolutely. And then with the edge things are becoming way more distributed where having a single large cloud provider is becoming even less relevant in that space and having kind of the central SaaS based management model, which is what we pioneered, like you said, we were ahead of the game at that time, is becoming sort of the most obvious choice now. >> Now you look back at your role at Stanford, distributed systems, again, they have world class program there, neural networks, you name it. It's really, really awesome. As well as Cal Berkeley, there was in debates with each other, who's better? But that's a separate interview. Now you got the edge, what are some of the distributed computing challenges right now with now the distributed edge coming online, industrial 5G, data? What do you see as some of the key areas to solve from a problem statement standpoint with edge and as cloud goes on-premises to essentially data center at the edge, apps coming over the top AI enabled. What's your take on that? >> Yeah, so I think... And there's different flavors of edge and the one that we focus on is, you know, what we call thick edge, which is you have this problem of managing thousands of as we call it micro data centers, rather than managing maybe few tens or hundreds of large data centers where the problem just completely shifts on its head, right? And I think it is still an unsolved problem today where whether you are a retailer or a telecommunications vendor, et cetera, managing your footprints of tens of thousands of stores as a retailer is solved in a very archaic way today because the tool set, the traditional management tooling that's designed to manage, let's say your data centers is not quite, you know, it gets retrofitted to manage these environments and it's kind of (indistinct), you know, round hole kind of situation. So I think the top most challenges are being able to manage this large footprint of micro data centers in the most effective way, right? Where you have latency solved, you have the issue of a small footprint of resources at thousands of locations, and how do you fit in your containerized or virtualized or other workloads in the most effective way? To have that solved, you know, you need to have the security aspects around these environments. So there's a number of challenges that kind of go hand-in-hand, like what is the most effective storage which, you know, can still be deployed in that compact environment? And then cost becomes a related point. >> Costs are huge 'cause if you move data, you're going to have cost. If you move compute, it's not as much. If you have an operating system concept, is the data and state or stateless? These are huge problems. This is an operating system, don't you think? >> Yeah, yeah, absolutely. It's a distributed operating system where it's multiple layers, you know, of ways of solving that problem just in the context of data like you said having an intermediate caching layer so that you know, you still do just in time processing at those edge locations and then send some data back and that's where you can incorporate some AI or other technologies, et cetera. So, you know, just data itself is a multi-layer problem there. >> Well, it's great to have you on this program. Advice final question for you, for the folks watching technical degrees, most people are finding out in elementary school, in middle school, a lot more robotics programs, a lot more tech exposure, you know, not just in Silicon Valley, but all around, you're starting to see that. What's your advice for young girls and people who are getting either coming into the workforce re-skilled as they get enter, it's easy to enter now as they stay in and how do they stay in? What's your advice? >> Yeah, so, you know, I think it's the same goal. I have two little daughters and it's the same principle I try to follow with them, which is I want to give them as much exposure as possible without me having any predefined ideas about what you know, they should pursue. But it's I think that exposure that you need to find for yourself one way or the other, because you really never know. Like, you know, my husband landed into computer science through a very, very meandering path, and then he discovered later in his career that it's the absolute calling for him. It's something he's very good at, right? But so... You know, it's... You know, the reason why he thinks he didn't pick that path early is because he didn't quite have that exposure. So it's that exposure to various things, even things you think that you may not be interested in is the most important aspect. And then things just naturally lend themselves. >> Find your calling, superpower, strengths. Know what you don't want to do. (John chuckles) >> Yeah, exactly. >> Great advice. Thank you so much for coming on and contributing to our program for International Women's Day. Great to see you in this context. We'll see you on theCUBE. We'll talk more about Platform9 when we go KubeCon or some other time. But thank you for sharing your personal perspective and experiences for our audience. Thank you. >> Fantastic. Thanks for having me, John. Always great. >> This is theCUBE's coverage of International Women's Day, I'm John Furrier. We're talking to the leaders in the industry, from developers to the boardroom and everything in between and getting the stories out there making an impact. Thanks for watching. (bright upbeat music)

>> Announcer: theCUBE's live coverage is made possible by funding from Dell Technologies creating technologies that drive human progress. (upbeat music) >> Hey everyone, welcome back to theCube's first day of coverage of MWC 23 from Barcelona, Spain. Lisa Martin here with Dave Vellante and Dave Nicholson. I'm literally in between two Daves. We've had a great first day of coverage of the event. There's been lots of conversations, Dave, on disaggregation, on the change of mobility. I want to be able to get your perspectives from both of you on what you saw on the show floor, what you saw and heard from our guests today. So we'll start with you, Dave V. What were some of the things that were our takeaways from day one for you? >> Well, the big takeaway is the event itself. On day one, you get a feel for what this show is like. Now that we're back, face-to-face kind of pretty much full face-to-face. A lot of excitement here. 2000 plus exhibitors, I mean, planes, trains, automobiles, VR, AI, servers, software, I mean everything. I mean, everybody is here. So it's a really comprehensive show. It's not just about mobile. That's why they changed the name from Mobile World Congress. I think the other thing is from the keynotes this morning, I mean, you heard, there's a lot of, you know, action around the telcos and the transformation, but in a lot of ways they're sort of protecting their existing past from the future. And so they have to be careful about how fast they move. But at the same time if they don't move fast, they're going to get disrupted. We heard some complaints, essentially, you know, veiled complaints that the over the top guys aren't paying their fair share and Telco should be able to charge them more. We heard the chairman of Ericsson talk about how we can't let the OTTs do that again. We're going to charge directly for access through APIs to our network, to our data. We heard from Chris Lewis. Yeah. They've only got, or maybe it was San Ji Choha, how they've only got eight APIs. So, you know the developers are the ones who are going to actually build out the innovation at the edge. The telcos are going to provide the connectivity and the infrastructure companies like Dell as well. But it's really to me all about the developers. And that's where the action's going to be. And it's going to be interesting to see how the developers respond to, you know, the gun to the head. If you want access, you're going to have to pay for it. Now maybe there's so much money to be made that they'll go for it, but I feel like there's maybe a different model. And I think some of the emerging telcos are going to say, you know what, here developers, here's a platform, have at it. We're not going to charge you for all the data until you succeed. Then we're going to figure out a monetization model. >> Right. A lot of opportunity for the developer. That skillset is certainly one that's in demand here. And certainly the transformation of the telecom industry is, there's a lot of conundrums that I was hearing going on today, kind of chicken and egg scenarios. But Dave, you had a chance to walk around the show floor. We were here interviewing all day. What were some of the things that you saw that really stuck out to you? >> I think I was struck by how much attention was being paid to private 5G networks. You sort of read between the lines and it appears as though people kind of accept that the big incumbent telecom players are going to be slower to move. And this idea of things like open RAN where you're leveraging open protocols in a stack to deliver more agility and more value. So it sort of goes back to the generalized IT discussion of moving to cloud for agility. It appears as though a lot of players realize that the wild wild west, the real opportunity, is in the private sphere. So it's really interesting to see how that works, how 5G implemented into an environment with wifi how that actually works. It's really interesting. >> So it's, obviously when you talk to companies like Dell, I haven't hit HPE yet. I'm going to go over there and check out their booth. They got an analyst thing going on but it's really early days for them. I mean, they started in this business by taking an X86 box, putting a name on it, you know, that sounded like it was edged, throwing it over, you know, the wall. That's sort of how they all started in this business. And now they're, you know, but they knew they had to form partnerships. They had to build purpose-built systems. Now with 16 G out, you're seeing that. And so it's still really early days, talking about O RAN, open RAN, the open RAN alliance. You know, it's just, I mean, not even, the game hasn't even barely started yet but we heard from Dish today. They're trying to roll out a massive 5G network. Rakuten is really focused on sort of open RAN that's more reliable, you know, or as reliable as the existing networks but not as nearly as huge a scale as Dish. So it's going to take a decade for this to evolve. >> Which is surprising to the average consumer to hear that. Because as far as we know 5G has been around for a long time. We've been talking about 5G, implementing 5G, you sort of assume it's ubiquitous but the reality is it is just the beginning. >> Yeah. And you know, it's got a fake 5G too, right? I mean you see it on your phone and you're like, what's the difference here? And it's, you know, just, >> Dave N.: What does it really mean? >> Right. And so I think your point about private is interesting, the conversation Dave that we had earlier, I had throughout, hey I don't think it's a replacement for wifi. And you said, "well, why not?" I guess it comes down to economics. I mean if you can get the private network priced close enough then you're right. Why wouldn't it replace wifi? Now you got wifi six coming in. So that's a, you know, and WiFi's flexible, it's cheap, it's good for homes, good for offices, but these private networks are going to be like kickass, right? They're going to be designed to run whatever, warehouses and robots, and energy drilling facilities. And so, you know the economics I don't think are there today but maybe they can be at volume. >> Maybe at some point you sort of think of today's science experiment becoming the enterprise-grade solution in the future. I had a chance to have some conversations with folks around the show. And I think, and what I was surprised by was I was reminded, frankly, I wasn't surprised. I was reminded that when we start talking about 5G, we're talking about spectrum that is managed by government entities. Of course all broadcast, all spectrum, is managed in one way or another. But in particular, you can't simply put a SIM in every device now because there are a lot of regulatory hurdles that have to take place. So typically what these things look like today is 5G backhaul to the network, communication from that box to wifi. That's a huge improvement already. So yeah, my question about whether, you know, why not put a SIM in everything? Maybe eventually, but I think, but there are other things that I was not aware of that are standing in the way. >> Your point about spectrum's an interesting one though because private networks, you're going to be able to leverage that spectrum in different ways, and tune it essentially, use different parts of the spectrum, make it programmable so that you can apply it to that specific use case, right? So it's going to be a lot more flexible, you know, because I presume the needs spectrum needs of a hospital are going to be different than, you know, an agribusiness are going to be different than a drilling, you know, unit, offshore drilling unit. And so the ability to have the flexibility to use the spectrum in different ways and apply it to that use case, I think is going to be powerful. But I suspect it's going to be expensive initially. I think the other thing we talked about is public policy and regulation, and it's San Ji Choha brought up the point, is telcos have been highly regulated. They don't just do something and ask for permission, you know, they have to work within the confines of that regulated environment. And there's a lot of these greenfield companies and private networks that don't necessarily have to follow those rules. So that's a potential disruptive force. So at the same time, the telcos are spending what'd we hear, a billion, a trillion and a half over the next seven years? Building out 5G networks. So they got to figure out, you know how to get a payback on that. They'll get it I think on connectivity, 'cause they have a monopoly but they want more. They're greedy. They see the over, they see the Netflixes of the world and the Googles and the Amazons mopping up services and they want a piece of that action but they've never really been good at it. >> Well, I've got a question for both of you. I mean, what do you think the odds are that by the time the Shangri La of fully deployed 5G happens that we have so much data going through it that effectively it feels exactly the same as 3G? What are the odds? >> That's a good point. Well, the thing that gets me about 5G is there's so much of it on, if I go to the consumer side when we're all consumers in our daily lives so much of it's marketing hype. And, you know all the messaging about that, when it's really early innings yet they're talking about 6G. What does actual fully deployed 5G look like? What is that going to enable a hospital to achieve or an oil refinery out in the middle of the ocean? That's something that interests me is what's next for that? Are we going to hear that at this event? >> I mean, walking around, you see a fair amount of discussion of, you know, the internet of things. Edge devices, the increase in connectivity. And again, what I was surprised by was that there's very little talk about a sim card in every one of those devices at this point. It's like, no, no, no, we got wifi to handle all that but aggregating it back into a central network that's leveraging 5G. That's really interesting. That's really interesting. >> I think you, the odds of your, to go back to your question, I think the odds are even money, that by the time it's all built out there's going to be so much data and so much new capability it's going to work similarly at similar speeds as we see in the networks today. You're just going to be able to do so many more things. You know, and your video's going to look better, the graphics are going to look better. But I think over the course of history, this is what's happening. I mean, even when you go back to dial up, if you were in an AOL chat room in 1996, it was, you know, yeah it took a while. You're like, (screeches) (Lisa laughs) the modem and everything else, but once you were in there- >> Once you're there, 2400 baud. >> It was basically real time. And so you could talk to your friends and, you know, little chat room but that's all you could do. You know, if you wanted to watch a video, forget it, right? And then, you know, early days of streaming video, stop, start, stop, start, you know, look at Amazon Prime when it first started, Prime Video was not that great. It's sort of catching up to Netflix. But, so I think your point, that question is really prescient because more data, more capability, more apps means same speed. >> Well, you know, you've used the phrase over the top. And so just just so we're clear so we're talking about the same thing. Typically we're talking about, you've got, you have network providers. Outside of that, you know, Netflix, internet connection, I don't need Comcast, right? Perfect example. Well, what about the over the top that's coming from direct satellite communications with devices. There are times when I don't have a signal on my, happens to be an Apple iPhone, when I get a little SOS satellite logo because I can communicate under very limited circumstances now directly to the satellite for very limited text messaging purposes. Here at the show, I think it might be a Motorola device. It's a dongle that allows any mobile device to leverage direct satellite communication. Again, for texting back to the 2,400 baud modem, you know, days, 1200 even, 300 even, go back far enough. What's that going to look like? Is that too far in the future to think that eventually it's all going to be over the top? It's all going to be handset to satellite and we don't need these RANs anymore. It's all going to be satellite networks. >> Dave V.: I think you're going to see- >> Little too science fiction-y? (laughs) >> No, I, no, I think it's a good question and I think you're going to see fragments. I think you're going to see fragmentation of private networks. I think you're going to see fragmentation of satellites. I think you're going to see legacy incumbents kind of hanging on, you know, the cable companies. I think that's coming. I think by 2030 it'll, the picture will be much more clear. The question is, and I think it's come down to the innovation on top, which platform is going to be the most developer friendly? Right, and you know, I've not heard anything from the big carriers that they're going to be developer friendly. I've heard "we have proprietary data that we're going to charge access for and developers are going to have to pay for that." But I haven't heard them saying "Developers, developers, developers!" You know, Steve Bomber running around, like bend over backwards for developers, they're asking the developers to bend over. And so if a network can, let's say the satellite network is more developer friendly, you know, you're going to see more innovation there potentially. You know, or if a dish network says, "You know what? We're going after developers, we're going after innovation. We're not going to gouge them for all this network data. Rather we're going to make the platform open or maybe we're going to do an app store-like model where we take a piece of the action after they succeed." You know, take it out of the backend, like a Silicon Valley VC as opposed to an East Coast VC. They're not going to get you in the front end. (Lisa laughs) >> Well, you can see the sort of disruptive forces at play between open RAN and the legacy, call it proprietary stack, right? But what is the, you know, if that's sort of a horizontal disruptive model, what's the vertically disruptive model? Is it private networks coming in? Is it a private 5G network that comes in that says, "We're starting from the ground up, everything is containerized. We're going to go find people at KubeCon who are, who understand how to orchestrate with Kubernetes and use containers in microservices, and we're going to have this little 5G network that's going to deliver capabilities that you can't get from the big boys." Is there a way to monetize that? Is there a way for them to be disrupted, be disruptive, or are these private 5G networks that everybody's talking about just relegated to industrial use cases where you're just squeezing better economics out of wireless communication amongst all your devices in your factory? >> That's an interesting question. I mean, there are a lot of those smart factory industrial use cases. I mean, it's basically industry 4.0 use cases. But yeah, I don't count the cloud guys out. You know, everybody says, "oh, the narrative is, well, the latency of the cloud." Well, not if the cloud is at the edge. If you take a local zone and put storage, compute, and data right next to each other and the cloud model with the cloud APIs, and then you got an asynchronous, you know, connection back. I think that's a reasonable model. I think the cloud guys figured out developers, right? Pretty well. Certainly Microsoft and, and Amazon and Google, they know developers. I don't see any reason why they can't bring their model to the edge. So, and that's really disruptive to the legacy telco guys, you know? So they have to be careful. >> One step closer to my dream of eliminating the word "cloud" from IT lexicon. (Lisa laughs) I contend that it has always been IT, and it will always be IT. And this whole idea of cloud, what is cloud? If AWS, for example, is delivering hardware to the edge where it needs to be, is that cloud? Do we go back to the idea that cloud is an operational model and not a question of physical location? I hope we get to that point. >> Well, what's Apex and GreenLake? Apex is, you know, Dell's as a service. GreenLake is- >> HPE. >> HPE's as a service. That's outposts. >> Dave N.: Right. >> Yeah. >> That's their outpost. >> Yeah. >> Well AWS's position used to be, you know, to use them as a proxy for hyperscale cloud. We'll just, we'll grow in a very straight trajectory forever on the back of net new stuff. Forget about the old stuff. As James T. Kirk said of the Klingons, "let them die." (Lisa laughs) As far as the cloud providers were concerned just, yeah, let, let that old stuff go away. Well then they found out, there came a point in time where they realized there's a lot of friction and stickiness associated with that. So they had to deal with the reality of hybridity, if that's the word, the hybrid nature of things. So what are they doing? They're pushing stuff out to the edge, so... >> With the same operating model. >> With the same operating model. >> Similar. I mean, it's limited, right? >> So you see- >> You can't run a lot of database on outpost, you can run RES- >> You see this clash of Titans where some may have written off traditional IT infrastructure vendors, might have been written off as part of the past. Whereas hyperscale cloud providers represent the future. It seems here at this show they're coming head to head and competing evenly. >> And this is where I think a company like Dell or HPE or Cisco has some advantages in that they're not going to compete with the telcos, but the hyperscalers will. >> Lisa: Right. >> Right. You know, and they're already, Google's, how much undersea cable does Google own? A lot. Probably more than anybody. >> Well, we heard from Google and Microsoft this morning in the keynote. It'd be interesting to see if we hear from AWS and then over the next couple of days. But guys, clearly there is, this is a great wrap of day one. And the crazy thing is this is only day one. We've got three more days of coverage, more news, more information to break down and unpack on theCUBE. Look forward to doing that with you guys over the next three days. Thank you for sharing what you saw on the show floor, what you heard from our guests today as we had about 10 interviews. Appreciate your insights and your perspectives and can't wait for tomorrow. >> Right on. >> All right. For Dave Vellante and Dave Nicholson, I'm Lisa Martin. You're watching theCUBE's day one wrap from MWC 23. We'll see you tomorrow. (relaxing music)

(upbeat music) >> Hi everyone. Welcome back to this Cube conversation here in Palo Alto, California. I'm John Furrier, host of "theCUBE." Got a great conversation around Cloud Native, Cloud Native Journey, how enterprises are looking at Cloud Native and putting it all together. And it comes down to operations, developer productivity, and security. It's the hottest topic in technology. We got Chris Jones here in the studio, director of Product Management for Platform9. Chris, thanks for coming in. >> Hey, thanks. >> So when we always chat about, when we're at KubeCon. KubeConEU is coming up and in a few, in a few months, the number one conversation is developer productivity. And the developers are driving all the standards. It's interesting to see how they just throw everything out there and whatever gets adopted ends up becoming the standard, not the old school way of kind of getting stuff done. So that's cool. Security Kubernetes and Containers are all kind of now that next level. So you're starting to see the early adopters moving to the mainstream. Enterprises, a variety of different approaches. You guys are at the center of this. We've had a couple conversations with your CEO and your tech team over there. What are you seeing? You're building the products. What's the core product focus right now for Platform9? What are you guys aiming for? >> The core is that blend of enabling your infrastructure and PlatformOps or DevOps teams to be able to go fast and run in a stable environment, but at the same time enable developers. We don't want people going back to what I've been calling Shadow IT 2.0. It's, hey, I've been told to do something. I kicked off this Container initiative. I need to run my software somewhere. I'm just going to go figure it out. We want to keep those people productive. At the same time we want to enable velocity for our operations teams, be it PlatformOps or DevOps. >> Take us through in your mind and how you see the industry rolling out this Cloud Native journey. Where do you see customers out there? Because DevOps have been around, DevSecOps is rocking, you're seeing AI, hot trend now. Developers are still in charge. Is there a change to the infrastructure of how developers get their coding done and the infrastructure, setting up the DevOps is key, but when you add the Cloud Native journey for an enterprise, what changes? What is the, what is the, I guess what is the Cloud Native journey for an enterprise these days? >> The Cloud Native journey or the change? When- >> Let's start with the, let's start with what they want to do. What's the goal and then how does that happen? >> I think the goal is that promise land. Increased resiliency, better scalability, and overall reduced costs. I've gone from physical to virtual that gave me a higher level of density, packing of resources. I'm moving to Containers. I'm removing that OS layer again. I'm getting a better density again, but all of a sudden I'm running Kubernetes. What does that, what does that fundamentally do to my operations? Does it magically give me scalability and resiliency? Or do I need to change what I'm running and how it's running so it fits that infrastructure? And that's the reality, is you can't just take a Container and drop it into Kubernetes and say, hey, I'm now Cloud Native. I've got reduced cost, or I've got better resiliency. There's things that your engineering teams need to do to make sure that application is a Cloud Native. And then there's what I think is one of the largest shifts of virtual machines to containers. When I was in the world of application performance monitoring, we would see customers saying, well, my engineering team have this Java app, and they said it needs a VM with 12 gig of RAM and eight cores, and that's what we gave it. But it's running slow. I'm working with the application team and you can see it's running slow. And they're like, well, it's got all of its resources. One of those nice features of virtualization is over provisioning. So the infrastructure team would say, well, we gave it, we gave it all a RAM it needed. And what's wrong with that being over provisioned? It's like, well, Java expects that RAM to be there. Now all of a sudden, when you move to the world of containers, what we've got is that's not a set resource limit, really is like it used to be in a VM, right? When you set it for a container, your application teams really need to be paying attention to your resource limits and constraints within the world of Kubernetes. So instead of just being able to say, hey, I'm throwing over the fence and now it's just going to run on a VM, and that VMs got everything it needs. It's now really running on more, much more of a shared infrastructure where limits and constraints are going to impact the neighbors. They are going to impact who's making that decision around resourcing. Because that Kubernetes concept of over provisioning and the virtualization concept of over provisioning are not the same. So when I look at this problem, it's like, well, what changed? Well, I'll do my scale tests as an application developer and tester, and I'd see what resources it needs. I asked for that in the VM, that sets the high watermark, job's done. Well, Kubernetes, it's no longer a VM, it's a Kubernetes manifest. And well, who owns that? Who's writing it? Who's setting those limits? To me, that should be the application team. But then when it goes into operations world, they're like, well, that's now us. Can we change those? So it's that amalgamation of the two that is saying, I'm a developer. I used to pay attention, but now I need to pay attention. And an infrastructure person saying, I used to just give 'em what they wanted, but now I really need to know what they've wanted, because it's going to potentially have a catastrophic impact on what I'm running. >> So what's the impact for the developer? Because, infrastructure's code is what everybody wants. The developer just wants to get the code going and they got to pay attention to all these things, or don't they? Is that where you guys come in? How do you guys see the problem? Actually scope the problem that you guys solve? 'Cause I think you're getting at I think the core issue here, which is, I've got Kubernetes, I've got containers, I've got developer productivity that I want to focus on. What's the problem that you guys solve? >> Platform operation teams that are adopting Cloud Native in their environment, they've got that steep learning curve of Kubernetes plus this fundamental change of how an app runs. What we're doing is taking away the burden of needing to operate and run Kubernetes and giving them the choice of the flexibility of infrastructure and location. Be that an air gap environment like a, let's say a telco provider that needs to run a containerized network function and containerized workloads for 5G. That's one thing that we can deploy and achieve in a completely inaccessible environment all the way through to Platform9 running traditionally as SaaS, as we were born, that's remotely managing and controlling your Kubernetes environments on-premise AWS. That hybrid cloud experience that could be also Bare Metal, but it's our platform running your environments with our support there, 24 by seven, that's proactively reaching out. So it's removing a lot of that burden and the complications that come along with operating the environment and standing it up, which means all of a sudden your DevOps and platform operations teams can go and work with your engineers and application developers and say, hey, let's get, let's focus on the stuff that, that we need to be focused on, which is running our business and providing a service to our customers. Not figuring out how to upgrade a Kubernetes cluster, add new nodes, and configure all of the low level. >> I mean there are, that's operations that just needs to work. And sounds like as they get into the Cloud Native kind of ops, there's a lot of stuff that kind of goes wrong. Or you go, oops, what do we buy into? Because the CIOs, let's go, let's go Cloud Native. We want to, we got to get set up for the future. We're going to be Cloud Native, not just lift and shift and we're going to actually build it out right. Okay, that sounds good. And when we have to actually get done. >> Chris: Yeah. >> You got to spin things up and stand up the infrastructure. What specifically use case do you guys see that emerges for Platform9 when people call you up and you go talk to customers and prospects? What's the one thing or use case or cases that you guys see that you guys solve the best? >> So I think one of the, one of the, I guess new use cases that are coming up now, everyone's talking about economic pressures. I think the, the tap blows open, just get it done. CIO is saying let's modernize, let's use the cloud. Now all of a sudden they're recognizing, well wait, we're spending a lot of money now. We've opened that tap all the way, what do we do? So now they're looking at ways to control that spend. So we're seeing that as a big emerging trend. What we're also sort of seeing is people looking at their data centers and saying, well, I've got this huge legacy environment that's running a hypervisor. It's running VMs. Can we still actually do what we need to do? Can we modernize? Can we start this Cloud Native journey without leaving our data centers, our co-locations? Or if I do want to reduce costs, is that that thing that says maybe I'm repatriating or doing a reverse migration? Do I have to go back to my data center or are there other alternatives? And we're seeing that trend a lot. And our roadmap and what we have in the product today was specifically built to handle those, those occurrences. So we brought in KubeVirt in terms of virtualization. We have a long legacy doing OpenStack and private clouds. And we've worked with a lot of those users and customers that we have and asked the questions, what's important? And today, when we look at the world of Cloud Native, you can run virtualization within Kubernetes. So you can, instead of running two separate platforms, you can have one. So all of a sudden, if you're looking to modernize, you can start on that new infrastructure stack that can run anywhere, Kubernetes, and you can start bringing VMs over there as you are containerizing at the same time. So now you can keep your application operations in one environment. And this also helps if you're trying to reduce costs. If you really are saying, we put that Dev environment in AWS, we've got a huge amount of velocity out of it now, can we do that elsewhere? Is there a co-location we can go to? Is there a provider that we can go to where we can run that infrastructure or run the Kubernetes, but not have to run the infrastructure? >> It's going to be interesting too, when you see the Edge come online, you start, we've got Mobile World Congress coming up, KubeCon events we're going to be at, the conversation is not just about public cloud. And you guys obviously solve a lot of do-it-yourself implementation hassles that emerge when people try to kind of stand up their own environment. And we hear from developers consistency between code, managing new updates, making sure everything is all solid so they can go fast. That's the goal. And that, and then people can get standardized on that. But as you get public cloud and do it yourself, kind of brings up like, okay, there's some gaps there as the architecture changes to be more distributed computing, Edge, on-premises cloud, it's cloud operations. So that's cool for DevOps and Cloud Native. How do you guys differentiate from say, some the public cloud opportunities and the folks who are doing it themselves? How do you guys fit in that world and what's the pitch or what's the story? >> The fit that we look at is that third alternative. Let's get your team focused on what's high value to your business and let us deliver that public cloud experience on your infrastructure or in the public cloud, which gives you that ability to still be flexible if you want to make choices to run consistently for your developers in two different locations. So as I touched on earlier, instead of saying go figure out Kubernetes, how do you upgrade a hundred worker nodes in place upgrade. We've solved that problem. That's what we do every single day of the week. Don't go and try to figure out how to upgrade a cluster and then upgrade all of the, what I call Kubernetes friends, your core DNSs, your metrics server, your Kubernetes dashboard. These are all things that we package, we test, we version. So when you click upgrade, we've already handled that entire process. So it's saying don't have your team focused on that lower level piece of work. Get them focused on what is important, which is your business services. >> Yeah, the infrastructure and getting that stood up. I mean, I think the thing that's interesting, if you look at the market right now, you mentioned cost savings and recovery, obviously kind of a recession. I mean, people are tightening their belts for sure. I don't think the digital transformation and Cloud Native spend is going to plummet. It's going to probably be on hold and be squeezed a little bit. But to your point, people are refactoring looking at how to get the best out of what they got. It's not just open the tap of spend the cash like it used to be. Yeah, a couple months, even a couple years ago. So okay, I get that. But then you look at the what's coming, AI. You're seeing all the new data infrastructure that's coming. The containers, Kubernetes stuff, got to get stood up pretty quickly and it's got to be reliable. So to your point, the teams need to get done with this and move on to the next thing. >> Chris: Yeah, yeah, yeah. >> 'Cause there's more coming. I mean, there's a lot coming for the apps that are building in Data Native, AI-Native, Cloud Native. So it seems that this Kubernetes thing needs to get solved. Is that kind of what you guys are focused on right now? >> So, I mean to use a customer, we have a customer that's in AI/ML and they run their platform at customer sites and that's hardware bound. You can't run AI machine learning on anything anywhere. Well, with Platform9 they can. So we're enabling them to deliver services into their customers that's running their AI/ML platform in their customer's data centers anywhere in the world on hardware that is purpose-built for running that workload. They're not Kubernetes experts. That's what we are. We're bringing them that ability to focus on what's important and just delivering their business services whilst they're enabling our team. And our 24 by seven proactive management are always on assurance to keep that up and running for them. So when something goes bump at the night at 2:00am, our guys get woken up. They're the ones that are reaching out to the customer saying, your environments have a problem, we're taking these actions to fix it. Obviously sometimes, especially if it is running on Bare Metal, there's things you can't do remotely. So you might need someone to go and do that. But even when that happens, you're not by yourself. You're not sitting there like I did when I worked for a bank in one of my first jobs, three o'clock in the morning saying, wow, our end of day processing is stuck. Who else am I waking up? Right? >> Exactly, yeah. Got to get that cash going. But this is a great use case. I want to get to the customer. What do some of the successful customers say to you for the folks watching that aren't yet a customer of Platform9, what are some of the accolades and comments or anecdotes that you guys hear from customers that you have? >> It just works, which I think is probably one of the best ones you can get. Customers coming back and being able to show to their business that they've delivered growth, like business growth and productivity growth and keeping their organization size the same. So we started on our containerization journey. We went to Kubernetes. We've deployed all these new workloads and our operations team is still six people. We're doing way more with growth less, and I think that's also talking to the strength that we're bringing, 'cause we're, we're augmenting that team. They're spending less time on the really low level stuff and automating a lot of the growth activity that's involved. So when it comes to being able to grow their business, they can just focus on that, not- >> Well you guys do the heavy lifting, keep on top of the Kubernetes, make sure that all the versions are all done. Everything's stable and consistent so they can go on and do the build out and provide their services. That seems to be what you guys are best at. >> Correct, correct. >> And so what's on the roadmap? You have the product, direct product management, you get the keys to the kingdom. What is, what is the focus? What's your focus right now? Obviously Kubernetes is growing up, Containers. We've been hearing a lot at the last KubeCon about the security containers is getting better. You've seen verification, a lot more standards around some things. What are you focused on right now for at a product over there? >> Edge is a really big focus for us. And I think in Edge you can look at it in two ways. The mantra that I drive is Edge must be remote. If you can't do something remotely at the Edge, you are using a human being, that's not Edge. Our Edge management capabilities and being in the market for over two years are a hundred percent remote. You want to stand up a store, you just ship the server in there, it gets racked, the rest of it's remote. Imagine a store manager in, I don't know, KFC, just plugging in the server, putting in the ethernet cable, pressing the power button. The rest of all that provisioning for that Cloud Native stack, Kubernetes, KubeVirt for virtualization is done remotely. So we're continuing to focus on that. The next piece that is related to that is allowing people to run Platform9 SaaS in their data centers. So we do ag app today and we've had a really strong focus on telecommunications and the containerized network functions that come along with that. So this next piece is saying, we're bringing what we run as SaaS into your data center, so then you can run it. 'Cause there are many people out there that are saying, we want these capabilities and we want everything that the Platform9 control plane brings and simplifies. But unfortunately, regulatory compliance reasons means that we can't leverage SaaS. So they might be using a cloud, but they're saying that's still our infrastructure. We're still closed that network down, or they're still on-prem. So they're two big priorities for us this year. And that on-premise experiences is paramount, even to the point that we will be delivering a way that when you run an on-premise, you can still say, wait a second, well I can send outbound alerts to Platform9. So their support team can still be proactively helping me as much as they could, even though I'm running Platform9s control plane. So it's sort of giving that blend of two experiences. They're big, they're big priorities. And the third pillar is all around virtualization. It's saying if you have economic pressures, then I think it's important to look at what you're spending today and realistically say, can that be reduced? And I think hypervisors and virtualization is something that should be looked at, because if you can actually reduce that spend, you can bring in some modernization at the same time. Let's take some of those nos that exist that are two years into their five year hardware life cycle. Let's turn that into a Cloud Native environment, which is enabling your modernization in place. It's giving your engineers and application developers the new toys, the new experiences, and then you can start running some of those virtualized workloads with KubeVirt, there. So you're reducing cost and you're modernizing at the same time with your existing infrastructure. >> You know Chris, the topic of this content series that we're doing with you guys is finding the right path, trusting the right path to Cloud Native. What does that mean? I mean, if you had to kind of summarize that phrase, trusting the right path to Cloud Native, what does that mean? It mean in terms of architecture, is it deployment? Is it operations? What's the underlying main theme of that quote? What's the, what's? How would you talk to a customer and say, what does that mean if someone said, "Hey, what does that right path mean?" >> I think the right path means focusing on what you should be focusing on. I know I've said it a hundred times, but if your entire operations team is trying to figure out the nuts and bolts of Kubernetes and getting three months into a journey and discovering, ah, I need Metrics Server to make something function. I want to use Horizontal Pod Autoscaler or Vertical Pod Autoscaler and I need this other thing, now I need to manage that. That's not the right path. That's literally learning what other people have been learning for the last five, seven years that have been focused on Kubernetes solely. So the why- >> There's been a lot of grind. People have been grinding it out. I mean, that's what you're talking about here. They've been standing up the, when Kubernetes started, it was all the promise. >> Chris: Yep. >> And essentially manually kind of getting in in the weeds and configuring it. Now it's matured up. They want stability. >> Chris: Yeah. >> Not everyone can get down and dirty with Kubernetes. It's not something that people want to generally do unless you're totally into it, right? Like I mean, I mean ops teams, I mean, yeah. You know what I mean? It's not like it's heavy lifting. Yeah, it's important. Just got to get it going. >> Yeah, I mean if you're deploying with Platform9, your Ops teams can tinker to their hearts content. We're completely compliant upstream Kubernetes. You can go and change an API server flag, let's go and mess with the scheduler, because we want to. You can still do that, but don't, don't have your team investing in all this time to figure it out. It's been figured out. >> John: Got it. >> Get them focused on enabling velocity for your business. >> So it's not build, but run. >> Chris: Correct? >> Or run Kubernetes, not necessarily figure out how to kind of get it all, consume it out. >> You know we've talked to a lot of customers out there that are saying, "I want to be able to deliver a service to my users." Our response is, "Cool, let us run it. You consume it, therefore deliver it." And we're solving that in one hit versus figuring out how to first run it, then operate it, then turn that into a consumable service. >> So the alternative Platform9 is what? They got to do it themselves or use the Cloud or what's the, what's the alternative for the customer for not using Platform9? Hiring more people to kind of work on it? What's the? >> People, building that kind of PaaS experience? Something that I've been very passionate about for the past year is looking at that world of sort of GitOps and what that means. And if you go out there and you sort of start asking the question what's happening? Just generally with Kubernetes as well and GitOps in that scope, then you'll hear some people saying, well, I'm making it PaaS, because Kubernetes is too complicated for my developers and we need to give them something. There's some great material out there from the likes of Intuit and Adobe where for two big contributors to Argo and the Argo projects, they almost have, well they do have, different experiences. One is saying, we went down the PaaS route and it failed. The other one is saying, well we've built a really stable PaaS and it's working. What are they trying to do? They're trying to deliver an outcome to make it easy to use and consume Kubernetes. So you could go out there and say, hey, I'm going to build a Kubernetes cluster. Sounds like Argo CD is a great way to expose that to my developers so they can use Kubernetes without having to use Kubernetes and start automating things. That is an approach, but you're going to be going completely open source and you're going to have to bring in all the individual components, or you could just lay that, lay it down, and consume it as a service and not have to- >> And mentioned to it. They were the ones who kind of brought that into the open. >> They did. Inuit is the primary contributor to the Argo set of products. >> How has that been received in the market? I mean, they had the event at the Computer History Museum last fall. What's the momentum there? What's the big takeaway from that project? >> Growth. To me, growth. I mean go and track the stars on that one. It's just, it's growth. It's unlocking machine learning. Argo workflows can do more than just make things happen. Argo CD I think the approach they're taking is, hey let's make this simple to use, which I think can be lost. And I think credit where credit's due, they're really pushing to bring in a lot of capabilities to make it easier to work with applications and microservices on Kubernetes. It's not just that, hey, here's a GitOps tool. It can take something from a Git repo and deploy it and maybe prioritize it and help you scale your operations from that perspective. It's taking a step back and saying, well how did we get to production in the first place? And what can be done down there to help as well? I think it's growth expansion of features. They had a huge release just come out in, I think it was 2.6, that brought in things that as a product manager that I don't often look at like really deep technical things and say wow, that's powerful. But they have, they've got some great features in that release that really do solve real problems. >> And as the product, as the product person, who's the target buyer for you? Who's the customer? Who's making that? And you got decision maker, influencer, and recommender. Take us through the customer persona for you guys. >> So that Platform Ops, DevOps space, right, the people that need to be delivering Containers as a service out to their organization. But then it's also important to say, well who else are our primary users? And that's developers, engineers, right? They shouldn't have to say, oh well I have access to a Kubernetes cluster. Do I have to use kubectl or do I need to go find some other tool? No, they can just log to Platform9. It's integrated with your enterprise id. >> They're the end customer at the end of the day, they're the user. >> Yeah, yeah. They can log in. And they can see the clusters you've given them access to as a Platform Ops Administrator. >> So job well done for you guys. And your mind is the developers are moving 'em fast, coding and happy. >> Chris: Yeah, yeah. >> And and from a customer standpoint, you reduce the maintenance cost, because you keep the Ops smoother, so you got efficiency and maintenance costs kind of reduced or is that kind of the benefits? >> Yeah, yep, yeah. And at two o'clock in the morning when things go inevitably wrong, they're not there by themselves, and we're proactively working with them. >> And that's the uptime issue. >> That is the uptime issue. And Cloud doesn't solve that, right? Everyone experienced that Clouds can go down, entire regions can go offline. That's happened to all Cloud providers. And what do you do then? Kubernetes isn't your recovery plan. It's part of it, right, but it's that piece. >> You know Chris, to wrap up this interview, I will say that "theCUBE" is 12 years old now. We've been to OpenStack early days. We had you guys on when we were covering OpenStack and now Cloud has just been booming. You got AI around the corner, AI Ops, now you got all this new data infrastructure, it's just amazing Cloud growth, Cloud Native, Security Native, Cloud Native, Data Native, AI Native. It's going to be all, this is the new app environment, but there's also existing infrastructure. So going back to OpenStack, rolling our own cloud, building your own cloud, building infrastructure cloud, in a cloud way, is what the pioneers have done. I mean this is what we're at. Now we're at this scale next level, abstracted away and make it operational. It seems to be the key focus. We look at CNCF at KubeCon and what they're doing with the cloud SecurityCon, it's all about operations. >> Chris: Yep, right. >> Ops and you know, that's going to sound counterintuitive 'cause it's a developer open source environment, but you're starting to see that Ops focus in a good way. >> Chris: Yeah, yeah, yeah. >> Infrastructure as code way. >> Chris: Yep. >> What's your reaction to that? How would you summarize where we are in the industry relative to, am I getting, am I getting it right there? Is that the right view? What am I missing? What's the current state of the next level, NextGen infrastructure? >> It's a good question. When I think back to sort of late 2019, I sort of had this aha moment as I saw what really truly is delivering infrastructure as code happening at Platform9. There's an open source project Ironic, which is now also available within Kubernetes that is Metal Kubed that automates Bare Metal as code, which means you can go from an empty server, lay down your operating system, lay down Kubernetes, and you've just done everything delivered to your customer as code with a Cloud Native platform. That to me was sort of the biggest realization that I had as I was moving into this industry was, wait, it's there. This can be done. And the evolution of tooling and operations is getting to the point where that can be achieved and it's focused on by a number of different open source projects. Not just Ironic and and Metal Kubed, but that's a huge win. That is truly getting your infrastructure. >> John: That's an inflection point, really. >> Yeah. >> If you think about it, 'cause that's one of the problems. We had with the Bare Metal piece was the automation and also making it Cloud Ops, cloud operations. >> Right, yeah. I mean, one of the things that I think Ironic did really well was saying let's just treat that piece of Bare Metal like a Cloud VM or an instance. If you got a problem with it, just give the person using it or whatever's using it, a new one and reimage it. Just tell it to reimage itself and it'll just (snaps fingers) go. You can do self-service with it. In Platform9, if you log in to our SaaS Ironic, you can go and say, I want that physical server to myself, because I've got a giant workload, or let's turn it into a Kubernetes cluster. That whole thing is automated. To me that's infrastructure as code. I think one of the other important things that's happening at the same time is we're seeing GitOps, we're seeing things like Terraform. I think it's important for organizations to look at what they have and ask, am I using tools that are fit for tomorrow or am I using tools that are yesterday's tools to solve tomorrow's problems? And when especially it comes to modernizing infrastructure as code, I think that's a big piece to look at. >> Do you see Terraform as old or new? >> I see Terraform as old. It's a fantastic tool, capable of many great things and it can work with basically every single provider out there on the planet. It is able to do things. Is it best fit to run in a GitOps methodology? I don't think it is quite at that point. In fact, if you went and looked at Flux, Flux has ways that make Terraform GitOps compliant, which is absolutely fantastic. It's using two tools, the best of breeds, which is solving that tomorrow problem with tomorrow solutions. >> Is the new solutions old versus new. I like this old way, new way. I mean, Terraform is not that old and it's been around for about eight years or so, whatever. But HashiCorp is doing a great job with that. I mean, so okay with Terraform, what's the new address? Is it more complex environments? Because Terraform made sense when you had basic DevOps, but now it sounds like there's a whole another level of complexity. >> I got to say. >> New tools. >> That kind of amalgamation of that application into infrastructure. Now my app team is paying way more attention to that manifest file, which is what GitOps is trying to solve. Let's templatize things. Let's version control our manifest, be it helm, customize, or just a straight up Kubernetes manifest file, plain and boring. Let's get that version controlled. Let's make sure that we know what is there, why it was changed. Let's get some auditability and things like that. And then let's get that deployment all automated. So that's predicated on the cluster existing. Well why can't we do the same thing with the cluster, the inception problem. So even if you're in public cloud, the question is like, well what's calling that API to call that thing to happen? Where is that file living? How well can I manage that in a large team? Oh my God, something just changed. Who changed it? Where is that file? And I think that's one of big, the big pieces to be sold. >> Yeah, and you talk about Edge too and on-premises. I think one of the things I'm observing and certainly when DevOps was rocking and rolling and infrastructures code was like the real push, it was pretty much the public cloud, right? >> Chris: Yep. >> And you did Cloud Native and you had stuff on-premises. Yeah you did some lifting and shifting in the cloud, but the cool stuff was going in the public cloud and you ran DevOps. Okay, now you got on-premise cloud operation and Edge. Is that the new DevOps? I mean 'cause what you're kind of getting at with old new, old new Terraform example is an interesting point, because you're pointing out potentially that that was good DevOps back in the day or it still is. >> Chris: It is, I was going to say. >> But depending on how you define what DevOps is. So if you say, I got the new DevOps with public on-premise and Edge, that's just not all public cloud, that's essentially distributed Cloud Native. >> Correct. Is that the new DevOps in your mind or is that? How would you, or is that oversimplifying it? >> Or is that that term where everyone's saying Platform Ops, right? Has it shifted? >> Well you bring up a good point about Terraform. I mean Terraform is well proven. People love it. It's got great use cases and now there seems to be new things happening. We call things like super cloud emerging, which is multicloud and abstraction layers. So you're starting to see stuff being abstracted away for the benefits of moving to the next level, so teams don't get stuck doing the same old thing. They can move on. Like what you guys are doing with Platform9 is providing a service so that teams don't have to do it. >> Correct, yeah. >> That makes a lot of sense, So you just, now it's running and then they move on to the next thing. >> Chris: Yeah, right. >> So what is that next thing? >> I think Edge is a big part of that next thing. The propensity for someone to put up with a delay, I think it's gone. For some reason, we've all become fairly short-tempered, Short fused. You know, I click the button, it should happen now, type people. And for better or worse, hopefully it gets better and we all become a bit more patient. But how do I get more effective and efficient at delivering that to that really demanding- >> I think you bring up a great point. I mean, it's not just people are getting short-tempered. I think it's more of applications are being deployed faster, security is more exposed if they don't see things quicker. You got data now infrastructure scaling up massively. So, there's a double-edged swords to scale. >> Chris: Yeah, yeah. I mean, maintenance, downtime, uptime, security. So yeah, I think there's a tension around, and one hand enthusiasm around pushing a lot of code and new apps. But is the confidence truly there? It's interesting one little, (snaps finger) supply chain software, look at Container Security for instance. >> Yeah, yeah. It's big. I mean it was codified. >> Do you agree that people, that's kind of an issue right now. >> Yeah, and it was, I mean even the supply chain has been codified by the US federal government saying there's things we need to improve. We don't want to see software being a point of vulnerability, and software includes that whole process of getting it to a running point. >> It's funny you mentioned remote and one of the thing things that you're passionate about, certainly Edge has to be remote. You don't want to roll a truck or labor at the Edge. But I was doing a conversation with, at Rebars last year about space. It's hard to do brake fix on space. It's hard to do a, to roll a someone to configure satellite, right? Right? >> Chris: Yeah. >> So Kubernetes is in space. We're seeing a lot of Cloud Native stuff in apps, in space, so just an example. This highlights the fact that it's got to be automated. Is there a machine learning AI angle with all this ChatGPT talk going on? You see all the AI going the next level. Some pretty cool stuff and it's only, I know it's the beginning, but I've heard people using some of the new machine learning, large language models, large foundational models in areas I've never heard of. Machine learning and data centers, machine learning and configuration management, a lot of different ways. How do you see as the product person, you incorporating the AI piece into the products for Platform9? >> I think that's a lot about looking at the telemetry and the information that we get back and to use one of those like old idle terms, that continuous improvement loop to feed it back in. And I think that's really where machine learning to start with comes into effect. As we run across all these customers, our system that helps at two o'clock in the morning has that telemetry, it's got that data. We can see what's changing and what's happening. So it's writing the right algorithms, creating the right machine learning to- >> So training will work for you guys. You have enough data and the telemetry to do get that training data. >> Yeah, obviously there's a lot of investment required to get there, but that is something that ultimately that could be achieved with what we see in operating people's environments. >> Great. Chris, great to have you here in the studio. Going wide ranging conversation on Kubernetes and Platform9. I guess my final question would be how do you look at the next five years out there? Because you got to run the product management, you got to have that 20 mile steer, you got to look at the customers, you got to look at what's going on in the engineering and you got to kind of have that arc. This is the right path kind of view. What's the five year arc look like for you guys? How do you see this playing out? 'Cause KubeCon is coming up and we're you seeing Kubernetes kind of break away with security? They had, they didn't call it KubeCon Security, they call it CloudNativeSecurityCon, they just had in Seattle inaugural events seemed to go well. So security is kind of breaking out and you got Kubernetes. It's getting bigger. Certainly not going away, but what's your five year arc of of how Platform9 and Kubernetes and Ops evolve? >> It's to stay on that theme, it's focusing on what is most important to our users and getting them to a point where they can just consume it, so they're not having to operate it. So it's finding those big items and bringing that into our platform. It's something that's consumable, that's just taken care of, that's tested with each release. So it's simplifying operations more and more. We've always said freedom in cloud computing. Well we started on, we started on OpenStack and made that simple. Stable, easy, you just have it, it works. We're doing that with Kubernetes. We're expanding out that user, right, we're saying bring your developers in, they can download their Kube conflict. They can see those Containers that are running there. They can access the events, the log files. They can log in and build a VM using KubeVirt. They're self servicing. So it's alleviating pressures off of the Ops team, removing the help desk systems that people still seem to rely on. So it's like what comes into that field that is the next biggest issue? Is it things like CI/CD? Is it simplifying GitOps? Is it bringing in security capabilities to talk to that? Or is that a piece that is a best of breed? Is there a reason that it's been spun out to its own conference? Is this something that deserves a focus that should be a specialized capability instead of tooling and vendors that we work with, that we partner with, that could be brought in as a service. I think it's looking at those trends and making sure that what we bring in has the biggest impact to our users. >> That's awesome. Thanks for coming in. I'll give you the last word. Put a plug in for Platform9 for the people who are watching. What should they know about Platform9 that they might not know about it or what should? When should they call you guys and when should they engage? Take a take a minute to give the plug. >> The plug. I think it's, if your operations team is focused on building Kubernetes, stop. That shouldn't be the cloud. That shouldn't be in the Edge, that shouldn't be at the data center. They should be consuming it. If your engineering teams are all trying different ways and doing different things to use and consume Cloud Native services and Kubernetes, they shouldn't be. You want consistency. That's how you get economies of scale. Provide them with a simple platform that's integrated with all of your enterprise identity where they can just start consuming instead of having to solve these problems themselves. It's those, it's those two personas, right? Where the problems manifest. What are my operations teams doing, and are they delivering to my company or are they building infrastructure again? And are my engineers sprinting or crawling? 'Cause if they're not sprinting, you should be asked the question, do I have the right Cloud Native tooling in my environment and how can I get them back? >> I think it's developer productivity, uptime, security are the tell signs. You get that done. That's the goal of what you guys are doing, your mission. >> Chris: Yep. >> Great to have you on, Chris. Thanks for coming on. Appreciate it. >> Chris: Thanks very much. 0 Okay, this is "theCUBE" here, finding the right path to Cloud Native. I'm John Furrier, host of "theCUBE." Thanks for watching. (upbeat music)

(upbeat music) >> Hello and welcome back to theCUBE's coverage of Cloud Native SecurityCon North America 2023. Its first inaugural event. It's theCUBE's coverage. We were there at the first event for a KubeCon before CNCF kind of took it over. It was in Seattle. And so in Seattle this week is Cloud Native SecurityCon. Of course, theCUBE is there covering via our Palo Alto Studios and our experts around the world who are bringing in Bassam Tabbara who's the CEO and founder of upbound.io. That's the URL, but Upbound is the company. The creators of Crossplane. Really kind of looking at the Crossplane, across the abstraction layer, across clouds. A big part of, as we call supercloud trend. Bassam, great to see you. You've been legend in the open source community. Great to have you on. >> Thanks, John. Always good to be on theCUBE. >> I really wanted to bring you in 'cause I want to get your perspective. You've seen the movie, you've seen open source software grow, it continues to grow. Now you're starting to see the Linux Foundation, which has CNCF really expanding their realm. They got the CloudNativeCon, KubeCon, which is Kubernetes event. That's gotten so massive and so successful. We've been to every single one as you know. I've seen you there and all of them as well. So that's going great. Now they got this new event that's spins out dedicated to security. Everybody wants to know why the new event? What's the focus? Is it needed? What will they do? What's different from KubeCon? Where do I play? And so there's a little bit of a question mark in the ecosystem around this event. And so we've been reporting on it. Looking good so far. People are buzzing, again, they're keeping it small. So that kind of managing expectations like any good event would do. But I think it's been successful, which I wanted like to get your take on how you see it. Is this good? Are you indifferent? Are you excited by this? What's your take? >> I mean, look, it's super exciting to see all the momentum around cloud native. Obviously there are different dimensions of cloud native securities, an important piece. Networking, storage, compute, like all those things I think tie back together and in some ways you can look at this event as a focused event on the security aspect as it relates to cloud native. And there are lots of vendors in this space. There's lots of interesting projects in the space, but the unifying theme is that they come together and probably around the Kubernetes API and the momentum around cloud native and with Kubernetes at the center of it. >> On the focus on Kubernetes, it seems this event is kind of classic security where you want to have deep dives. Again, I call it the event operating system 'cause you decouple, make things highly cohesive, and you link them together. I don't see a problem with it. I kind of like this. I gave it good reviews if they stay focused because security is super critical. There was references to bind and DNS. There's a lot of things in the infrastructure plumbing that need to be looked at or managed or figured out or just refactored for modernization needs. And I know you've done a lot with storage, for instance, storage, networking, kernel. There's a lot of things in the old tech or tech in the cloud that needs to be kind, I won't say rebooted, but maybe reset or jump. Do you see it that way? Are there things that need to get done or is it just that there's so much complexity in the different cloud cluster code thing going on? >> It's obviously security is a very, very big space and there are so many different aspects of it that people you can go into. I think the thing that's interesting around the cloud native community is that there is a unifying theme. Like forget the word cloud native for a second, but the unifying theme is that people are building around what looks like a standardized play around Kubernetes and the Kubernetes API. And as a result you can recast a lot of the technologies that we are used to in the past in a traditional security sense. You can recast them on top of this new standardized approach or on Kubernetes, whether it's policy or protecting a supply chain or scanning, or like a lot of the access control authorization, et cetera. All of those things can be either revived to apply to this cloud native play and the Kubernetes play or creating new opportunities for companies to actually build new and interesting projects and companies around a standardized play. >> Do you think this also will help the KubeCon be more focused around the developer areas there and just touching on security versus figuring out how to take something so important in KubeCon, which the stakeholders in KubeCon have have grown so big, I can see security sucking a lot of oxygen out of the room there. So here you move it over, you keep it over here. Will anything change on the KubeCon site? We'll be there in in Amsterdam in April. What do you think the impact will be? Good? Is it good for the community? Just good swim lanes? What's your take? >> Yeah, I still think KubeCon will be an umbrella event for the whole cloud native community. I suspect that you'll see some of the same vendors and projects and everything else represented in KubeCon. The way I think about all the branched cloud native events are essentially a way to have a more focused discussion, get people together to talk about security topics or networking topics or things that are more focused way. But I don't think it changes the the effect of KubeCon being the umbrella around all of it. So I think you'll see the same presence and maybe larger presence going forward at Amsterdam. We're planning to be there obviously and I'm excited to be there and I think it'll be a big event and having a smaller event is not going to diminish the effect of KubeCon. >> And if you look at the developer community they've all been online for a long time, from IRC chat to now Slack and now new technologies and stuff like Discord out there. The event world has changed post-pandemic. So it makes sense. And we're seeing this with all vendors, by the way, and projects. The digital community angle is huge because if you have a big tent event like KubeCon you can make that a rallying moment in the industry and then have similar smaller events that are highly focused that build off that that are just connective tissue or subnets, if you will, or communities targeted for really deeper conversations. And they could be smaller events. They don't have to be monster events, but they're connected and traverse into the main event. This might be the event format for the future for all companies, whether it's AWS or a company that has a community where you create this network effect, if you will, around the people. >> That's right. And if you look at things like AWS re:Invent, et cetera, I mean, that's a massive events. And in some ways it, if it was a set of smaller sub events, maybe it actually will flourish more. I don't know, I'm not sure. >> They just killed the San Francisco event. >> That's right. >> But they have re:Inforce, all right, so they just established that their big events are re:Invent and re:Inforce as their big. >> Oh, I didn't hear about re:Inforce. That's news to me. >> re:Inforce is their third event. So they're doing something similar as CloudNativeCon, which is you have to have an event and then they're going to create a lot of sub events underneath. So I think they are trying to do that. Very interesting. >> Very interesting for sure. >> So let's talk about what you guys are up to. I know from your standpoint, you had a lot of security conversations. How is Crossplane doing? Obviously, you saw our Supercloud coverage. You guys fit right into that model where clients, customers, enterprises are going to want to have multiple cloud operating environments for whatever the use case, whether you're using ChatGPT, you got to get an Azure instance up and running for that. Now with APIs, we're hearing a lot of developers doing that. So you're going to start to see this cross cloud as VMware calls, what we call it supercloud. There's more need for Crossplane like thinking. What's the update? >> For sure, and we see this very clearly as well. So the fact that there is a standardization layer, there is a layer that lets you converge the different vendors that you have, the different clouds that you have, the different hype models that you have, whether it's hybrid or private, public, et cetera. The unifying theme is that you're literally bringing all those things under one control plane that enables you to actually centralize and standardize on security, access control, helps you standardize on cost control, quota policy, as well as create a self-service experience for your developers. And so from a security standpoint, the beauty of this is like, you could use really popular projects like open policy agent or Kyverno or others if you want to do policy and do so uniformly across your entire stack, your entire footprint of tooling, vendors, services and across deployment models. Those things are possible because you're standardizing and consolidating on a control plane on top of all. And that's the thing that gets our customers excited. That we're seeing in the community that they could actually now normalize standardize on small number of projects and tools to manage everything. >> We were talking about that in our summary of the keynote yesterday. Dave Vellante and I were talking about the idea of clients want to have a redo of their security. They've been, just the tooling has been building up. They got zero trust in place, maybe with some big vendor, but now got the cloud native opportunity to refactor and reset and reinvent their security paradigm. And so that's the positive thing we're hearing. Now we're seeing enterprises want this cross cloud capabilities or Crossplane like thinking that you guys are talking about. What are your customers telling you? Can you share from an enterprise perspective where they're at in this journey? Because part of the security problems that we've been reporting on has been because clients are moving from IT to cloud native and not everyone's moved over yet. So they're highly vulnerable to ransomware and all kinds of other crap. So another attacks, so they're wide open, But people who are moving into cloud native, are they stepping up their game on this Crossplane opportunity? Where are they at? Can you share data on that? >> Yeah, we're grateful to be talking to a lot of customers these days. And the interesting thing is even if you talked about large financial institutions, banks, et cetera, the common theme that we hear is that they bought tools for each of the different departments and however they're organized. Sometimes you see the folks that are running databases, networking, being separated from say, the computer app developers or they're all these different departments within an organization. And for each one of those, they've made localized decisions for tooling and services that they bought. What we're seeing now consistently is that they're all together, getting together, and trying to figure out how to standardize on a smaller one set of tooling and services that goes across all the different departments and all different aspects of the business that they're running. And this is where this discussion gets a lot very interesting. If instead of buying a different policy tool for each department, or once that fits it you could actually standardize on policy or the entire footprint of services that they're managing. And you get that by standardizing on a control plane or standardizing on effectively one point of control for everything that they're doing. And that theme is like literally, it gets all our customers excited. This is why they're engaging in all of this. It's almost the holy grail. The thing that I've been trying to do for a long time. >> I know. >> And it's finally happening. >> I know you and I have talked about this many times, but I got to ask you the one thing that jumps into everybody's head when you hear control plane is lock-in. So how do you discuss that lock-in, perception from the reality of the situation? How do you unpack that for the customer? 'Cause they want choice at the end of the day. There's the preferred vendors for sure on the hyperscale side and app side and open source, but what's the lock-in? What does the lock-in conversation look like? Or do they even have that conversation? >> Yeah. To be honest, I mean, so their lock-in could be a two dimensions here. Most of our customers and people are using Crossplane or using app on product around it. Most of our do, concentrated in, say a one cloud vendor and have others. So I don't think this is necessarily about multicloud per se or being locked into one vendor. But they do manage many different services and they have legacy tooling and they have different systems that they bought at different stages and they want to bring them all together. And by bringing them all together that helps them make choices about consulting or even replacing some of them. But right now everything is siloed, everything is separate, both organizationally as well as the code bases or investments and tooling or contracts. Everything is just completely separated and it requires humans to put them together. And organizations actually try to gather around and put them together. I don't know if lock-in is the driving goal for this, but it is standardization consolidation. That's the driving initiative. >> And so unification and building is the big driver. They're building out >> Correct, and you can ask why are they doing that? What does standardization help with? It helps them to become more productive. They can move faster, they can innovate faster. Not as a ton of, like literally revenue written all over. So it's super important to them that they achieved this, increase their pace of innovation around this and they do that by standardizing. >> The great point in all this and your success at Upbound and now CNCF success with KubeCon + CloudNativeCon and now with the inaugural event of Cloud Native SecurityCon is that the customers are involved, a lot of end users are involved. There's a big driver not only from the industry and the developers and getting architecture right and having choice. The customers want this to happen. They're leaning in, they're part of it. So that's a big driver. Where does this go? If you had to throw a dart at the board five years from now Cloud Native SecurityCon, what does it look like if you had to predict the trajectory of this event and community? >> Yeah, I mean, look, I think the trajectory one is that we have what looks like a standardization layer emerging that is all encompassing. And as a result, there is a ton of opportunity for vendors, projects, communities to build around within on top of this layer. And essentially create, I think you talked about an operating system earlier and decentralized aspect of this, but it's an opportunity to actually, what it looks like for the first time we have a convergence happening industry-wide and through open source and open source foundations. And I think that means that there'll be new opportunity and lots of new projects and things that are created in the space. And it also means that if you don't attach this space, you'll likely be left out. >> Awesome. Bassam, great to have you on, great expert commentary, obviously multi CUBE alumni and supporter of theCUBE and as you become successful we really appreciate your support for helping us get the content out there. And best of luck to your team and thanks for weighing in on Cloud Native SecurityCon. >> Awesome. It's always good talking to you, John. Thank you. >> Great stuff. This is more CUBE coverage from Palo Alto, getting folks on the ground on location, getting us the stories in Seattle. Of course, Cloud Native SecurityCon, the inaugural event, which looks like will be the beginning of a series of multi-year journey for the CNCF, focusing on security. Of course, theCUBE's here to cover it, every angle of it, and extract the signal from the noise. I'm John Furrier, thanks for watching. (upbeat music)

(upbeat music) >> Hello everyone, welcome back to theCUBE's coverage of Cloud Native SecurityCon North America 2023. Obviously, CUBE's coverage with our CUBE Center Report. We're not there on the ground, but we have folks and our CUBE Alumni there. We have entrepreneurs there. Of course, we want to be there in person, but we're remote. We've got Ben Hirschberg, CTO and Co-Founder of Armo, a cloud native security startup, well positioned in this industry. He's there in Seattle. Ben, thank you for coming on and sharing what's going on with theCUBE. >> Yeah, it's great to be here, John. >> So we had written on you guys up on SiliconANGLE. Congratulations on your momentum and traction. But let's first get into what's going on there on the ground? What are some of the key trends? What's the most important story being told there? What is the vibe? What's the most important story right now? >> So I think, I would like to start here with the I think the most important thing was that I think the event is very successful. Usually, the Cloud Native Security Day usually was part of KubeCon in the previous years and now it became its own conference of its own and really kudos to all the organizers who brought this up in, actually in a short time. And it wasn't really clear how many people will turn up, but at the end, we see a really nice turn up and really great talks and keynotes around here. I think that one of the biggest trends, which haven't started like in this conference, but already we're talking for a while is supply chain. Supply chain is security. I think it's, right now, the biggest trend in the talks, in the keynotes. And I think that we start to see companies, big companies, who are adopting themselves into this direction. There is a clear industry need. There is a clear problem and I think that the cloud native security teams are coming up with tooling around it. I think for right now we see more tools than adoption, but the adoption is always following the tooling. And I think it already proves itself. So we have just a very interesting talk this morning about the OpenSSL vulnerability, which was I think around Halloween, which came out and everyone thought that it's going to be a critical issue for the whole cloud native and internet infrastructure and at the end it turned out to be a lesser problem, but the reason why I think it was understood that to be a lesser problem real soon was that because people started to use (indistinct) store software composition information in the environment so security teams could look into, look up in their systems okay, what, where they're using OpenSSL, which version they are using. It became really soon real clear that this version is not adopted by a wide array of software out there so the tech surface is relatively small and I think it already proved itself that the direction if everyone is talking about. >> Yeah, we agree, we're very bullish on this move from the Cloud Native Foundation CNCF that do the security conference. Amazon Web Services has re:Invent. That's their big show, but they also have re:Inforce, the security show, so clearly they work together. I like the decoupling, very cohesive. But you guys have Kubescape of Kubernetes security. Talk about the conversations that are there and that you're hearing around why there's different event what's different around KubeCon and CloudNativeCon than this Cloud Native SecurityCon. It's not called KubeSucSecCon, it's called Cloud Native SecurityCon. What's the difference? Are people confused? Is it clear? What's the difference between the two shows? What are you hearing? >> So I think that, you know, there is a good question. Okay, where is Cloud Native Computing Foundation came from? Obviously everyone knows that it was somewhat coupled with the adoption of Kubernetes. It was a clear understanding in the industry that there are different efforts where the industry needs to come together without looking be very vendor-specific and try to sort out a lot of issues in order to enable adoption and bring great value and I think that the main difference here between KubeCon and the Cloud Native Security Conference is really the focus, and not just on Kubernetes, but the whole ecosystem behind that. The way we are delivering software, the way we are monitoring software, and all where Kubernetes is only just, you know, maybe the biggest clog in the system, but, you know, just one of the others and it gives great overview of what you have in the whole ecosystem. >> Yeah, I think it's a good call. I would add that what I'm hearing too is that security is so critical to the business model of every company. It's so mainstream. The hackers have a great business model. They make money, their costs are lower than the revenue. So the business of hacking in breaches, ransomware all over the place is so successful that they're playing offense, everyone's playing defense, so it's about time we can get focus to really be faster and more nimble and agile on solving some of these security challenges in open source. So I think that to me is a great focus and so I give total props to the CNC. I call it the event operating system. You got the security group over here decoupled from the main kernel, but they work together. Good call and so this brings back up to some of the things that are going on so I have to ask you, as your startup as a CTO, you guys have the Kubescape platform, how do you guys fit into the landscape and what's different from your tools for Kubernetes environments versus what's out there? >> So I think that our journey is really interesting in the solution space because I think that our mode really tries to understand where security can meet the actual adoption because as you just said, somehow we have to sort out together how security is going to be automated and integrated in its best way. So Kubescape project started as a Kubernetes security posture tool. Just, you know, when people are really early in their adoption of Kubernetes systems, they want to understand whether the installation is is secure, whether the basic configurations are look okay, and giving them instant feedback on that, both in live systems and in the CICD, this is where Kubescape came from. We started as an open source project because we are big believers of open source, of the power of open source security, and I can, you know I think maybe this is my first interview when I can say that Kubescape was accepted to be a CNCF Sandbox project so Armo was actually donating the project to the CNCF, I think, which is a huge milestone and a great way to further the adoption of Kubernetes security and from now on we want to see where the users in Armo and Kubescape project want to see where the users are going, their Kubernetes security journey and help them to automatize, help them to to implement security more fast in the way the developers are using it working. >> Okay, if you don't mind, I want to just get clarification. What's the difference between the Armo platform and Kubescape because you have Kubescape Sandbox project and Armo platform. Could you talk about the differences and interaction? >> Sure, Kubescape is an open source project and Armo platform is actually a managed platform which runs Kubescape in the cloud for you because Kubescape is part, it has several parts. One part is, which is running inside the Kubernetes cluster in the CICD processes of the user, and there is another part which we call the backend where the results are stored and can be analyzed further. So Armo platform gives you managed way to run the backend, but I can tell you that backend is also, will be available within a month or two also for everyone to install on their premises as well, because again, we are an open source company and we are, we want to enable users, so the difference is that Armo platform is a managed platform behind Kubescape. >> How does Kubescape differ from closed proprietary sourced solutions? >> So I can tell you that there are closed proprietary solutions which are very good security solutions, but I think that the main difference, if I had to pick beyond the very specific technicalities is the worldview. The way we see that our user is not the CISO. Our user is not necessarily the security team. From our perspective, the user is the DevOps and the developers who are working on the Kubernetes cluster day to day and we want to enable them to improve their security. So actually our approach is more developer-friendly, if I would need to define it very shortly. >> What does this risk calculation score you guys have in Kubscape? That's come up and we cover that in our story. Can you explain to the folks how that fits in? Is it Kubescape is the platform and what's the benefit, what's the purpose? >> So the risk calculation is actually a score we are giving to clusters in order for the users to understand where they are standing in the general population, how they are faring against a perfect hardened cluster. It is based on the number of different tests we are making. And I don't want to go into, you know, the very specifics of the mathematical functions, but in general it takes into account how many functions are failing, security tests are failing inside your cluster. How many nodes you are having, how many workloads are having, and creating this number which enables you to understand where you are standing in the global, in the world. >> What's the customer value that you guys pitching? What's the pitch for the Armo platform? When you go and talk to a customer, are they like, "We need you." Do they come to you? Is it word of mouth? You guys have a strategy? What's the pitch? What's so appealing to the customers? Why are they enthusiastic about you guys? >> So John, I can tell you, maybe it's not so easy to to say the words, but I nearly 20 years in the industry and though I've been always around cyber and the defense industry and I can tell you that I never had this journey where before where I could say that the the customers are coming to us and not we are pitching to customers. Simply because people want to, this is very easy tool, very very easy to use, very understandable and it very helps the engineers to improve security posture. And they're coming to us and they're saying, "Well, awesome, okay, how we can like use it. Do you have a graphical interface?" And we are pointing them to the Armor platform and they are falling in love and coming to us even more and we can tell you that we have a big number of active users behind the platform itself. >> You know, one of the things that comes up every time at KubeCon and Cloud NativeCon when we're there, and we'll be in Amsterdam, so folks watching, you know, we'll see onsite, developer productivity is like the number one thing everyone talks about and security is so important. It's become by default a blocker or anchor or a drag on productivity. This is big, the things that you're mentioning, easy to use, engineering supporting it, developer adoption, you know we've always said on theCUBE, developers will be the de facto standards bodies by their choices 'cause developers make all the decisions. So if I can go faster and I can have security kind of programmed in, I'm not shifting left, it's just I'm just having security kind of in there. That's the dream state. Is that what you guys are trying to do here? Because that's the nirvana, everyone wants to do that. >> Yeah, I think your definition is like perfect because really we had like this, for a very long time we had this world where we decoupled security teams from developers and even for sometimes from engineering at all and I think for multiple reasons, we are more seeing a big convergence. Security teams are becoming part of the engineering and the engineering becoming part of the security and as you're saying, okay, the day-to-day world of developers are becoming very tangled up in the good way with security, so the think about it that today, one of my developers at Armo is creating a pull request. He's already, code is already scanned by security scanners for to test for different security problems. It's already, you know, before he already gets feedback on his first time where he's sharing his code and if there is an issue, he already can solve it and this is just solving issues much faster, much cheaper, and also you asked me about, you know, the wipe in the conference and we know no one can deny the current economic wipe we have and this also relates to security teams and security teams has to be much more efficient. And one of the things that everyone is talking, okay, we need more automation, we need more, better tooling and I think we are really fitting into this. >> Yeah, and I talked to venture capitalists yesterday and today, an angel investor. Best time for startup is right now and again, open source is driving a lot of value. Ben, it's been great to have you on and sharing with us what's going on on the ground there as well as talking about some of the traction you have. Just final question, how old's the company? How much funding do you have? Where you guys located? Put a plug in for the company. You guys looking to hire? Tell us about the company. Were you guys located? How much capital do you have? >> So, okay, the company's here for three years. We've passed a round last March with Tiger and Hyperwise capitals. We are located, most of the company's located today in Israel in Tel Aviv, but we have like great team also in Ukraine and also great guys are in Europe and right now also Craig Box joined us as an open source VP and he's like right now located in New Zealand, so we are a really global team, which I think it's really helps us to strengthen ourselves. >> Yeah, and I think this is the entrepreneurial equation for the future. It's really great to see that global. We heard that in Priyanka Sharma's keynote. It's a global culture, global community. >> Right. >> And so really, really props you guys. Congratulations on Armo and thanks for coming on theCUBE and sharing insights and expertise and also what's happening on the ground. Appreciate it, Ben, thanks for coming on. >> Thank you, John. >> Okay, cheers. Okay, this is CUB coverage here of the Cloud Native SecurityCon in North America 2023. I'm John Furrier for Lisa Martin, Dave Vellante. We're back with more of wrap up of the event after this short break. (gentle upbeat music)

(upbeat music) >> Hey, everyone. Welcome back to theCUBE's day one coverage of Cloud Native SecurityCon 2023. This has been a great conversation that we've been able to be a part of today. Lisa Martin with John Furrier and Dave Vellante. Dave and John, I want to get your take on the conversations that we had today, starting with the keynote that we were able to see. What are your thoughts? We talked a lot about technology. We also talked a lot about people and culture. John, starting with you, what's the story here with this inaugural event? >> Well, first of all, there's two major threads. One is the breakout of a new event from CloudNativeCon/KubeCon, which is a very successful community and events that they do international and in North America. And that's not stopping. So that's going to be continuing to go great. This event is a breakout with an extreme focus on security and all things security around that ecosystem. And with extensions into the Linux Foundation. We heard Brian Behlendorf was on there from the Linux Foundation. So he was involved in Hyperledger. So not just Cloud Native, all things containers, Kubernetes, all things Linux Foundation as an open source. So, little bit more of a focus. So I like that piece of it. The other big thread on this story is what Dave and Yves were talking about on our panel we had earlier, which was the business model of security is real and that is absolutely happening. It's impacting business today. So you got this, let's build as fast as possible, let's retool, let's replatform, refactor and then the reality of the business imperative. To me, those are the two big high-order bits that are going on and that's the reality of this current situation. >> Dave, what are your top takeaways from today's day one inaugural coverage? >> Yeah, I would add a third leg of the stool to what John said and that's what we were talking about several times today about the security is a do-over. The Pat Gelsinger quote, from what was that, John, 2011, 2012? And that's right around the time that the cloud was hitting this steep part of the S-curve and do-over really has meant in looking back, leveraging cloud native tooling, and cloud native technologies, which are different than traditional security approaches because it has to take into account the unique characteristics of the cloud whether that's dynamic resource allocation, unlimited resources, microservices, containers. And while that has helped solve some problems it also brings new challenges. All these cloud native tools, securing this decentralized infrastructure that people are dealing with and really trying to relearn the security culture. And that's kind of where we are today. >> I think the other thing too that I had Dave is that was we get other guests on with a diverse opinion around foundational models with AI and machine learning. You're going to see a lot more things come in to accelerate the scale and automation piece of it. It is one thing that CloudNativeCon and KubeCon has shown us what the growth of cloud computing is is that containers Kubernetes and these new services are powering scale. And scale you're going to need to have automation and machine learning and AI will be a big part of that. So you start to see the new formation of stacks emerging. So foundational stacks is the machine learning and data apps are coming out. It's going to start to see more apps coming. So I think there's going to be so many new applications and services are going to emerge, and if you don't get your act together on the infrastructure side those apps will not be fully baked. >> And obviously that's a huge risk. Sorry, Dave, go ahead. >> No, that's okay. So there has to be hardware somewhere. You can't get away with no hardware. But increasingly the security architecture like everything else is, is software-defined and makes it a lot more flexible. And to the extent that practitioners and organizations can consolidate this myriad of tools that they have, that means they're going to have less trouble learning new skills, they're going to be able to spend more time focused and become more proficient on the tooling that is being applied. And you're seeing the same thing on the vendor side. You're seeing some of these large vendors, Palo Alto, certainly CrowdStrike and fundamental to their strategy is to pick off more and more and more of these areas in security and begin to consolidate them. And right now, that's a big theme amongst organizations. We know from the survey data that consolidating redundant vendors is the number one cost saving priority today. Along with, at a distant second, optimizing cloud costs, but consolidating redundant vendors there's nowhere where that's more prominent than in security. >> Dave, talk a little bit about that, you mentioned the practitioners and obviously this event bottoms up focused on the practitioners. It seems like they're really in the driver's seat now. With this being the inaugural Cloud Native SecurityCon, first time it's been pulled out of an elevated out of KubeCon as a focus, do you think this is about time that the practitioners are in the driver's seat? >> Well, they're certainly, I mean, we hear about all the tech layoffs. You're not laying off your top security pros and if you are, they're getting picked up very quickly. So I think from that standpoint, anybody who has deep security expertise is in the driver's seat. The problem is that driver's seat is pretty hairy and you got to have the stomach for it. I mean, these are technical heroes, if you will, on the front lines, literally saving the world from criminals and nation-states. And so yes, I think Lisa they have been in the driver's seat for a while, but it it takes a unique person to drive at those speeds. >> I mean, the thing too is that the cloud native world that we are living in comes from cloud computing. And if you look at this, what is a practitioner? There's multiple stakeholders that are being impacted and are vulnerable in the security front at many levels. You have application developers, you got IT market, you got security, infrastructure, and network and whatever. So all that old to new is happening. So if you look at IT, that market is massive. That's still not transformed yet to cloud. So you have companies out there literally fully exposed to ransomware. IT teams that are having practices that are antiquated and outdated. So security patching, I mean the blocking and tackling of the old securities, it's hard to even support that old environment. So in this transition from IT to cloud is changing everything. And so practitioners are impacted from the devs and the ones that get there faster and adopt the ways to make their business better, whether you call it modern technology and architectures, will be alive and hopefully thriving. So that's the challenge. And I think this security focus hits at the heart of the reality of business because like I said, they're under threats. >> I wanted to pick up too on, I thought Brian Behlendorf, he did a forward looking what could become the next problem that we really haven't addressed. He talked about generative AI, automating spearphishing and he flat out said the (indistinct) is not fixed. And so identity access management, again, a lot of different toolings. There's Microsoft, there's Okta, there's dozens of companies with different identity platforms that practitioners have to deal with. And then what he called free riders. So these are folks that go into the repos. They're open source repos, and they find vulnerabilities that developers aren't hopping on quickly. It's like, you remember Patch Tuesday. We still have Patch Tuesday. That meant Hacker Wednesday. It's kind of the same theme there going into these repos and finding areas where the practitioners, the developers aren't responding quickly enough. They just don't necessarily have the resources. And then regulations, public policy being out of alignment with what's really needed, saying, "Oh, you can't ship that fix outside of Germany." Or I'm just making this up, but outside of this region because of a law. And you could be as a developer personally liable for it. So again, while these practitioners are in the driver's seat, it's a hairy place to be. >> Dave, we didn't get the word supercloud in much on this event, did we? >> Well, I'm glad you brought that up because I think security is the big single, biggest challenge for supercloud, securing the supercloud with all the diversity of tooling across clouds and I think you brought something up in the first supercloud, John. You said, "Look, ultimately the cloud, the hyperscalers have to lean in. They are going to be the enablers of supercloud. They already are from an infrastructure standpoint, but they can solve this problem by working together. And I think there needs to be more industry collaboration. >> And I think the point there is that with security the trend will be, in my opinion, you'll see security being reborn in the cloud, around zero trust as structure, and move from an on-premise paradigm to fully cloud native. And you're seeing that in the network side, Dave, where people are going to each cloud and building stacks inside the clouds, hyperscaler clouds that are completely compatible end-to-end with on-premises. Not trying to force the cloud to be working with on-prem. They're completely refactoring as cloud native first. And again, that's developer first, that's data first, that's security first. So to me that's the tell sign. To me is if when you see that, that's good. >> And Lisa, I think the cultural conversation that you've brought into these discussions is super important because I've said many times, bad user behavior is going to trump good security every time. So that idea that the entire organization is responsible for security. You hear that all the time. Well, what does that mean? It doesn't mean I have to be a security expert, it just means I have to be smart. How many people actually use a VPN? >> So I think one of the things that I'm seeing with the cultural change is face-to-face problem solving is one, having remote teams is another. The skillset is big. And I think the culture of having these teams, Dave mentioned something about intramural sports, having the best people on the teams, from putting captains on the jersey of security folks is going to happen. I think you're going to see a lot more of that going on because there's so many areas to work on. You're going to start to see security embedded in all processes. >> Well, it needs to be and that level of shared responsibility is not trivial. That's across the organization. But they're also begs the question of the people problem. People are one of the biggest challenges with respect to security. Everyone has to be on board with this. It has to be coming from the top down, but also the bottom up at the same time. It's challenging to coordinate. >> Well, the training thing I think is going to solve itself in good time. And I think in the fullness of time, if I had to predict, you're going to see managed services being a big driver on the front end, and then as companies realize where their IP will be you'll see those managed service either be a core competency of their business and then still leverage. So I'm a big believer in managed services. So you're seeing Kubernetes, for instance, a lot of managed services. You'll start to see more, get the ball going, get that rolling, then build. So Dave mentioned bottoms up, middle out, that's how transformation happens. So I think managed services will win from here, but ultimately the business model stuff is so critical. >> I'm glad you brought up managed services and I want to add to that managed security service providers, because I saw a stat last year, 50% of organizations in the US don't even have a security operations team. So managed security service providers MSSPs are going to fill the gap, especially for small and midsize companies and for those larger companies that just need to augment and compliment their existing staff. And so those practitioners that we've been talking about, those really hardcore pros, they're going to go into these companies, some large, the big four, all have them. Smaller companies like Arctic Wolf are going to, I think, really play a key role in this decade. >> I want to get your opinion Dave on what you're hoping to see from this event as we've talked about the first inaugural standalone big focus here on security as a standalone. Obviously, it's a huge challenge. What are you hoping for this event to get groundswell from the community? What are you hoping to hear and see as we wrap up day one and go into day two? >> I always say events like this they're about educating, aspiring to action. And so the practitioners that are at this event I think, I used to say they're the technical heroes. So we know there's going to be another Log4j or a another SolarWinds. It's coming. And my hope is that when that happens, it's not an if, it's a when, that the industry, these practitioners are able to respond in a way that's safe and fast and agile and they're able to keep us protected, number one and number two, that they can actually figure out what happened in the long tail of still trying to clean it up is compressed. That's my hope or maybe it's a dream. >> I think day two tomorrow you're going to hear more supply chain, security. You're going to start to see them focus on sessions that target areas if within the CNCF KubeCon + CloudNativeCon area that need support around containers, clusters, around Kubernetes cluster. You're going to start to see them laser focus on cleaning up the house, if you will, if you can call it cleaning up or fixing what needs to get fixed or solved what needs to get solved on the cloud native front. That's going to be urgent. And again, supply chain software as Dave mentioned, free riders too, just using open source. So I think you'll see open source continue to grow, but there'll be an emphasis on verification and certification. And Docker has done a great job with that. You've seen what they've done with their business model over hundreds of millions of dollars in revenue from a pivot. Catch a few years earlier because they verify. So I think we're going to be in this verification blue check mark of code era, of code and software. Super important bill of materials. They call SBOMs, software bill of materials. People want to know what's in their software and that's going to be, again, another opportunity for machine learning and other things. So I'm optimistic that this is going to be a good focus. >> Good. I like that. I think that's one of the things thematically that we've heard today is optimism about what this community can generate in terms of today's point. The next Log4j is coming. We know it's not if, it's when, and all organizations need to be ready to Dave's point to act quickly with agility to dial down and not become the next headline. Nobody wants to be that. Guys, it's been fun working with you on this day one event. Looking forward to day two. Lisa Martin for Dave Vellante and John Furrier. You're watching theCUBE's day one coverage of Cloud Native SecurityCon '23. We'll see you tomorrow. (upbeat music)

(rousing music) >> Hello everyone. Welcome back to "theCUBE's" day one coverage of Cloud Native Security Con 23. This is going to be an exciting panel. I've got three great guests. I'm Lisa Martin, you know our esteemed analysts, John Furrier, and Dave Vellante well. And we're excited to welcome to "theCUBE" for the first time, Yves Sandfort, the CEO of Comdivision Group, who's coming to us from Germany. As you know, Cloud Native Security Con is a global event. Everyone welcome Yves, great to have you in particular. Welcome to "theCUBE." >> Great to be here. >> Thank you for inviting me. >> Yves, tell us a little bit, before we dig into really wanting to understand your perspectives on the event and get Dave and John's feedback as well, tell us a little bit about you. >> So yeah, talking about me, or talking about Comdivision real quick. We are in the business for over 27 years already. We started as a SaaS company, then became more like an architecture and, and Cloud Native company over the last few years. But what's interesting is, and I think that's, that's, that's really interesting when we look at our industry. It hasn't really, the requirements haven't really changed over the years. It's still security. We still have to figure out how we deal with security. We still have to figure out how we deal with compliance and everything else. And I think therefore, it's more and more important that we take these items more seriously. Also, based on the fact that when we look at it, how development and other things happen nowadays, it's, it's, everybody says it's like open source. It's great because everybody can look into the code. We, I think the last few years have shown us enough example that that's not necessarily solving all the issues, but it's also code and development has changed rapidly when we look at the Cloud Native approach, where it's far more about gluing the pieces together, versus the development pieces. When I was actually doing software development 25 years ago, and had to basically build my code because I didn't have that much internet access for it. So it has evolved, but even back then we had to deal with security and everything. >> Right. The focus on security is, is incredibly important, and the focus keeps growing as you mentioned. This is, guys, and I want to get your perspectives on this. We're going to start with John. This is the first time Cloud Native Security Con is its own event being extracted from, and amplified from KubeCon. John, I want to understand from your perspective, break down the event, what you see, what you've heard, and Cloud Native Security in general. What does this mean to companies? What does it mean to customers? Is this a reality? >> Well, I think that's the topic we want to discuss, and I think Yves background, you see the VMware certification, I love that. Because what VMware did with virtualization, was abstract that from server virtualization, kind of really changed the game on things, and you start to see Cloud Native kind of go that next level of how companies will be operating their business, not just digital transformation, as digital transformation goes to completion, it's total business transformation where IT is everywhere. And so you're starting to see the trends where, "Okay, that's happening." Now you're starting to see, that's Cloud Native Con, or KubeCon, AWS re:Invent, or whatever show, or whatever way you want to look at it. But in, in the past decade, past five years, security has always been front and center as almost a separate thing, and, in and of itself, but the same thing. So you're starting to see the breakout of security conversations around how to make things work. So a lot of operational conversations around what used to be DevOps makes infrastructure as code, and that was great, that fueled that. Then DevSecOps came. So the Cloud Native next level, is more application development at scale, developers driving the standards with developer first thinking, shifting left, I get all that. But down in the lower ends of the stack, you got real operational issues. DNS we've heard in the keynote, we heard about the Colonel, the Lennox Colonel. Things that need to be managed and taken care of at a security level. These are like, seem like in the weeds, but you're starting to see that happen. And the other thing that I think's real about Cloud Native Security Con that's going to be interesting to watch, is Amazon has pretty much canceled all their re:Invent like shows except for two; Re:Invent, which is their annual conference, and Re:Inforce, which is dedicated to securities. So Cloud Native, Linux, the Linux Foundation has now breaking out Cloud Native Con and KubeCon, and now Cloud Native Security Con. They can't call it KubeCon because it's not Kubernetes, but it's like security focus. I think this is the beginning of starting to see this new developer driving, developers driving the standards, and it has it implications, what used to be called IT ops, and that's like the VMwares of the world. You saw all the stuff that was not at developer focus, but more ops, becoming much more in the application. So I think, I think it's real. The question is where does it go? How fast does it develop? So to me, I think it's a real trend, and it's worthy of a breakout, but it's not yet clear of where the landing zone is for people to start doing it, how they get started, what are the best practices. Machine learning's going to be a big part of this. So to me it's totally cool, but I'm not yet seeing the beachhead. So that's kind of my take. >> Dave, our inventor and host of breaking analysis, what's your take? >> So when you, I think when you zoom out, there's some, there's a big macro change that's been going on. I think when you look back, let's say 10, 12 years ago, the, the need for speed far trumped the, the, the security aspect, the governance, the data privacy. It was like, "Yeah, the risks, they're not that great compared to our opportunity." That has completely changed because the risks are now so much higher. And so what's happening, I think there's a, there's a major effort amongst CIOs and CISOs to try to make security not a blocker because it use to be, it still is. "Okay, I got this great initiative." Eh, give it to the SecOps pros, and let them take it for a while before we can go to market. And so a huge challenge now is to simplify, automate, AI comes in, the whole supply chain security, so the, so the companies can not be facing so much friction. And that is non-trivial. I don't think we're anywhere close there, but I think the goal is by, within the next several years, we're going to be in a position, that security, we heard today, is, wasn't designed in to the initial internet protocols. It was bolted on. And so increasingly, the fundamental architecture of the internet, the Cloud, et cetera, is, is seeing designed in security, and, and that is an imperative, or else business is going to come to a grinding halt. >> Right. It's no longer, the bolt no longer works. Yves, what's your perspective on Cloud Native Security, where it stands today? What's in it for customers, whether we're talking about banks, or hospitals, or retailers, what do you think? >> I think when we, when we look at security in the, in the modern world, is we need to as, as Dave mentioned, we need to rethink how we apply it. Very often, security in the past has been always bolted on in the end. If we continue to do that, it'll become more and more difficult, because as companies evolve, and as companies want to bring products and software to market in a much faster and faster way, it's getting more and more difficult if we bolt on the security process at the end. It's like, developers build something and then someone checks security. That's not going to work any longer. Especially if we also consider now the changes in the industry. We had Stack Overflow over the last 10 years. If I would've had Stack Overflow 15, 20, what, 25 years ago when I was a developer, it would've changed a hell lot. Looking at it now, and looking at it what we had in the last few weeks, it's like where nearly all of my team members say is like finally I don't need any script kiddies anymore because I can't go to (indistinct) who writes the code for me. Which is on one end great, because it enables us to solve certain problems in a much higher pace. But the challenge with that is, if the people who just copy and past that code, don't understand the implications of that code, we have a much higher risk continuously. And what people thought was, is challenging with Stack Overflow. Imagine that something in one of these AI engines, is actually going ballistic, and it creates holes in nearly every one of these applications. And trust me, there will be enough developers who are going to use these tools to develop codes, the same as students in university are going to take this to write their essays and everything else. And so it's really important that every developer team basically has a security person within their team, and not a security at the end. So we build something, we check it, go through QA, and then it goes to security. Security needs to be at the forefront. And I think that's where we see Cloud Native Security Con, where we see AWS. I saw it during re:Invent already where they said is like, we have reinforced next year. I think this becomes more and more of a topic, and I think companies, as much as it is become a norm that you have a firewall and everything else, it needs to become a norm that when you are doing software development, and every development team needs to have a security person on that needs to be trained. >> I love that chat comment Dave, 'cause you and I were talking about this. And I think that is going to be the issue. Do we need security chat for the chat bot? And there's like a, like a recursive model there. The biases are built in. I think, and I think our interview with the Palo Alto Network's co-founder, Dave, when he talked about zero trust as a structured way to start things, but he was referencing that with Cloud, there's a chance to rethink or do a do-over in security. So, I think this is kind of to me, where this is all going. And I think you asked Pat Gelsinger what, year 2013, 2014, can, is security a do over? I think we're in that do over time. >> He said yes. >> He said yes. (laughing) He was right. But yeah, eight years later... But this is, how do you, zero trust gives you some structure, but how do you organize and redo security? Because to me, I think that's what's happening here. >> And John you heard, Zuk at Palo Alto Network said, "Yeah, the, the words security and architecture, they don't go together historically." And so it is a total, total retake. >> Well is that because there's too many tools out there and- >> Yeah. For sure. >> Yeah, well, first of all, a lot of hardware. And then yeah, a lot of tools. You even see IIOT and industry 40, you see IOT security coming up as another stove pipe, and that's not the right approach. And, and so- >> Well let me, let me ask you a question Dave, and Yves, if you don't mind. 'Cause I was just riffing on this yesterday about this. In the ML space, you're seeing the ML models, you're seeing proprietary models versus open source. Is security going to go down this proprietary security methods and open source? Because that's interesting, because the CNCF is run by the the Linux Foundation. So you can almost maybe see a model where there's more proprietary security methods than open source. Or is it, is that a non-issue? >> I would, I would, let me, if I, if I jump in here first, I think the last, especially last five or 10 years have clearly shown the, the whole and, and I invested early on in the, in the end 90s in several open source startups in the Bay area. So, I'm well behind the whole open source idea and, and mid (indistinct) and others back then several times. But the point is, I think what we have seen is open source is not in general, more secure or less secure, because code is too complex nowadays. You have millions of lines of code, and it's not that either one way or the other is going to solve it. The ways I think we are going to look at it is more is what's the role to market, because only because something is open source doesn't necessarily mean it's going to be available for everyone. And the same for proprietary source from that perspective, even though everybody mixes licensing and payments and all that all the time, but it doesn't necessarily have anything to do with it. But I think as we are going through it, and when we also look at the industry, security industry over the last 10 plus years has been primarily hardware focused. And a lot of these vendors have done a good business out of selling hardware boxes, putting software on top of it. Whereas in reality, those were still X86 standard boxes in the end. So it was not that we had specific security ethics or anything like that in there anymore. And so overall, the question of the market is going to change. And as we are looking into Cloud Native, think about someone like an AWS, do you really envision them to have a hardware box of every supplier in their data center, and that in every availability zone in every region? Same for Microsoft, same for Google, etc? So we need to have new ways on how we can apply security. And that applies both on the backend services, but also on the front end side. >> And if I, and if I could chime in, I think the, the good, I think the answer is, is, is no and yes. And what I mean by that is if you take, antivirus and known malware, I mean pretty much anybody today can, can solve that problem, it's the unknown malware. So I think the yes part of the answer is yes, it's, it's going to be proprietary, but in the sense we're going to use open source tooling, and then apply that in a proprietary way with, with specific algorithms and unique architectures that are going to solve problems. For example, XDR with, with unknown malware. So, and that's the, that's the hard part. As somebody said, I think this morning at the keynote, it's, it's all the stuff that, that the SecOps team couldn't find. That's the really hard part. >> (laughs) Well the question will be will, is the new IP, the ability to feed ChatGPT some magical spelled insertion query string that does the job, that's unique, that might be the new IP, the the question to ask. >> Well, that's what the hackers are going to do. And I, they're on offense. (John laughs) And the offense knows what play is coming. So, they're going to start. >> So guys, let's take this conversation up a level. I want to get your perspectives on what's in this for me as a customer? We know security is a board level conversation. We talk about this all the time. We also know that they're based on, I think David, was the conversations that you and I had, with Palo Alto Networks at Ignite in December. There's a, there's a lack of alignment between the executives and the board from a security perspective. When we talk about Cloud Native Security, we all talked about the value in that, what's in it for customers? I want to get your perspectives on should this be a board level conversation, and if so, how do you advise organizations, whether it is a hospital, or a bank, or an organization that is really affected by things like ransomware? How should they be thinking about this from an organizational perspective? >> Well, I'll start first, because we had this conversation during our Super Cloud event last month, and this comes up a lot. And this is, the CEO board level. Yes it is a board level conversation for security, as is application development as in terms of transforming their business to be competitive, not to be on the wrong side of history with this wave coming. So I think that's more of a management. But the issue is, they tell their people, "Go do it." And they're like, 'cause they get sold on the idea of, "Hey, won't you transform your business, and everything's going to be data driven, and machine learning's going to power your apps, get new customers, be profitable." "Oh, sign me up for that." When you have to implement this, it's really hard. And I think the core issue is, where are companies in their life cycle of the ability to execute and architect this thing properly as Dave said, Nick Zuk said, "You can't have architecture and security, you need platforms." So, I think the re-platforming, and the re-factoring of business is a big factor, and that's got to get down into the, the organizational shifts and the people to do it. So are there skills? Do I do a managed service? How do I architect it? Are there more services? Are there developers doing applications that are going to be more agile? So, this is not an easy thing. And to move a business from IT operations that is proven, to be positioned for this enablement, is just really difficult. And it's expensive. And if you screw it up, you could be, could be on the wrong side of things. So, to me, that's the big issue is, you sell the dream and then you got to implement it. And that's really difficult. >> Yves, give us your perspective on, based on John's comments, how do organizations shift so dramatically? There's a cultural element there as well, but there's also organizations that are, have competitive competitors in the rear view mirror, and there's time to waste. What are your thoughts on that? >> I think that's exactly the point. It's like, as an organization, you need to take the decision between the time, the risk, and all the other elements we have into this game. Because you can try to achieve 100% security, but that's exactly the same as trying to, to protect gold or anything else 100%. It's most likely not going to be from a risk perspective anyway sensible. And that's the same from a corporational perspective. When you look at building new internet services, or IOT services, or any kind of new shopping experience or whatever else, you need to balance out between the risks and the advantages out of it. And you also need to be accepting that you potentially on the way make mistakes, but then it's more important than ever that you are able to quickly fix any mistakes, and to adjust to anything what's happening in the market. Because as we are building all these new Cloud Native applications, and build up all these skill sets, one of the big scenarios is we are far more depending on individual building blocks. These building blocks come out of open source communities, which have a much different way. When we look back in software development, back then we had application servers from Oracle, Web Logic, whatsoever, they had a release cycles of every three to six months. As now we have to deal with open source, where sometimes release cycles are on a four week schedule, in between security patches. So you need to be much faster in adopting that, checking that, implementing that, getting things to work. So there is a security stretch from that perspective. There is a speech stretch on the other thing companies have to deal with, and on the other side it's always a measurement between the risk, and the security you can afford. Because reality is, you will not be 100% protected no matter what you do. So, you need to balance out what you as an organization can actually build on. But I think, coming back also to the point, it's on the bot level nowadays. It's like nearly every discussion we have with companies nowadays as they move into the Cloud, especially also here in Europe where for the last five years, it was always, it's like "It's data privacy." Data privacy is no longer, I mean, yes, for certain people, it's still the point, but for many more people it's like, "How protected is my data?" "What do we do in case of ransomware attack?" "What do we do in case of a denial of service?" All of these things become more vulnerable, where in the past you were discussing these things with a becking page, or, or like a stock exchange. They were, it's like, "What the hell is going to happen if we have a denial of service?" Now all of the sudden, this now affects nearly everyone in their storefronts and everything else, because everything is depending on it. >> Yeah, I think you're right on. You think about how cultural change occurs, it's bottom ups or, bottom up, top down or middle out. And what, what's happened with security is the people in the security team cared about it, they were the, everybody said, "Oh, it's their problem." And then it just did an end run to the board, kind of mid, early last decade. And then the board sort of pushed that down. And the line of business is realizing, "Holy cow. My business, my EBIT can be dramatically affected by this, so I care." Now it's this whole house, cultural team sport. I know it's sort of a, a cliche, but it, it's true. Everybody actually is beginning to care about security because the risks are now so high, and it's going to affect not only the bottom line of the company, the bottom line of the business, their job, it's, it's, it's virtually everywhere. It's a huge cultural shift that we're seeing. >> And that's a big challenge for organizations in any industry. And Yves, you talked about ransomware service. Every industry across the globe is vulnerable to this. But how can, maybe John, we'll start with you. How can Cloud Native Security help organizations if they're able to embrace it, operationally, culturally, dial down some of the vulnerabilities that just seem to keep growing? >> Well, I mean that's the big question. The breaches are, are critical. The governances also could be a way that anchors down growth. So I think the balance between the governance compliance piece of it is key, but making the developers faster and more productive is the key to me. And I think having the security paradigm where they're not blockers, as Dave said, is critical. So I love the whole shift left, but now that we have more data focused initiatives around how that, you can use data to understand the security issues, I think data and security are together, and I think there's a going to be a data operating system model emerging, where data and security will be almost one thing. And that will be set up by the security teams, and the data teams together. And that will feed guardrails into the developer environment. So the developer should feel no pain at all in doing this. So I think the best practice will end up being what we're seeing with supply chain, security, with making sure code's verified. And you're going to see the container, security side completely address has been, and KubeCon, we just, I asked Scott Johnson, the CEO of Docker, and I asked him directly, "Are you guys all tight on container security?" He said, yes, but other people are suggesting that's not true. There's a lot of issues with the container security. So, there's all kinds of areas where there's holes. So Cloud Native is cool on one hand, and very relevant, but if it's not shored up, it's going to be a problem. But I, so I think that's where the action will be, at the developer pipeline, in the containers, and the data. So, that will be very relevant, and if companies nail that, they'll be faster, they'll have better apps, and that'll be the differentiator. And again, if they don't on this next wave, they're going to be driftwood. >> Dave, how do they prevent becoming driftwood? >> Well, I think Cloud has had a huge impact. And a Cloud's by no means a panacea, but let's face it, it's dramatically improved a lot of companies security posture. Now there's still that shared responsibility. Even though an S3 bucket is encrypted, it's still your responsibility to make sure that it doesn't get decrypted by somebody who has access to it. So there are things like that, but to Yve's earlier point, that can be, that's done through software now, it's done through best practices. Those best practices can be shared. So the way you, you don't become driftwood, is you start to, you step back, rethink that security architecture as we were talking about earlier, take advantage of the Cloud, take advantage of Cloud Native, and all the, the rapid pace of innovation that's occurring there, and you don't use, it's called before, The audit is the last line of defense. That's no longer a check box item. "Oh yeah, we're in compliance." It's, this is a business imperative, and because we're going to reduce our expected loss and reduce our business risk. That's part of the business case today. >> Yeah. >> It's a huge, critically important part of the business case. Yves, question for you. If you're in an elevator with a CEO, a CFO, and a CISO, and they're talking about security and Cloud Native Security, what's your value proposition to them on a, on a say a 32nd elevator ride? >> Difficult story. I think at the moment, the most important part is, we need to get people to work together, and we need to train people to work more much better together. I think that's the overall most important part for all of these solutions, because in the end, security is always a person issue. If, we can have the best tools in the industry, as long as we don't get all of these teams to work together, then we have a problem. If the security team is always seen as the end of the solution to fix everything, that's not going to work because they always are the bad guys in the game. And so we need to bring the teams together. And once we have the teams work together, I think we have a far better track on, on maintaining security. >> John and Dave, I want to get your perspectives on what Yves just said. In all the experience that the two of you have as industry analysts here on "theCUBE," Wikibon, Siliconangle Media. How do you advise organizations to get those teams together? As Eve said, that alignment is critical, but John, we'll start with you, then Dave go to you. What's your advice for organizations that need to align those teams and really don't have a lot of time to wait to do it? >> (chuckling) That's a great question. I think, I think that's everyone pays hundreds of thousands of millions of dollars to get that advice from these consultants, organizations out there doing the transformations. But I think it comes down to personnel and commitment. I think if there's a C-level commitment to the effort, you'll see the institutional structure change. So you can see really getting behind it with their, with their wallet and their, and their support of either getting more personnel to support and assist, or manage services, or giving the power to the teams to execute and doing it in a way that, that's, that's well known and best practices. Start small, build out the pilots, build the platform, and then start getting it right. And I think that's the key. Not the magic wand, the old model of rolling out stuff in, in six month cycles. It's really, get the proof points, double down and change the culture, but also execute and have real metrics. And changing the architecture, like having more penetration tests as a service. Doing pen tests is like a joke now. So that doesn't make any sense. You got to have that built in almost every day, and every minute. So, these kinds of new techniques have to be implemented and have to be tried. So that's why these communities are growing. That's why I like what open source has been doing, and I like the open source as the place to have these conversations, because that's where the action will be for new stuff. And I think people will implement open source like they did before, but with different ways, better testing, better supply chain on the software side, verifying code. So, I see open source actually getting a tailwind from this, not a headwind. So, I'm bullish on the open source piece here on, on all levels, machine learning- >> Lisa, my answer is intramural sports. And it's 'cause I think it's cultural. And what I mean by that, is you take your your best and brightest security, and this is what frankly, a lot of CISOs do, an examples is Lena Smart, MongoDB. Take your best and brightest security pros, make them captains of the intramural teams, and pair them up with pods of individuals across the organization, which is most people who don't know anything about security, and put them together, so that they can, they, so that the folks that understand security can, can realize how little people know, what, what, what, how, what the worst practices that are out there in the reverse, how they can cross pollinate. And they do that on a regular basis, I know at Mongo and other companies. And that kind of cultural assimilation is a starting point for how you get security awareness up to your question around making it a team sport. >> Absolutely critical. Yves, I want to kind of wrap things with you. We've got a couple of minutes left. When you're really looking at the Cloud Native community, the growth of it, we talked about earlier in the program, Cloud Native Security Con being now extracted and elevated out of KubeCon, what are your thoughts on the groundswell that this community is generating around Cloud Native Security, the benefits that organizations will achieve from it? >> I think overall, when we have these securities conferences, or these security arms a bit spread out and separated out of the main conference, it helps to a certain degree, because especially in the security space, when you look at at other like black hat or white hat conferences and things like that in the past, although they were not focused on Cloud Native, a lot of these security folks didn't feel well taken care of in any of the other conferences because they were always these, it's like they are always blocking us, they're always making us problems, and all these kinds of things. Now that we really take the Cloud Native piece and the security piece together, or like AWS does it with re:Inforce, I think we will see more and more that people understand is that security is a permanent topic we need to cover, but we need to bring different people together, because security also has compliance and a lot of other components in there. So we will see at these conferences moving forward, also a different audience. It's not going to be only the Cloud Native developers. And if I see some of these security audiences, I can't really imagine them to really be at KubeCon because there is too much other things going on. And you couldn't really see much of that at re:Invent because re:Invent by itself has become a complete monster of a conference. It covers too many topics. And so having this very, very important security piece separated, also gives the opportunity, I think, that we can bring in the security people, but also have the type of board level discussions potentially, between the leaders of the industry, to also discuss on how we can evolve, how we can make things better, and how, how we can actually, yeah, evolve our industry for it. Because let's face it, that threat is not going to go away. It's, it's a business. And one of the last security conferences I was on, on the ransomware part, it was one of the topics someone said is like, "Look, currently on average, it takes a hacker group roughly around they said 15 to 20 K to break into a company, and they on average make 100K. It's a business, let's face it. And it's a business we don't like. And ethically, it's no discussion that this is not good, but that's something which is happening. People are making money with it. And as long as that's going to go on, and we have enough countries where these people can hide, it's going to stay and survive. And so, with that being said, it's important for us to really build an industry around this. But I also think it's good that we have separate conferences. In the past we had more the RSA conference, which tried to cover all of these areas. But that is not really fitting Cloud Native and everything else. So I think it's good that we have these new opportunities, the Cloud Native one, but also what AWS brings up for someone. >> Yves, you just nailed it. It just comes down to simple math. It's a fraction. Revenue over cost. And if you could increase the hacker's cost, increase the denominator, their ROI will go down. And that is the game. >> Great point, Dave. What I'm hearing guys, and we can talk about technology for days and days. I know all of you. But there's, there's a big component that, that the elevation of Cloud Native Security, on its own as standalone is critical, as is the people component. You guys all talked about that. We talked about the cultural change necessary for that. Hopefully what we're seeing with Cloud Native Security Con 23, this first event is going to give us more insight over the next couple of days, and the next months or so, as to how this elevation, and how the people can come together to really help organizations from a math perspective as, as Dave talked about, really dial down the risks there, understand more of the vulnerabilities so that ransomware as a service is not as lucrative as it is today. Guys, so much appreciate your time, really breaking down Cloud Native Security, the value in it from different perspectives, and what your thoughts are on where it's going. Thanks so much for your time. >> All right. Thanks. >> Thanks, Lisa. >> Thank you. >> Thanks, Yves. >> All right. For my guests, I'm Lisa Martin. You're watching theCUBE's day one coverage of Cloud Native Security Con 23. Thanks for watching. (rousing music)

(upbeat music) >> Hey everyone and welcome to theCUBE's coverage day one of CloudNativeSecurityCon '23. Lisa Martin here with John Furrier and Dave Vellante. Dave and John, great to have you guys on the program. This is interesting. This is the first inaugural CloudNativeSecurityCon. Formally part of KubeCon, now a separate event here happening in Seattle over the next couple of days. John, I wanted to get your take on, your thoughts on this being a standalone event, the community, the impact. >> Well, this inaugural event, which is great, we love it, we want to cover all inaugural events because you never know, there might not be one next year. So we were here if it happens, we're here at creation. But I think this is a good move for the CNCF and the Linux Foundation as security becomes so important and there's so many issues to resolve that will influence many other things. Developers, machine learning, data as code, supply chain codes. So I think KubeCon, Kubernetes conference and CloudNativeCon, is all about cloud native developers. And it's a huge event and there's so much there. There's containers, there's microservices, all that infrastructure's code, the DevSecOps on that side, there's enough there and it's a huge ecosystem. Pulling it as a separate event is a first move for them. And I think there's a toe in the water kind of vibe here. Testing the waters a little bit on, does this have legs? How is it organized? Looks like they took their time, thought it out extremely well about how to craft it. And so I think this is the beginning of what will probably be a seminal event for the open source community. So let's listen to the clip from Priyanka Sharma who's a CUBE alumni and executive director of the CNCF. This is kind of a teaser- >> We will tackle issues of security together here and further on. We'll share our experiences, successes, perhaps more importantly, failures, and help with the collecting of understanding. We'll create solutions. That's right. The practitioners are leading the way. Having conversations that you need to have. That's all of you. This conference today and tomorrow is packed with 72 sessions for all levels of technologists to reflect the bottoms up, developer first nature of the conference. The co-chairs have selected these sessions and they are true blue practitioners. >> And that's a great clip right there. If you read between the lines, what she's saying there, let's unpack this. Solutions, we're going to fail, we're going to get better. Linux, the culture of iterating. But practitioners, the mention of practitioners, that was very key. Global community, 72 sessions, co-chairs, Liz Rice and experts that are crafting this program. It seems like very similar to what AWS has done with re:Invent as their core show. And then they have re:Inforce which is their cloud native security, Amazon security show. There's enough there, so to me, practitioners, that speaks to the urgency of cloud native security. So to me, I think this is the first move, and again, testing the water. I like the vibe. I think the practitioner angle is relevant. It's very nerdy, so I think this is going to have some legs. >> Yeah, the other key phrase Priyanka mentioned is bottoms up. And John, at our predictions breaking analysis, I asked you to make a prediction about events. And I think you've nailed it. You said, "Look, we're going to have many more events, but they're going to be smaller." Most large events are going to get smaller. AWS is obviously the exception, but a lot of events like this, 500, 700, 1,000 people, that is really targeted. So instead of you take a big giant event and there's events within the event, this is going to be really targeted, really intimate and focused. And that's exactly what this is. I think your prediction nailed it. >> Well, Dave, we'll call to see the event operating system really cohesive events connected together, decoupled, and I think the Linux Foundation does an amazing job of stringing these events together to have community as the focus. And I think the key to these events in the future is having, again, targeted content to distinct user groups in these communities so they can be highly cohesive because they got to be productive. And again, if you try to have a broad, big event, no one's happy. Everyone's underserved. So I think there's an industry concept and then there's pieces tied together. And I think this is going to be a very focused event, but I think it's going to grow very fast. >> 72 sessions, that's a lot of content for this small event that the practitioners are going to have a lot of opportunity to learn from. Do you guys, John, start with you and then Dave, do you think it's about time? You mentioned John, they're dipping their toe in the water. We'll see how this goes. Do you think it's about time that we have this dedicated focus out of this community on cloud native security? >> Well, I think it's definitely time, and I'll tell you there's many reasons why. On the front lines of business, there's a business model for security hackers and breaches. The economics are in favor of the hackers. That's a real reality from ransomware to any kind of breach attacks. There's corporate governance issues that's structural challenges for companies. These are real issues operationally for companies in the enterprise. And at the same time, on the tech stack side, it's been very slow movement, like glaciers in terms of security. Things like DNS, Linux kernel, there are a lot of things in the weeds in the details of the bowels of the tech world, protocol levels that just need to be refactored. And I think you're seeing a lot of that here. It was mentioned from Brian from the Linux Foundation, mentioned Dan Kaminsky who recently passed away who found that vulnerability in BIND which is a DNS construct. That was a critical linchpin. They got to fix these things and Liz Rice is talking about the Linux kernel with the extended Berkeley Packet Filtering thing. And so this is where they're going. This is stuff that needs to be paid attention to because if they don't do it, the train of automation and machine learning is going to run wild with all kinds of automation that the infrastructure just won't be set up for. So I think there's going to be root level changes, and I think ultimately a new security stack will probably be very driven by data will be emerging. So to me, I think this is definitely worth being targeted. And I think you're seeing Amazon doing the same thing. I think this is a playbook out of AWS's event focus and I think that's right. >> Dave, what are you thoughts? >> There was a lot of talk in, again, I go back to the progression here in the last decade about what's the right regime for security? Should the CISO report to the CIO or the board, et cetera, et cetera? We're way beyond that now. I think DevSecOps is being asked to do a lot, particularly DevOps. So we hear a lot about shift left, we're hearing about protecting the runtime and the ops getting much more involved and helping them do their jobs because the cloud itself has brought a lot to the table. It's like the first line of defense, but then you've really got a lot to worry about from a software defined perspective. And it's a complicated situation. Yes, there's less hardware, yes, we can rely on the cloud, but culturally you've got a lot more people that have to work together, have to share data. And you want to remove the blockers, to use an Amazon term. And the way you do that is you really, if we talked about it many times on theCUBE. Do over, you got to really rethink the way in which you approach security and it starts with culture and team. >> Well the thing, I would call it the five C's of security. Culture, you mentioned that's a good C. You got cloud, tons of issues involved in cloud. You've got access issues, identity. you've got clusters, you got Kubernetes clusters. And then you've got containers, the fourth C. And then finally is the code itself, supply chain. So all areas of cloud native, if you take out culture, it's cloud, cluster, container, and code all have levels of security risks and new things in there that need to be addressed. So there's plenty of work to get done for sure. And again, this is developer first, bottoms up, but that's where the change comes in, Dave, from a security standpoint, you always point this out. Bottoms up and then middle out for change. But absolutely, the imperative is today the business impact is real and it's urgent and you got to pedal as fast as you can here, so I think this is going to have legs. We'll see how it goes. >> Really curious to understand the cultural impact that we see being made at this event with the focus on it. John, you mentioned the four C's, five with culture. I often think that culture is probably the leading factor. Without that, without getting those teams aligned, is the rest of it set up to be as successful as possible? I think that's a question that's- >> Well to me, Dave asked Pat Gelsinger in 2014, can security be a do-over at VMWorld when he was the CEO of VMware? He said, "Yes, it has to be." And I think you're seeing that now. And Nick from the co-founder of Palo Alto Networks was quoted on theCUBE by saying, "Zero Trust is some structure to give to security, but cloud allows for the ability to do it over and get some scale going on security." So I think the best people are going to come together in this security world and they're going to work on this. So you're going to start to see more focus around these security events and initiatives. >> So I think that when you go to the, you mentioned re:Inforce a couple times. When you go to re:Inforce, there's a lot of great stuff that Amazon puts forth there. Very positive, it's not that negative. Oh, the world is falling, the sky is falling. And so I like that. However, you don't walk away with an understanding of how they're making the CISOs and the DevOps lives easier once they get beyond the cloud. Of course, it's not Amazon's responsibility. And that's where I think the CNCF really comes in and open source, that's where they pick up. Obviously the cloud's involved, but there's a real opportunity to simplify the lives of the DevSecOps teams and that's what's critical in terms of being able to solve, or at least keep up with this never ending problem. >> Yeah, there's a lot of issues involved. I took some notes here from some of the keynote you heard. Security and education, training and team structure. Detection, incidents that are happening, and how do you respond to that architecture. Identity, isolation, supply chain, and governance and compliance. These are all real things. This is not like hand-waving issues. They're mainstream and they're urgent. Literally the houses are on fire here with the enterprise, so this is going to be very, very important. >> Lisa: That's a great point. >> Some of the other things Priyanka mentioned, exposed edges and nodes. So just when you think we're starting to solve the problem, you got IOT, security's not a one and done task. We've been talking about culture. No person is an island. It's $188 billion business. Cloud native is growing at 27% a year, which just underscores the challenges, and bottom line, practitioners are leading the way. >> Last question for you guys. What are you hoping those practitioners get out of this event, this inaugural event, John? >> Well first of all, I think this inaugural event's going to be for them, but also we at theCUBE are going to be doing a lot more security events. RSA's coming up, we're going to be at re:Inforce, we're obviously going to be covering this event. We've got Black Hat, a variety of other events. We'll probably have our own security events really focused on some key areas. So I think the thing that people are going to walk away from this event is that paying attention to these security events are going to be more than just an industry thing. I think you're going to start to see group gatherings or groups convening virtually and physically around core issues. And I think you're going to start to see a community accelerate around cloud native and open source specifically to help teams get faster and better at what they do. So I think the big walkaway for the customers and the practitioners here is that there's a call to arms happening and this is, again, another signal that it's worth breaking out from the core event, but being tied to it, I think that's a good call and I think it's a well good architecture from a CNCF standpoint and a worthy effort, so I give it a thumbs up. We still don't know what it's going to look like. We'll see what day two looks like, but it seems to be experts, practitioners, deep tech, enabling technologies. These are things that tend to be good things to hear when you're at an event. I'll say the business imperative is obvious. >> The purpose of an event like this, and it aligns with theCUBE's mission, is to educate and inspire business technology pros to action. We do it in theCUBE with free content. Obviously this event is a for-pay event, but they are delivering some real value to the community that they can take back to their organizations to make change. And that's what it's all about. >> Yep, that is what it's all about. I'm looking forward to seeing over as the months unfold, the impact that this event has on the community and the impact the community has on this event going forward, and really the adoption of cloud native security. Guys, great to have you during this keynote analysis. Looking forward to hearing the conversations that we have on theCUBE today. Thanks so much for joining. And for my guests, for my co-hosts, John Furrier and Dave Vellante. I'm Lisa Martin. You're watching theCUBE's day one coverage of CloudNativeSecurityCon '23. Stick around, we got great content on theCUBE coming up. (upbeat music)

(upbeat music) >> Hello, everyone, from Palo Alto, Lisa Martin here. This is The Cube's coverage of CloudNativeSecurityCon, the inaugural event. I'm here with John Furrier in studio. In Boston, Dave Vellante joins us, and our guest, Liz Rice, one of our alumni, is joining us from Seattle. Great to have everyone here. Liz is the Chief Open Source officer at Isovalent. She's also the Emeritus Chair Technical Oversight Committee at CNCF, and a co-chair of this new event. Everyone, welcome Liz. Great to have you back on theCUBE. Thanks so much for joining us today. >> Thanks so much for having me, pleasure. >> So CloudNativeSecurityCon. This is the inaugural event, Liz, this used to be part of KubeCon, it's now its own event in its first year. Talk to us about the importance of having it as its own event from a security perspective, what's going on? Give us your opinions there. >> Yeah, I think security was becoming so- at such an important part of the conversation at KubeCon, CloudNativeCon, and the TAG security, who were organizing the co-located Cloud Native Security Day which then turned into a two day event. They were doing this amazing job, and there was so much content and so much activity and so much interest that it made sense to say "Actually this could stand alone as a dedicated event and really dedicate, you know, all the time and resources of running a full conference, just thinking about cloud native security." And I think that's proven to be true. There's plenty of really interesting talks that we're going to see. Things like a capture the flag. There's all sorts of really good things going on this week. >> Liz, great to see you, and Dave, great to see you in Boston Lisa, great intro. Liz, you've been a CUBE alumni. You've been a great contributor to our program, and being part of our team, kind of extracting that signal from the CNCF cloud native world KubeCon. This event really kind of to me is a watershed moment, because it highlights not only security as a standalone discussion event, but it's also synergistic with KubeCon. And, as co-chair, take us through the thought process on the sessions, the experts, it's got a practitioner vibe there. So we heard from Priyanka early on, bottoms up, developer first. You know KubeCon's shift left was big momentum. This seems to be a breakout of very focused security. Can you share the rationale and the thoughts behind how this is emerging, and how you see this developing? I know it's kind of a small event, kind of testing the waters it seems, but this is really a directional shift. Can you share your thoughts? >> Yeah I'm just, there's just so many different angles that you can consider security. You know, we are seeing a lot of conversations about supply chain security, but there's also runtime security. I'm really excited about eBPF tooling. There's also this opportunity to talk about how do we educate people about security, and how do security practitioners get involved in cloud native, and how do cloud native folks learn about the security concepts that they need to keep their deployments secure. So there's lots of different groups of people who I think maybe at a KubeCon, KubeCon is so wide, it's such a diverse range of topics. If you really just want to focus in, drill down on what do I need to do to run Kubernetes and cloud native applications securely, let's have a really focused event, and just drill down into all the different aspects of that. And I think that's great. It brings the right people together, the practitioners, the experts, the vendors to, you know, everyone can be here, and we can find each other at a smaller event. We are not spread out amongst the thousands of people that would attend a KubeCon. >> It's interesting, Dave, you know, when we were talking, you know, we're going to bring you in real quick, because AWS, which I think is the bellweather for, you know, cloud computing, has now two main shows, AWS re:Invent and re:Inforce. Security, again, broken out there. you see the classic security events, RSA, Black Hat, you know, those are the, kind of, the industry kind of mainstream security, very wide. But you're starting to see the cloud native developer first with both security and cloud native, kind of, really growing so fast. This is a major trend for a lot of the ecosystem >> You know, and you hear, when you mention those other conferences, John you hear a lot about, you know, shift left. There's a little bit of lip service there, and you, we heard today way more than lip service. I mean deep practitioner level conversations, and of course the runtime as well. Liz, you spent a lot of time obviously in your keynote on eBPF, and I wonder if you could share with the audience, you know, why you're so excited about that. What makes it a more effective tool compared to other traditional methods? I mean, it sounds like it simplifies things. You talked about instrumenting nodes versus workloads. Can you explain that a little bit more detail? >> Yeah, so with eBPF programs, we can load programs dynamically into the kernel, and we can attach them to all kinds of different events that could be happening anywhere on that virtual machine. And if you have the right knowledge about where to hook into, you can observe network events, you can observe file access events, you can observe pretty much anything that's interesting from a security perspective. And because eBPF programs are living in the kernel, there's only one kernel shared amongst all of the applications that are running on that particular machine. So you don't- you no longer have to instrument each individual application, or each individual pod. There's no more need to inject sidecars. We can apply eBPF based tooling on a per node basis, which just makes things operationally more straightforward, but it's also extremely performant. We can hook these programs into events that typically very lightweight, small programs, kind of, emitting an event, making a decision about whether to drop a packet, making a decision about whether to allow file access, things of that nature. There's super fast, there's no need to transition between kernel space and user space, which is usually quite a costly operation from performance perspective. So eBPF makes it really, you know, it's taking the security tooling, and other forms of tooling, networking and observability. We can take these tools into the kernel, and it's really efficient there. >> So Liz- >> So, if I may, one, just one quick follow up. You gave kind of a space age example (laughs) in your keynote. When, do you think a year from now we'll be able to see, sort of, real world examples in in action? How far away are we? >> Well, some of that is already pretty widely deployed. I mean, in my keynote I was talking about Cilium. Cilium is adopted by hundreds of really big scale deployments. You know, the users file is full of household names who've been using cilium. And as part of that they will be using network policies. And I showed some visualizations this morning of network policy, but again, network policy has been around, pretty much since the early days of Kubernetes. It can be quite fiddly to get it right, but there are plenty of people who are using it at scale today. And then we were also looking at some runtime security detections, seeing things like, in my example, exfiltrating the plans to the Death Star, you know, looking for suspicious executables. And again, that's a little bit, it's a bit newer, but we do have people running that in production today, proving that it really does work, and that eBPF is a scalable technology. It's, I've been fascinated by eBPF for years, and it's really amazing to see it being used in the real world now. >> So Liz, you're a maintainer on the Cilium project. Talk about the use of eBPF in the Cilium project. How is it contributing to cloud native security, and really helping to change the dials on that from an efficiency, from a performance perspective, as well as a, what's in it for me as a business perspective? >> So Cilium is probably best known as a networking plugin for Kubernetes. It, when you are running Kubernetes, you have to make a decision about some networking plugin that you're going to use. And Cilium is, it's an incubating project in the CNCF. It's the most mature of the different CNIs that's in the CNCF at the moment. As I say, very widely deployed. And right from day one, it was based on eBPF. And in fact some of the people who contribute to the eBPF platform within the kernel, are also working on the Cilium project. They've been kind of developed hand in hand for the last six, seven years. So really being able to bring some of that networking capability, it required changes in the kernel that have been put in place several years ago, so that now we can build these amazing tools for Kubernetes operators. So we are using eBPF to make the networking stack for Kubernetes and cloud native really efficient. We can bypass some of the parts of the network stack that aren't necessarily required in a cloud native deployment. We can use it to make these incredibly fast decisions about network policy. And we also have a sub-project called Tetragon, which is a newer part of the Cilium family which uses eBPF to observe these runtime events. The things like people opening a file, or changing the permissions on a file, or making a socket connection. All of these things that as a security engineer you are interested in. Who is running executables who is making network connections, who's accessing files, all of these operations are things that we can observe with Cilium Tetragon. >> I mean it's exciting. We've chatted in the past about that eBPF extended Berkeley Packet Filter, which is about the Linux kernel. And I bring that up Liz, because I think this is the trend I'm trying to understand with this event. It's, I hear bottoms up developer, developer first. It feels like it's an under the hood, infrastructure, security geek fest for practitioners, because Brian, in his keynote, mentioned BIND in reference the late Dan Kaminsky, who was, obviously found that error in BIND at the, in DNS. He mentioned DNS. There's a lot of things that's evolving at the silicone, kernel, kind of root levels of our infrastructure. This seems to be a major shift in focus and rightfully so. Is that something that you guys talk about, or is that coincidence, or am I just overthinking this point in terms of how nerdy it's getting in terms of the importance of, you know, getting down to the low level aspects of protecting everything. And as we heard also the quote was no software secure. (Liz chuckles) So that's up and down the stack of the, kind of the old model. What's your thoughts and reaction to that? >> Yeah, I mean I think a lot of folks who get into security really are interested in these kind of details. You know, you see write-ups of exploits and they, you know, they're quite often really involved, and really require understanding these very deep detailed technical levels. So a lot of us can really geek out about the details of that. The flip side of that is that as an application developer, you know, as- if you are working for a bank, working for a media company, you're writing applications, you shouldn't have to be worried about what's happening at the kernel level. This might be kind of geeky interesting stuff, but really, operationally, it should be taken care of for you. You've got your work cut out building business value in applications. So I think there's this interesting, kind of dual track going on almost, if you like, of the people who really want to get involved in those nitty gritty details, and understand how the underlying, you know, kernel level exploits maybe working. But then how do we make that really easy for people who are running clusters to, I mean like you said, nothing is ever secure, but trying to make things as secure as they can be easily, and make things visual, make things accessible, make things, make it easy to check whether or not you are compliant with whatever regulations you need to be compliant with. That kind of focus on making things usable for the platform team, for the application developers who deliver apps on the platform, that's the important (indistinct)- >> I noticed that the word expert was mentioned, I mentioned earlier with Priyanka. Was there a rationale on the 72 sessions, was there thinking around it or was it kind of like, these are urgent areas, they're obvious low hanging fruit. Was there, take us through the selection process of, or was it just, let's get 72 sessions going to get this (Liz laughs) thing moving? >> No, we did think quite carefully about how we wanted to, what the different focus areas we wanted to include. So we wanted to make sure that we were including things like governance and compliance, and that we talk about not just supply chain, which is clearly a very hot topic at the moment, but also to talk about, you know, threat detection, runtime security. And also really importantly, we wanted to have space to talk about education, to talk about how people can get involved. Because maybe when we talk about all these details, and we get really technical, maybe that's, you know, a bit scary for people who are new into the cloud native security space. We want to make sure that there are tracks and content that are accessible for newcomers to get involved. 'Cause, you know, given time they'll be just as excited about diving into those kind of kernel level details. But everybody needs a place to start, and we wanted to make sure there were conversations about how to get started in security, how to educate other members of your team in your organization about security. So hopefully there's something for everyone. >> That education piece- >> Liz, what's the- >> Oh sorry, Dave. >> What the buzz on on AI? We heard Dan talk about, you know, chatGPT, using it to automate spear phishing. There's always been this tension between security and speed to market, but CISOs are saying, "Hey we're going to a zero trust architecture and that's helping us move faster." Will, in your, is the talk on the floor, AI is going to slow us down a little bit until we figure it out? Or is it actually going to be used as an offensive defensive tool if I can use that angle? >> Yeah, I think all of the above. I actually had an interesting chat this morning. I was talking with Andy Martin from Control Plane, and we were talking about the risk of AI generated code that attempts to replicate what open source libraries already do. So rather than using an existing open source package, an organization might think, "Well, I'll just have my own version, and I'll have an AI write it for me." And I don't, you know, I'm not a lawyer so I dunno what the intellectual property implications of this will be, but imagine companies are just going, "Well you know, write me an SSL library." And that seems terrifying from a security perspective, 'cause there could be all sorts of very slightly different AI generated libraries that pick up the same vulnerabilities that exist in open source code. So, I think we're going to go through a pretty interesting period of vulnerabilities being found in AI generated code that look familiar, and we'll be thinking "Haven't we seen these vulnerabilities before? Yeah, we did, but they were previously in handcrafted code and now we'll see the same things being generated by AI." I mean, in the same way that if you look at an AI generated picture and it's got I don't know, extra fingers, or, you know, extra ears or something that, (Dave laughs) AI does make mistakes. >> So Liz, you talked about the education, the enablement, the 72 sessions, the importance of CloudNativeSecurityCon being its own event this year. What are your hopes and dreams for the practitioners to be able to learn from this event? How do you see the event as really supporting the growth, the development of the cloud native security community as a whole? >> Yeah, I think it's really important that we think of it as a Cloud Native Security community. You know, there are lots of interesting sort of hacker community security related community. Cloud native has been very community focused for a long time, and we really saw, particularly through the tag, the security tag, that there was this growing group of people who were, really wanted to work at that intersection between security and cloud native. And yeah, I think things are going really well this week so far, So I hope this is, you know, the first of many additions of this conference. I think it will also be interesting to see how the balance between a smaller, more focused event, compared to the giant KubeCon and cloud native cons. I, you know, I think there's space for both things, but whether or not there will be other smaller focus areas that want to stand alone and justify being able to stand alone as their own separate conferences, it speaks to the growth of cloud native in general that this is worthwhile doing. >> Yeah. >> It is, and what also speaks to, it reminds me of our tagline here at theCUBE, being able to extract the signal from the noise. Having this event as a standalone, being able to extract the value in it from a security perspective, that those practitioners and the community at large is going to be able to glean from these conversations is something that will be important, that we'll be keeping our eyes on. >> Absolutely. Makes sense for me, yes. >> Yeah, and I think, you know, one of the things, Lisa, that I want to get in, and if you don't mind asking Dave his thoughts, because he just did a breaking analysis on the security landscape. And Dave, you know, as Liz talking about some of these root level things, we talk about silicon advances, powering machine learning, we've been covering a lot of that. You've been covering the general security industry. We got RSA coming up reinforced with AWS, and as you see the cloud native developer first, really driving the standards of the super cloud, the multicloud, you're starting to see a lot more application focus around latency and kind of controlling that, These abstraction layer's starting to see a lot more growth. What's your take, Dave, on what Liz and- is talking about because, you know, you're analyzing the horses on the track, and there's sometimes the old guard security folks, and you got open source continuing to kick butt. And even on the ML side, we've been covering some of these foundation models, you're seeing a real technical growth in open source at all levels and, you know, you still got some proprietary machine learning stuff going on, but security's integrating all that. What's your take and your- what's your breaking analysis on the security piece here? >> I mean, to me the two biggest problems in cyber are just the lack of talent. I mean, it's just really hard to find super, you know, deep expertise and get it quickly. And I think the second is it's just, it's so many tools to deal with. And so the architecture of security is just this mosaic and a mess. That's why I'm excited about initiatives like eBPF because it does simplify things, and developers are being asked to do a lot. And I think one of the other things that's emerging is when you- when we talk about Industry 4.0, and IIoT, you- I'm seeing a lot of tools that are dedicated just to that, you know, slice of the world. And I don't think that's the right approach. I think that there needs to be a more comprehensive view. We're seeing, you know, zero trust architectures come together, and it's going to take some time, but I think that you're going to definitely see, you know, some rethinking of how to architect security. It's a game of whack-a-mole, but I think the industry is just- the technology industry is doing a really really good job of, you know, working hard to solve these problems. And I think the answer is not just another bespoke tool, it's a broader thinking around architectures and consolidating some of those tools, you know, with an end game of really addressing the problem in a more comprehensive fashion. >> Liz, in the last minute or so we have your thoughts on how automation and scale are driving some of these forcing functions around, you know, taking away the toil and the muck around developers, who just want stuff to be code, right? So infrastructure as code. Is that the dynamic here? Is this kind of like new, or is it kind of the same game, different kind of thing? (chuckles) 'Cause you're seeing a lot more machine learning, a lot more automation going on. What's, is that having an impact? What's your thoughts? >> Automation is one of the kind of fundamental underpinnings of cloud native. You know, we're expecting infrastructure to be written as code, We're expecting the platform to be defined in yaml essentially. You know, we are expecting the Kubernetes and surrounding tools to self-heal and to automatically scale and to do things like automated security. If we think about supply chain, you know, automated dependency scanning, think about runtime. Network policy is automated firewalling, if you like, for a cloud native era. So, I think it's all about making that platform predictable. Automation gives us some level of predictability, even if the underlying hardware changes or the scale changes, so that the application developers have something consistent and standardized that they can write to. And you know, at the end of the day, it's all about the business applications that run on top of this infrastructure >> Business applications and the business outcomes. Liz, we so appreciate your time talking to us about this inaugural event, CloudNativeSecurityCon 23. The value in it for those practitioners, all of the content that's going to be discussed and learned, and the growth of the community. Thank you so much, Liz, for sharing your insights with us today. >> Thanks for having me. >> For Liz Rice, John Furrier and Dave Vellante, I'm Lisa Martin. You're watching the Cube's coverage of CloudNativeSecurityCon 23. (electronic music)

(lively music) >> Good afternoon cloud community and welcome back to beautiful Las Vegas, Nevada. We are here at AWS re:Invent, day four of our wall to wall coverage. It is day four in the afternoon and we are holding strong. I'm Savannah Peterson, joined by my fabulous co-host Paul Gillen. Paul, how you doing? >> I'm doing well, fine Savannah. You? >> You look great. >> We're in the home stretch here. >> Yeah, (laughs) we are. >> You still look fresh as a daisy. I don't know how you do it. >> (laughs) You're too kind. You're too kind, but I'm vain enough to take that compliment. I'm very excited about the conversation that we're going to have up next. We get to get a little DevRel and we got a little swagger on the stage. Welcome, Austin. How you doing? >> Hey, great to be here. Thanks for having me. >> Savannah: Yeah, it's our pleasure. How's the show been for you so far? >> Busy, exciting. Feels a lot like, you know it used to be right? >> Yeah, I know. A little reminiscent of the before times. >> Well, before times. >> Before we dig into the technical stuff, you're the most intriguingly dressed person we've had on the show this week. >> Austin: I feel extremely underdressed. >> Well, and we were talking about developer fancy. Talk to me a little bit about your approach to fashion. Wasn't expecting to lead with this, but I like this but I like this actually. >> No, it's actually good with my PR. You're going to love it. My approach, here's the thing, I give free advice all the time about developer relations, about things that work, have worked, and don't work in community and all that stuff. I love talking about that. Someone came up to me and said, "Where do you get your fashion tips from? What's the secret Discord server that I need to go on?" I'm like, "I will never tell." >> Oh, okay. >> This is an actual trait secret. >> Top secret. Wow! Talk about. >> If someone else starts wearing the hat, then everyone's going to be like, "There's so many white guys." Look, I'm a white guy with a beard that works in technology. >> Savannah: I've never met one of those. >> Exactly, there's none of them at all. So, you have to do something to kind stand out from the crowd a little bit. >> I love it, and it's a talk trigger. We're talking about it now. Production team loved it. It's fantastic. >> It's great. >> So your DevRel for Lightstep, in case the audience isn't familiar tell us about Lightstep. >> So Lightstep is a cloud native observability platform built at planet scale, and it powers observability at some places you've heard of like Spotify, GitHub, right? We're designed to really help developers that are working in the cloud with Kubernetes, with these huge distributed systems, understand application performance and being able to find problems, fix problems. We're also part of the ServiceNow family and as we all know ServiceNow is on a mission to help the world of work work better by powering digital transformation around IT and customer experiences for their many, many, many global 2000 customers. We love them very much. >> You know, it's a big love fest here. A lot of people have talked about the collaboration, so many companies working together. You mentioned unified observability. What is unified observability? >> So if you think about a tradition, or if you've heard about this traditional idea of observability where you have three pillars, right? You have metrics, and you have logs, and you have traces. All those three things are different data sources. They're picked up by different tools. They're analyzed by different people for different purposes. What we believe and what we're working to accomplish right now is to take all that and if you think those pillars, flip 'em on their side and think of them as streams of data. If we can take those streams and integrate them together and let you treat traces and metrics and logs not as these kind of inviolate experiences where you're kind of paging between things and going between tab A to tab B to tab C, and give you a standard way to query this, a standard way to display this, and letting you kind of find the most relevant data, then it really unlocks a lot of power for like developers and SREs to spend less time like managing tools. You know, figuring out where to build their query or what dashboard to check, more just being able to like kind of ask a question, get an answer. When you have an incident or an outage that's the most important thing, right? How quickly can you get those answers that you need so that you can restore system health? >> You don't want to be looking in multiple spots to figure out what's going on. >> Absolutely. I mean, some people hear unified observability and they go to like tool consolidation, right? That's something I hear from a lot of our users and a lot of people in re:Invent. I'll talk to SREs, they're like, "Yeah, we've got like six or seven different metrics products alone, just on services that they cover." It is important to kind of consolidate that but we're really taking it a step lower. We're looking at the data layer and trying to say, "Okay, if the data is all consistent and vendor neutral then that gives you flexibility not only from a tool consolidation perspective but also you know, a consistency, reliability. You could have a single way to deploy your observability out regardless of what cloud you're on, regardless if you're using Kubernetes or Fargate or whatever else. or even just Bare Metal or EC2 Bare Metal, right? There's been so much historically in this space. There's been a lot of silos and we think that unify diversability means that we kind of break down those silos, right? The way that we're doing it primarily is through a project called OpenTelemetry which you might have heard of. You want to talk about that in a minute? . >> Savannah: Yeah, let's talk about it right now. Why don't you tell us about it? Keep going, you're great. You're on a roll. >> I am. >> Savannah: We'll just hang out over here. >> It's day four. I'm going to ask the questions and answer the questions. (Savannah laughs) >> Yes, you're right. >> I do yeah. >> Open Tele- >> OpenTelemetry . >> Explain what OpenTelemetry is first. >> OpenTelemetry is a CNCF project, Cloud Native Computing Foundation. The goal is to make telemetry data, high quality telemetry data, a builtin feature of cloud native software right? So right now if you wanted to get logging data out, depending on your application stack, depending on your application run time, depending on language, depending on your deployment environment. You might have a lot... You have to make a lot of choices, right? About like, what am I going to use? >> Savannah: So many different choices, and the players are changing all the time. >> Exactly, and a lot of times what people will do is they'll go and they'll say like, "We have to use this commercial solution because they have a proprietary agent that can do a lot of this for us." You know? And if you look at all those proprietary agents, what you find very quickly is it's very commodified right? There's no real difference in what they're doing at a code level and what's stopped the industry from really adopting a standard way to create this logs and metrics and traces, is simply just the fact that there was no standard. And so, OpenTelemetry is that standard, right? We've got dozens of companies many of them like very, many of them here right? Competitors all the same, working together to build this open standard and implementation of telemetry data for cloud native software and really any software right? Like we support over 12 languages. We support Kubernetes, Amazon. AWS is a huge contributor actually and we're doing some really exciting stuff with them on their Amazon distribution of OpenTelemetry. So it's been extremely interesting to see it over the past like couple years go from like, "Hey, here's this like new thing that we're doing over here," to really it's a generalized acceptance that this is the way of the future. This is what we should have been doing all along. >> Yeah. >> My opinion is there is a perception out there that observability is kind of a commodity now that all the players have the same set of tools, same set of 15 or 17 or whatever tools, and that there's very little distinction in functionality. Would you agree with that? >> I don't know if I would characterize it that way entirely. I do think that there's a lot of duplicated effort that happens and part of the reason is because of this telemetry data problem, right? Because you have to wind up... You know, there's this idea of table stakes monitoring that we talk about right? Table stakes monitoring is the stuff that you're having to do every single day to kind of make sure your system is healthy to be able to... When there's an alert, gets triggered, to see why it got triggered and to go fix it, right? Because everyone has the kind of work on that table stake stuff and then build all these integrations, there's very little time for innovation on top of that right? Because you're spending all your time just like working on keeping up with technology. >> Savannah: Doing the boring stuff to make sure the wheels don't fall off, basically. >> Austin: Right? What I think the real advantage of OpenTelemetry is that it really, from like a vendor perspective, like it unblocks us from having to kind of do all this repetitive commodified work. It lets us help move that out to the community level so that... Instead of having to kind of build, your Kubernetes integration for example, you can just have like, "Hey, OpenTelemetry is integrated into Kubernetes and you just have this data now." If you are a commercial product, or if you're even someone that's interested in fixing a, scratching a particular itch about observability. It's like, "I have this specific way that I'm doing Kubernetes and I need something to help me really analyze that data. Well, I've got the data now I can just go create a project. I can create an analysis tool." I think that's what you'll see over time as OpenTelemetry promulgates out into the ecosystem is more people building interesting analysis features, people using things like machine learning to analyze this large amount, large and consistent amount of OpenTelemetry data. It's going to be a big shakeup I think, but it has the potential to really unlock a lot of value for our customers. >> Well, so you're, you're a developer relations guy. What are developers asking for right now out of their observability platforms? >> Austin: That's a great question. I think there's two things. The first is that they want it to just work. It's actually the biggest thing, right? There's so many kind of... This goes back to the tool proliferation, right? People have too much data in too many different places, and getting that data out can still be really challenging. And so, the biggest thing they want is just like, "I want something that I can... I want a lot of these questions I have to ask, answered already and OpenTelemetry is going towards it." Keep in mind it's the project's only three years old, so we obviously have room to grow but there are people running it in production and it works really well for them but there's more that we can do. The second thing is, and this isn't what really is interesting to me, is it's less what they're asking for and more what they're not asking for. Because a lot of the stuff that you see people, saying around, "Oh, we need this like very specific sort of lower level telemetry data, or we need this kind of universal thing." People really just want to be able to get questions or get questions answered, right? They want tools that kind of have these workflows where you don't have to be an expert because a lot of times this tooling gets locked behind sort of is gate kept almost in a organization where there are teams that's like, "We're responsible for this and we're going to set it up and manage it for you, and we won't let you do things outside of it because that would mess up- >> Savannah: Here's your sandbox and- >> Right, this is your sandbox you can play in and a lot of times that's really useful and very tuned for the problems that you saw yesterday, but people are looking at like what are the problems I'm going to get tomorrow? We're deploying more rapidly. We have more and more intentional change happening in the system. Like it's not enough to have this reactive sort of approach where our SRE teams are kind of like or this observability team is building a platform for us. Developers want to be able to get in and have these kind of guided workflows really that say like, "Hey, here's where you're starting at. Let's get you to an answer. Let's help you find the needle in the haystack as it were, without you having to become a master of six different or seven different tools." >> Savannah: Right, and it shouldn't be that complicated. >> It shouldn't be. I mean we've certainly... We've been working on this problem for many years now, starting with a lot of our team that started at Google and helped build Google's planet scale monitoring systems. So we have a lot of experience in the field. It's actually one... An interesting story that our founder or now general manager tells BHS, Ben Sigelman, and he told me this story once and it's like... He had built this really cool thing called Dapper that was a tracing system at Google, and people weren't using it. Because they were like, "This is really cool, but I don't know how to... but it's not relevant to me." And he's like, the one thing that we did to get to increase usage 20 times over was we just put a link. So we went to the place that people were already looking for that data and we added a link that says, "Hey, go over here and look at this." It's those simple connections being able to kind of draw people from like point A to point B, take them from familiar workflows into unfamiliar ones. You know, that's how we think about these problems right? How is this becoming a daily part of someone's usage? How is this helping them solve problems faster and really improve their their life? >> Savannah: Yeah, exactly. It comes down to quality of life. >> Warner made the case this morning that computer architecture should be inherently event-driven and that we are moving toward a world where the person matters less than what the software does, right? The software is triggering events. Does this complicate observability or simplify it? >> Austin: I think that at the end of the day, it's about getting the... Observability to me in a lot of ways is about modeling your system, right? It's about you as a developer being able to say this is what I expect the system to do and I don't think the actual application architecture really matters that much, right? Because it's about you. You are building a system, right? It can be event driven, can be support request response, can be whatever it is. You have to be able to say, "This is what I expect to... For these given inputs, this is the expected output." Now maybe there's a lot of stuff that happens in the middle that you don't really care about. And then, I talk to people here and everyone's talking about serverless right? Everyone... You can see there's obviously some amazing statistics about how many people are using Lambda, and it's very exciting. There's a lot of stuff that you shouldn't have to care about as a developer, but you should care about those inputs and outputs. You will need to have that kind of intermediate information and understand like, what was the exact path that I took through this invented system? What was the actual resources that were being used? Because even if you trust that all this magic behind the scenes is just going to work forever, sometimes it's still really useful to have that sort of lower level abstraction, to say like, "Well, this is what actually happened so that I can figure out when I deployed a new change, did I make performance better or worse?" Or being able to kind of segregate your data out and say like... Doing AB testing, right? Doing canary releases, doing all of these things that you hear about as best practices or well architected applications. Observability is at the core of all that. You need observability to kind of do any of, ask any of those higher level interesting questions. >> Savannah: We are here at ReInvent. Tell us a little bit more about the partnership with AWS. >> So I would have to actually probably refer you to someone at Service Now on that. I know that we are a partner. We collaborate with them on various things. But really at Lightstep, we're very focused on kind of the open source part of this. So we work with AWS through the OpenTelemetry project, on things like the AWS distribution for OpenTelemetry which is really... It's OpenTelemetry, again is really designed to be like a neutral standard but we know that there are going to be integrators and implementers that need to package up and bundle it in a certain way to make it easy for their end users to consume it. So that's what Amazon has done with ADOT which is the shortening for it. So it's available in several different ways. You can use it as like an SDK and drop it into your application. There's Lambda layers. If you want to get Lambda observability, you just add this extension in and then suddenly you're getting OpenTelemetry data on the other side. So it's really cool. It's been a really exciting to kind of work with people on the AWS side over the past several years. >> Savannah: It's exciting, >> I've personally seen just a lot of change. I was talking to a PM earlier this week... It's like, "Hey, two years ago I came and talked to you about OpenTelemetry and here we are today. You're still talking about OpenTelemetry." And they're like, "What changes?" Our customers have started coming to us asking for OpenTelemetry and we see the same thing now. >> Savannah: Timing is right. >> Timing is right, but we see the same thing... Even talking to ServiceNow customers who are... These very big enterprises, banks, finance, healthcare, whatever, telcos, it used to be... You'd have to go to them and say like, "Let me tell you about distributed tracing. Let me tell you about OpenTelemetry. Let me tell you about observability." Now they're coming in and saying, "Yeah, so we're standard." If you think about Kubernetes and how Kubernetes, a lot of enterprises have spent the past five-six years standardizing, and Kubernetes is a way to deploy applications or manage containerized applications. They're doing the same journey now with OpenTelemetry where they're saying, "This is what we're betting on and we want partners we want people to help us go along that way." >> I love it, and they work hand in hand in all CNCF projects as well that you're talking about. >> Austin: Right, so we're integrated into Kubernetes. You can find OpenTelemetry and things like kept in which is application standards. And over time, it'll just like promulgate out from there. So it's really exciting times. >> A bunch of CNCF projects in this area right? Prometheus. >> Prometheus, yeah. Yeah, so we inter-operate with Prometheus as well. So if you have Prometheus metrics, then OpenTelemetry can read those. It's a... OpenTelemetry metrics are like a super set of Prometheus. We've been working with the Prometheus community for quite a while to make sure that there's really good compatibility because so many people use Prometheus you know? >> Yeah. All right, so last question. New tradition for us here on theCUBE. We're looking for your 32nd hot take, Instagram reel, biggest theme, biggest buzz for those not here on the show floor. >> Oh gosh. >> Savannah: It could be for you too. It could be whatever for... >> I think the two things that are really striking to me is one serverless. Like I see... I thought people were talking about servers a lot and they were talking about it more than ever. Two, I really think it is observability right? Like we've gone from observability being kind of a niche. >> Savannah: Not that you're biased. >> Huh? >> Savannah: Not that you're biased. >> Not that I'm biased. It used to be a niche. I'd have to go niche thing where I would go and explain what this is to people and nowpeople are coming up. It's like, "Yeah, yeah, we're using OpenTelemetry." It's very cool. I've been involved with OpenTelemetry since the jump, since it was started really. It's been very exciting to see and gratifying to see like how much adoption we've gotten even in a short amount of time. >> Yeah, absolutely. It's a pretty... Yeah, it's been a lot. That was great. Perfect soundbite for us. >> Austin: Thanks, I love soundbites. >> Savannah: Yeah. Awesome. We love your hat and your soundbites equally. Thank you so much for being on the show with us today. >> Thank you for having me. >> Savannah: Hey, anytime, anytime. Will we see you in Amsterdam, speaking of KubeCon? Awesome, we'll be there. >> There's some real exciting OpenTelemetry stuff coming up for KubeCon. >> Well, we'll have to get you back on theCUBE. (talking simultaneously) Love that for us. Thank you all for tuning in two hour wall to wall coverage here, day four at AWS re:Invent in fabulous Las Vegas, Nevada, with Paul Gillin. I'm Savannah Peterson and you're watching theCUBE, the leader in high tech coverage. (lively music)

(bright music) >> Hello cloud computing friends and welcome back to theCUBE, where we are live from Las Vegas, Nevada, here at AWS re:Invent all week. My name is Savannah Peterson, very excited to be joined by Paul Gillan today. How are you doing? >> I'm doing great, Savannah. It's my first re:Invent. >> I was just going to ask you >> So it's quite an experience. >> If you've ever been to re:Invent. >> It's dazzling much like the sequins on your top. It's dazzling. >> Yes. >> It's a jam packed affair. I came to the COMDEX Conference for many years in Las Vegas, which was huge event and this really rivals it in terms of these crowd sizes. But I think there's more intensity here. There's more excitement. People are just jazzed about being here to the extent that I never saw at other computer conferences. >> I thought I would agree with you. It's my first re:Invent as well. I'm glad we could share this experience together. And the vibe, the pulse, I think being back in person is really contagious as well. Ooh, maybe the wrong word to use, but in a great way. The energy is definitely radiating between people here. I'll watch my words a little bit better. >> And in person we have with us Samuel Nicholls, the director of public cloud at Global Product Marketing at Veeam Software. Sam, is it Sam or Samuel? >> Depends if I'm in trouble, Paul. >> Savannah: But it depends on who's saying it out loud. >> Yeah, yeah. It's typically, Samuel is usually reserved for my mother, so- >> Yeah. >> (laughs) Well, Sam, thanks for joining us. >> We'll stick with Sam on the show. >> Yeah. >> So Veeam been a red hot company for several years. Really made its, uh, its reputation in the VMware world. Now you've got this whole-sail shift to the cloud, not that VMware is not important still, but how is that affecting, you're shifting with it, how is that affecting your role as a product manager and the business overall? >> Yeah, it's a fantastic question. Obviously Veeam was pioneered in terms of being the purpose-built backup and recovery company for VMware. And as these workloads are being transitioned from the data center into the cloud or just net new workloads being created in the cloud, there is that equal need for backup and recovery there. So it's incredibly important that we were able to provide a purpose-built backup and recovery solution for workloads that live in AWS as well. >> Paul: And how different is it backing up an AWS workload compared to a VMware workload? >> I think it depends on what kind of service a user is, is, is utilizing, right? There's infrastructure as a service, platform as a service, software as a service. And given the differences in what is exposed to that customer that can make backup and recovery quite challenging. So I would say that the primary thing that we want to look at is utilizing native snapshots is our first line of defense when it comes to backup and recovery, irrespective of what workload that right might be whether it's a virtual machine, Amazon EC2, some sort of database on Amazon RDS, a file share, so on. >> Savannah: I bet you're seeing a lot across verticals and across the industry given the support that you're giving customers. What are you seeing in the market and in customer environments? What are some of those trends? >> So I think the major trends that we highlight in our data protection trend support, which is a new update is coming very shortly in the new year, is- >> Savannah: We have to check that out. >> Yeah, absolutely. The physical server is on a decline within the data center. Virtualized workloads, namely VMware is relatively static, kind of flat. The real hockey stick is with the cloud workloads. And as I mentioned before, that is partially because workloads are being transitioned from physical to virtual machines to being cloud hosted but also we're creating more applications and the cloud has become lead de facto standard for new workloads. So you hear about cloud first initiatives, digital transformation, the cloud is central to that. >> You mentioned snapshotting, which is a relatively new phenomenon, although it's taken a hold rapidly, how does snapshotting work in the cloud versus in on your on-prem environment? >> Samuel: It's not wildly different at all. I think the snapshots is again, a great first line of defense for helping users achieve very low recovery point objectives. So the frequency that they can protect their data as well as very low recovery time objectives, how quickly that I can recover the data. Because that's why we're backing up, right? We need the ability to recover. However, snapshots certainly have their limitations as well. They are not independent of the workload that is being protected. So if there were to be some sort of cybersecurity event like ransomware that is prolific throughout pretty much every business, every vertical. When that snapshot is not independent, if the production system becomes compromised that snapshot's likely to be compromised as well. And then going back to the recovery piece, not going to have something to recover from. >> And it's not a one and done with ransomware. >> No. >> It's, yeah. So how, so what is the role that backup plays? I mean a lot of people, I feel like security is such a hot topic here in the show and just in general, attacks are coming in unique form factors for everyone. I mean, I feel like backup is, no pun intended, the backbone of a system here. How does that affect what you're creating, I mean? >> Yeah, absolutely. I think, like you say the backup is core to any comprehensive security strategy, right? I think when we talk about security, everyone tends to focus on the preventative, the proactive piece, stopping the bad guys from getting in. However, there is that remediative aspect as well because like you say, ransomware is relentless, right? You, you as a good guy have to pretty much fend off each and every single attack that comes your way. And that can be an infinite number of attacks. We're all human beings, we're fallible, right? And sometimes we can't defend against everything. So having a secure backup strategy is part of that remediative recovery component for a cybersecurity strategy is critical. And that includes things like encryption, immutability, logical separation of data and so forth. >> Paul: We know that ransomware is a scourge on-premises, typically begins with the end users, end user workstation. How does ransomware work in the cloud? And do the cloud providers have adequate protections against ransomware? Or can they? >> Samuel: Yeah, it's a, it's a fantastic question as well. I think when we look at the cloud, one of the common misconceptions is as we transition workloads to the cloud, we are transitioning responsibility to that cloud provider. And again, it's a misconception, right? It is a shared responsibility between the cloud provider in this case, AWS and the user. So as we transition these workloads across varying different services, infrastructure, platform, software as a service, we're always, always transitioning varying degrees of responsibility. But we always own our data and it is our responsibility to protect and secure that data, for the actual infrastructure components, the hardware that is on the onus of the cloud provider, so I'd say that's the major difference. >> Is ransomware as big a threat in the cloud as it is on-prem? >> Absolutely. There's no difference between a ransomware attack on-premises or in the cloud. Irrespective of where you are choosing to run your workloads, you need to have that comprehensive cybersecurity strategy in order to defend against that and ultimately recover as well if there's a successful attempt. >> Yeah, it's, ooh, okay. Let's get us out at the dark shadows real quick (laughs) and bring us back to a little bit of the business use case here. A lot of people using AWS. What do you think are some of the considerations, they should have when they're thinking about this, thinking about growing their (indistinct)? >> Well, if we're going to stick down the dark shadows, the cybersecurity piece. >> We can be the darkness. >> You and me kind of dark shadows business. >> Yeah, yeah. >> We can go rainbows and unicorns, nice and happy if you like. I think there's a number of considerations they need to keep up. Security is, is, is number one. The next piece is around the recovery as well. I think folks, when they, when we talk about backup and recovery, the focus is always on the backup piece of it. But again, we need to focus on why we're doing the backup. It's the recovery, it's the recovery component. So making sure that we have a clean verifiable backup that we're able to restore data from. Can we do that in a, in efficient and timely manner? And I think the other major consideration is looking at the entirety of our environments as well. Very few companies are a hundred percent sole sourced on a single cloud provider. It is typically hybrid cloud. It's around 80% of organizations are hybrid, right? So they have their on-premises data and they also have workloads running in one or multiple clouds. And when it comes to backup and recovery of all of these different infrastructures and environments, the way that we approach it is very different. And that often leads to multiple different point products from multiple different vendors. The average company utilizes three different backup products, sometimes as many as seven and that can introduce a management nightmare that's very complex, very resource intensive, expensive. So looking at the entirety of the environment and looking to utilize a backup provider that can cover the entirety of that environment while centralizing everything under a single management console helps folks be a lot more efficient, a lot more cost effective and ultimately better when it comes to data protection. >> Amazon and all cloud providers really are increasingly making regions transparent. Just at this conference, Amazon introduced failover controls from multiple multi-region access points. So you can, you can failover from one access from one region to another. What kind of challenges does that present to you as a backup provider? >> I don't think it represents any challenges. When we look at the native durability of the cloud, we look at availability zones, we look at multi-region failover. That is, that durability is ultimately founded on, on replication. And I wouldn't say that replication and backup, you would use one or the other. I would say that they are complimentary. So for replication, that is going to help with the failover scenario, that durability component. But then backup again is that independent copy. Because if we look at replication, if let's say the source data were to be compromised by ransomware or there was accidental deletion or corruption, that's simply going to be copied over to the target destination as well. Having that backup as an independent copy, again compliments that strategy as well. >> Paul: You need it in either, in any scenario. >> Samuel: In any scenario. >> I think the average person would probably say that backup is not the most exciting technology aspect of this industry. But, but you guys certainly made, build a great business on it. What excites you about what's coming in backup? What are the new technologies, new advancements that perhaps we haven't seen and productized yet that you think are going to change the game? >> I think actually what we offer right now is the most exciting piece which is just choice flexibility. So Veeam again is synonymous with VMware backup but we cover a multitude of environments including AWS, containerized workloads, Kubernetes physical systems and the mobility pieces is critical because as organizations look to act on their digital transformation, cloud first initiatives, they need to be able to mobilize their workloads across different infrastructures, maybe from on-premises into the cloud, one cloud to another, maybe it's cloud back to on-premises, 'cause we do also see that. That flexibility of choice is what excites me about Veeam because it's ultimately giving the users best in class data protection tool sets without any prescriptive approach from us in terms of where you should be running your workloads. That is the choice that you use. >> Yeah, Veeam is definitely more than VMware. We actually had a chance to chat with you all like KubeCon and CloudNativeCon in Detroit. So we, we've seen the multitude of things that you touch. I want to bring it back to something and something kind of fun because you talked a lot about the community and being able to serve them. It's very clear, actually I shouldn't say this, I shouldn't say it's very clear, but to me it appears clear that community is a big priority for Veeam. I just want to call this out 'cause this was one of the cooler pieces of swag. You all gave out a hundred massage guns. Okay, very hot topic. Hot Christmas gift for 2022. I feel like Vanna White right now. And, but I thought that I was actually really compelled by this because we do a swag segment on theCUBE but it's not just about the objects or getting stuff. It's really about who's looking out for their community and how are they saying thanks. I mean, swag is a brand activation but it's also a thank you and I loved that you were giving out massage guns to the AWS Heroes and Community Builders. >> Yep. >> What role does community play in the culture and the product development at Veeam? >> So community has always been at the heart of Veeam. If you have a look at pretty much every single development across all of our versions, across all of our products it's always did by the community, right? We have a wonderful Veeam forum where we got 400,000 plus users actively providing feedback on the product what they would like to see. And that is ultimately what steers the direction of the product. Of course market trends and technology chain. >> A couple other factors, I'm sure. >> A couple of other factors, but community is huge for us. And the same goes for AWS. So, you know, talking with the AWS Heroes, the Community Builders helps Veeam reach further into that, into that community and the AWS user base and empower those folks with data protection tools and massage guns, when your feet are tired from, you know, being standing on them all day in Vegas. >> (laughs) Yeah, well, I mean, everybody, everybody's working hard and it's nice to say, it's nice to say, thank you. So I love, I love to hear that and it's, it's clear from the breadth of products that you're creating, the ways that you're supporting your customers that you already, they care a lot about community. We have a new challenge on theCUBE this year at AWS re:Invent. Think of it as an Instagram reel of your thought leadership, your hot take on the show, key themes as we look into 2023. What do you think is the most important story or trend or thing going on here at the show? >> I think it's just the continuation of cybersecurity and the importance of backup as a comprehensive cybersecurity strategy. You know, some folks might say that secure backup is your last line of defense. Again, ransomware is relentless. These folks are going to keep coming and even if they're successful, it's not a one and done thing. It's going to happen again and again and again. So, you know, we have a look around the show floor, the presentations there is a huge cybersecurity focus and really just what folks should be doing as their best practice to secure their AWS environments. >> That's awesome. Well, Paul, any final, any final thoughts or questions? >> I just quickly, you've mentioned data security, you mentioned data protection and backup sort of interchangeably but they're not really the same thing, are they? I mean, what businesses do you see Veeam as being here? >> I would say that we are a data protection company because of, yes, there is backup, but there's also the replication component. There's the continuous data protection component where we've got, you know, near-zero RTOs and then we again look at the cybersecurity components of that. What can we do to really protect that data? So I would say that the two are different. Backup is a subset of data protection. >> Sam, thank you so much for being here with us on theCUBE. It's been a super insightful conversation. Hopefully we'll get you back soon and more of the teams, there seem to be celebrities here with us on theCUBE. Paul Gillan, thank you so much for being here with me. >> Pleasure Savannah. >> And I'm glad we get to celebrate our first re:Invent and most importantly, thank you to the audience for tuning in. Without you, we don't get to hang out here in fabulous Las Vegas, Nevada, where we're live from the show floor at AWS re:Invent. My name is Savannah Peterson with Paul Gillan. We're theCUBE and we are the leading source for high-tech coverage. (bright music)

(bright upbeat music) >> Greetings, brilliant community and thank you so much for tuning in to theCUBE here for the last three days where we've been live from Detroit, Michigan. I've had the pleasure of spending this week with Lisa Martin and John Furrier. Thank you both so much for hanging out, for inviting me into the CUBE family. It's our first show together, it's been wonderful. >> Thank you. >> You nailed it. >> Oh thanks, sweetheart. >> Great job. Great job team, well done. Free wall to wall coverage, it's what we do. We stay till everyone else-- >> Savannah: 100 percent. >> Everyone else leaves, till they pull the plug. >> Lisa: Till they turn the lights out. We're still there. >> Literally. >> Literally last night. >> Still broadcasting. >> Whatever takes to get the stories and get 'em out there at scale. >> Yeah. >> Great time. >> 33. 33 different segments too. Very impressive. John, I'm curious, you're a trend watcher and you've been at every single KubeCon. >> Yep. >> What are the trends this year? Give us the breakdown. >> I think CNCF does this, it's a hard job to balance all the stakeholders. So one, congratulations to the CNCF for another great KubeCon and CloudNativeCon. It is really hard to balance bringing in the experts who, as time goes by, seven years we've been all of, as you said, you get experts, you get seniority, and people who can be mentors, 60% new people. You have vendors who are sponsoring and there's always people complaining and bitching and moaning. They want this, they want that. It's always hard and they always do a good job of balancing it. We're lucky that we get to scale the stories with CUBE and that's been great. We had some great stories here, but it's a great community and again, they're inclusive. As I've said before, we've talked about it. This year though is an inflection point in my opinion, because you're seeing the developer ecosystem growing so fast. It's global. You're seeing events pop up, you're seeing derivative events. CNCF is at the center point and they have to maintain the culture of developer experts, maintainers, while balancing the newbies. And that's going to be >> Savannah: Mm-hmm. really hard. And they've done a great job. We had a great conversation with them. So great job. And I think it's going to continue. I think the attendance metric is a little bit of a false positive. There's a lot of online people who didn't come to Detroit this year. And I think maybe the combination of the venue, the city, or just Covid preferences may not look good on paper, on the numbers 'cause it's not a major step up in attendance. It's still bigger, but the community, I think, is going to continue to grow. I'm bullish on it. >> Yeah, I mean at least we did see double the number of people that we had in Los Angeles. Very curious. I think Amsterdam, where we'll be next with CNCF in the spring, in April. I think that's actually going to be a better pulse check. We'll be in Europe, we'll see what's going on. >> John: Totally. >> I mean, who doesn't like Amsterdam in the springtime? Lisa, what have been some of your observations? >> Oh, so many observations. The evolution of the conference, the hallway track conversations really shifting towards adjusting to the enterprise. The enterprise momentum that we saw here as well. We had on the show, Ford. >> Savannah: Yes. We had MassMutual, we had ING, that was today. Home Depot is here. We are seeing all these big companies that we know and love, become software companies right before our eyes. >> Yeah. Well, and I think we forget that software powers our entire world. And so of course they're going to have to be here. So much running on Kubernetes. It's on-prem, it's at the edge, it's everywhere. It's exciting. Woo, I'm excited. John, what do you think is the number one story? This is your question. I love asking you this question. What is the number one story out KubeCon? >> Well, I think the top story is a combination of two things. One is the evolution of Cloud Native. We're starting to see web assembly. That's a big hyped up area. It got a lot of attention. >> Savannah: Yeah. That's kind of teething out the future. >> Savannah: Rightfully so. The future of this kind of lightweight. You got the heavy duty VMs, you got Kubernetes and containers, and now this web assembly, shows a trajectory of apps, server-like environment. And then the big story is security. Software supply chain is, to me, was the number one consistent theme. At almost all the interviews, in the containers, and the workflows, >> Savannah: Very hot. software supply chain is real. The CD Foundation mentioned >> Savannah: Mm-hmm. >> they had 16,000 vulnerabilities identified in their code base. They were going to automate that. So again, >> Savannah: That was wild. >> That's the top story. The growth of open source exposes potential vulnerabilities with security. So software supply chain gets my vote. >> Did you hear anything that surprised you? You guys did this great preview of what you thought we were going to hear and see and feel and touch at KubeCon, CloudNativeCon 2022. You talked about, for example, the, you know, healthcare financial services being early adopters of this. Anything surprise either one of you in terms of what you predicted versus what we saw? Savannah, let's start with you. >> You know what really surprised me, and this is ironic, so I'm a community gal by trade. But I was really just impressed by the energy that everyone brought here and the desire to help. The thing about the open source community that always strikes me is, I mean 187 different countries participating. You've got, I believe it's something like 175,000 people contributing to the 140 projects plus that CNCF is working on. But that culture of collaboration extends far beyond just the CNCF projects. Everyone here is keen to help each other. We had the conversation just before about the teaching and the learnings that are going on here. They brought in Detroit's students to come and learn, which is just the most heartwarming story out of this entire thing. And I think it's just the authenticity of everyone in this community and their passion. Even though I know it's here, it still surprises me to see it in the flesh. Especially in a place like Detroit. >> It's nice. >> Yeah. >> It's so nice to see it. And you bring up a good point. It's very authentic. >> Savannah: It's super authentic. >> I mean, what surprised me is one, the Wasm, or web assembly. I didn't see that coming at the scale of the conversation. It sucked a lot of options out of the room in my opinion, still hyped up. But this looks like it's got a good trajectory. I like that. The other thing that surprised me that was a learning was my interview with Solo.io, Idit, and Brian Gracely, because he's a CUBE alumni and former host of theCUBE, and analyst at Wikibon, was how their go-to-market was an example of a modern company in Covid with a clean sheet of paper and smart people, they're just doing things different. They're in Slack with their customers. And I walked away with, "Wow that's like a playbook that's not, was never, in the go-to-market VC-backed company playbook." I thought that was, for me, a personal walk away saying that's important. I like how they did that. And there's a lot of companies I think could learn from that. Especially as the recession comes where partnering with customers has always been a top priority. And how they did that was very clever, very effective, very efficient. So I walked away with that saying, "I think that's going to be a standard." So that was a pleasant surprise. >> That was a great surprise. Also, that's a female-founded company, which is obviously not super common. And the growth that they've experienced, to your point, really being catalyzed by Covid, is incredibly impressive. I mean they have some massive brand name customers, Amex, BMW for example. >> Savannah: Yeah. >> Great point. >> And I interviewed her years ago and I remember saying to myself, "Wow, she's impressive." I liked her. She's a player. A player for sure. And she's got confidence. Even on the interview she said, "We're just better, we have better product." And I just like the point of view. Very customer-focused but confident. And I just took, that's again, a great company. And again, I'm not surprised that Brian Gracely left Red Hat to go work there. So yeah, great, great call there. And of course other things that weren't surprising that I predicted, Red Hat continued to invest. They continue to bring people on theCUBE, they support theCUBE but more importantly they have a good strategy. They're in that multicloud positioning. They're going to have an opportunity to get a bite at the apple. And I what I call the supercloud. As enterprises try to go and be mainstream, Cloud Native, they're going to need some help. And Red Hat is always has the large enterprise customers. >> Savannah: What surprised you, Lisa? >> Oh my gosh, so many things. I think some of the memorable conversations that we had. I love talking with some of the enterprises that we mentioned, ING Bank for example. You know, or institutions that have been around for 100 plus years. >> Savannah: Oh, yeah. To see not only how much they've innovated and stayed relevant to meet the demands of the consumer, which are only increasing, but they're doing so while fostering a culture of innovation and a culture that allows these technology leaders to really grow within the organization. That was a really refreshing conversation that I think we had. 'Cause you can kind of >> Savannah: Absolutely. think about these old stodgy companies. Nah, of course they're going to digitize. >> Thinking about working for the bank, I think it's boring. >> Right? >> Yeah. And they were talking about, in fact, those great t-shirts that they had on, >> Yeah, yeah, yeah, yeah. were all about getting more people to understand how fun it is to work in tech for ING Bank in different industries. You don't just have to work for the big tech companies to be doing really cool stuff in technology. >> What I really liked about this show is we had two female hosts. >> Savannah: Yeah. >> How about that? Come on. >> Hey, well done, well done on your recruitment there, champ. >> Yes, thank you boss. (John laughs) >> And not to mention we have a really all-star production team. I do just want to give them a little shout out. To all the wonderful folks behind the lines here. (people clapping) >> John: Brendan. Good job. >> Yeah. Without Brendan, Anderson, Noah, and Andrew, we would be-- >> Of course Frank Faye holding it back there too. >> Yeah, >> Of course, Frank. >> I mean, without the business development wheels on the ship we'd really be in an unfortunate spot. I almost just swore on television. We're not going to do that. >> It's okay. No one's regulating. >> Yeah. (all laugh) >> Elon Musk just took over Twitter. >> It was a close call. >> That's right! >> It's going to be a hellscape. >> Yeah, I mean it's, shit's on fire. So we'll just see what happens next. I do, I really want to talk about this because I think it's really special. It's an ethos and some magic has happened here. Let's talk about Detroit. Let's talk about what it means to be here. We saw so many, and I can't stress this enough, but I think it really matters. There was a commitment to celebrating place here. Lisa, did you notice this too? >> Absolutely. And it surprised me because we just don't see that at conferences. >> Yeah. We're so used to going to the same places. >> Right. >> Vegas. Vegas, Vegas. More Vegas. >> Your tone-- >> San Francisco >> (both laugh) sums up my feelings. Yes. >> Right? >> Yeah. And, well, it's almost robotic but, and the fact that we're like, oh Detroit, really? But there was so much love for this city and recognizing and supporting its residents that we just don't see at conferences. You uncovered a lot of that with your swag-savvy segments, >> Savannah: Yeah. >> And you got more of that to talk about today. >> Don't worry, it's coming. Yeah. (laughs) >> What about you? Have you enjoyed Detroit? I know you hadn't been here in a long time, when we did our intro session. >> I think it's a bold move for the CNCF to come here and celebrate. What they did, from teaching the kids in the city some tech, they had a session. I thought that was good. >> Savannah: Loved that. I think it was a risky move because a lot of people, like, weren't sure if they were going to fly to Detroit. So some say it might impact the attendance. I thought they did a good job. Their theme, Road Ahead. Nice tie in. >> Savannah: Yeah. And so I think I enjoyed Detroit. The weather was great. It didn't rain. Nice breeze outside. >> Yeah. >> The weather was great, the restaurants are phenomenal. So Detroit's a good city. I missed some hockey games. I'd love to see the Red Wings play. Missed that game. But we always come back. >> I think it's really special. I mean, every time I talked to a company about their swag, that had sourced it locally, there was a real reason for this story. I mean even with Kasten in that last segment when I noticed that they had done Carhartt beanies, Carhartt being a Michigan company. They said, "I'm so glad you noticed. That's why we did it." And I think that type of, the community commitment to place, it all comes back to community. One of the bigger themes of the show. But that passion and that support, we need more of that. >> Lisa: Yeah. >> And the thing about the guests we've had this past three days have been phenomenal. We had a diverse set of companies, individuals come on theCUBE, you know, from Scott Johnston at Docker. A really one on one. We had a great intense conversation. >> Savannah: Great way to kick it off. >> We shared a lot of inside baseball, about Docker, super important company. You know, impressed with companies like Platform9 it's been around since the OpenStack days who are now in a relevant position. Rafi Systems, hot startup, they don't have a lot of resources, a lot of guerilla marketing going on. So I love to see the mix of startups really contributing. The big players are here. So it's a real great mix of companies. And I thought the interviews were phenomenal, like you said, Ford. We had, Kubia launched on theCUBE. >> Savannah: Yes. >> That's-- >> We snooped the location for KubeCon North America. >> You did? >> Chicago, everyone. In case you missed it, Bianca was nice enough to share that with us. >> We had Sarbjeet Johal, CUBE analyst came on, Keith Townsend, yesterday with you guys. >> We had like analyst speed dating last night. (all laugh) >> How'd that go? (laughs) >> It was actually great. One of the things that they-- >> Did they hug and kiss at the end? >> Here's the funny thing is that they were debating the size of the CNC app. One thinks it's too big, one thinks it's too small. And I thought, is John Goldilocks? (John laughs) >> Savannah: Yeah. >> What is John going to think about that? >> Well I loved that segment. I thought, 'cause Keith and Sarbjeet argue with each other on Twitter all the time. And I heard Keith say before, he went, "Yeah let's have it out on theCUBE." So that was fun to watch. >> Thank you for creating this forum for us to have that kind of discourse. >> Lisa: Yes, thank you. >> Well, it wouldn't be possible without the sponsors. Want to thank the CNCF. >> Absolutely. >> And all the ecosystem partners and sponsors that make theCUBE possible. We love doing this. We love getting the stories. No story's too small for theCUBE. We'll go with it. Do whatever it takes. And if it wasn't for the sponsors, the community wouldn't get all the great knowledge. So, and thank you guys. >> Hey. Yeah, we're, we're happy to be here. Speaking of sponsors and vendors, should we talk a little swag? >> Yeah. >> What do you guys think? All right. Okay. So now this is becoming a tradition on theCUBE so I'm very delighted, the savvy swag segment. I do think it's interesting though. I mean, it's not, this isn't just me shouting out folks and showing off t-shirts and socks. It's about standing out from the noise. There's a lot of players in this space. We got a lot of CNCF projects and one of the ways to catch the attention of people walking the show floor is to have interesting swag. So we looked for the most unique swag on Wednesday and I hadn't found this yet, but I do just want to bring it up. Oops, I think I might have just dropped it. This is cute. Is, most random swag of the entire show goes to this toothbrush. I don't really have more in terms of the pitch there because this is just random. (Lisa laughs) >> But so, everyone needs that. >> John: So what's their tagline? >> And you forget these. >> Yeah, so the idea was to brush your cloud bills. So I think they're reducing the cost of-- >> Kind of a hygiene angle. >> Yeah, yeah. Very much a hygiene angle, which I found a little ironic in this crowd to be completely honest with you. >> John: Don't leave the lights on theCUBE. That's what they say. >> Yeah. >> I mean we are theCUBE so it would be unjust of me not to show you a Rubik's cube. This is actually one of those speed cubes. I'm not going to be able to solve this for you with one hand on camera, but apparently someone did it in 17 seconds at the booth. Knowing this audience, not surprising to me at all. Today we are, and yesterday, was the t-shirt contest. Best t-shirt contest. Today we really dove into the socks. So this is, I noticed this trend at KubeCon in Los Angeles last year. Lots of different socks, clouds obviously a theme for the cloud. I'm just going to lay these out. Lots of gamers in the house. Not surprising. Here on this one. >> John: Level up. >> Got to level up. I love these 'cause they say, "It's not a bug." And anyone who's coded has obviously had to deal with that. We've got, so Star Wars is a huge theme here. There's Lego sets. >> John: I think it's Star Trek. But. >> That's Star Trek? >> John: That's okay. >> Could be both. (Lisa laughs) >> John: Nevermind, I don't want to. >> You can flex your nerd and geek with us anytime you want, John. I don't mind getting corrected. I'm all about, I'm all about the truth. >> Star Trek. Star Wars. Okay, we're all the same. Okay, go ahead. >> Yeah, no, no, this is great. Slim.ai was nice enough to host us for dinner on Tuesday night. These are their lovely cloud socks. You can see Cloud Native, obviously Cloud Native Foundation, cloud socks, whole theme here. But if we're going to narrow it down to some champions, I love these little bee elephants from Raft. And when I went up to these guys, I actually probably would've called these my personal winner. They said, again, so community focused and humble here at CNCF, they said that Wiz was actually the champion according to the community. These unicorn socks are pretty excellent. And I have to say the branding is flawless. So we'll go ahead and give Wiz the win on the best sock contest. >> John: For the win. >> Yeah, Wiz for the win. However, the thing that I am probably going to use the most is this really dope Detroit snapback from Kasten. So I'm going to be rocking this from now on for the rest of the segment as well. And I feel great about this snapback. >> Looks great. Looks good on you. >> Yeah. >> Thanks John. (John laughs) >> So what are we expecting between now and KubeCon in Amsterdam? >> Well, I think it's going to be great to see how they, the European side, it's a chill show. It's great. Brings in the European audience from the global perspective. I always love the EU shows because one, it's a great destination. Amsterdam's going to be a great location. >> Savannah: I'm pumped. >> The American crowd loves going over there. All the event cities that they choose are always awesome. I missed Valencia cause I got Covid. I'm really bummed about that. But I love the European shows. It's just a little bit, it's high intensity, but it's the European chill. They got a little bit more of that siesta vibe going on. >> Yeah. >> And it's just awesome. >> Yeah, >> And I think that the mojo that carried throughout this week, it's really challenging to not only have a show that's five days, >> but to go through all week, >> Savannah: Seriously. >> to a Friday at 4:00 PM Eastern Time, and still have the people here, the energy and all the collaboration. >> Savannah: Yeah. >> The conversations that are still happening. I think we're going to see a lot more innovation come spring 2023. >> Savannah: Mm-hmm. >> Yeah. >> So should we do a bet, somebody's got to buy dinner? Who, well, I guess the folks who lose this will buy dinner for the other one. How many attendees do you think we'll see in Amsterdam? So we had 4,000, >> Oh, I'm going to lose this one. >> roughly in Los Angeles. Priyanka was nice enough to share with us, there was 8,000 here in Detroit. And I'm talking in person, we're not going to meddle this with the online. >> 6500. >> Lisa: I was going to say six, six K. >> I'm going 12,000. >> Ooh! >> I'm going to go ahead and go big I'm going to go opposite Price Is Right. >> One dollar. >> Yeah. (all laugh) That's exactly where I was driving with it. I'm going, I'm going absolutely all in. I think the momentum here is building. I think if we look at the numbers from-- >> John: You could go Family Feud >> Yeah, yeah, exactly. And they mentioned that they had 11,000 people who have taken their Kubernetes course in that first year. If that's a benchmark and an indicator, we've got the veteran players here. But I do think that, I personally think that the hype of Kubernetes has actually preceded adoption. If you look at the data and now we're finally tipping over. I think the last two years we were on the fringe and right now we're there. It's great. (voice blares loudly on loudspeaker) >> Well, on that note (all laugh) On that note, actually, on that note, as we are talking, so I got to give cred to my cohosts. We deal with a lot of background noise here on theCUBE. It is a live show floor. There's literally someone on an e-scooter behind me. There's been Pong going on in the background. The sound will haunt the three of us for the rest of our lives, as well as the production crew. (Lisa laughs) And, and just as we're sitting here doing this segment last night, they turned the lights off on us, today they're letting everyone know that the event is over. So on that note, I just want to say, Lisa, thank you so much. Such a warm welcome to the team. >> Thank you. >> John, what would we do without you? >> You did an amazing job. First CUBE, three days. It's a big show. You got staying power, I got to say. >> Lisa: Absolutely. >> Look at that. Not bad. >> You said it on camera now. >> Not bad. >> So you all are stuck with me. (all laugh) >> A plus. Great job to the team. Again, we do so much flow here. Brandon, Team, Andrew, Noah, Anderson, Frank. >> They're doing our hair, they're touching up makeup. They're helping me clean my teeth, staying hydrated. >> We look good because of you. >> And the guests. Thanks for coming on and spending time with us. And of course the sponsors, again, we can't do it without the sponsors. If you're watching this and you're a sponsor, support theCUBE, it helps people get what they need. And also we're do a lot more segments around community and a lot more educational stuff. >> Savannah: Yeah. So we're going to do a lot more in the EU and beyond. So thank you. >> Yeah, thank you. And thank you to everyone. Thank you to the community, thank you to theCUBE community and thank you for tuning in, making it possible for us to have somebody to talk to on the other side of the camera. My name is Savannah Peterson for the last time in Detroit, Michigan. Thanks for tuning into theCUBE. >> Okay, we're done. (bright upbeat music)

>>Hello everyone, and welcome back to the Cube's Live coverage of Cuban here in Motor City, Michigan. My name is Savannah Peterson and I'm delighted to be joined for this segment by my co-host Lisa Martin. Lisa, how you doing? Good. >>We are, we've had such great energy for three days, especially on a Friday. Yeah, that's challenging to do for a tech conference. Go all week, push through the end of day Friday. But we're here, We're excited. We have a great conversation coming up. Absolutely. A little of our alumni is back with us. Love it. We have a great conversation about learning. >>There's been a lot of learning this week, and I cannot wait to hear what these folks have to say. Please welcome Tom and Victoria from Cast by Beam. You guys are swag up very well. You've got the Fanny pack. You've got the vest. You even were nice enough to give me a Carhartt Beanie. Carhartt being a Michigan company, we've had so much love for Detroit and, and locally sourced swag here. I've never seen that before. How has the week been for you? >>The week has been amazing, as you can say by my voice probably. >>So the mic helps. Don't worry. You're good. >>Yeah, so, So we've been talking to tons and tons of people, obviously some vendors, partners of ours. That was great seeing all those people face to face again, because in the past years we haven't really been able to meet up with those people. But then of course, also a lot of end users and most importantly, we've met a lot of people that wanted to learn Kubernetes, that came here to learn Kubernetes, and we've been able to help them. So feel very satisfied about that. >>When we were at VMware explorer, Tom, you were on the program with us, just, I guess that was a couple of months ago. I'm listening track. So many events are coming up. >>Time is a loop. It's >>Okay. It really is. You, you teased some new things coming from a learning perspective. What is going on there? >>All right. So I'm happy that you link back to VMware explorer there because Yeah, I was so excited to talk about it, but I couldn't, and it was frustrating. I knew it was coming up. That was was gonna be awesome. So just before Cuban, we launched Cube Campus, which is the rebrand of learning dot cast io. And Victoria is the great mind behind all of this, but what the gist of it, and then I'll let Victoria talk a little bit. The gist of Cube Campus is this all started as a small webpage in our own domain to bring some hands on lab online and let people use them. But we saw so many people who were interested in those labs that we thought, okay, we have to make this its own community, and this should not be a branded community or a company branded community. >>This needs to be its own thing because people, they like to be in just a community environment without the brand from the company being there. So we made it completely independent. It's a Cube campus, it's still a hundred percent free and it's still the That's right. Only platform where you actually learn Kubernetes with hands on labs. We have 14 labs today. We've been creating one per month and we have a lot of people on there. The most exciting part this week is that we had our first learning day, but before we go there, I suggest we let Victoria talk a little bit about that user experience of Cube Campus. >>Oh, absolutely. So Cube Campus is, and Tom mentioned it's a one year old platform, and we rebranded it specifically to welcome more and, you know, embrace this Kubernetes space total as one year anniversary. We have over 11,000 students and they've been taking labs Wow. Over 7,000. Yes. Labs taken. And per each user, if you actually count approximation, it's over three labs, three point 29. And I believe we're growing as per user if you look at the numbers. So it's a huge success and it's very easy to use overall. If you look at this, it's a number one free Kubernetes learning platform. So for you user journey for your Kubernetes journey, if you start from scratch, don't be afraid. That's we, we got, we got it all. We got you back. >>It's so important and, and I'm sure most of our audience knows this, but the, the number one challenge according to Gartner, according to everyone with Kubernetes, is the complexity. Especially when you're getting harder. I think it's incredibly awesome that you've decided to do this. 11,000 students. I just wanna settle on that. I mean, in your first year is really impressive. How did this become, and I'm sure this was a conversation you two probably had. How did this become a priority for CAST and by Beam? >>I have to go back for that. To the last virtual only Cuban where we were lucky enough to have set up a campaign. It was actually, we had an artist that was doing caricatures in a Zoom room, and it gave us an opportunity to actually talk to people because the challenge back in the days was that everything virtual, it's very hard to talk to people. Every single conversation we had with people asking them, Why are you at cu com virtual was to learn Kubernetes every single conversation. Yeah. And so that was, that is one data point. The other data point is we had one lab to, to use our software, and that was extremely popular. So as a team, we decided we should make more labs and not just about our product, but also about Kubernetes. So that initial page that I talked about that we built, we had three labs at launch. >>One was to learn install Kubernetes. One was to build a first application on Kubernetes, and then a third one was to learn how to back up and restore your application. So there was still a little bit of promoting our technology in there, but pretty soon we decided, okay, this has to become even more. So we added storage, we added security and, and a lot more labs. So today, 14 labs, and we're still adding one every month. The next step for the labs is going to be to involve other partners and have them bring their technologies in the lab. So that's our user base can actually learn more about Kubernetes related technologies and then hopefully with links to open source tools or free software tools. And it's, it's gonna continue to be a, a learning experience for Kubernetes. I >>Love how this seems to be, have been born out of the pandemic in terms of the inability to, to connect with customers, end users, to really understand what their challenges are, how do we help you best? But you saw the demand organically and built this, and then in, in the first year, not only 11,000 as Victoria mentioned, 11,000 users, but you've almost quadrupled the number of labs that you have on the platform in such a short time period. But you did hands on lab here, which I know was a major success. Talk to us about that and what, what surprised you about Yeah, the appetite to learn that's >>Here. Yeah. So actually I'm glad that you relay this back to the pandemic because yes, it was all online because it was still the, the tail end of the pandemic, but then for this event we're like, okay, it's time to do this in person. This is the next step, right? So we organized our first learning day as a co-located event. We were hoping to get 60 people together in a room. We did two labs, a rookie and a pro. So we said two times 30 people. That's our goal because it's really, it's competitive here with the collocated events. It's difficult >>Bringing people lots going on. >>And why don't I, why don't I let Victoria talk about the success of that learning day, because it was big part also her help for that. >>You know, our main goal is to meet expectations and actually see the challenges of our end user. So we actually, it also goes back to what we started doing research. We saw the pain points and yes, it's absolutely reflecting, reflecting on how we deal with this and what we see. And people very appreciative and they love platform because it's not only prerequisites, but also hands on lab practice. So, and it's free again, it's applied, which is great. Yes. So we thought about the user experience, user flow, also based, you know, the product when it's successful and you see the result. And that's where we, can you say the numbers? So our expectation was 60 >>People. You're kinda, you I feel like a suspense is starting killing. How many people came? >>We had over 350 people in our room. Whoa. >>Wow. Wow. >>And small disclaimer, we had a little bit of a technical issue in the beginning because of the success. There was a wireless problem in the hotel amongst others. Oh geez. So we were getting a little bit nervous because we were delayed 20 minutes. Nobody left that, that's, I was standing at the door while people were solving the issues and I was like, Okay, now people are gonna walk out. Right. Nobody left. Kind >>Of gives me >>Ose bump wearing that. We had a little reception afterwards and I talked to people, sorry about the, the disruption that we had under like, no, we, we are so happy that you're doing this. This was such a great experience. Castin also threw party later this week at the party. We had people come up to us like, I was at your learning day and this was so good. Thank you so much for doing this. I'm gonna take the rest of the classes online now. They love it. Really? >>Yeah. We had our instructors leading the program as well, so if they had any questions, it was also address immediately. So it was a, it was amazing event actually. I'm really grateful for people to come actually unappreciated. >>But now your boss knows how you can blow out metrics though. >>Yeah, yeah, yeah, yeah. Gonna >>Raise Victoria. >>Very good point. It's a very >>Good point. I can >>Tell. It's, it's actually, it's very tough to, for me personally, to analyze where the success came from. Because first of all, the team did an amazing job at setting the whole thing up. There was food and drinks for everybody, and it was really a very nice location in a hotel nearby. We made it a colocated event and we saw a lot of people register through the Cuban registration website. But we've done colocated events before and you typically see a very high no-show rate. And this was not the case right now. The a lot of, I mean the, the no-show was actually very low. Obviously we did our own campaign to our own database. Right. But it's hard to say like, we have a lot of people all over the world and how many people are actually gonna be in Detroit. Yeah. One element that also helped, I'm actually very proud of that, One of the people on our team, Thomas Keenan, he reached out to the local universities. Yes. And he invited students to come to learning day as well. I don't think it was very full with students. It was a good chunk of them. So there was a lot of people from here, but it was a good mix. And that way, I mean, we're giving back a little bit to the universities versus students. >>Absolutely. Much. >>I need to, >>There's a lot of love for Detroit this week. I'm all about it. >>It's amazing. But, but from a STEM perspective, that's huge. We're reaching down into that community and really giving them the opportunity to >>Learn. Well, and what a gateway for Castin. I mean, I can easily say, I mean, you are the number, we haven't really talked about casting at all, but before we do, what are those pins in front of you? >>So this is a physical pain. These are physical pins that we gave away for different programs. So people who took labs, for example, rookie level, they would get this p it's a rookie. >>Yes. I'm gonna hold this up just so they can do a little close shot on if you want. Yeah. >>And this is PR for, it's a, it's a next level program. So we have a program actually for IS to beginners inter intermediate and then pro. So three, three different levels. And this one is for Helman. It's actually from previous. >>No, Helmsman is someone who has taken the first three labs, right? >>Yes, it is. But we actually had it already before. So this one is, yeah, this one is, So we built two new labs for this event and it was very, very great, you know, to, to have a ready absolutely new before this event. So we launched the whole website, the whole platform with new labs, additional labs, and >>Before an event, honestly. Yeah. >>Yeah. We also had such >>Your expression just said it all. Exactly. >>You're a vacation and your future. I >>Hope so. >>We've had a couple of rough freaks. Yeah. This is part of it. Yeah. So, but about those labs. So in the classroom we had two, right? We had the, the, the rookie and the pro. And like I said, we wanted an audience for both. Most people stayed for both. And there were people at the venue one hour before we started because they did not want to miss it. Right. And what that chose to me is that even though Cuban has been around for a long time, and people have been coming back to this, there is a huge audience that considers themselves still very early on in their Kubernetes journey and wants to take and, and is not too proud to go to a rookie class for Kubernetes. So for us, that was like, okay, we're doing the right thing because yeah, with the website as well, more rookie users will keep, keep coming. And the big goal for us is just to accelerate their Kubernetes journey. Right. There's a lot of platforms out there. One platform I like as well is called the tech world with nana, she has a lot of instructional for >>You. Oh, she's a wonderful YouTuber. >>She, she's, yeah, her following is amazing. But what we add to this is the hands on part. Right? And, and there's a lot of auto resources as well where you have like papers and books and everything. We try to add those as well, but we feel that you can only learn it by doing it. And that is what we offer. >>Absolutely. Totally. Something like >>Kubernetes, and it sounds like you're demystifying it. You talked about one of the biggest things that everyone talks about with respect to Kubernetes adoption and some of the barriers is the complexity. But it sounds to me like at the, we talked about the demand being there for the hands on labs, the the cube campus.io, but also the fact that people were waiting an hour early, they're recognizing it's okay to raise, go. I don't really understand this. Yeah. In fact, another thing that I heard speaking of, of the rookies is that about 60% of the attendees at this year's cube con are Yeah, we heard that >>Out new. >>Yeah. So maybe that's smell a lot of those rookies showed up saying, >>Well, so even >>These guys are gonna help us really demystify and start learning this at a pace that works for me as an individual. >>There's some crazy macro data to support this. Just to echo this. So 85% of enterprise companies are about to start making this transition in leveraging Kubernetes. That means there's only 15% of a very healthy, substantial market that has adopted the technology at scale. You are teaching that group of people. Let's talk about casting a little bit. Number one, Kubernetes backup, 900% growth recently. How, how are we managing that? What's next for you, you guys? >>Yeah, so growth last year was amazing. Yeah. This year we're seeing very good numbers as well. I think part of the explanation is because people are going into production, you cannot sell back up to a company that is not in production with their right. With their applications. Right? So what we are starting to see is people are finally going into production with their Kubernetes applications and are realizing we have to back this up. The other trend that we're seeing is, I think still in LA last year we were having a lot of stateless first estate full conversations. Remember containers were created for stateless applications. That's no longer the case. Absolutely. But now the acceptance is there. We're not having those. Oh. But we're stateless conversations because everybody runs at least a database with some user data or application data, whatever. So all Kubernetes applications need to be backed up. Absolutely. And we're the number one product for that. >>And you guys just had recently had a new release. Yes. Talk to us a little bit about that before we wrap. It's new in the platform and, and also what gives you, what gives cast. And by being that competitive advantage in this new release, >>The competitive advantage is really simple. Our solution was built for Kubernetes. With Kubernetes. There are other products. >>Talk about dog fooding. Yeah. Yeah. >>That's great. Exactly. Yeah. And you know what, one of our successes at the show is also because we're using Kubernetes to build our application. People love to come to our booth to talk to our engineers, who we always bring to the show because they, they have so much experience to share. That also helps us with ems, by the way, to, to, to build those labs, Right? You need to have the, the experience. So the big competitive advantage is really that we're Kubernetes native. And then to talk about 5.5, I was going like, what was the other part of the question? So yeah, we had 5.5 launched also during the show. So it was really a busy week. The big focus for five five was simplicity. To make it even easier to use our product. We really want people to, to find it easy. We, we were using, we were using new helm charts and, and, and things like that. The second part of the launch was to do even more partner integrations. Because if you look at the space, this cloud native space, it's, you can also attest to that with, with Cube campus, when you build an application, you need so many different tools, right? And we are trying to integrate with all of those tools in the most easy and most efficient way so that it becomes easy for our customers to use our technology in their Kubernetes stack. >>I love it. Tom Victoria, one final question for you before we wrap up. You mentioned that you have a fantastic team. I can tell just from the energy you two have. That's probably the truth. You also mentioned that you bring the party everywhere you go. Where are we all going after this? Where's the party tonight? Yeah. >>Well, let's first go to a ballgame tonight. >>The party's on the court. I love it. Go Pistons. >>And, and then we'll end up somewhere downtown in a, in a good club, I guess. >>Yeah. Yeah. Well, we'll see how the show down with the hawks goes. I hope you guys make it to the game. Tom Victoria, thank you so much for being here. We're excited about what you're doing. Lisa, always a joy sharing the stage with you. My love. And to all of you who are watching, thank you so much for tuning into the cube. We are wrapping up here with one segment left in Detroit, Michigan. My name's Savannah Peterson. Thanks for being here.

>>Good afternoon everyone, and welcome back to the Cube. I am Savannah Peterson here, coming to you from Detroit, Michigan. We're at Cuban Day three. Such a series of exciting interviews. We've done over 30, but this conversation is gonna be extra special, don't you think, John? >>Yeah, this is gonna be a good one. Griffon Labs is here with us. We're getting the conversation of what's going on in the industry management, watching the Kubernetes clusters. This is large scale conversations this week. It's gonna be a good one. >>Yeah. Yeah. I'm very excited. He's also got a fantastic Twitter handle, twitchy. H Please welcome Richie Hartman, who is the director of community here at Griffon. Richie, thank you so much for joining us. Thanks >>For having me. >>How's the show been for you? >>Busy. I, I mean, I, I, >>In >>A word, I have a ton of talks at at like maintain a thing and like the covering board searches at the TLC panel. I run forme day. So it's, it's been busy. It, yeah. Monday, I didn't have to run anything. That was quite nice. But there >>You, you have your hands in a lot. I'm not even gonna cover it. Looking at your bio, there's, there's so many different things that you're working on. I know that Grafana specifically had some announcements this week. Yeah, >>Yeah, yeah. We had quite a few, like the, the two largest ones is a, we now have a field Kubernetes integration on Grafana Cloud. So our, our approach is generally extremely open source first. So we try to push stuff into the exporters, like into the open source exporters, into mixes into things which are out there as open source for anyone to use. But that's little bit like a tool set, not a ready made solution. So when we talk integrations, we actually talk about things where you get this like one click experience, You log into your Grafana cloud, you click, I have a Kubernetes, which probably most of us have, and things just work like you in just the data. You have to write dashboards, you have to write alerts, you have to write everything to just get started with extremely opinionated dashboards, SLOs, alerts, again, all those things made by experts, so anyone can use them. And you don't have to reinvent the view for every single user. So that's the one. The other is, >>It's a big deal. >>Oh yeah, it is. Yeah. It is. It, we, we has, its heavily in integrations course. While, I mean, I don't have to convince anyone that perme is a DD factor standard in everything. Cloudnative. But again, it's, it's, it's sometimes a little bit hard to handle or a little bit not easy to get into. So, so smoothing this, this, this path onto onboarding yourself onto this stack and onto those types of solutions. Yes. Is what a lot of people need. Course, if you, if you look at the statistics from coupon, and we just heard this in the governing board session yesterday. Yeah. Like 60% of the people here are first time attendees. So there's a lot of people who just come into this thing and who need, like, this is your path. This is where you should be going. Or at least if you want to go, go there. This is how to get there. >>Here's your runway for takeoff. Yes. Yeah. I think that's a really good point. And I love that you, you had those numbers. I was curious. I, I had seen on Twitter, speaking of Twitter, I had seen, I had seen that, that there were a lot of people here coming for the first time. You're a community guy. Are we at an inflection point where this community is about to continue to scale? >>That's a very good question. Which I can't really answer. So I mean, >>Obviously I bet you're gonna try. >>I covid changed a few things. Yeah. Probably most people, >>A couple things. I mean, you know, casually, it's like such a gentle way of putting that, that was >>Beautiful. I'm gonna say yes, just to explode. All these new ERs are gonna learn Prometheus. They're gonna roll in with a open, open metrics, open telemetry. I love it, >>You know, But, but at the same time, like Cuban is, is ramping back up. But if you look at the, if you look at the registration numbers between Valencia Andro, it was more or less the same. Interesting. Which, so it didn't go onto this, onto this flu trajectory, which it was on like, up to, up to 2019. I expect this to take up again. But also with the economic situation, everything, I, I don't think >>It's, I think the jury's still out on hybrid. I think there's a lot, lot more hybrid. Let's see how the projects are gonna go. That's what I think it's gonna be the tell sign. How many people are in participating? How are the project's advancing? Some of the momentum, >>I mean, from the project level, Most of this is online anyway. Of course. That's how open source, right. I've been working for >>Ages. That's >>Cause you don't have any trouble budget or, or any office or, It's >>Always been that way. >>Yeah, precisely. So the projects are arguably spearheading this, this development and the, the online numbers. I I, I have some numbers in my head, but I'm, I'm not a hundred percent certain to, but they're higher for this time in Detroit than in volunteer as far somewhere. Cool. So that is growing and it's grown in parallel, which also is great. Cause it's much more accessible, much more inclusive. You don't have to have a budget of at least, let's say, I don't know, two to five k to, to fly over the pond and, and attend this thing. You can just do it from your home. So that is, that's a lot more inclusive. And I expect this to, to basically be a second more or less orthogonal growth, growth path. But the best thing about coupon is the hallway track. I'm just meeting people, talking to people and that kind of thing is not really possible with, >>It's, it's great to see people >>In person. No, and it makes such a difference. I mean, yeah. Even and interviewing people in person too. I mean, it does a, it's, it's, and, and this, this whole, I mean cncf, this whole community, every company here is community first. It's how these projects come to be. I think it's awesome. I feel like you got something you're saying to say, Johnny. >>Yeah. And I love some of the advancements. Rich Richie, we talked last time about, you know, open telemetry, open metrics. You're involved in dashboards. Yeah. One of the themes here is ease of use, simplicity, developer productivity. Where do you see the ease of use going from a project standpoint? For me, as you mentions everywhere, it's pretty much, it is, it's almost all corners of the world. Yep. And new people coming in. How, how are you making it easier? What's going on? Give us the update on that. >>So we also, funnily enough at precisely this topic in the TC panel just a few hours ago, about ease of use and about how to, how to make things easier to, to handle how developers currently, like if they just want to get into the cloud native seen, they have like, like we, we did some neck and math, like maybe 10 tools at least, which you have to be somewhat proficient in to just get started, which is honestly horrendous. Yeah. Course. Like with a server, I just had my survey install my thing and it runs, maybe I need a database, but that's roughly it. And this needs to change again. Like it's, it's nice that everything is, is un unraveled. And you have, you, you, you, you don't have those service boundaries which you had before. You can do all the horizontal scaling, you can do all the automatic scaling, all those things that they're super nice. But at the same time, this complexity, which used to be nicely compartmentalized, was deliberately broken up. And so it's becoming a lot harder to, to, like, we, we need to find new ways to compartmentalize this complexity back to, to human understandable levels again, in particular, as we keep onboarding new and new and new, new people, of course it's just not good use of anyone's time to, to just like learn the basics again and again and again. This is something which should be just compartmentalized and automated away. We're >>The three, We were talking to Matt Klein earlier and he was talking about as projects become mature and all over the place and have reach and and usage, you gotta work on the boring stuff. Yes. And when it's boring, that means you have success. Yes. But then you gotta work on the plumbing. What are some of the things that you guys are working on? Because people are relying on the product. >>Oh yeah. So for with my premises head on, the highlight feature is exponential or native or spars. Histograms. There's like three different names for one single concept. If you know Prometheus, you ha you currently have hard bucket boundaries where I say my latency is lower equal two seconds, one second, a hundred milliseconds, what have you. And I can put stuff into those histogram buckets accordingly to those predefined levels, which is extremely efficient, but like on the, on the code level. But it's not very nice for the humans course you need to understand your system before you're able to, to, to choose good cutoff points. And if you, if you, if you add new ones, that's completely fine. But if you want to actually change them, course you, you figured out that you made a fundamental mistake, you're going to have a break in the continue continuity of your observability data. And you cannot undo this in, into the past. So this is just gone native histograms. On the other hand, allow me to, to, okay, I'm not going to get get into the math, but basically you define a single formula, which there comes a good default. If you have good reasons, then you can change it. But if you don't, just don't talk, >>The people are in the math, Hit him up on Twitter. Twitter, h you'll get you that math. >>So the, >>The thing is people want the math, believe me. >>Oh >>Yeah. I mean we don't have time, but hit him up. Yeah. >>There's ProCon in two weeks in Munich and there will be whole talk about like the, the dirty details of all of the stuff. But the, the high level answer is it just does what people would expect it to do. And with very little overhead, you become, you get highly, highly or high resolution histograms, which is really important for a lot of use cases. But this is not just Prometheus with my open metrics head on the 2.0 feature, like the breaking highlight feature of Open Metrics 2.0 will be you guested precisely the same with my open telemetry head on. Low and behold the same underlying technology is being put or has been put into open telemetry. And we've worked for month and month and month and even longer between all different projects to, to assert that we have one single standard which is actually compatible with each other course. One of the worst things which you can have in the cloud ecosystem is if you have soly different things and they break in subtly wrong ways, like it's much better to just not work than to break in a way, which is just a little bit wrong. Of course you won't figure this out until it's too late. So we spent, like with all three hats, we spent insane amounts of time on making this happen and, and making this nice. >>Savannah, one of the things we have so much going on at Cube Con. I mean just you're unpacking like probably another day of cube. We can't go four days, but open time. >>I know, I know. I'm the same >>Open telemetry >>Challenge acceptance open. >>Sorry, we're gonna stay here. All the, They >>Shut the lights off on us last night. >>They literally gonna pull the plug on us. Yeah, yeah, yeah, yeah. They've done that before. It's not the first time we go until they kick us out. We love, love doing this. But Open telemetry is got a lot of news too. So that's, We haven't really talked much about that. >>We haven't at >>All. So there's a lot of stuff going on that, I won't call it boring. That's like code word's. That's cube talk for, for it's working. Yeah. So it's not bad, but there's a lot of stuff going on. Like open telemetry, open metrics, This is the stuff that matters cuz when you go in large scale, that's key. It's just what, missing all the, all the stuff. >>No, >>What are we missing? What are people missing? What's going on in the show that you think that's not actually being reported on? I mean it's a lot of high web assembly for instance got a lot >>Of high. Oh yeah, I was gonna say, I'm glad you're asking this because you, you've already mentioned about seven different hats that you wear. I can only imagine how many hats are actually in your hat cabinet. But you, you are someone with your, with your fingers in a lot of different things. So you can kind of give us a state of the union. Yeah. So go ahead. Let's talk about >>It. So I think you already hit a few good points. Ease of use is definitely one of them. And, and improving the developer experience and not having this like a value of pain. Yeah. That is one of the really big ones. It's going to be interesting cause it is boring. It is janitorial and it needs a different type of persona. A lot of, or maybe not most, but a large fraction of developers like the shiny stuff. And we could see this in Prometheus where like initially the people who contributed this the most where like those restless people who need to fix that one thing, this is impossible, are going to do it. Which changed over the years where the people who now contribute the most are off the janitorial. Like keep things boring, keep things running, still have substantial changes. But but not like more on the maintenance level. >>Yeah. The maintainers. I was just gonna bring that >>Up. Yeah. On the, on the keep things boring while still pushing 'em forward. Yeah. And the thing about ease of use is a lot of this is boring. A lot of this is strategy. A lot of this is toil. A lot of this takes lots of research also in areas where developers are not really good at, like UX for example, and ui like most software developers are really bad at those cause they just think differently from normal humans, I guess. >>So that's an interesting observation that you just made. I we could unpack that on a whole nother show as well. >>So the, the thing is this is going to be interesting for the open source scene course. This needs deliberate investment by companies who assign people to those projects and say, okay, fix that one thing or make it easier to use what have you. That is a lot easier with, with first party products and projects from companies cuz they can invest directly into the thing and they see much more of a value prop. It's, it's kind of normal by now to, to allow developers or even assigned developers onto open source projects. That's not so much the case for the tpms, for the architects, for the UX and your I people like for the documentation people that there's not as much awareness of that this is also driving value for everyone. Yes. And also there's not much as much. >>Yeah, that's a great point. This whole workflow production system of open source, which has grown and keeps growing and we'll keep growing. These be funded. And one of the things we were talking earlier in another session about is about the recession potentially we're hitting and the global issues, macroeconomics that might force some of these projects or companies not to get VC >>Funding. It's such a theme at the show. So, >>So to me, I said it's just not about VC funding. There's other funding mechanisms that's community oriented. There's companies participating, there's other meccas. Richie, if you could have your wishlist of how things could progress an open source, what would you want to see happen in terms of how it's, how things are funded, how things are executed. Cuz developers are going to run businesses. Cuz ultimately if you follow digital transformation to completion, it and developers aren't a department serving the business. They are the business. And that's coming fast. You know, what has to happen in your opinion, if you had the wish magic wand, what would you, what would you snap your fingers to make happen? >>If I had a magic wand that's very different from, from what is achievable. But let, let's >>Go with, Okay, go with the magic wand first. Cause we'll, we'll, we'll we'll riff on that. So >>I'm here for dreams. Yeah, yeah, >>Yeah. I mean I, I've been in open source for more than two, two decades, but now, and most of the open source is being driven forward by people who are not being paid for those. So for example, Gana is the first time I'm actually paid by a company to do my com community work. It's always been on the side. Of course I believe in it and I like doing it. I'm also not bad at it. And so I just kept doing it. But it was like at night on the weekends and everything. And to be honest, it's still at night and in the weekends, but the majority of it is during paid company time, which is awesome. Yeah. Most of the people who have driven this space forward are not in this position. They're doing it at night, they're doing it on the weekends. They're doing it out of dedication to a cause. Yeah. >>The commitment is insane. >>Yeah. At the same time you have companies mostly hyperscalers and either they have really big cloud offerings or they have really big advertisement business or both. And they're extracting a huge amount of value, which has been created in large part elsewhere. Like yes, they employ a ton of developers, but a lot of the technologies they built on and the shoulders of the giants they stand upon it are really poorly paid. And there are some efforts to like, I think the core foundation like which redistribute a little bit of money and such. But if I had my magic wand, everyone who is an open source and actually drives things forwards, get, I don't know, 20% of the value which they create just magically somehow. Yeah. >>Or, or other companies don't extract as much value and, and redistribute more like put more full-time engineers onto projects or whichever, like that would be the ideal state where the people who actually make the thing out of dedication are not more or less left on the sideline. Of course they're too dedicated to just say, Okay, I'm, I'm not doing this anymore. You figure this stuff out and let things tremble and falter. So I mean, it's like with nurses and such who, who just like, they, they know they have something which is important and they keep doing it. Of course they believe in it. >>I think this, I think this is an opportunity to start messaging this narrative because yeah, absolutely. Now we're at an inflection point where there's a big community, there is a shared responsibility in my opinion, to not spread the wealth, but make sure that it's equally balanced and, and the, and I think there's a way to do that. I don't know how yet, but I see that more than ever, it's not just come in, raid the kingdom, steal all the jewels, monetize it, and throw some token token money around. >>Well, in the burnout. Yeah, I mean I, the other thing that I'm thinking about too is it's, you know, it's, it's the, it's the financial aspect of this. It's the cognitive load. And I'm curious actually, when I ask you this question, how do you avoid burnout? You do a million different things and we're, you know, I'm sure the open source community that passion the >>Coach. Yeah. So it's just write code, >>It's, oh, my, my, my software engineering days are firmly over. I'm, I'm, I'm like, I'm the cat herer and the janitor and like this type of thing. I, I don't really write code anymore. >>It's how do you avoid burnout? >>So a i I didn't curse ahead burnout a few years ago. I was not nice, but that was still when I had like a full day job and that day job was super intense and on top I did all the things. Part of being honest, a lot of the people who do this are really dedicated and are really bad at setting boundaries between work >>And process. That's why I bring it up. Yeah. Literally why I bring it up. Yeah. >>I I I'm firmly in that area and I'm, I'm, I don't claim I have this fully figured out yet. It's also even more risky to some extent per like, it's, it's good if you're paid for this and you can do it during your work time. But on the other hand, if it's so nice and like if your hobby and your job are almost completely intersectional, it >>Becomes really, the lines are blurry. >>Yeah. And then yeah, like have work from home. You, you don't even commute anything or anymore. You just sit down at your computer and you just have fun doing your stuff and all of a sudden it's deep at night and you're still like, I want to keep going. >>Sounds like God, something cute. I >>Know. I was gonna say, I was like, passion is something we all have in common here on this. >>That's the key. That is the key point There is a, the, the passion project becomes the job. But now the contribution is interesting because now yeah, this ecosystem is, is has a commercial aspect. Again, this is the, this is the balance between commercialization and keeping that organic production system that's called open source. I mean, it's so fascinating and this is amazing. I want to continue that conversation. It's >>Awesome. Yeah. Yeah. This is, this is great. Richard, this entire conversation has been excellent. Thank you so much for joining us. How can people find you? I mean, I give em your Twitter handle, but if they wanna find out more about Grafana Prometheus and the 1700 things you do >>For grafana grafana.com, for Prometheus, promeus.io for my own stuff, GitHub slash richie age slash talks. Of course I track all my talks in there and like, I don't, I currently don't have a personal website cause I stop bothering, but my, like that repository is, is very, you find what I do over, like for example, the recording link will be uploaded to this GitHub. >>Yeah. Great. Follow. You also run a lot of events and a lot of community activity. Congratulations for you. Also, I talked about this last time, the largest IRC network on earth. You ran, built a data center from scratch. What happened? You done >>That? >>Haven't done a, he even built a cloud hyperscale compete with Amazon. That's the next one. Why don't you put that on the >>Plate? We'll be sure to feature whatever Richie does next year on the cube. >>I'm game. Yeah. >>Fantastic. On that note, Richie, again, thank you so much for being here, John, always a pleasure. Thank you. And thank you for tuning in to us here live from Detroit, Michigan on the cube. My name is Savannah Peterson and here's to hoping that you find balance in your life this weekend.

>>Good afternoon, brilliant humans, and welcome back to the Cube. We're live in Detroit, Michigan at Cub Con, and I'm joined by John Furrier. John three exciting days buzzing. How you doing? >>That's great. I mean, we're coming down to the third day. We're keeping the energy going, but this segment's gonna be awesome. The CD foundation's doing amazing work. Developers are gonna be running businesses and workflows are changing. Productivity's the top conversation, and you're gonna start to see a coalescing of the communities who are continuous delivery, and it's gonna be awesome. >>And, and our next guess is an outstanding person to talk about this. We are joined by Stephen Chin, the chair of the CD Foundation. Steven, thanks so much for being here. >>No, no, my pleasure. I mean, this has been an amazing week quote that CubeCon with all of the announcements, all of the people who came out here to Detroit and, you know, fantastic. Like just walking around, you bump into all the right people here. Plus we held a CD summit zero day events, and had a lot of really exciting announcements this week. >>Gotta love the shirt. I gotta say, it's one of my favorites. Love the logos. Love the love the branding. That project got traction. What's the news in the CD foundation? I tried to sneak in the back. I got a little laid into your co-located event. It was packed. Everyone's engaged. It was really looked, look really cool. Give us the update. >>What's the news? Yeah, I know. So we, we had a really, really powerful event. All the key practitioners, the open source leads and folks were there. And one of, one of the things which I think we've done a really good job in the past six months with the CD foundation is getting back to the roots and focusing on technical innovation, right? This is what drives foundations, having strong projects, having people who are building innovation, and also bringing in a new innovation. So one of the projects which we added to the CD foundation this week is called Persia. So it's a, it's a decentralized package repository for getting open source libraries. And it solves a lot of the problems which you get when you have centralized infrastructure. You don't have the right security certificates, you don't have the right verification libraries. And these, these are all things which large companies provision and build out inside of their infrastructure. But the open source communities don't have the benefit of the same sort of really, really strong architecture. A lot of, a lot of the systems we depend upon. It's >>A good point, yeah. >>Yeah. I mean, if you think about the systems that developers depend upon, we depend upon, you know, npm, ruby Gems, Mayn Central, and these systems been around for a while. Like they serve the community well, right? They're, they're well supported by the companies and it's, it's, it's really a great contribution that they give us. But every time there's an outage or there's a security issue, guess, guess how many security issues that our, our research team found at npm? Just ballpark. >>74. >>So there're >>It's gotta be thousands. I mean, it's gotta be a lot of tons >>Of Yeah, >>They, they're currently up to 60,000 >>Whoa. >>Vulnerable, malicious packages in NPM and >>Oh my gosh. So that's a super, that's a jar number even. I know it was gonna be huge, but Holy mo. >>Yeah. So that's a software supply chain in actually right there. So that's, that's open source. Everything's out there. What's, how do, how does, how do you guys fix that? >>Yeah, so per peria kind of shifts the whole model. So when, when you think about a system that can be sustained, it has to be something which, which is not just one company. It has to be a, a, a set of companies, be vendor neutral and be decentralized. So that's why we donated it to the Continuous Delivery Foundation. So that can be that governance body, which, which makes sure it's not a single company, it is to use modern technologies. So you, you, you just need something which is immutable, so it can't be changed. So you can rely on it. It has to have a strong transaction ledger so you can see all of the history of it. You can build up your software, build materials off of it, and it, it has to have a strong peer-to-peer architecture, so it can be sustained long term. >>Steven, you mentioned something I want to just get back to. You mentioned outages and disruption. I, you didn't, you didn't say just the outages, but this whole disruption angle is interesting if something happens. Talk about the impact of the developer. They stalled, inefficiencies create basically disruption. >>No, I mean, if, if, so, so if you think about most DevOps teams in big companies, they support hundreds or thousands of teams and an hour of outage. All those developers, they, they can't program, they can't work. And that's, that's a huge loss of productivity for the company. Now, if you, if you take that up a level when MPM goes down for an hour, how many millions of man hours are wasted by not being able to get your builds working by not being able to get your codes to compile. Like it's, it's >>Like, yeah, I mean, it's almost hard to fathom. I mean, everyone's, It's stopped. Exactly. It's literally like having the plug pulled >>Exactly on whenever you're working on, That's, that's the fundamental problem we're trying to solve. Is it, it needs to be on a, like a well supported, well architected peer to peer network with some strong backing from big companies. So the company is working on Persia, include J Frog, which who I work for, Docker, Oracle. We have Deploy hub, Huawei, a whole bunch of other folks who are also helping out. And when you look at all of those folks, they all have different interests, but it's designed in a way where no single party has control over the network. So really it's, it's a system system. You, you're not relying upon one company or one logo. You're relying upon a well-architected open source implementation that everyone can rely >>On. That's shared software, but it's kind of a fault tolerant feature too. It's like, okay, if something happens here, you have a distributed piece of it, decentralized, you're not gonna go down. You can remediate. All right, so where's this go next? I mean, cuz we've been talking about the role of developer. This needs to be a modern, I won't say modern upgrade, but like a modern workflow or value chain. What's your vision? How do you see that? Cuz you're the center of the CD foundation coming together. People are gonna be coalescing multiple groups. Yeah. >>What's the, No, I think this is a good point. So there, there's a, a lot of different continuous delivery, continuous integration technologies. We're actually, from a Linux Foundation standpoint, we're coalescing all the continued delivery events into one big conference >>Next. You just made an announcement about this earlier this week. Tell us about CD events. What's going on, what's in, what's in the cooker? >>Yeah, and I think one of the big announcements we had was the 0.1 release of CD events. And CD events allows you to take all these systems and connect them in an event scalable, event oriented architecture. The first integration is between Tecton and Capin. So now you can get CD events flowing cleanly between your, your continuous delivery and your observability. And this extends through your entire DevOps pipeline. We all, we all need a standards based framework Yep. For how we get all the disparate continuous integration, continuous delivery, observability systems to, to work together. That's also high performance. It scales with our needs and it, it kind of gives you a future architecture to build on top of. So a lot of the companies I was talking with at the CD summit Yeah. They were very excited about not only using this with the projects we announced, but using this internally as an architecture to build their own DevOps pipelines on. >>I bet that feels good to hear. >>Yeah, absolutely. Yeah. >>Yeah. You mentioned Teton, they just graduated. I saw how many projects have graduated? >>So we have two graduated projects right now. We have Jenkins, which is the first graduated project. Now Tecton is also graduated. And I think this shows that for Tecton it was, it was time, the very mature project, great support, getting a lot of users and having them join the set of graduated projects. And the continuous delivery foundation is a really strong portfolio. And we have a bunch of other projects which also are on their way towards graduation. >>Feels like a moment of social proof I bet. >>For you all. Yeah, yeah. Yeah. No, it's really good. Yeah. >>How long has the CD Foundation been around? >>The CD foundation has been around for, i, I won't wanna say the exact number of years, a few years now. >>Okay. >>But I, I think that it, it was formed because what we wanted is we wanted a foundation which was purpose built. So CNCF is a great foundation. It has a very large umbrella of projects and it takes kind of that big umbrella approach where a lot of different efforts are joining it, a lot of things are happening and you can get good traction, but it produces its own bottlenecks in process. Having a foundation which is just about continuous delivery caters to more of a DevOps, professional DevOps audience. I think this, this gives a good platform for best practices. We're working on a new CDF best practices Yeah. Guide. We're working when use cases with all the member companies. And it, it gives that thought leadership platform for continuous delivery, which you need to be an expert in that area >>And the best practices too. And to identify the issues. Because at the end of the day, with the big thing that's coming out of this is velocity and more developers coming on board. I mean, this is the big thing. More people doing more. Yeah. Well yeah, I mean you take this open source continuous thunder away, you have more developers coming in, they be more productive and then people are gonna even either on the DevOps side or on the straight AP upside. And this is gonna be a huge issue. And the other thing that comes out that I wanna get your thoughts on is the supply chain issue you talked about is hot verifications and certifications of code is such big issue. Can you share your thoughts on that? Because Yeah, this is become, I won't say a business model for some companies, but it's also becoming critical for security that codes verified. >>Yeah. Okay. So I, I think one of, one of the things which we're specifically doing with the Peria project, which is unique, is rather than distributing, for example, libraries that you developed on your laptop and compiled there, or maybe they were built on, you know, a runner somewhere like Travis CI or GitHub actions, all the libraries being distributed on Persia are built by the authorized nodes in the network. And then they're, they're verified across all of the authorized nodes. So you nice, you have a, a gar, the basic guarantee we're giving you is when you download something from the Peria network, you'll get exactly the same binary as if you built it yourself from source. >>So there's a lot of trust >>And, and transparency. Yeah, exactly. And if you remember back to like kind of the seminal project, which kicked off this whole supply chain security like, like whirlwind it was SolarWinds. Yeah. Yeah. And the exact problem they hit was the build ran, it produced a result, they modified the code of the bill of the resulting binary and then they signed it. So if you built with the same source and then you went through that same process a second time, you would've gotten a different result, which was a malicious pre right. Yeah. And it's very hard to risk take, to take a binary file Yep. And determine if there's malicious code in it. Cuz it's not like source code. You can't inspect it, you can't do a code audit. It's totally different. So I think we're solving a key part of this with Persia, where you're freeing open source projects from the possibility of having their binaries, their packages, their end reduces, tampered with. And also upstream from this, you do want to have verification of prs, people doing code reviews, making sure that they're looking at the source code. And I think there's a lot of good efforts going on in the open source security foundation. So I'm also on the governing board of Open ssf >>To Do you sleep? You have three jobs you've said on camera? No, I can't even imagine. Yeah. Didn't >>You just spin that out from this open source security? Is that the new one they >>Spun out? Yeah, So the Open Source Security foundation is one of the new Linux Foundation projects. They, they have been around for a couple years, but they did a big reboot last year around this time. And I think what they really did a good job of now is bringing all the industry players to the table, having dialogue with government agencies, figuring out like, what do we need to do to support open source projects? Is it more investment in memory, safe languages? Do we need to have more investment in, in code audits or like security reviews of opensource projects. Lot of things. And all of those things require money investments. And that's what all the companies, including Jay Frogger doing to advance open source supply chain security. I >>Mean, it's, it's really kind of interesting to watch some different demographics of the developers and the vendors and the customers. On one hand, if you're a hardware person company, you have, you talk zero trust your software, your top trust, so your trusted code, and you got zero trust. It's interesting, depending on where you're coming from, they're all trying to achieve the same thing. It means zero trust. Makes sense. But then also I got code, I I want trust. Trust and verified. So security is in everything now. So code. So how do you see that traversing over? Is it just semantics or what's your view on that? >>The, the right way of looking at security is from the standpoint of the hacker, because they're always looking for >>Well said, very well said, New >>Loop, hope, new loopholes, new exploits. And they're, they're very, very smart people. And I think when you, when you look some >>Of the smartest >>Yeah, yeah, yeah. I, I, I work with, well former hackers now, security researchers, >>They converted, they're >>Recruited. But when you look at them, there's like two main classes of like, like types of exploits. So some, some attacker groups. What they're looking for is they're looking for pulse zero days, CVEs, like existing vulnerabilities that they can exploit to break into systems. But there's an increasing number of attackers who are now on the opposite end of the spectrum. And what they're doing is they're creating their own exploits. So, oh, they're for example, putting malicious code into open source projects. Little >>Trojan horse status. Yeah. >>They're they're getting their little Trojan horses in. Yeah. Or they're finding supply chain attacks by maybe uploading a malicious library to NPM or to pii. And by creating these attacks, especially ones that start at the top of the supply chain, you have such a large reach. >>I was just gonna say, it could be a whole, almost gives me chills as we're talking about it, the systemic, So this is this >>Gnarly nation state attackers, like people who wanted serious >>Damages. Engineered hack just said they're high, highly funded. Highly skilled. Exactly. Highly agile, highly focused. >>Yes. >>Teams, team. Not in the teams. >>Yeah. And so, so one, one example of this, which actually netted quite a lot of money for the, for the hacker who exposed it was, you guys probably heard about this, but it was a, an attack where they uploaded a malicious library to npm with the same exact namespace as a corporate library and clever, >>Creepy. >>It's called a dependency injection attack. And what happens is if you, if you don't have the right sort of security package management guidelines inside your company, and it's just looking for the latest version of merging multiple repositories as like a, like a single view. A lot of companies were accidentally picking up the latest version, which was out in npm uploaded by Alex Spearson was the one who did the, the attack. And he simultaneously reported bug bounties on like a dozen different companies and netted 130 k. Wow. So like these sort of attacks that they're real Yep. They're exploitable. And the, the hackers >>Complex >>Are finding these sort of attacks now in our supply chain are the ones who really are the most dangerous. That's the biggest threat to us. >>Yeah. And we have stacker ones out there. You got a bunch of other services, the white hat hackers get the bounties. That's really important. All right. What's next? What's your vision of this show as we end Coan? What's the most important story coming outta Coan in your opinion? And what are you guys doing next? >>Well, I, I actually think this is, this is probably not what most hooks would say is the most exciting story to con, but I find this personally the best is >>I can't wait for this now. >>So, on, on Sunday, the CNCF ran the first kids' day. >>Oh. >>And so they had a, a free kids workshop for, you know, underprivileged kids for >>About, That's >>Detroit area. It was, it was taught by some of the folks from the CNCF community. So Arro, Eric hen my, my older daughter, Cassandra's also an instructor. So she also was teaching a raspberry pie workshop. >>Amazing. And she's >>Here and Yeah, Yeah. She's also here at the show. And when you think about it, you know, there's always, there's, there's, you know, hundreds of announcements this week, A lot of exciting technologies, some of which we've talked about. Yeah. But it's, it's really what matters is the community. >>It this is a community first event >>And the people, and like, if we're giving back to the community and helping Detroit's kids to get better at technology, to get educated, I think that it's a worthwhile for all of us to be here. >>What a beautiful way to close it. That is such, I'm so glad you brought that up and brought that to our attention. I wasn't aware of that. Did you know that was >>Happening, John? No, I know about that. Yeah. No, that was, And that's next generation too. And what we need, we need to get down into the elementary schools. We gotta get to the kids. They're all doing robotics club anyway in high school. Computer science is now, now a >>Sport, in my opinion. Well, I think that if you're in a privileged community, though, I don't think that every school's doing robotics. And >>That's why Well, Cal Poly, Cal Poly and the universities are stepping up and I think CNCF leadership is amazing here. And we need more of it. I mean, I'm, I'm bullish on this. I love it. And I think that's a really great story. No, >>I, I am. Absolutely. And, and it just goes to show how committed CNF is to community, Putting community first and Detroit. There has been such a celebration of Detroit this whole week. Stephen, thank you so much for joining us on the show. Best Wishes with the CD Foundation. John, thanks for the banter as always. And thank you for tuning in to us here live on the cube in Detroit, Michigan. I'm Savannah Peterson and we are having the best day. I hope you are too.