>>Ly from San Diego, California at the cube covering to clock in cloud native con brought to you by red hat, the cloud native computing foundation and its ecosystem Marsh. >>Welcome back. This is the cube live coverage three days wall to wall coverage of CubeCon cloud native con in San Diego. I'm Stu Miniman. My cohost for these three days is John Troyer. And welcome to the program. First of all, from the keynote stage, Heather Kirksey, who is the vice president of community and ecosystem development with the Linux foundation for CNCF part of Linux foundation and from some of the technology behind the scenes joining her, Sandy Pennys are the SVP of strategic engagement at attorney. Thank you so much for joining us. Right. So Heather, this was a really cool demo with a lot of things going beyond the scene. Uh, if people actually go watch an interview we did yesterday, uh, with, uh, the people at red hat talk about, uh, it's a good thing. It was cloud native because there was a brownout cower was lost, had to rebuild the entire thing. Um, and everybody up on stage, you know, the next day, didn't know anything the wiser. So, uh, you know, really cool pot on stage. Uh, you know, talking about 5g global engagement, China mobile, uh, other banks. I like, um, I'm sorry, other mobile providers, uh, like from Canada and from Europe involved in this. Um, give us a little bit of the, the, the foundation view as to, you know, how something like this comes together and how you get participation from, you know, the technology providers, the telco providers. Uh, you know, it takes, it takes a village. >>First of all, you have to be slightly mad. Um, but I mean that's, that's really kind of the premise of open source, right? Is that people come together and they build things together. And so we done some demos in the past, um, where we looked at sort of, you know, the, the modernization of the central office. And so we had had some, you know, some tea, you know, some tapes of folks that had been building things. And then we, you know, we sent out a call basically to the community and said, yeah, we'd like to do another one. And what we're going to try to do is full five G full called native, if you're interested in joining, yo come on. And so it just ended up that basically 15 organizations said, yes, that sounds like something that we would like to prove out. And 80 volunteers across those organizations ended up working on it. >>My understanding was about four months, uh, to, to put all the pieces together, bring us, bring us through kinda, you know, how the stack gets built and. >>Yeah, well I mean, so amongst some of the issues where you have five G itself is fairly new. So we, we started with sort of the complexities of getting equipment, you know, and getting five G radio. You know, we had a partner in China who had a 5g handset that then wanted us to indemnify, you know, all of these things. Uh, to the extent that like we as a nonprofit didn't feel comfortable signing the agreement. So it was, you know, it started actually just, I mean, this was so cutting edge with in terms of the five G aspect that getting equipment was challenging. Um, yeah. And that's before you even get to sort of the challenges of building the stack. So, um, so, you know, it started kind of figuring out what pieces started building things, um, you know, found some yo gaps in Coobernetti's around supporting the, the, the sophistication of networking that we have to do. Um, so we figured out how to work around it for the demo, but what we want to do is start upstreaming some, um, some changes into, into some of the projects there. >>All right, so San Deepa, your company's one of the providers inside here. So tell us what, what drew you into it and how it is living on that bleeding edge was something like five. >>Well, it's, it's absolutely thrilling living on that leading edge. It's exciting, you know, lots of risks. But the payoff yesterday was fantastic. Be able to complete that call on stage. You know, from our perspective, we were invited in fairly early on into the project. Uh, and we're, we're thrilled to be part of it. And as once we understood the scope and what everyone's trying to do, we realized like we're providing the, the SD wan for this project, connecting the public cloud, the private cloud, and we're deploying, uh, using containers, Kubernetes. And we are able to bring the entire thing together by creating one virtual network so that it's seamless and all the underlying infrastructure, that layer, layer two, layer one, the underlay is just completely invisible to be able to transport that call, to do the signaling, to do everything that needs to be done. >>So for us to become part of this project was really powerful for one, for us to just, uh, just work with some of the companies that were there, like the Linux foundation and tell the Nobel all the other big name players that were out there. And so that was, that was amazing. An amazing experience. But then the community itself that came together, like the people that we met, we met them all at the show. It's all phone calls, we met them all at the show and it really is a community filled with love and a real drive and desire, uh, to build something new and different. Right. Sprinkled with a bit of crazy. >>Yeah. >>Well, so I mean this is a, is a great example of how the Linux foundation can be a catalyst here. I mean one of the Linux foundation is so broad, the CNCF is so broad and you're operating in many domains in this being, you know, bringing the telecom world together, being one of them. But I don't know, can you maybe just talk a little bit about the ecosystem and the unique challenges of, I mean there are some times open source approaches that are a little more strongly opinionated. Like this is going to be our, this is, this is what we're working on. This is going to be our stack. This is the projects in our stack. CNCF has a obviously a, a well documented and open, uh, process around bringing projects in and projects graduating. How does that make your >>life harder? >> Yeah. Well, I mostly focus on our networking projects and working with the telecom industry. And yeah, I mean Telekom definitely likes to be opinionated, you know, I mean that's, that's kind of, and our soul. Um, and so that is also is useful because really at the end of the day, interoperability for the type of scale that telecom operators has is very important. Right? It's um, yeah, some of the cloud providers, right? It's up to the people who want to run on them to like work with their API APIs. But the, the telecom operators, they're using all these applications to provide services to their customers so they have a business need to make sure everything really works end to end. And so there's actually an initiative right now between, um, the LF networking projects and the GSM, uh, where we're really trying to, not to prescriptively, because we do also understand that that doesn't know, you're not going to get the exact same pieces of software that worked for every single operator's network or business, but with a lot more sort of UPenn opinion around, you know, what should the cloud platforms, whether they are VM based or container based, what do they look like and how can we start doing things like compliance and verification programs around commercial implementations, whether it is the underlying platform or whether it's the applications on top. >>And so that's the thing that, you know, we're, we're working on right now because at the end of the day, we're really needing to help them accelerate their, their deployments and, um, get that agility. That's the promise of. >>So, Heather, I want to go back to something you mentioned earlier that there were some gaps in Coobernetti's speak to how fast the community rallied around to, you know, allow this, uh, solution to go forward. >>Yeah. So, um, I'll, I mean basically this is what happens when you get a bunch of engineers together, you know, for the demo itself, we weren't going to fork or make our own sort of changes Kubernetes. So we, we did some things to, to tie things together. Probably you've seen SD when I see Rampart. But yeah, one of the, one of the big issues is just being able to expose multiple interfaces. Um, which, you know, in a service writer network you have multiple interfaces, right? Um, fi six support is another big issue. And so being able to expose those natively in Kubernetes or natively just using cloud native, it's something that we're still working on. Um, there, there are a couple of projects that are looking at that um, network service mesh. Uh, you know, maybe there's some different CNI who are beginning to think through that problem. Um, none of them were quite there. So yeah, we didn't want to start forking and writing pseudo Kubernetes code. Um, so we kinda just use some of the tools and the players in place to work around that. But we, what we would love is to upstream that code and to main line. Sure. >>Yeah. So Sandy would love to hear a little bit more about how SD wind fits in the entire multicloud discussion. Um, we were, we had a pop here in San Diego. There's a lab in Montreal and then there is a, a lab in France and we use public, uh, a combination of, uh, the Alibaba cloud in North America and in Europe. And what we had to do is we had to create a way for the phones to reach each other. So we had to do this initial signaling where you do the request and you have to get to all of the different pods to make the, to make the request. So what we did is we put our, um, containers and all the, in all the cloud providers and also in the labs and we were able to create that private network. And that was what allowed for the call signaling to happen. >>And for the actual call to actually be completed from one to handset to the other. Cindy, you're uh, uh, you talked about community, you know, you're an engineer, a stye in our eyes, a word is SDN when a word, I suppose they usually hear more on an enterprise side of the show. Right. And, uh, you know, talk with lots of folks who provide, you know, in, in that space. This is a little bit different, right? As you, I don't know if you've had a chance to wander either in the sessions or on the floor, kind of curious. There is some, a little bit of networking out there, a little bit networking, security and a couple of other, certainly some service mesh stuff. Right. I don't know. What are your thoughts about how this is growing up on the, in this open source world? It's, listen, it's growing up very fast, right? >>That's, that's 100% sure. I mean, the show is, is, is growing like leaps and bounds every year. It's insane. And that, that, that debt, that performance yesterday was in front of, I don't know how many thousands of people, but I mean that was huge and it was amazing. Um, and you're right, you know, normally when you're thinking about this kind of stuff, you're not necessarily thinking about the networking, but at the end of the day, you know, Kubernetes is a platform or a tool. SD wan is a tool. Um, and if you take all of these tools and put them together, you can actually build something wonderful, right? And that's what we did in this project here. We were able to deliver a 5g call and you know, run it everywhere. So I think what's important in the community, even though this is really primarily a developer event and developer show, you are seeing some edge people here, you are seeing some networking people here and people are the awareness of, Oh wait, you know, we need edge and we need networking to actually build, you know, commercializable platforms or products, right. Is, it's that awareness that's just, I think this year at least is really starting to come out. And I think next year it's going to be even more prevalent and you're going to the show me evolve, you know? And that's why where I kind of see it going. >>Yeah. I mean, I think application developers and general tend to think networking is amazing. It just happens to be, they're sort of like plumbing and power. Um, but to actually deliver it is a fairly complicated challenge and it's part of the reason we want to do the demo yesterday was actually to kind of show some of the challenges and to kind of show what it takes to set up a mobile network. So the F we're going to use Kubernetes to do that. They, you know, the developers here would have a little bit more understanding so that when we were like, we need, you know, we need multiple interfaces or we need to be able to address things in a certain way. They, they, they have a better understanding of why so they can help us from the telecom industry, uh, design and build it out. >>Yeah. I guess the last thing is we've had the cube of the open source summit. We've been to the open networking summit. Uh, you know, when you get off the stage, you put, you know, there's so many different open source projects that Dan just give us a view as to how they span across all of these communities to make sure that we don't end up with a lot of fragmented things. How does everything kind of pull together in the networking? All right, so, so many projects across so many sources, how does, how does Linux foundation make sure that we don't just end up with, you know, siloed, uh, you know, places? >>Well, yeah, to be, to be honest, it's a little bit of a challenge because sometimes the reason that we end up with multiple projects serving what looks like similar needs is because there are different technical approaches. And so might be one will work better than the other. I mean, that's kind of the idea of open source that people can try different things. Um, and, uh, we just try to help people have more, less of a not invented here sort of mindset that if there's a good reason, uh, to try a different approach, go for it. And let's see what, what takes root and what flowers. Um, but you know, also other people are doing things, so just because you're not aware of them. So we, you know, there's a lot of stuff around education and, um, sharing of information that we try to do that, that helps with that. But I mean, yeah. >>Heather, Cindy, thank you so much for joining us regulations on, on the demo. A lot of hard work. >>Thank you. I just have to tell you, I feel as though a thousand pound weight has been lifted off my shoulders out, but it was extraordinarily fun to do actually. >>It was fun. Thank you for John Troyer. I'm Stu Miniman getting towards the end of our three days wall-to-wall coverage. They're running for the tee shirts that are left, but we've got a couple more interviews. Thank you for watching the queue.

>> From our studios, in the heart of Silicon Valley, Palo Alto, California, this is a CUBE Conversation. >> Welcome to this CUBE Conversation here in Palo Alto, California. I'm John Furrier, host of theCUBE. We are here with Arpit Joshipura, GM of Networking, Edge, IoT for the Linux Foundation. Arpit, great to see you again, welcome back to theCUBE, thanks for joining us. >> Thank you, thank you. Happy to be here. >> So obviously, we love the Linux Foundation. We've been following all the events; we've chatted in the past about networking. Computer storage and networking just doesn't seem to go away with cloud and on-premise hybrid cloud, multicloud, but open-source software continues to surpass expectations, growth, geographies outside the United States and North America, just overall, just greatness in software. Everything's an abstraction layer now; you've got Kubernetes, Cloud Native- so many good things going on with software, so congratulations. >> Well thank you. No, I think we're excited too. >> So you guys got a big event coming up in China: OSS, Open Source Summit, plus KubeCon. >> Yep. >> A lot of exciting things, I want to talk about that in a second. But I want to get your take on a couple key things. Edge and IoT, deep learning and AI, and networking. I want to kind of drill down with you. Tell us what's the updates on the projects around Linux Foundation. >> Okay. >> The exciting ones. I mean, we know Cloud Native CNCF is going to take up more logos, more members, keeps growing. >> Yep. >> Cloud Native clearly has a lot of opportunity. But the classic in the set, certainly, networking and computer storage is still kicking butt. >> Yeah. So, let me start off by Edge. And the fundamental assumption here is that what happened in the cloud and core is going to move to the Edge. And it's going to be 50, 100, 200 times larger in terms of opportunity, applications, spending, et cetera. And so what LF did was we announced a very exciting project called Linux Foundation Edge, as an umbrella, earlier in January. And it was announced with over 60 founding members, right. It's the largest founding member announcement we've had in quite some time. And the reason for that is very simple- the project aims at unifying the fragmented edge in IoT markets. So today, edge is completely fragmented. If you talk to clouds, they have a view of edge. Azure, Amazon, Baidu, Tencent, you name it. If you talk to the enterprise, they have a view of what edge needs to be. If you talk to the telcos, they are bringing the telecom stack close to the edge. And then if you talk to the IoT vendors, they have a perception of edge. So each of them are solving the edge problems differently. What LF Edge is doing, is it is unifying a framework and set of frameworks, that allow you to create a common life cycle management framework for edge computing. >> Yeah. >> Now the best part of it is, it's built on five exciting technologies. So people ask, "You know, why now?" So, there are five technologies that are converging at the same time. 5G, low latency. NFV, network function virtualization, so on demand. AI, so predictive analytics for machine learning. Container and microservices app development, so you can really write apps really fast. And then, hardware development: TPU, GPU, NPU. Lots of exciting different size and shapes. All five converging; put it close to the apps, and you have a whole new market. >> This is, first of all, complicated in the sense of... cluttered, fragmented, shifting grounds, so it's an opportunity. >> It's an opportunity. >> So, I get that- fragmented, you've got the clouds, you've got the enterprises, and you've got the telcos all doing their own thing. >> Yep. >> So, multiple technologies exploding. 5G, Wi-Fi 6, a bunch of other things you laid out, >> Mhmm. >> all happening. But also, you have all those suppliers, right? >> Yes. >> And, so you have different manufacturers-- >> And different layers. >> So it's multiple dimensions to the complexity. >> Correct, correct. >> What are you guys seeing, in terms of, as a solution, what's motivating the founding members; when you say unifying, what specifically does that mean? >> What that means is, the entire ecosystem from those markets are coming together to solve common problems. And I always sort of joke around, but it's true- the common problems are really the plumbing, right? It's the common life cycle management, how do you start, stop, boot, load, log, you know, things like that. How do you abstract? Now in the Edge, you've 400, 500 interfaces that comes into an IoT or an edge device. You know, Zigbee, Bluetooth, you've got protocols like M2T; things that are legacy and new. Then you have connectivity to the clouds. Devices of various forms and shapes. So there's a lot of end by end problems, as we call it. So, the cloud players. So for LF Edge for example, Tencent and Baidu and the cloud leaders are coming together and saying, "Let's solve it once." The industrial IoT player, like Dynamic, OSIsoft, they're coming in saying, "Let's solve it once." The telcos- AT&T, NTT, they're saying "Let's solve it once. And let's solve this problem in open-source. Because we all don't need to do it, and we'll differentiate on top." And then of course, the classic system vendors that support these markets are all joining hands. >> Talk about the business pressure real quick. I know, you look at, say, Alibaba for instance, and the folks you mentioned, Tencent, in China. They're perfecting the edge. You've got videos at the edge; all kinds of edge devices; people. >> Correct. >> So there's business pressures, as well. >> The business pressure is very simple. The innovation has to speed up. The cost has to go down. And new apps are coming up, so extra revenue, right? So because of these five technologies I mentioned, you've got the top killer apps in edge are anything that is, kind of, video but not YouTube. So, anything that the video comes from 360 venues, or drones, things like that. Plus, anything that moves, but that's not a phone. So things like connected cars, vehicles. All of those are edge applications. So in LF Edge, we are defining edge as an application that requires 20 milliseconds or less latency. >> I can't wait for someone to define- software define- "edge". Or, it probably is defined. A great example- I interviewed an R&D engineer at VMware yesterday in San Francisco, it was at the RADIO event- and we were just riffing on 5G, and talking about software at the edge. And one of the advances >> Yes. >> that's coming is splicing the frequency so that you can put software in the radios at the antennas, >> Correct. Yeah. >> so you can essentially provision, in real time. >> Correct, and that's a telco use case, >> Yeah. >> so our projects at the LF Edge are EdgeX Foundry, Akraino, Edge Virtualization Engine, Open Glossary, Home Edge. There's five and growing. And all of these software projects can allow you to put edge blueprints. And blueprints are really reference solutions for smart cities, manufacturing, telcos, industrial gateways, et cetera et cetera. So, lots of-- >> It's kind of your fertile ground for entrepreneurship, too, if you think about it, >> Correct; startups are huge. >> because, just the radio software that splices the radio spectrum is going to potentially maybe enable a service provider market, and towers, right? >> Correct, correct. >> Own my own land, I can own the tower and rent it out, one radio. >> Yep. >> So, business model innovations also an opportunity, >> It's a huge-- >> not just the business pressure to have an edge, but-- >> Correct. So technology, business, and market pressures. All three are colliding. >> Yeah, perfect storm. >> So edge is very exciting for us, and we had some new announcements come out in May, and more exciting news to come out in June, as well. >> And so, going back to Linux Foundation. If I want to learn more. >> LFEdge.org. >> That's kind of the CNCF of edge, if you will, right? Kind of thing. >> Yeah. It's an umbrella with all the projects, and that's equivalent to the CNCF, right. >> Yeah. >> And of course it's a huge group. >> So it's kind of momentum. 64 founding members-- >> Huge momentum. Yeah, now we are at 70 founding members, and growing. >> And how long has it been around? >> The umbrella has been around for about five months; some of the projects have been around for a couple of years, as they incubate. >> Well let us know when the events start kicking in. We'll get theCUBE down there to cover it. >> Absolutely. >> Super exciting. Again, multiple dimensions of innovation. Alright, next topic, one of my favorites, is AI and deep learning. AI's great. If you don't have data you can't really make AI work; deep learning requires data. So this is a data conversation. What's going on in the Linux Foundation around AI and deep learning? >> Yeah. So we have a foundation called LF Deep Learning, as you know. It was launched last year, and since then we have significantly moved it forward by adding more members, and obviously the key here is adding more projects, right. So our goal in the LF Deep Learning Foundation is to bring the community of data scientists, researchers, entrepreneurs, academia, and users to collaborate. And create frameworks and platforms that don't require a PhD to use. >> So a lot of data ingestion, managing data, so not a lot of coding, >> Platforms. >> more data analyst, and/or applications? >> It's more, I would say, platforms for use, right? >> Yeah. >> So frameworks that you can actually use to get business outcomes. So projects include Acumos, which is a machine learning framework and a marketplace which allows you to, sort of, use a lot of use cases that can be commonly put. And this is across all verticals. But I'll give you a telecom example. For example, there is a use case, which is drones inspecting base stations-- >> Yeah. >> And doing analytics for maintenance. That can be fed into a marketplace, used by other operators worldwide. You don't have to repeat that. And you don't need to understand the details of machine learning algorithms. >> Yeah. >> So we are trying to do that. There are projects that have been contributed from Tencent, Baidu, Uber, et cetera. Angel, Elastic Deep Learning, Pyro. >> Yeah. >> It's a huge investment for us. >> And everybody wins when there's contribution, because data's one of those things where if there's available, it just gets smarter. >> Correct. And if you look at deep learning, and machine learning, right. I mean obviously there's the classic definition; I won't go into that. But from our perspective, we look at data and how you can share the data, and so from an LF perspective, we have something called a CDLA license. So, think of an Apache for data. How do you share data? Because it's a big issue. >> Big deal. >> And we have solved that problem. Then you can say, "Hey, there's all these machine learning algorithms," you know, TensorFlow, and others, right. How can you use it? And have plugins to this framework? Then there's the infrastructure. Where do you run these machine learning? Like if you run it on edge, you can run predictive maintenance before a machine breaks down. If you run it in the core, you can do a lot more, right? So we've done that level of integration. >> So you're treating data like code. You can bring data to the table-- >> And then-- >> Apply some licensing best practices like Apache. >> Yes, and then integrate it with the machine learning, deep learning models, and create platforms and frameworks. Whether it's for cloud services, for sharing across clouds, elastic searching-- >> And Amazon does that in terms of they vertically integrate SageMaker, for instance. >> That's exactly right. >> So it's a similar-- >> And this is the open-source version of it. >> Got it- oh, that's awesome. So, how does someone get involved here, obviously developers are going to love this, but-- >> LF Deep Learning is the place to go, under Linux Foundation, similar to LF Edge, and CNCF. >> So it's not just developers. It's also people who have data, who might want to expose it in. >> Data scientists, databases, algorithmists, machine learning, and obviously, a whole bunch of startups. >> A new kind of developer, data developer. >> Right. Exactly. And a lot of verticals, like the security vertical, telecom vertical, enterprise verticals, finance, et cetera. >> You know, I've always said- you and I talked about this before, and I always rant on theCUBE about this- I believe that there's going to be a data development environment where data is code, kind of like what DevOps did with-- >> It's the new currency, yeah. >> It's the new currency. >> Yeah. Alright, so final area I want to chat with you before we get into the OSS China thing: networking. >> Yeah. >> Near and dear to your heart. >> Near and dear to my-- >> Networking's hot now, because if you bring IoT, edge, AI, networking, you've got to move things around-- >> Move things around, (laughs) right, so-- >> And you still need networking. >> So we're in the second year of the LF Networking journey, and we are really excited at the progress that has happened. So, projects like ONAP, OpenDaylight, Tungsten Fabric, OPNFV, FDio, I mean these are now, I wouldn't say household names, but business enterprise names. And if you've seen, pretty much all the telecom providers- almost 70% of the subscribers covered, enabled by the service providers, are now participating. Vendors are completely behind it. So we are moving into a phase which is really the deployment phase. And we are starting to see, not just PoCs [Proofs of Concept], but real deployments happening, some of the major carriers now. Very excited, you know, Dublin, ONAP's Dublin release is coming up, OPNFV just released the Hunter release. Lots of exciting work in Fido, to sort of connect-- >> Yeah. >> multiple projects together. So, we're looking at it, the big news there is the launch of what's called OVP. It's a compliance and verification program that cuts down the deployment time of a VNF by half. >> You know, it's interesting, Stu and I always talk about this- Stu Miniman, CUBE cohost with me- about networking, you know, virtualization came out and it was like, "Oh networking is going to change." It's actually helped networking. >> It helped networking. >> Now you're seeing programmable networks come out, you see Cisco >> And it's helped. >> doing a lot of things, Juniper as well, and you've got containers in Kubernetes right around the corner, so again, this is not going to change the need, it's going to- It's not going to change >> It's just a-- >> the desire and need of networking, it's going to change what networking is. How do you describe that to people? Someone saying, "Yeah, but tell me what's going on in networking? Virtualization, we got through that wave, now I've got the container, Kubernetes, service mesh wave, how does networking change? >> Yeah, so it's a four step process, right? The first step, as you rightly said, virtualization, moved into VMs. Then came disaggregation, which was enabled by the technology SDN, as we all know. Then came orchestration, which was last year. And that was enabled by projects like ONAP and automation. So now, all of the networks are automated, fully running, self healing, feedback closed control, all that stuff. And networks have to be automated before 5G and IoT and all of these things hit, because you're no longer talking about phones. You're talking about things that get connected, right. So that's where we are today. And that journey continues for another two years, and beyond. But very heavy focused on deployment. And while that's happening, we're looking at the hybrid version of VMs and containers running in the network. How do you make that happen? How do you translate one from the other? So, you know, VNFs, CNFs, everything going at the same time in your network. >> You know what's exciting is with the software abstractions emerging, the hard problems are starting to emerge because as it gets more complicated, end by end problems, as you said, there's a lot of new costs and complexities, for instance, the big conversation at the Edge is, you don't want to move data around. >> No, no. >> So you want to move compute to the edge, >> You can, yeah-- >> But it's still a networking problem, you've still got edge, so edge, AI, deep learning, networking all tied together-- >> They're all tied together, right, and this is where Linux Foundation, by developing these projects, in umbrellas, but then allowing working groups to collaborate between these projects, is a very simple governance mechanism we use. So for example, we have edge working groups in Kubernetes that work with LF Edge. We have Hyperledger syncs that work for telecoms. So LFN and Hyperledger, right? Then we have automotive-grade Linux, that have connected cars working on the edge. Massive collaboration. But, that's how it is. >> Yeah, you connect the dots but you don't, kind of, force any kind of semantic, or syntax >> No. >> into what people can build. >> Each project is autonomous, >> Yeah. >> and independent, but related. >> Yeah, it's smart. You guys have a good view, I'm a big fan of what you guys are doing. Okay, let's talk about the Open Source Summit and KubeCon, happening in China, the week of the 24th of June. >> Correct. >> What's going on, there's a lot of stuff going on beyond Cloud Native and Linux, what are some of the hot areas in China that you guys are going to be talking about? I know you're going over. >> Yeah, so, we're really excited to be there, and this is, again, life beyond Linux and Cloud Native; there's a whole dimension of projects there. Everything from the edge, and the excitement of Iot, cloud edge. We have keynotes from Tencent, and VMware, and all the Chinese- China Mobile and others, that are all focusing on the explosive growth of open-source in China, right. >> Yeah, and they have a lot of use cases; they've been very aggressive on mobility, Netdata, >> Very aggressive on mobility, data, right, and they have been a big contributor to open-source. >> Yeah. >> So all of that is going to happen there. A lot of tracks on AI and deep learning, as a lot more algorithms come out of the Tencents and the Baidus and the Alibabas of the world. So we have tracks there. We have huge tracks on networking, because 5G and implementation of ONAP and network automation is all part of the umbrella. So we're looking at a cross-section of projects in Open Source Summit and KubeCon, all integrated in Shanghai. >> And a lot of use cases are developing, certainly on the edge, in China. >> Correct. >> A lot of cross pollination-- >> Cross pollination. >> A lot of fragmentation has been addressed in China, so they've kind of solved some of those problems. >> Yeah, and I think the good news is, as a global community, which is open-source, whether it's Europe, Asia, China, India, Japan, the developers are coming together very nicely, through a common governance which crosses boundaries. >> Yeah. >> And building on use cases that are relevant to their community. >> And what's great about what you guys have done with Linux Foundation is that you're not taking positions on geographies, because let the clouds do that, because clouds have-- >> Clouds have geographies, >> Clouds, yeah they have agents-- >> Edge may have geography, they have regions. >> But software's software. (laughs) >> Software's software, yeah. (laughs) >> Arpit, thanks for coming in. Great insight, loved talking about networking, the deep learning- congratulations- and obviously the IoT Edge is hot, and-- >> Thank you very much, excited to be here. >> Have a good trip to China. Thanks for coming in. >> Thank you, thank you. >> I'm John Furrier here for CUBE Conversation with the Linux Foundation; big event in China, Open Source Summit, and KubeCon in Shanghai, week of June 24th. It's a CUBE Conversation, thanks for watching.

>> Announcer: Live from Los Angeles it's The Cube covering Open Source Summit North America 2017. Brought to you by the Linux Foundation and Red Hat. >> Hey, welcome back everyone. We're here live in L.A. for the Linux Foundation Open Source Summit North America. I'm John Furrier, your host, with Stu Miniman, my co-host. Our next guest Jim Zemlin, Executive Director of the Linux Foundation, runs the whole show. Welcome back to The Cube, great to see you. >> Thank you, thank you. Runs the whole show is a little bit of an overstatement. >> Well, certainly great keynote up there, I mean, a lot of things coming together. Just some structural things. Let's get the update on what's going on structurally with the Linux Foundation, one, and then two, the keynote today, this morning, really kind of laid out the state of the union, if you will, and all cylinders are pumping, no doubt, on open source. So give the quick update on kind of what's going on with the Linux Foundation and then let's get in some of the trends inside the open source movement. >> Yeah, I mean, our organization has grown quite a bit in the last few years as evident by all the people who are here at this event. But our focus is really on the projects that are important to, you know, the stability, security, and growth of the global internet and of large-scale systems. And when you look at Linux or Node.js or things like our networking projects which are powering the production networks for 3 1/2 billion people, what we're really focused on is making sure those projects are healthy, making sure that they have great developers who write incredible code, that it's used to power things like China Mobile's network or AT&T's production network. And then, those firms are employing the developers who then write more code, you get more solutions, products, services based on Linux or whatever. More reinvestment, lather, rinse, repeat. It's that cycle we're trying to promote. >> So before we get into some of the stats, structurally, I know this show, we've Cube comments out there, clarify the structure. How the shows are rolling out, how are you guys putting together the big-tent events, and how developers can get involved in the specific events across, but now there's a ton of projects. But just at a high level, what's the structure? >> Yeah, so, you know, and I'll throw out a few stats. We have about 25,000 developers that attend all of our events which are all over the world. But we have our Open Source Summit which is really sort of a summit to come together and talk about these big-picture issues around sustainability to allow for cross-project collaboration. We have project-specific events so the CloudNativeCon, KubeCon event which is coming up in Austin which is going to be blow-out, you know, I'm expecting thousands of people. I think probably three, 4,000 people. >> And even more platinum sponsors than I've ever seen on any project before so huge demand. >> It's crazy, yeah. Yeah, you know, get it while it's good, right? All these things kind of go up and down but they're on the upswing. So we have project-specific and then in the networking sector, we have have the Open Networking Summit which is sort of similar to the Open Source Summit but much more focused on networking technology, SDN, and NFD, and that is going to be in L.A. next year and we'll have a U.S. event and then a European and an Asian. >> And this show's purpose is what? How would you position the Open Source Summit? >> The Open Source Summit is where all the projects come together and do cross-pollination. I mean, the idea here is that if you're just always in your silo, you can't actually appreciate what someone else is doing that may improve your project. >> And Jim, there's a couple of events that came together to make this 'cause it was LinuxCon, ContainerCon, and MesosCon is also co-resident so. >> Exactly, so we just decided after a while that all these events could come together and again, this cross-pollination of ideas. >> And they kind of did, they're just different hotels in Seattle last time. >> Yeah, exactly. That's enough, it's just going to be Open Source-- >> It's a big-tent event. >> It's a big-tent event and it really reflects how open source has gone mainstream in a way that I don't think any of us would've predicted even maybe five, six years ago. >> It's pretty massive. Just to quote some stats. 23 million plus open source developers, what you shared onstage there, want to get to your keynote. 41 billion lines of code. 1,000 plus new projects a day. 10,000 new versions pushed per day. 64 million repos on GitHub. Just amazing growth so this kind of points to obviously the rising tide is floating all boats. I made a comment, I tweeted, in the spirit of the joke of standing on the shoulders of giants before you, it's like, what shoulders are we standing on now? Because there's so many projects. Is there going to be like a legacy like the dual-star, badge values, been around for a while? You mentioned old news and you bring up Linus onstage. I mean, some projects are older, more mature, Bruce Wayne, Tier One, meat and potatoes, some got a little bit more flair and fashion to it, if you will. So you got new dynamics going on. Share your thoughts on this. >> Yeah, I mean, it's like the shoulders you're standing on are almost like stage-diving, right? Where it's just lots of people's shoulders that you're really bouncing around on. But the idea here, and what we really focus on, is what are the most important projects in the world and how do we make sure we sustain those projects. So those are the ones that you're going to generally see focused on here. Like, you know, if you've got two people contributing to one small repo for a very small project, that's probably not something that's going to be super high-profile here. But what we're trying to do is bring together sort of the big projects and also the key contributors. You know, if you look at the distribution of contribution, and this is the thing, I think, if you're a developer listening to something like this, someone who gives just one commit to a project to solve some kind of problem they might have, that's the vast majority of people. Somebody who does maybe five to 10 commits, you know, a little bit less, quite a bit less. The vast majority of code, people who give 25 or more commits to a project, small group of folks, they're here. >> I know Stu wants to ask a question, one final question on the growth 'cause this kind of reminds me of sports as we're like the ESPN of tech here for the community. If you look at the growth, you put a slide in there by SourceClear that show the projection, by 2026, at 400 million libraries, putting it today around, I think, 64 million. This is going to be like an owners meeting. It's kind of like they get together, this event because you are going to have so many projects 'cause this is kind of the vibe you got going on in here. The scale is massive, this is going to be almost like the owners meeting, the teams. Expansion's going to be coming, you have to deal with that, that's challenging. >> We're ready to grow, I mean, we've been working on systems and staffing and processes to help scale with that. You know, we take seriously that that code runs modern society. It keeps us private or doesn't as we saw with the Equifax hack which was a CVE in an open source project and we want to be ready to up our game. Let's say we could have secure coding class at this very event for the greatest developers who are working on our most important projects in the world. Would that make all of our lives better? Yes, absolutely. >> Yes, absolutely would. Yeah and you want to enable that, that's where you're going. >> That's exactly where we're going. >> Jim, the quote that jumped out at me that you gave in the keynote was, projects with sustainable ecosystems are the ones that matter. How do we balance all this? I heard in, you know, Linus's Q and A it was, look, individual's important but companies are important. You put up a slide and said, there's thousands and thousands of projects, sometimes we're going to get some really awesome stuff from three people contributing code versus the massive ecosystem with all the platinum providers so, it's always in technology, it's an and and it's very nuanced but how do we get our arms around this? How do we know where to focus? >> It's worth going back in time to understand where the future is going and study innovation theory, you know, Eric von Hippel at MIT, or Karim Lakhani at Harvard Business School. And you look at the framework, which is, you have corporations who underwrite a lot of development by hiring developers who have an equal importance in this and then users of that software. So those are your main constituents and sometimes they're the same people, right, or the same things. They're not mutually exclusive, they're actually self-reinforcing if you get the formula right and you make sure that the project is in good shape so that it gives confidence to industry or society that, hey, we can count on that. I think Heartbleed and OpenSSL maybe rattled people's cages like, hey, can we count on, not just this project, but can we count on open source period? So we spent a ton of time working with that project to provide them millions in resources, audited their code, expanded their testing, and we learned a hell of a lot about how to support these communities in the most important developer projects in the world and create that positive feedback loop, that's what we're doing. >> Yeah and Jim, it's, as an analyst, one of the things we're always asked is, right, how do I choose the right technology? Whereas companies now are contributing here so it's not just I'm putting dollars in, I'm putting manpower into this. And the foundations sometimes get a lot of lung from people, saying it's like, oh well, people throw money and what do they get out of it? I liked what I heard today, you talking about this cycle, and maybe talk to our audience a little bit about CHAOSS which I though was a nice, tongue-in-cheek acronym to say how you're actually going to bring order to the chaos that we see in the open source world. >> I'm going to come to this but I want to answer one quick question about the roles of organizations like ours. We are the roadies, the supporting cast, and the plumbers and the janitors of the system that keep things going but the real rock stars are the developers. If you think about it, Linux is worth $10 billion. An average kernel developer makes probably, let's say $150,000 a year, by the way, they make more than your average developer because they're in such high demand. The role of organizations like ours is such a tiny fraction financially of what is really fueling this model but it's an important one. What we ask ourselves all the time is, why do you need us? Who cares, right? Like, throw your code up on GitHub, you don't need the Linux Foundation, right? Why do we even exist? And the answer is to do things like this Community Health Analytics for Open Source Software, to provide the infrastructure for sustainability. Sustainability is something that we need to measure, right? How many developers are contributing to a project? Are they from a diverse community so that if one group goes away, there'll be somebody else there to do that work? How much test coverage do they have? Are there code quality metrics that we could look at? Do they have security practices like a responsible disclosure policy, a security mailing list? Have they recently fuzzed their code? Are they a community that's welcoming for people of different backgrounds? And so on and so forth. If you don't have a healthy project, you kind of don't want to bet your company on this project by using it in a production system, right? But here's the interesting thing, how many people are using that code in production also is a metric for health, right? Because that's where the reinvestment is going to come in the form of developers who are working on it. >> There's a difference between being proactive and jamming something down someone's throat. So you're taking an approach, if I get this right, to be kind of the same open source ethos, use some KPIs, key performance indicators, to give them a sense of success. But it's not an edict saying-- >> No, no, it can't be an edict. What you want to do is preserve the organic innovation that goes on in open source and get projects to go, and you'll notice that curve of sort of value to volume goes up and to the left, we could've written it to the right but, you know, the whole copyleft thing we love. How do you get that organic innovation to kind of go from this small project up and to the left? How do you capture that? Well, give tools to everyone so that they can better self-analyze. >> John: You get exponential growth with that. >> Exactly. >> If you try to control, it's linear but you bring it to the community, you get exponential growth. >> Exactly, so we studied a ton of innovation theory, we looked at how we could build frameworks to facilitate this kind of form of mass innovation and so that's where tools like CHAOSS which is being worked on by Red Hat and a lot of companies who want to figure out which project should I work on? How can I spot that one earlier? And we're excited about it. >> You know, I always joke, being the old guy that I am, in the late '80s, early '90s, '80s particularly when I was coding. We did everything, we wrote all the code. You bring up an interesting stat and you put the finger on, at least for me, and I think this is where a lot of us old timers who had to do all the libraries from scratch. You mentioned the code sandwich, the code club, the club sandwich, how code's being made and the interesting thing, as you point out, 90% of most great software is done with open source where the 10% innovation is done with original code or original content, if you will, and that that is the norm. So open source is now called the code sandwich because you can put your differentiation and that's a good use of time. >> That's the meat, right. >> That's the meat, it's not a wish sandwich to use the old Blues Brothers example but I mean look, the thing is is that that's dynamic is real, the code is leverageable, and that this is the dynamic so where'd the number come from? Because that seems really high to me but I love it. >> So that number came from a combination of Sonatype, SourceClear, and other organizations that monitor commercial reuse of software on a global basis. So these are the folks who are actually working with commercial industry to look at the makeup of their code, basically. You don't have to go far to look at a Node.js developer, they're using Node.js, they're taking packages out of NPM, and they're writing, they're cut and paste masters, but they write this critical component that's the meat of their application, it's what they do. >> But that's the innovation fabric that's happening. >> It also is a requirement because let's look at a modern, luxury vehicle today. It has 100 million lines of code in it. That's more than an F-35, like, fighter jet. That's an unbelievable amount of code. Toyota, who we work with, and you know, our AGL, our Automotive Grade Linux, is in their Camry. They couldn't write that code on their own. It's just too much. And this is how we get to autonomous vehicle control and things like that. >> I know you got a tight schedule, I want to make one more comment, get your reaction to it. I made a tweet and said, it's open bar in open source and with a reference to all the goodness being donated by companies, Google TensorFlow, there's a lot of other things coming in, these libraries. A lot of people are bringing really, really big IP to the table, IoT, and I kind of made an open remark 'cause a lot of the young kids, they think this is normal, like, well it's going to get better. Keep on drinking that open source. Is this normal? Is it going to be more like this in the future? Because you have essentially real intellectual property, like say from Google, being given to the open source communities as a gift for innovation. I mean, that is just unprecedented greatness. >> The reason for that is they're not doing it necessarily altruistically although I think you can take it that way, they're doing it in a way that betters themselves and others at the same time. I mean, it is a form of collective capitalism where they've realized, my value's over here, it is better for me to collaborate on underlying infrastructure software that my customers don't care about that's not critical to my system but I absolutely have to have and I'm going to focus on data or I'm going to focus on much higher-level innovation. And what that's doing is creating this hockey stick of innovation where, as we share more and more and more infrastructure software, and as that keeps moving up and up the stack, we all benefit. >> So in the theory of the management, bring up management theory, their theory, I'd love to get your thoughts on, is that they're betting on scale rather than trying to go for profits in the short-term, they'd much rather share intellectual property on the back-end value of scale and scale's the new competitive advantage. >> Exactly, take Kubernetes as an example. The fact that, today, and just even a couple years ago this wasn't known, we didn't quite know where this was going to be, but today you can take Node.js, build a container, you know, take an application, throw it into a container, and use Kubernetes to run it on Azure, Amazon, Google, or in a private cloud. That definition, the ability to do that, unlocks this massive developer productivity which creates more value which is more business opportunity for all these guys. You know, they're not doing it 'cause they're nice people, they're doing it 'cause they're unlocking market potential. >> And they're the real rock stars. Jim you're doing a great job. Congratulations on your success. You got a lot of growth in front of you, a lot of challenges and opportunities certainly with that and of course, the tech athletes out there doing the coding, they're the real rock stars, they're the real athletes. Of course, we get more on The Cube, thanks for your support with The Cube as well, appreciate that. >> Jim: Thank you, thanks for everything. >> Alright, this is live coverage from Open Source Summit North America in Los Angeles, California. I'm John Furrier, Stu Miniman, we'll be back with more live coverage after this short break.

(cheerful music) >> Voiceover: Live, from Los Angeles, it's theCUBE covering Open Source Summit North America 2017, brought to you by the Linux Foundation and Red Hat. >> Okay, welcome back here when we're here live with theCUBE coverage of Linux Foundation Open Source Summit North America in Los Angeles, I'm John Furrier, Stu Miniman, our next guest is Arpit Joshipura, General Manager of Networking the Linux Foundation. Welcome back to theCUBE, great to see you. >> Thank you, nice to be here again. >> Always good to talk networking, as Stu and I always say networking is probably the most active audience in our community, because at the end of the day, everything rolls downhill to networking when the people complain. It's like "where the hell's my WiFi, "where's the patent latency," networking SDN was supposed to solve all that. Stu, we're still talking about networking. When are we going to fix the network? It's always in the network, but important. In all seriousness, a lot of action continues and innovation to networking. >> Absolutely. >> What's the update? >> Update is very exciting. So first of all, I can confidently say that open source networking, not just networking, but open source networking is now mainstream. And it's mainstream in the telcos, in the carriers, service providers, it's getting there in the enterprise. And Linux Foundation is really proud to host eight of the top 10 projects that are in open source networking. ONAP, ODL, OPNFV, Fido, you know, the list goes on. And we're really excited about each of these projects, so good momentum. >> We've been seeing and talking about it too, we all, joking aside, the intro there, but in all seriousness we've been saying, we get better the network, it's finally happening. Has it been a maturization of the network itself, has it been industry force and what have been the forces of innovations been? OpenStack has done some great work, they're not getting a lot of love these days with some people, but still we've seen a lot of production workflows at OpenStack, OpenStack's still there, rocking and rolling. New projects are onboarding, you see the telcos getting business models around digital. What's the drivers? Why is network mainstream now? >> I think it's a very simple answer to that, and that is before 5G and IoT hit the market, network better be automated. It's a very simple requirement. And the reason is very self-explanatory, right? You can't have an IoT device on the call on hold while you get your service up (laughs). So, it's IoT, right? And it is the same thing on 5G, a lot of new use cases around cars or around low latency apps. You need automation, and in order to have automation, a carrier or a solution provider goes through a simple journey. Am I virtualized? Yes or no? Am I using the building blocks of SDN and NFV? Yes or no? And the third, which is now reality, which is, am I using open source to do it? Yes, and I'm going to do it. And that's the driver right? I mean it's all- >> Automation, when you started throwing out a lot of TLAs, you talk about SDN and NFV, we've got a four-letter acronym that we need to talk about. The Open Network Automation Platform. Why don't you bring your audience up to speed, what that is, the news that you have this week. >> Absolutely, so ONAP was launched earlier in 2017. It's a combination of two open source projects, ECOMP and Open-O, and we wanted to bring the community together versus sort of fragmented, and because our end users are asking for a harmonized solution. So we brought it together. It was launched earlier this year as we talked about, but the most significant thing is it has received tremendous support from the member community. So at OSS today, we just announced that Vodafone has joined as a platinum member. They will be on our board, and as you know Vodafone is one of the top providers. So if you add up all the subscribers that are being influenced by ONAP, they come to 55%. So out of the 4.5 billion subscribers that exist, more than 55% will be influenced by ONAP and the work that happens. That includes China Mobile, China Telecom, China Unicom, all of the China, Bell Canada, AT&T obviously who sort of was the founding member, Orange, Reliance Jio from India. So we've got, Comcast joined earlier in the quarter, so we've got cable companies, carriers, all joining. And to be very honest, I'll probably just give you the list of all the networking vendors that are participating here, and I've list Amdocs, Cisco, Ericsson, GigaSpaces, Hua Wei, IBM, Intel, Nokia, Tech Mahindra, VMware, ZTE, Juniper, you know, you name it. >> Arpit, I mean the long story short is-- >> Just cause they're involved does that mean they're actually working-- >> They're active. Active. >> we're not going to be critical on this. >> But come on, even Cisco's involved in the open source stuff, right? >> They've very active. >> We've had lots of guests on from Cisco, Lulu Tucker's been on many many times. We know the open source there, but it used to be, networking was very proprietary. Now, it wasn't SDNs going to totally change everything, it's lots of different pieces, lots of different projects. It kind of felt like the river slowly wearing down the mountain as to this transition from proprietary to open source. >> I think what happened is if you just look at four years back, it was proprietary. Not because people liked it, that was the only game in town. When the open source industry, especially in the networking, and this is a hundred year old industry, telecom right? When it came in in the desegregated manner, hardware and software separated, control plane separated from data plane, all of that happened, and what happened suddenly was each components started becoming mature. So they're production-ready components, and what ONAP and what Linux Foundation is intending to do this year is trying to bring all the components into a system solution. So that it's easy to deploy, and all you have to do is point, click a service, everything below it will all be automated and integrated. >> Well the telcos are under a lot of pressure. I mean this has been a decade run, over-the-top they've been struggling with that from years ago, decade ago or more. But now they're getting their act together. We're seeing some signs, even VMworld. Stu, Pat Gelsinger said 5G's the next big kahuna in networking the next 20 years, you can validate it. This is going to be a 20 year changeover, so as the Linux Foundation, which essentially is the organic growth engine for this community, what do you guys see in that 20 years? Cause I see 5G's going to create all these connection points. IoT is going to be massive. That's going to increase the surface area for potential attacks. We're seeing a networking paradigm that's moving from old guards Cisco, Juniper, and some of the names you mentioned. They got to make some changes. How are they adjusting? What's going on so the next 20 years we don't have more conflict and more identity politics. >> I'll tell you one thing, I come from a vendor community, right? So I really appreciate the work they're doing. Part of the reason you would have seen in the past a vendor dragging their feet is because of fragmentation in the community. You as a vendor do not know where to put your resources, people, and where you put your money. What we're doing at the Linux Foundation is starting to harmonize all that. And once you do that and you have enough of a scale and enough of a community, there is no shortage of people and developers that the vendors are contributing to. >> John: What's some of the proof points that you can share? >> Okay, so ONAP, from start to now, about 1100 Wiki members already. That means 1100 unique developers are joining the project. Over 50 members. We ran out of VMs, I mean it's like that has not happened in any project for over five years. We had to fire up people more. So you can see that... And this is not just, these are competitors, but if you step back and look at it, they're competitors from an end user perspective, but they're solving the common problem in which they don't get any money. They don't make any money. These are things that absolutely need to happen. The plumbing, the infrastructure, the orchestration, the control layer, the data plane layer, all of that need to just happen, it should just work. And let them differentiate on top. We are actively seeing almost everybody participating significantly. >> Stu, let's hear your thoughts on this. You guys are both, I view you guys both as experts and influencers in this networking ecosystem, so I got to ask you both a question. CNCF has gotten a lot of traction with funding, sponsorships are off the charts, you're seeing massive tractions, Stu, where you also see that KubeCon Cloud Native, but you have native clouds, I call them native clouds, in Amazon and then soon-to-be enterprises that want to run software-defined networking. So the question is do you see the same kind of support going for your group as CNCF's getting? Is it just fashionable at this point, CNCF? Why isn't the networking getting as much love at least from a sponsorship standpoint. >> Let's define love. So if you define love as the 2017 ONS, which is our largest networking summit, we grew that 10%, everything was off the charts. The feedback, the content-- >> John: The attendance growth or sponsorships? >> Attendance, sponsorships, CFPs were 5x oversubscribed. Call for papers, for submissions, 5x oversubscribed. So we had a hard time picking the best of the best. ONS 2018 is going to be here in LA, we've already started getting requests on, you know, so we're the same boat. >> So you feel good. >> We feel good. >> Not about this, like you're winning. >> No, but I tell you-- >> There'll be positive numbers we know from the hype scale horses, Stu, answer your question and then maybe you guys can comment. So is it a matter of that there's more buzz in positioning involved in the hype side of CNCF now, and there's just meat and potatoes being done in the networking world, Stu? Cause you and I both know, if no one has nothing to say, they've got to kind of market themselves. >> So John, think back to five years ago, how much hype and buzz there was around SDN. John, you and I interviewed like Martin Casado, he just bought for $1.4 billion, all these startups, lots of VC investment, so I think we're further down the maturity curve. Now networking's always-- >> John: People going to work, they're doing their job. >> It's real, it's in production-- >> It's funny-- >> It's not parb, I always say when you move from PowerPoint to production, real things happen. >> I always say, if there's going to be sizzle, I better see some steak on the grill, so what's happening is steak is cooking right now. >> And John, so one of the things we say, networking, no offense to all my friends in networking, networking is never sexy. >> Oh, come on Stu, networking is totally sexy. >> I always say it's cool again. >> Networking has never lost its edge. >> It absolutely is majorly important, but Arpit, take us in, you know, Kubernetes is hot, containers get a lot of buzz and everything. Networking, critical piece of making sure that this works, feels like, I think back to the virtualization days, it took us 10 years to kind of solve those things that that abstraction layer broke. It feels like networking is further ahead than it was, it's moving faster, we understand it's not something that's just kind of oh we'll let the networking guys get to it eventually. Networking and security, which often has that networking tie are front and center now. >> Very good point, and I think what you have to also sort of step back and look at is what are the problems that need to be solved from an end user perspective? So the hardest networking problems at the data plane control layers, check. Next big problem that remain to be solved was orchestration, data analytics, and things like that. Check, solve, with ONAP. Now the next problems that need to be solved are containerization of enterprise app, which is where Kubernetes and... and then how does containerization work with networking? That's all the C&I, the interfaces. I would say next year, you will start to see the interworking and the blend of these "hot projects" where they can all come together. >> Stu, you were there in 2010, I looked right in the camera and said to Dave Vellante, storage is not as sexy. And Dave called it snoreage, cause snoreage is boring. (Stu laughs) >> And at that time, the storage industry went on a run. And we well-documented that. Sexy is, networking is sexy. And I think that we-- >> I call it cool. >> And I just tweeted, 25g is a good indicator of a 20 year run, and networking is the big kahuna as Pat Gelsinger said in IoT, so I think, Stu, I think it's going to be very apparent, sexy. I just don't see a lot of amplifications, so you don't see a lot of people marketing the sizzle. I think, being done I would agree, but Stu, there's more buzz and hype on the CNCF side than networking. >> That's fair. I think it is always as you said, it's the initial phase of any project that gets a lot of clicks and a lot of interest, and people want to know about it. A lot of the buzz is around, just awareness. The classic marketing cycle, and I think we're past that. It was therefore ONAP in January, we're past that. >> Alright, so here's the question, final question. So the steak is coming off the grill in our metaphor here, what are people-- what is that product, what's happening, what is the big deliverable right now from a networking standpoint that people can bet on and know that they can cross the bridge into the future with it. >> You will see a visible difference, you as in an end user, an enterprise, or a residential consumer. You will see a significant difference in terms of how you get services. It's as simple as that. Why? Because it's all automated. Network on-demand, disaster recovery, video conference services. Why did over-the-top players, why were they so successful? If you need a Gmail ID, you go in, you get one. It's right there. Try getting a T1 line five years ago. That would be six weeks, six months. So with the automation in place, the models are converging. >> So provisionings are automatically happening-- >> Provisionings, service, and then the thing that you will not see but you will see in the services impact, is the closed loop automation that has all the analytics built in. Huge, huge. I mean, network is the richest source, and by the way, I'll come back next year and I'll tell you why we are cool again. Because all of a sudden, it's like oh my god look at that data and the analytics that the network is giving me. What can I do with it? You can do AI, you can do machine learning, you can do all these things. >> Well, we're looking forward to it, the eye of the storm is kind of happening now I think in networking, Stu and I always have debates about this, cause we see a lot of great action. Question is, let's see the proof points, you guys are doing some good work. Thanks for sharing, Arpit, really appreciate, General Manager of Networking at Linux Foundation. It's theCUBE, more live coverage from Los Angeles, the Open Source Summit North America. I'm John Furrier, Stu Miniman, be back with more live coverage after this short break. (techno music)

>> Announcer: Live from San Francisco, it's theCUBE covering DevNet Create 2017. Brought to you by Cisco. >> Okay, welcome back, everyone. Live in San Francisco. This is theCUBE's exclusive coverage of Cisco's new inaugural DevNet Create event targeting the DevOps open source community as they put their toe in the water, their foray into a community approach to build on top of their success of their classic developer program, DevNet, which is only three years old. Shouldn't call it classics. It's actually emerging still and growing. Arnesc is our pitch, Joshipura GM, Network and Orchestration at the Linux Foundation. I'm also joined with my cohost Peter Burris. Welcome to theCUBE. >> Thank you. >> Good to see you again, welcome back. Cube alumni. Obviously open networking. You guys are involved, you're having a great show, we cover it every year. Open Networking Summit, among other things. Huge demand for the technologies. An appetite for content in your area. Here at Cisco DevNet Create, you're seeing the emergence of Cisco taking their roots in networking and plumbing and operations, which, by the way, you know from the networking world. Sacred cows all over the place. Bringing it to the wild west, agile developer who wants infrastructure at Cisco is bringing that application meets infrastructure saying, we're going to bring programmable networking. That's music to the ears to the developers so we are getting infrastructure as code. That's your wheelhouse. What's going on in the Linux Foundation to continue this momentum? How do you guys look at this trend, give us the update on how the Linux Foundation is participating, supporting, getting involved with this programmable networking infrastructure as code trend. >> Sure. So first of all, let me baseline everybody. Linux Foundation is here to create the largest shared technology investment by building sustainable ecosystems. That's the mission in life. Within the Linux Foundation obviously the most successful open source project is Linux. But we're way beyond Linux. We host a whole set of open source projects starting from cloud native, CNCF, cloud foundry to blockchain projects like hyperledger, automotive grade Linux and a whole variety of Let's Encrypt, you name it. That we facilitate this shared technology investment. The area I own, which is networking, has several projects up and down the stack. All the way from data plane acceleration to orchestration, analytics and it's intended for carriers, enterprise, and cloud service providers including one of the most recent, highly successful and much in demand project called ONAP which is a full network automation stack. Open network automation platform. Which again, is an open source way to connect apps to infrastructure. This is the movement that you just mentioned and I'm really excited that the community's finally realizing the implications of the three letter acronym that started this whole thing called SDN. (laughing) >> SDN, SD when, a lot of stuff going on. Software defined, data center, obviously Cisco has a huge dominant preposition in the enterprise, data center in particular, but also they have a huge service provider business MSL. All that, they've been connecting networks on internet scale since the '90s. Really doing a great job. Now they got to really think about the future. What's your view there because I think Linux Foundation, you guys have been great stewards for sustainable ecosystems, but now Cisco has to put their toe into the new ecosystem. What's the meaning of that? What's the view, outlook? What's your take on where they're at? It looks good off the tee, middle of the fairway as we were saying earlier. Messaging's good, 90% of the content's community, agenda's relevant, looks good. >> I think our perspective is there's a major disruption happening. But it's not a technology disruption, it's an end user disruption. What I mean by that is the end users, whether it be carriers, whether it be enterprises whether it be cloud service providers, they are demanding that open source be part of the agenda. The reason for that is very simple. It's providing more agility, providing the access to the source code to allow for much faster feature development. They want to contribute, they want to develop the ecosystem to meet their requirements and everybody is unique as we all know. What is happening is, in this new environment, vendors, service providers, carriers, everybody is re-inventing themselves. They're re-inventing themselves with a new business model and the business model is essentially, how do I take a leadership role in developing this shared technology investment? It's not about a box. It's not about the fastest and the smallest and the largest switch routers, etc. It's about a software plan. >> It used to be about free software. Now, nothing's free because people are putting their company's name on the line. Their business models now are integrated to open source and they have people involved in other parts so technically it's free software but it's really, technically not free. But this is the new business model, this is what people are doing. >> I think you can-- >> It's tier one resource. >> If you look at the world's largest carriers today, whether it's in China, whether it's in US or in Europe, they have deployments that are built on open source. Open source networking specifically is becoming mainstream in terms of deployment. >> What's the hottest mainstream product right now? Is it SDN? What's the hottest in the-- >> SDN is a technology. SDN, NFV, network function virtualization. Those are technologies that enable the deployment of open source projects. We got projects like Open Daylight, ODL, OPNFV, ONAP, these are just names. Again as networking-- >> What's the hottest here, NFV or-- >> Right now ONAP is the hottest. As networking guys we always make these three or four letter acronyms so sorry to bug you. >> That's okay I don't mind. >> But that's how it is. >> So one of the observations at least we made at Wikibon and we made it here a couple times, is that open source has proven to be magnificently successful when the target is well defined. Other words, conventions of an operating system, there's no disagreement about what an operating system does. Hence open source could create a Linux that has just been wildly successful. Open source has not been as good at redefining the new use cases or where the technology might go. Therefore, a lot of times open source developers end up looking at each other and making each other's tools work. Which is, for example, in the big data universe, restricted the adoption of Aduke and the ability of Aduke for example. So getting value you out of it, but it's not as successful as it might be. That raises a question. I'm wondering what role you play in all this. Is there a need for a degree of open source leadership that can set the big picture, the longterm trends without undermining the innovative and inventive freedom of how developers have demonstrated they want to work together? What do you think? >> I think that's an excellent question. What happens is just by throwing software on say, Github, doesn't make you an open source project. I mean yeah, it does make you open source but that doesn't make you a successful open source project. You need a community behind it. You need a community of developers and a sustained ecosystem. One of the things we are championing, and I'm personally driving that agenda, which is thought leadership on how do these pieces fit together. As we are moving from components that were disagregated in networking to production ready software components, to production ready solutions, these all need to fit together and developed in its entirety. When you look at it holistically, from a solutions perspective, the most important thing that matters are use cases. So what we have done-- >> Totally agree. >> What we have done is for every project, strategically, when the requirements are laid down, I think of that as a requirements document. Or when the architecture is laid down. The end user use cases are explicitly defined for the community. The architecture is laid out. In that framework, the Linux Foundation facilitates the developments, the infrastructure the devOps, the agile model to come and co-create this technology in this area. >> So that's how you're doing the ideation. Are you then taking that and stepping up and also doing some of the design work? And it sounds like you are. >> We facilitate the community to do the design work, we give them architectural part leadership, we give them inter-project cross-leadership. For example, we have, in my group, in networking we have about 11 plus projects. There are multiple data plane acceleration projects. When you're putting a solution, you want portion of data plane acceleration to ride on a control plane, to ride on orchestration, to be tested end to end. Projects like OPNFV for example, they test all the pieces. They test things like FDIO, which is an acceleration project, they test open stack. Which again, it's not Linux Foundation but we do bring all the pieces together. Effectively the end user has it relatively easy to adopt and start installing. >> Congratulations, I saw that the Linux Foundation recently hired Sheryl Chamberlain as the Chief of Staff. Cube alumni been on many times, shout out for Cheryl. So you guys are growing. How are you guys handling the growth? I want to get your thoughts and you don't have to speak for the whole foundation but in general, for the folks not necessarily familiar with the inner workings of the Linux Foundation, like open source, you guys are always evolving and growing. How are you serving your stakeholders, your members and taking care and maintaining the sustainable ecosystems? >> The difference between a typical, throw the code up on GitHub versus actively managed, sustainable ecosystem is where Linux Foundation comes in. What we provide to projects in different capacity, is everything from IT as a service, marketing as a service, program management, thought leadership, executive directors, PR, media, and most importantly, events, global events to get the word out. All of that service, if you may, is what facilitates the community. Once the community is all coming together, things happen. I'll just give you an example, we just completed a developer summit on one of the projects called ONAP. Ran out of capacity, clearly. 200 people from world-wide, top-notch architects got in a room and they discussed how to merge almost 15 million lines of code. And they figured it out in four days. >> Over coffee. >> Not over coffee, it's like four days. >> I'm kidding (laughing). >> But they figured it out. I think that level of facilitation that we can provide, because you can't have it on a blank piece of paper. You need some framework, some governance, some model and some processes on how to do it. That's what Linux Foundation excels at. >> I want to move into the third area I want to discuss with you, us. You mentioned the three major customer and end users. Carriers, enterprises, cloud service providers. How do you guys relate and serve those customers when there's other stuff going on in the industry? We see Open Compute, Facebook's doing a lot of stuff, Google's throwing in a ton of open source. We have yet to see Amazon make their move with donating really good networking stuff. Certainly we've seen some machine learning out there, but, we're expecting to see an arm's race of presents coming in. It's like open bar at the hotel. More goodness is coming in from the big guys sponsoring great code. >> My mission is this year, at least, one of the things I've laid out at ONS this year was to harmonize the ecosystem. And harmonization doesn't mean merge it all so now we're one solution. Harmonization means understand where each other solutions interwork, inter-operate. If they overlap, we end up merging the projects, like what we did for ECOMP and OpenAL. That's one of the missions. Now in that process, we're looking, not just within the Linux Foundation and in my role, but also outside. That includes not just the software stacks, but also the hardware infrastructure layers. That would be OCP, that could be TIP, etc. And several others that are coming up. As well as harmonization with standards bodies. We believe that standards and open source coexist and there is a complimentary relationship there. We've been actively working with several of the standards. MEF, Team Forum, etc., etc. Trying to get a view. We just published a white paper on the Linux Foundation website on harmonizing standards on open source. There is a whole movement of ecosystem because at the end of the day, a carrier wants to solve a problem. They don't care how we solve it. I mean they do but not in a fragmented sense. And that problem is different from what an enterprise wants to solve and it's different from what a cloud. Now to your earlier question, the great news is cloud carriers and enterprises, they're looking and smelling the same as cloud native apps, cloud container networking and open source networking, they're all start combining, coming together. >> So I want to share with you a comment we had the other day. There's a story of the four wolves that were put into Yellowstone Park and changed the ecosystem cause Yellowstone had a river problem. So they injected four wolves into the ecosystem. Turns out, the deer went away, things started growing, and the whole ecosystem became so much more sustainable. Not that I'm trying to get at who's the wolves, but balancing and coexistence is the point here. You can live with wolves and not get eaten, unless you're their target. But there's a balancing act on ecosystems. And to have a good, sustainable ecosystem you need to have freshness, certainly standards and new blood, new ideas. What is your vision on coexistence because this is one of those things that we're seeing right now emerging, less about my project's better than your project. You're seeing a lot more collaboration going across communities. >> Correct. >> More than ever. >> A hundred percent agree. I think the fundamental problem has always been only the technical geeks understand the differences between the projects. And then the layer of abstraction in people, whether it's management or media, they start looking and feeling as if they are competing. I'll give you an example. In the data plane acceleration kit, we have projects like FDIO, DPDK, Iovisor, OVS, there's lots of projects there. And people like, oh my god, there's so many. Well, guess what? One of them is a kernel driven thing, other one is a set of libraries, third one builds on the libraries. So that level of understanding is missing. >> John: Interplay between all the projects. >> It's interplay. >> Peter Burris: And dependency. >> And dependencies. So that's one of the things that we want to highlight here, very significantly this year in terms of just sheer education. Because part of the coexistence is understanding each other. If we understand each other on what role each of the projects play, it's easy. Whether it's Linux Foundation or outside. So that's the first step. The second step is if they're complimentary, I want to take the next step and test them out for inter-operability. Because now you have put two pieces together. Remember, networking was a fully black box five years ago. >> Literally. >> We took it, blew it up, fragmented it, dis-segregated it, and now we got to pull... And we got tremendous innovation out of each of these layers. We were very successful on the whole disaggregation and SDN disruption. Not it's time to put it into a production ready solution. As we put those things in, we'll see that harmonization is going to play a big role. >> Arpit great to have you on here, sharing the insight. Always great to get the inner workings plus a great perspective on the industry trends and congratulations on your success and we'll continue to follow you and all your work in the networking area, all the projects Stu Miniman and team. We're going to continue to see you at the Open Networking Summit, among all the great shows. >> Thank you very much. >> Alright. >> Thank you. >> Thanks for coming on, live coverage here in San Francisco, as part of our exclusive two day coverage of the inaugural Cisco DevNet Create event. I'm John here with Peter Burris, we'll be back with more after this short break, stay with us. >> Hi I'm April Mitchell and I'm the Senior Director

(upbeat music) >> Hello and welcome to theCube's coverage of International Women's Day. I'm John Furrier, your host of "theCUBE." We've got great two remote guests coming into our Palo Alto Studios, some tech athletes, as we say, people that've been in the trenches, years of experience, Lena Smart, CISO at MongoDB, Cube alumni, and Tara Hernandez, VP of Developer Productivity at MongoDB as well. Thanks for coming in to this program and supporting our efforts today. Thanks so much. >> Thanks for having us. >> Yeah, everyone talk about the journey in tech, where it all started. Before we get there, talk about what you guys are doing at MongoDB specifically. MongoDB is kind of gone the next level as a platform. You have your own ecosystem, lot of developers, very technical crowd, but it's changing the business transformation. What do you guys do at Mongo? We'll start with you, Lena. >> So I'm the CISO, so all security goes through me. I like to say, well, I don't like to say, I'm described as the ones throat to choke. So anything to do with security basically starts and ends with me. We do have a fantastic Cloud engineering security team and a product security team, and they don't report directly to me, but obviously we have very close relationships. I like to keep that kind of church and state separate and I know I've spoken about that before. And we just recently set up a physical security team with an amazing gentleman who left the FBI and he came to join us after 26 years for the agency. So, really starting to look at the physical aspects of what we offer as well. >> I interviewed a CISO the other day and she said, "Every day is day zero for me." Kind of goofing on the Amazon Day one thing, but Tara, go ahead. Tara, go ahead. What's your role there, developer productivity? What are you focusing on? >> Sure. Developer productivity is kind of the latest description for things that we've described over the years as, you know, DevOps oriented engineering or platform engineering or build and release engineering development infrastructure. It's all part and parcel, which is how do we actually get our code from developer to customer, you know, and all the mechanics that go into that. It's been something I discovered from my first job way back in the early '90s at Borland. And the art has just evolved enormously ever since, so. >> Yeah, this is a very great conversation both of you guys, right in the middle of all the action and data infrastructures changing, exploding, and involving big time AI and data tsunami and security never stops. Well, let's get into, we'll talk about that later, but let's get into what motivated you guys to pursue a career in tech and what were some of the challenges that you faced along the way? >> I'll go first. The fact of the matter was I intended to be a double major in history and literature when I went off to university, but I was informed that I had to do a math or a science degree or else the university would not be paid for. At the time, UC Santa Cruz had a policy that called Open Access Computing. This is, you know, the late '80s, early '90s. And anybody at the university could get an email account and that was unusual at the time if you were, those of us who remember, you used to have to pay for that CompuServe or AOL or, there's another one, I forget what it was called, but if a student at Santa Cruz could have an email account. And because of that email account, I met people who were computer science majors and I'm like, "Okay, I'll try that." That seems good. And it was a little bit of a struggle for me, a lot I won't lie, but I can't complain with how it ended up. And certainly once I found my niche, which was development infrastructure, I found my true love and I've been doing it for almost 30 years now. >> Awesome. Great story. Can't wait to ask a few questions on that. We'll go back to that late '80s, early '90s. Lena, your journey, how you got into it. >> So slightly different start. I did not go to university. I had to leave school when I was 16, got a job, had to help support my family. Worked a bunch of various jobs till I was about 21 and then computers became more, I think, I wouldn't say they were ubiquitous, but they were certainly out there. And I'd also been saving up every penny I could earn to buy my own computer and bought an Amstrad 1640, 20 meg hard drive. It rocked. And kind of took that apart, put it back together again, and thought that could be money in this. And so basically just teaching myself about computers any job that I got. 'Cause most of my jobs were like clerical work and secretary at that point. But any job that had a computer in front of that, I would make it my business to go find the guy who did computing 'cause it was always a guy. And I would say, you know, I want to learn how these work. Let, you know, show me. And, you know, I would take my lunch hour and after work and anytime I could with these people and they were very kind with their time and I just kept learning, so yep. >> Yeah, those early days remind me of the inflection point we're going through now. This major C change coming. Back then, if you had a computer, you had to kind of be your own internal engineer to fix things. Remember back on the systems revolution, late '80s, Tara, when, you know, your career started, those were major inflection points. Now we're seeing a similar wave right now, security, infrastructure. It feels like it's going to a whole nother level. At Mongo, you guys certainly see this as well, with this AI surge coming in. A lot more action is coming in. And so there's a lot of parallels between these inflection points. How do you guys see this next wave of change? Obviously, the AI stuff's blowing everyone away. Oh, new user interface. It's been called the browser moment, the mobile iPhone moment, kind of for this generation. There's a lot of people out there who are watching that are young in their careers, what's your take on this? How would you talk to those folks around how important this wave is? >> It, you know, it's funny, I've been having this conversation quite a bit recently in part because, you know, to me AI in a lot of ways is very similar to, you know, back in the '90s when we were talking about bringing in the worldwide web to the forefront of the world, right. And we tended to think in terms of all the optimistic benefits that would come of it. You know, free passing of information, availability to anyone, anywhere. You just needed an internet connection, which back then of course meant a modem. >> John: Not everyone had though. >> Exactly. But what we found in the subsequent years is that human beings are what they are and we bring ourselves to whatever platforms that are there, right. And so, you know, as much as it was amazing to have this freely available HTML based internet experience, it also meant that the negatives came to the forefront quite quickly. And there were ramifications of that. And so to me, when I look at AI, we're already seeing the ramifications to that. Yes, are there these amazing, optimistic, wonderful things that can be done? Yes. >> Yeah. >> But we're also human and the bad stuff's going to come out too. And how do we- >> Yeah. >> How do we as an industry, as a community, you know, understand and mitigate those ramifications so that we can benefit more from the positive than the negative. So it is interesting that it comes kind of full circle in really interesting ways. >> Yeah. The underbelly takes place first, gets it in the early adopter mode. Normally industries with, you know, money involved arbitrage, no standards. But we've seen this movie before. Is there hope, Lena, that we can have a more secure environment? >> I would hope so. (Lena laughs) Although depressingly, we've been in this well for 30 years now and we're, at the end of the day, still telling people not to click links on emails. So yeah, that kind of still keeps me awake at night a wee bit. The whole thing about AI, I mean, it's, obviously I am not an expert by any stretch of the imagination in AI. I did read (indistinct) book recently about AI and that was kind of interesting. And I'm just trying to teach myself as much as I can about it to the extent of even buying the "Dummies Guide to AI." Just because, it's actually not a dummies guide. It's actually fairly interesting, but I'm always thinking about it from a security standpoint. So it's kind of my worst nightmare and the best thing that could ever happen in the same dream. You know, you've got this technology where I can ask it a question and you know, it spits out generally a reasonable answer. And my team are working on with Mark Porter our CTO and his team on almost like an incubation of AI link. What would it look like from MongoDB? What's the legal ramifications? 'Cause there will be legal ramifications even though it's the wild, wild west just now, I think. Regulation's going to catch up to us pretty quickly, I would think. >> John: Yeah, yeah. >> And so I think, you know, as long as companies have a seat at the table and governments perhaps don't become too dictatorial over this, then hopefully we'll be in a good place. But we'll see. I think it's a really interest, there's that curse, we're living in interesting times. I think that's where we are. >> It's interesting just to stay on this tech trend for a minute. The standards bodies are different now. Back in the old days there were, you know, IEEE standards, ITF standards. >> Tara: TPC. >> The developers are the new standard. I mean, now you're seeing open source completely different where it was in the '90s to here beginning, that was gen one, some say gen two, but I say gen one, now we're exploding with open source. You have kind of developers setting the standards. If developers like it in droves, it becomes defacto, which then kind of rolls into implementation. >> Yeah, I mean I think if you don't have developer input, and this is why I love working with Tara and her team so much is 'cause they get it. If we don't have input from developers, it's not going to get used. There's going to be ways of of working around it, especially when it comes to security. If they don't, you know, if you're a developer and you're sat at your screen and you don't want to do that particular thing, you're going to find a way around it. You're a smart person. >> Yeah. >> So. >> Developers on the front lines now versus, even back in the '90s, they're like, "Okay, consider the dev's, got a QA team." Everything was Waterfall, now it's Cloud, and developers are on the front lines of everything. Tara, I mean, this is where the standards are being met. What's your reaction to that? >> Well, I think it's outstanding. I mean, you know, like I was at Netscape and part of the crowd that released the browser as open source and we founded mozilla.org, right. And that was, you know, in many ways kind of the birth of the modern open source movement beyond what we used to have, what was basically free software foundation was sort of the only game in town. And I think it is so incredibly valuable. I want to emphasize, you know, and pile onto what Lena was saying, it's not just that the developers are having input on a sort of company by company basis. Open source to me is like a checks and balance, where it allows us as a broader community to be able to agree on and enforce certain standards in order to try and keep the technology platforms as accessible as possible. I think Kubernetes is a great example of that, right. If we didn't have Kubernetes, that would've really changed the nature of how we think about container orchestration. But even before that, Linux, right. Linux allowed us as an industry to end the Unix Wars and as someone who was on the front lines of that as well and having to support 42 different operating systems with our product, you know, that was a huge win. And it allowed us to stop arguing about operating systems and start arguing about software or not arguing, but developing it in positive ways. So with, you know, with Kubernetes, with container orchestration, we all agree, okay, that's just how we're going to orchestrate. Now we can build up this huge ecosystem, everybody gets taken along, right. And now it changes the game for what we're defining as business differentials, right. And so when we talk about crypto, that's a little bit harder, but certainly with AI, right, you know, what are the checks and balances that as an industry and as the developers around this, that we can in, you know, enforce to make sure that no one company or no one body is able to overly control how these things are managed, how it's defined. And I think that is only for the benefit in the industry as a whole, particularly when we think about the only other option is it gets regulated in ways that do not involve the people who actually know the details of what they're talking about. >> Regulated and or thrown away or bankrupt or- >> Driven underground. >> Yeah. >> Which would be even worse actually. >> Yeah, that's a really interesting, the checks and balances. I love that call out. And I was just talking with another interview part of the series around women being represented in the 51% ratio. Software is for everybody. So that we believe that open source movement around the collective intelligence of the participants in the industry and independent of gender, this is going to be the next wave. You're starting to see these videos really have impact because there are a lot more leaders now at the table in companies developing software systems and with AI, the aperture increases for applications. And this is the new dynamic. What's your guys view on this dynamic? How does this go forward in a positive way? Is there a certain trajectory you see? For women in the industry? >> I mean, I think some of the states are trying to, again, from the government angle, some of the states are trying to force women into the boardroom, for example, California, which can be no bad thing, but I don't know, sometimes I feel a bit iffy about all this kind of forced- >> John: Yeah. >> You know, making, I don't even know how to say it properly so you can cut this part of the interview. (John laughs) >> Tara: Well, and I think that they're >> I'll say it's not organic. >> No, and I think they're already pulling it out, right. It's already been challenged so they're in the process- >> Well, this is the open source angle, Tara, you are getting at it. The change agent is open, right? So to me, the history of the proven model is openness drives transparency drives progress. >> No, it's- >> If you believe that to be true, this could have another impact. >> Yeah, it's so interesting, right. Because if you look at McKinsey Consulting or Boston Consulting or some of the other, I'm blocking on all of the names. There has been a decade or more of research that shows that a non homogeneous employee base, be it gender or ethnicity or whatever, generates more revenue, right? There's dollar signs that can be attached to this, but it's not enough for all companies to want to invest in that way. And it's not enough for all, you know, venture firms or investment firms to grant that seed money or do those seed rounds. I think it's getting better very slowly, but socialization is a much harder thing to overcome over time. Particularly, when you're not just talking about one country like the United States in our case, but around the world. You know, tech centers now exist all over the world, including places that even 10 years ago we might not have expected like Nairobi, right. Which I think is amazing, but you have to factor in the cultural implications of that as well, right. So yes, the openness is important and we have, it's important that we have those voices, but I don't think it's a panacea solution, right. It's just one more piece. I think honestly that one of the most important opportunities has been with Cloud computing and Cloud's been around for a while. So why would I say that? It's because if you think about like everybody holds up the Steve Jobs, Steve Wozniak, back in the '70s, or Sergey and Larry for Google, you know, you had to have access to enough credit card limit to go to Fry's and buy your servers and then access to somebody like Susan Wojcicki to borrow the garage or whatever. But there was still a certain amount of upfrontness that you had to be able to commit to, whereas now, and we've, I think, seen a really good evidence of this being able to lease server resources by the second and have development platforms that you can do on your phone. I mean, for a while I think Africa, that the majority of development happened on mobile devices because there wasn't a sufficient supply chain of laptops yet. And that's no longer true now as far as I know. But like the power that that enables for people who would otherwise be underrepresented in our industry instantly opens it up, right? And so to me that's I think probably the biggest opportunity that we've seen from an industry on how to make more availability in underrepresented representation for entrepreneurship. >> Yeah. >> Something like AI, I think that's actually going to take us backwards if we're not careful. >> Yeah. >> Because of we're reinforcing that socialization. >> Well, also the bias. A lot of people commenting on the biases of the large language inherently built in are also problem. Lena, I want you to weigh on this too, because I think the skills question comes up here and I've been advocating that you don't need the pedigree, college pedigree, to get into a certain jobs, you mentioned Cloud computing. I mean, it's been around for you think a long time, but not really, really think about it. The ability to level up, okay, if you're going to join something new and half the jobs in cybersecurity are created in the past year, right? So, you have this what used to be a barrier, your degree, your pedigree, your certification would take years, would be a blocker. Now that's gone. >> Lena: Yeah, it's the opposite. >> That's, in fact, psychology. >> I think so, but the people who I, by and large, who I interview for jobs, they have, I think security people and also I work with our compliance folks and I can't forget them, but let's talk about security just now. I've always found a particular kind of mindset with security folks. We're very curious, not very good at following rules a lot of the time, and we'd love to teach others. I mean, that's one of the big things stem from the start of my career. People were always interested in teaching and I was interested in learning. So it was perfect. And I think also having, you know, strong women leaders at MongoDB allows other underrepresented groups to actually apply to the company 'cause they see that we're kind of talking the talk. And that's been important. I think it's really important. You know, you've got Tara and I on here today. There's obviously other senior women at MongoDB that you can talk to as well. There's a bunch of us. There's not a whole ton of us, but there's a bunch of us. And it's good. It's definitely growing. I've been there for four years now and I've seen a growth in women in senior leadership positions. And I think having that kind of track record of getting really good quality underrepresented candidates to not just interview, but come and join us, it's seen. And it's seen in the industry and people take notice and they're like, "Oh, okay, well if that person's working, you know, if Tara Hernandez is working there, I'm going to apply for that." And that in itself I think can really, you know, reap the rewards. But it's getting started. It's like how do you get your first strong female into that position or your first strong underrepresented person into that position? It's hard. I get it. If it was easy, we would've sold already. >> It's like anything. I want to see people like me, my friends in there. Am I going to be alone? Am I going to be of a group? It's a group psychology. Why wouldn't? So getting it out there is key. Is there skills that you think that people should pay attention to? One's come up as curiosity, learning. What are some of the best practices for folks trying to get into the tech field or that's in the tech field and advancing through? What advice are you guys- >> I mean, yeah, definitely, what I say to my team is within my budget, we try and give every at least one training course a year. And there's so much free stuff out there as well. But, you know, keep learning. And even if it's not right in your wheelhouse, don't pick about it. Don't, you know, take a look at what else could be out there that could interest you and then go for it. You know, what does it take you few minutes each night to read a book on something that might change your entire career? You know, be enthusiastic about the opportunities out there. And there's so many opportunities in security. Just so many. >> Tara, what's your advice for folks out there? Tons of stuff to taste, taste test, try things. >> Absolutely. I mean, I always say, you know, my primary qualifications for people, I'm looking for them to be smart and motivated, right. Because the industry changes so quickly. What we're doing now versus what we did even last year versus five years ago, you know, is completely different though themes are certainly the same. You know, we still have to code and we still have to compile that code or package the code and ship the code so, you know, how well can we adapt to these new things instead of creating floppy disks, which was my first job. Five and a quarters, even. The big ones. >> That's old school, OG. There it is. Well done. >> And now it's, you know, containers, you know, (indistinct) image containers. And so, you know, I've gotten a lot of really great success hiring boot campers, you know, career transitioners. Because they bring a lot experience in addition to the technical skills. I think the most important thing is to experiment and figuring out what do you like, because, you know, maybe you are really into security or maybe you're really into like deep level coding and you want to go back, you know, try to go to school to get a degree where you would actually want that level of learning. Or maybe you're a front end engineer, you want to be full stacked. Like there's so many different things, data science, right. Maybe you want to go learn R right. You know, I think it's like figure out what you like because once you find that, that in turn is going to energize you 'cause you're going to feel motivated. I think the worst thing you could do is try to force yourself to learn something that you really could not care less about. That's just the worst. You're going in handicapped. >> Yeah and there's choices now versus when we were breaking into the business. It was like, okay, you software engineer. They call it software engineering, that's all it was. You were that or you were in sales. Like, you know, some sort of systems engineer or sales and now it's,- >> I had never heard of my job when I was in school, right. I didn't even know it was a possibility. But there's so many different types of technical roles, you know, absolutely. >> It's so exciting. I wish I was young again. >> One of the- >> Me too. (Lena laughs) >> I don't. I like the age I am. So one of the things that I did to kind of harness that curiosity is we've set up a security champions programs. About 120, I guess, volunteers globally. And these are people from all different backgrounds and all genders, diversity groups, underrepresented groups, we feel are now represented within this champions program. And people basically give up about an hour or two of their time each week, with their supervisors permission, and we basically teach them different things about security. And we've now had seven full-time people move from different areas within MongoDB into my team as a result of that program. So, you know, monetarily and time, yeah, saved us both. But also we're showing people that there is a path, you know, if you start off in Tara's team, for example, doing X, you join the champions program, you're like, "You know, I'd really like to get into red teaming. That would be so cool." If it fits, then we make that happen. And that has been really important for me, especially to give, you know, the women in the underrepresented groups within MongoDB just that window into something they might never have seen otherwise. >> That's a great common fit is fit matters. Also that getting access to what you fit is also access to either mentoring or sponsorship or some sort of, at least some navigation. Like what's out there and not being afraid to like, you know, just ask. >> Yeah, we just actually kicked off our big mentor program last week, so I'm the executive sponsor of that. I know Tara is part of it, which is fantastic. >> We'll put a plug in for it. Go ahead. >> Yeah, no, it's amazing. There's, gosh, I don't even know the numbers anymore, but there's a lot of people involved in this and so much so that we've had to set up mentoring groups rather than one-on-one. And I think it was 45% of the mentors are actually male, which is quite incredible for a program called Mentor Her. And then what we want to do in the future is actually create a program called Mentor Them so that it's not, you know, not just on the female and so that we can live other groups represented and, you know, kind of break down those groups a wee bit more and have some more granularity in the offering. >> Tara, talk about mentoring and sponsorship. Open source has been there for a long time. People help each other. It's community-oriented. What's your view of how to work with mentors and sponsors if someone's moving through ranks? >> You know, one of the things that was really interesting, unfortunately, in some of the earliest open source communities is there was a lot of pervasive misogyny to be perfectly honest. >> Yeah. >> And one of the important adaptations that we made as an open source community was the idea, an introduction of code of conducts. And so when I'm talking to women who are thinking about expanding their skills, I encourage them to join open source communities to have opportunity, even if they're not getting paid for it, you know, to develop their skills to work with people to get those code reviews, right. I'm like, "Whatever you join, make sure they have a code of conduct and a good leadership team. It's very important." And there are plenty, right. And then that idea has come into, you know, conferences now. So now conferences have codes of contact, if there are any good, and maybe not all of them, but most of them, right. And the ideas of expanding that idea of intentional healthy culture. >> John: Yeah. >> As a business goal and business differentiator. I mean, I won't lie, when I was recruited to come to MongoDB, the culture that I was able to discern through talking to people, in addition to seeing that there was actually women in senior leadership roles like Lena, like Kayla Nelson, that was a huge win. And so it just builds on momentum. And so now, you know, those of us who are in that are now representing. And so that kind of reinforces, but it's all ties together, right. As the open source world goes, particularly for a company like MongoDB, which has an open source product, you know, and our community builds. You know, it's a good thing to be mindful of for us, how we interact with the community and you know, because that could also become an opportunity for recruiting. >> John: Yeah. >> Right. So we, in addition to people who might become advocates on Mongo's behalf in their own company as a solution for themselves, so. >> You guys had great successful company and great leadership there. I mean, I can't tell you how many times someone's told me "MongoDB doesn't scale. It's going to be dead next year." I mean, I was going back 10 years. It's like, just keeps getting better and better. You guys do a great job. So it's so fun to see the success of developers. Really appreciate you guys coming on the program. Final question, what are you guys excited about to end the segment? We'll give you guys the last word. Lena will start with you and Tara, you can wrap us up. What are you excited about? >> I'm excited to see what this year brings. I think with ChatGPT and its copycats, I think it'll be a very interesting year when it comes to AI and always in the lookout for the authentic deep fakes that we see coming out. So just trying to make people aware that this is a real thing. It's not just pretend. And then of course, our old friend ransomware, let's see where that's going to go. >> John: Yeah. >> And let's see where we get to and just genuine hygiene and housekeeping when it comes to security. >> Excellent. Tara. >> Ah, well for us, you know, we're always constantly trying to up our game from a security perspective in the software development life cycle. But also, you know, what can we do? You know, one interesting application of AI that maybe Google doesn't like to talk about is it is really cool as an addendum to search and you know, how we might incorporate that as far as our learning environment and developer productivity, and how can we enable our developers to be more efficient, productive in their day-to-day work. So, I don't know, there's all kinds of opportunities that we're looking at for how we might improve that process here at MongoDB and then maybe be able to share it with the world. One of the things I love about working at MongoDB is we get to use our own products, right. And so being able to have this interesting document database in order to put information and then maybe apply some sort of AI to get it out again, is something that we may well be looking at, if not this year, then certainly in the coming year. >> Awesome. Lena Smart, the chief information security officer. Tara Hernandez, vice president developer of productivity from MongoDB. Thank you so much for sharing here on International Women's Day. We're going to do this quarterly every year. We're going to do it and then we're going to do quarterly updates. Thank you so much for being part of this program. >> Thank you. >> Thanks for having us. >> Okay, this is theCube's coverage of International Women's Day. I'm John Furrier, your host. Thanks for watching. (upbeat music)

>> Narrator: theCUBE's live coverage is made possible by funding from Dell Technologies. Creating technologies that drive human progress. (upbeat music) >> Welcome back to Barcelona, Spain, everyone. It's theCUBE live at MWC '23, day three of four days of CUBE coverage. It's like a cannon of CUBE content coming right at you. I'm Lisa Martin with Dave Nicholson. We've got Dell and VMware here. Going to be talking about the ecosystem partnerships and what they're doing to further organizations in the telco industry. Please welcome Jared Woodrey, Director of Partner Engineering Open Telecom Ecosystem Lab, OTEL. Odded Solomon is here as well, Director of Product Management, VMware Service Provider and Edge Business Unit at VMware. Guys, great to have you on the program. >> Thank you for having me. >> Welcome to theCUBE. So Jared, first question for you. Talk about OTEL. I know there's a big announcement this week, but give the audience context and understanding of what OTEL is and how it works. >> Sure. So the Open Telecom Ecosystem Lab is physically located at Round Rock, Texas, it's the heart and soul of it. But this week we also just announced opening up the Cork, Ireland extension of OTEL. The reason for our existence is to to try and make it as easy as possible for both partners and customers to come together and to re-aggregate this disaggregated ecosystem. So that comes with a number of automation tools and basically just giving a known good testing environment so that tests that happen in our lab are as close to real world as they possibly can be and make it as transparent and open as possible for both partners like VMware as well as customers. >> Odded, talk about what you're doing with Dell and OTEL and give us a customer example of maybe one that you're working with or even even mentioning it by a high level descriptor if you have to. >> Yeah. So we provide a telco cloud platform, which is essentially a vertical in VMware. The telco cloud platform is serving network function vendors, such as Ericsson, Nokia, Mavenir, and so on. What we do with Dell as part of this partnership is essentially complementing the platform with some additional functionality that is not coming out of the box. We used to have a data protection in the past, but this is no longer our main business focus. So we do provide APIs that we can expose and work together with Dell PPDM solution so customer can benefit from this and leverage the partnership and have overall solution that is not coming out of the box from VMware. >> I'm curious, from a VMware perspective. VMware is associated often with the V in VMware, virtualization, and we've seen a transition over time between sort of flavors of virtualization and what is the mix currently today in the telecom space between environments that are leveraging what we would think of as more traditional virtualization with full blown Linux, Windows operating systems in a VM versus the world of containerized microservices? What does that mix look like today? Where do you see it going? >> Yeah, so the VMware telco cloud platform exists for about eight years. And the V started around that time. You might heard about open stack in addition to VMware. So this has definitely helped the network equipment providers with virtualizing their network functions. Those are typically VNF, virtualized network functions, inside the VMs. Essentially we have 4G applications, so core applications, EPC, we have IMS. Those are typically, I would say maybe 80 or 90% of the ecosystem right now. 5G is associated with cloud native network functions. So 5G is getting started now, getting deployed. There is an exponential growth on the core side. Now, when we expand towards the edge of the network we see more potential growth. This is 5G ran, we see the vRAN, we see the open RAN, we see early POCs, we see field trials that are starting. We obviously has production customer now. You just spoke to one. So this is really starting, cloud native is really starting I would say about 10 to 20% of the network functions these days are cloud native. >> Jared, question for you. You mentioned data protection, a huge topic there obviously from a security perspective. Data protection used to be the responsibility of the CSPs. You guys are changing that. Can you talk a little bit about how you're doing that and what Dell's play there is? >> Yeah, so PowerProtect Data Management is a product, but it's produced by Dell. So what this does is it enables data protection over virtual cloud as well as the physical infrastructure of specifically in this case of a telecoms ecosystem. So what this does is enables an ability to rapidly redeploy and back up existing configurations all the way up to the TCP and TCA that pulls the basis of our work here with VMware. >> So you've offloaded that responsibility from the CSPs. You freed them from that. >> So the work that we did, honestly was to make sure that we have a very clear and concise and accurate procedures for how to conduct this as well. And to put this through a realistic and real world as if it was in a telecoms own production network, what did that would actually look like, and what it would take to bring it back up as well. So our responsibility is to make sure that when we when we provide these products to the customers that not only do they work exactly as their intended to, but there is also documentation to help support them and to enable them to have their exact specifications met by as well. >> Got it. So talk about a little bit about OTEL expansion into Cork. What you guys are doing together to enable CSPs here in EMEA? >> Yeah, so the reason why we opened up a facility in Cork Island was to give, for an EMEA audience, for an EMEA CSPs and ability to look and feel and touch some of the products that we're working on. It also just facilitates and ease especially for European-based partners to have a chance to very easily come to a lab environment. The difference though, honestly, is the between Round Rock, Texas and Cork Island is that it's virtually an extension of the same thing. Like the physical locations can make it easier to provide access and obviously to showcase the products that we've developed with partners. But the reality is that it's more than just the physical location. It's more about the ability and ease by which customers and partners can access the labs. >> So we should be expecting a lot of Tito's vodka to be consumed in Cork at some point. Might change the national beverage. >> We do need to have some international exchange. >> Yeah, no, that's good to know. Odded, on the VMware side of things. There's a large group of folks who have VMware skillsets. >> Odded: Correct. >> The telecom industry is moving into this world of the kind of agility that those folks are familiar with. How do people come out of the traditional VMware virtualization world and move into that world of cloud native applications and serve the telecom space? What would your recommendation be? If you were speaking at a VMUG, a VMware Users Group meeting with all of your telecom background, what would you share with them that's critical to understand about how telecom is different, or how telecom's spot in its evolution might be different than the traditional IT space? >> So we're talking about the people with the knowledge and the background of. >> Yeah, I'm a V expert, let's say. And I'm looking into the future and I hear that there are 80,000 people in Barcelona at this event, and I hear that Dell is building optimized infrastructure specifically for telecom, and that VMware is involved. And I'm an expert in VMware and I want to be involved. What do I need to do? I know it's a little bit outside of the box question, but especially against the backdrop of economic headwinds globally, there are a lot of people facing transitions. What are your thoughts there? >> So, first of all, we understand the telco requirements, we understand the telco needs, and we make sure that what we learn from the customers, what we learn from the partners is being built into the VMware products. And simplicity is number one thing that is important for us. We want the customer experience, we want the user experience to be the same as they know even though we are transitioning into cloud native networks that require more frequent upgrades and they have more complexity to be honest. And what we do in our vertical inside VMware we are focusing on automation, telco cloud automation, telco cloud service assurance. Think of it as a wrapper around the SDDC stack that we have from VMware that really simplifies the operations for the telcos because it's really a challenge about skillset. You need to be a DevOps, SRE in order to operate these networks. And things are becoming really complex. We simplify it for them with the same VMware experience. We have a very good ability to do that. We sell products in VMware. Unlike our competition that is mostly selling professional services and support, we try to focus more on the products and delivering the value. Of course, we have services offering because telcos requires some customizations, but we do focus on automation simplicity throughout our staff. >> So just follow up. So in other words the investment in education in this VMware ecosystem absolutely can be extended and applied into the telecom world. I think it's an important thing. >> I was going to add to that. Our engagement in OTEL was also something that we created a solutions brief whether we released from Mobile World Congress this week. But in conjunction with that, we also have a white paper coming out that has a much more expansive explanation and documentation of what it was that we accomplished in the work that we've done together. And that's not something that is going to be a one-off thing. This is something that will stay evergreen that we'll continue to expand both the testing scope as well as the documentation for what this solution looks like and how it can be used as well as documentation on for the V experts for how they can then leverage and realize the the potential for what we're creating together. >> Jared, does Dell look at OTEL as having the potential to facilitate the continued evolution of the actual telco industry? And if so, how? >> Well, I mean, it would be a horrible answer if I were to say no to that. >> Right. >> I think, I honestly believe that one of the most difficult things about this idea of having desired ecosystem is not just trying to put it back together, but then also how to give yourself choice. So each time that you build one of those solution sets like that exists as an island out of all the other possibilities that comes with it. And OTEL seeks to not just be able to facilitate building that first solution set. Like that's what solutions engineering can do. And that's generally done relatively protected and internally. The Open Telecom Ecosystem seeks to build that then to also provide the ability to very easily change specific components of that whether that's a hardware component, a NIC, whether a security pass just came out or a change in either TCP or TCA or we talked a little bit about for this specific engagement that it was done on TCP 2.5. >> Odded: Correct. >> Obviously there's already a 2.7 and 3.0 is coming out. It's not like we're going to sit around and write our coattails of what 2.7 has happened. So this isn't intended to be a one and done thing. So when we talk about trying to make that easier and simpler and de-risk all of the risk that comes from trying to put all these things together, it's not just the the one single solution that you built in the lab. It's what's the next one? And how do I optimize this? And I have specific requirements as a CSP, how can I take something you built that doesn't quite match it, but how do I make that adjustment? So that's what we see to do and make it as easy and as painless as possible. >> What's the engagement model with CSPs? Is it led by Dell only, VMware partner? How does that work? >> Yeah, I can take that. So that depends on the customer, but typically customers they want to choose the cloud vendor. So they come to VMware, we want VMware. Typically, they come from the IT side. They said, "Oh, we want to manage the network side of the house the same way as we manage the IT. We don't want to have special skill sets, special teams." So they move from the IT to the network side and they want VMware there. And then obviously they have an RSP process and they have hardware choices. They can go with Dell, they can go with others. We leverage vSphere, other compatibility. So we can be flexible with the customer choice. And then depending on which customer, how large they are, they select the network equipment provider that the runs on top. We position our platform as multi-vendor. So many of them choose multiple network functions providers. So we work with Dell. So assuming that the customer is choosing Dell. We work very closely with them, offering the best solution for the customer. We work with them sometimes to even design the boxes to make sure that it fits their use cases and to make sure that it works properly. So we have a partnership validation certification end-to-end from the applications all the way down to the hardware. >> It's a fascinating place in history to be right now with 5G. Something that a lot of consumers sort of assume. It's like, "Oh, hey, yeah, we're already there. What's the 6G thing going to look like?" Well, wait a minute, we're just at the beginning stages. And so you talk about disaggregation, re-aggregation, or reintegration, the importance of that. Folks like Dell have experience in that space. Folks at VMware have a lot of experience in the virtualization space, but I heard that VMware is being acquired by Broadcom, if it all goes through, of course. You don't need to comment on it. But you mentioned something, SDDC, software-defined data center. That stack is sometimes misunderstood by the public at large and maybe the folks in the EU, I will editorialize for a moment here. It is eliminating capture in a way by larger hyperscale cloud providers. It absolutely introduces more competition into the market space. So it's interesting to hear Broadcom acknowledging that this is part of the future of VMware, no matter what else happens. These capabilities that spill into the telecom space are something that they say they're going to embrace and extend. I think that's important for anyone who's evaluating this if they're concern. Well, wait a minute. Yeah, when I reintegrate, do I want VMware as part of this mix? Is that an unknown? It's pretty clear that that's something that is part of the future of VMware moving forward. That's my personal opinion based on analysis. But you brought up SDDC, so I wanted to mention that. Again, I'm not going to ask you to get into trouble on that at all. What should we be, from a broad perspective, are there any services, outcomes that are going to come out of all of this work? The agility that's being built by you folks and folks in the open world. Are there any specific things that you personally are excited about? Or when we think about consumer devices, getting data, what are the other kinds of things that this facilitates? Anything cool, either one of you. >> So specific use cases? >> Yeah, anything. It's got to be cool though. If it's not cool we're going to ask you to leave. >> All right. I'll take that challenge. (laughs) I think one of the things that is interesting for something like OTEL as an exist, as being an Open Telecom Ecosystem, there are going to be some CSPs that it's very difficult for them to have this optionality existing for themselves. Especially when you start talking about tailoring it for specific CSPs and their needs. One of the things that becomes much more available to some of the smaller CSPs is the ability to leverage OTEL and basically act as one of their pre-production labs. So this would be something that would be very specific to a customer and we would obviously make sure that it's completely isolated but the intention there would be that it would open up the ability for what would normally take a much longer time period for them to receive some of the benefits of some of the changes that are happening within the industry. But they would have immediate benefit by leveraging specifically looking OTEL to provide them some of their solutions. And I know that you were also looking for specific use cases out of it, but like that's a huge deal for a lot of CSPs around the world that don't have the ability to lay out all the different permutations that they are most interested in and start to put each one of those through a test cycle. A specific use cases for what this looks like is honestly the most exciting that I've seen for right now is on the private 5G networks. Specifically within mining industry, we have a, sorry for the audience, but we have a demo at our booth that starts to lay out exactly how it was deployed and kind of the AB of what this looked like before the world of private 5G for this mining company and what it looks like afterwards. And the ability for both safety, as well as operational costs, as well as their ability to obviously do their job better is night and day. It completely opened up a very analog system and opened up to a very digitalized system. And I would be remiss, I didn't also mention OpenBrew, which is also an example in our booth. >> We saw it last night in action. >> We saw it. >> I hope you did. So OpenBrew is small brewery in Northeast America and we basically took a very manual process of checking temperature and pressure on multiple different tanks along the entire brewing process and digitized everything for them. All of that was enabled by a private 5G deployment that's built on Dell hardware. >> You asked for cool. I think we got it. >> Yeah, it's cool. >> Jared: I think beer. >> Cool brew, yes. >> Root beer, I think is trump card there. >> At least for folks from North America, we like our brew cool. >> Exactly. Guys, thank you so much for joining Dave and me talking about what Dell, OTEL, and VMware are doing together, what you're enabling CSPs to do and achieve. We appreciate your time and your insights. >> Absolutely. >> Thank you. >> All right, our pleasure. For our guests and for Dave Nicholson, I'm Lisa Martin. You watching theCUBE live from MWC '23. Day three of our coverage continues right after a short break. (upbeat music)

(upbeat electronic music) >> Hello everyone, welcome to this CUBE conversation here from the studios in the CUBE in Palo Alto, California. I'm John Furrier, your host. We're featuring a startup, Astronomer. Astronomer.io is the URL, check it out. And we're going to have a great conversation around one of the most important topics hitting the industry, and that is the future of machine learning and AI, and the data that powers it underneath it. There's a lot of things that need to get done, and we're excited to have some of the co-founders of Astronomer here. Viraj Parekh, who is co-founder of Astronomer, and Paola Peraza Calderon, another co-founder, both with Astronomer. Thanks for coming on. First of all, how many co-founders do you guys have? >> You know, I think the answer's around six or seven. I forget the exact, but there's really been a lot of people around the table who've worked very hard to get this company to the point that it's at. We have long ways to go, right? But there's been a lot of people involved that have been absolutely necessary for the path we've been on so far. >> Thanks for that, Viraj, appreciate that. The first question I want to get out on the table, and then we'll get into some of the details, is take a minute to explain what you guys are doing. How did you guys get here? Obviously, multiple co-founders, sounds like a great project. The timing couldn't have been better. ChatGPT has essentially done so much public relations for the AI industry to kind of highlight this shift that's happening. It's real, we've been chronicalizing, take a minute to explain what you guys do. >> Yeah, sure, we can get started. So, yeah, when Viraj and I joined Astronomer in 2017, we really wanted to build a business around data, and we were using an open source project called Apache Airflow that we were just using sort of as customers ourselves. And over time, we realized that there was actually a market for companies who use Apache Airflow, which is a data pipeline management tool, which we'll get into, and that running Airflow is actually quite challenging, and that there's a big opportunity for us to create a set of commercial products and an opportunity to grow that open source community and actually build a company around that. So the crux of what we do is help companies run data pipelines with Apache Airflow. And certainly we've grown in our ambitions beyond that, but that's sort of the crux of what we do for folks. >> You know, data orchestration, data management has always been a big item in the old classic data infrastructure. But with AI, you're seeing a lot more emphasis on scale, tuning, training. Data orchestration is the center of the value proposition, when you're looking at coordinating resources, it's one of the most important things. Can you guys explain what data orchestration entails? What does it mean? Take us through the definition of what data orchestration entails. >> Yeah, for sure. I can take this one, and Viraj, feel free to jump in. So if you google data orchestration, here's what you're going to get. You're going to get something that says, "Data orchestration is the automated process" "for organizing silo data from numerous" "data storage points, standardizing it," "and making it accessible and prepared for data analysis." And you say, "Okay, but what does that actually mean," right, and so let's give sort of an an example. So let's say you're a business and you have sort of the following basic asks of your data team, right? Okay, give me a dashboard in Sigma, for example, for the number of customers or monthly active users, and then make sure that that gets updated on an hourly basis. And then number two, a consistent list of active customers that I have in HubSpot so that I can send them a monthly product newsletter, right? Two very basic asks for all sorts of companies and organizations. And when that data team, which has data engineers, data scientists, ML engineers, data analysts get that request, they're looking at an ecosystem of data sources that can help them get there, right? And that includes application databases, for example, that actually have in product user behavior and third party APIs from tools that the company uses that also has different attributes and qualities of those customers or users. And that data team needs to use tools like Fivetran to ingest data, a data warehouse, like Snowflake or Databricks to actually store that data and do analysis on top of it, a tool like DBT to do transformations and make sure that data is standardized in the way that it needs to be, a tool like Hightouch for reverse ETL. I mean, we could go on and on. There's so many partners of ours in this industry that are doing really, really exciting and critical things for those data movements. And the whole point here is that data teams have this plethora of tooling that they use to both ingest the right data and come up with the right interfaces to transform and interact with that data. And data orchestration, in our view, is really the heartbeat of all of those processes, right? And tangibly the unit of data orchestration is a data pipeline, a set of tasks or jobs that each do something with data over time and eventually run that on a schedule to make sure that those things are happening continuously as time moves on and the company advances. And so, for us, we're building a business around Apache Airflow, which is a workflow management tool that allows you to author, run, and monitor data pipelines. And so when we talk about data orchestration, we talk about sort of two things. One is that crux of data pipelines that, like I said, connect that large ecosystem of data tooling in your company. But number two, it's not just that data pipeline that needs to run every day, right? And Viraj will probably touch on this as we talk more about Astronomer and our value prop on top of Airflow. But then it's all the things that you need to actually run data and production and make sure that it's trustworthy, right? So it's actually not just that you're running things on a schedule, but it's also things like CICD tooling, secure secrets management, user permissions, monitoring, data lineage, documentation, things that enable other personas in your data team to actually use those tools. So long-winded way of saying that it's the heartbeat, we think, of of the data ecosystem, and certainly goes beyond scheduling, but again, data pipelines are really at the center of it. >> One of the things that jumped out, Viraj, if you can get into this, I'd like to hear more about how you guys look at all those little tools that are out. You mentioned a variety of things. You look at the data infrastructure, it's not just one stack. You've got an analytic stack, you've got a realtime stack, you've got a data lake stack, you got an AI stack potentially. I mean you have these stacks now emerging in the data world that are fundamental, that were once served by either a full package, old school software, and then a bunch of point solution. You mentioned Fivetran there, I would say in the analytics stack. Then you got S3, they're on the data lake stack. So all these things are kind of munged together. >> Yeah. >> How do you guys fit into that world? You make it easier, or like, what's the deal? >> Great question, right? And you know, I think that one of the biggest things we've found in working with customers over the last however many years is that if a data team is using a bunch of tools to get what they need done, and the number of tools they're using is growing exponentially and they're kind of roping things together here and there, that's actually a sign of a productive team, not a bad thing, right? It's because that team is moving fast. They have needs that are very specific to them, and they're trying to make something that's exactly tailored to their business. So a lot of times what we find is that customers have some sort of base layer, right? That's kind of like, it might be they're running most of the things in AWS, right? And then on top of that, they'll be using some of the things AWS offers, things like SageMaker, Redshift, whatever, but they also might need things that their cloud can't provide. Something like Fivetran, or Hightouch, those are other tools. And where data orchestration really shines, and something that we've had the pleasure of helping our customers build, is how do you take all those requirements, all those different tools and whip them together into something that fulfills a business need? So that somebody can read a dashboard and trust the number that it says, or somebody can make sure that the right emails go out to their customers. And Airflow serves as this amazing kind of glue between that data stack, right? It's to make it so that for any use case, be it ELT pipelines, or machine learning, or whatever, you need different things to do them, and Airflow helps tie them together in a way that's really specific for a individual business' needs. >> Take a step back and share the journey of what you guys went through as a company startup. So you mentioned Apache, open source. I was just having an interview with a VC, we were talking about foundational models. You got a lot of proprietary and open source development going on. It's almost the iPhone/Android moment in this whole generative space and foundational side. This is kind of important, the open source piece of it. Can you share how you guys started? And I can imagine your customers probably have their hair on fire and are probably building stuff on their own. Are you guys helping them? Take us through, 'cause you guys are on the front end of a big, big wave, and that is to make sense of the chaos, rain it in. Take us through your journey and why this is important. >> Yeah, Paola, I can take a crack at this, then I'll kind of hand it over to you to fill in whatever I miss in details. But you know, like Paola is saying, the heart of our company is open source, because we started using Airflow as an end user and started to say like, "Hey wait a second," "more and more people need this." Airflow, for background, started at Airbnb, and they were actually using that as a foundation for their whole data stack. Kind of how they made it so that they could give you recommendations, and predictions, and all of the processes that needed orchestrated. Airbnb created Airflow, gave it away to the public, and then fast forward a couple years and we're building a company around it, and we're really excited about that. >> That's a beautiful thing. That's exactly why open source is so great. >> Yeah, yeah. And for us, it's really been about watching the community and our customers take these problems, find a solution to those problems, standardize those solutions, and then building on top of that, right? So we're reaching to a point where a lot of our earlier customers who started to just using Airflow to get the base of their BI stack down and their reporting in their ELP infrastructure, they've solved that problem and now they're moving on to things like doing machine learning with their data, because now that they've built that foundation, all the connective tissue for their data arriving on time and being orchestrated correctly is happening, they can build a layer on top of that. And it's just been really, really exciting kind of watching what customers do once they're empowered to pick all the tools that they need, tie them together in the way they need to, and really deliver real value to their business. >> Can you share some of the use cases of these customers? Because I think that's where you're starting to see the innovation. What are some of the companies that you're working with, what are they doing? >> Viraj, I'll let you take that one too. (group laughs) >> So you know, a lot of it is... It goes across the gamut, right? Because it doesn't matter what you are, what you're doing with data, it needs to be orchestrated. So there's a lot of customers using us for their ETL and ELT reporting, right? Just getting data from other disparate sources into one place and then building on top of that. Be it building dashboards, answering questions for the business, building other data products and so on and so forth. From there, these use cases evolve a lot. You do see folks doing things like fraud detection, because Airflow's orchestrating how transactions go, transactions get analyzed. They do things like analyzing marketing spend to see where your highest ROI is. And then you kind of can't not talk about all of the machine learning that goes on, right? Where customers are taking data about their own customers, kind of analyze and aggregating that at scale, and trying to automate decision making processes. So it goes from your most basic, what we call data plumbing, right? Just to make sure data's moving as needed, all the ways to your more exciting expansive use cases around automated decision making and machine learning. >> And I'd say, I mean, I'd say that's one of the things that I think gets me most excited about our future, is how critical Airflow is to all of those processes, and I think when you know a tool is valuable is when something goes wrong and one of those critical processes doesn't work. And we know that our system is so mission critical to answering basic questions about your business and the growth of your company for so many organizations that we work with. So it's, I think, one of the things that gets Viraj and I and the rest of our company up every single morning is knowing how important the work that we do for all of those use cases across industries, across company sizes, and it's really quite energizing. >> It was such a big focus this year at AWS re:Invent, the role of data. And I think one of the things that's exciting about the open AI and all the movement towards large language models is that you can integrate data into these models from outside. So you're starting to see the integration easier to deal with. Still a lot of plumbing issues. So a lot of things happening. So I have to ask you guys, what is the state of the data orchestration area? Is it ready for disruption? Has it already been disrupted? Would you categorize it as a new first inning kind of opportunity, or what's the state of the data orchestration area right now? Both technically and from a business model standpoint. How would you guys describe that state of the market? >> Yeah, I mean, I think in a lot of ways, in some ways I think we're category creating. Schedulers have been around for a long time. I released a data presentation sort of on the evolution of going from something like Kron, which I think was built in like the 1970s out of Carnegie Mellon. And that's a long time ago, that's 50 years ago. So sort of like the basic need to schedule and do something with your data on a schedule is not a new concept. But to our point earlier, I think everything that you need around your ecosystem, first of all, the number of data tools and developer tooling that has come out industry has 5X'd over the last 10 years. And so obviously as that ecosystem grows, and grows, and grows, and grows, the need for orchestration only increases. And I think, as Astronomer, I think we... And we work with so many different types of companies, companies that have been around for 50 years, and companies that got started not even 12 months ago. And so I think for us it's trying to, in a ways, category create and adjust sort of what we sell and the value that we can provide for companies all across that journey. There are folks who are just getting started with orchestration, and then there's folks who have such advanced use case, 'cause they're hitting sort of a ceiling and only want to go up from there. And so I think we, as a company, care about both ends of that spectrum, and certainly want to build and continue building products for companies of all sorts, regardless of where they are on the maturity curve of data orchestration. >> That's a really good point, Paola. And I think the other thing to really take into account is it's the companies themselves, but also individuals who have to do their jobs. If you rewind the clock like 5 or 10 years ago, data engineers would be the ones responsible for orchestrating data through their org. But when we look at our customers today, it's not just data engineers anymore. There's data analysts who sit a lot closer to the business, and the data scientists who want to automate things around their models. So this idea that orchestration is this new category is right on the money. And what we're finding is the need for it is spreading to all parts of the data team, naturally where Airflow's emerged as an open source standard and we're hoping to take things to the next level. >> That's awesome. We've been up saying that the data market's kind of like the SRE with servers, right? You're going to need one person to deal with a lot of data, and that's data engineering, and then you're got to have the practitioners, the democratization. Clearly that's coming in what you're seeing. So I have to ask, how do you guys fit in from a value proposition standpoint? What's the pitch that you have to customers, or is it more inbound coming into you guys? Are you guys doing a lot of outreach, customer engagements? I'm sure they're getting a lot of great requirements from customers. What's the current value proposition? How do you guys engage? >> Yeah, I mean, there's so many... Sorry, Viraj, you can jump in. So there's so many companies using Airflow, right? So the baseline is that the open source project that is Airflow that came out of Airbnb, over five years ago at this point, has grown exponentially in users and continues to grow. And so the folks that we sell to primarily are folks who are already committed to using Apache Airflow, need data orchestration in their organization, and just want to do it better, want to do it more efficiently, want to do it without managing that infrastructure. And so our baseline proposition is for those organizations. Now to Viraj's point, obviously I think our ambitions go beyond that, both in terms of the personas that we addressed and going beyond that data engineer, but really it's to start at the baseline, as we continue to grow our our company, it's really making sure that we're adding value to folks using Airflow and help them do so in a better way, in a larger way, in a more efficient way, and that's really the crux of who we sell to. And so to answer your question on, we get a lot of inbound because they're... >> You have a built in audience. (laughs) >> The world that use it. Those are the folks who we talk to and come to our website and chat with us and get value from our content. I mean, the power of the opensource community is really just so, so big, and I think that's also one of the things that makes this job fun. >> And you guys are in a great position. Viraj, you can comment a little, get your reaction. There's been a big successful business model to starting a company around these big projects for a lot of reasons. One is open source is continuing to be great, but there's also supply chain challenges in there. There's also we want to continue more innovation and more code and keeping it free and and flowing. And then there's the commercialization of productizing it, operationalizing it. This is a huge new dynamic, I mean, in the past 5 or so years, 10 years, it's been happening all on CNCF from other areas like Apache, Linux Foundation, they're all implementing this. This is a huge opportunity for entrepreneurs to do this. >> Yeah, yeah. Open source is always going to be core to what we do, because we wouldn't exist without the open source community around us. They are huge in numbers. Oftentimes they're nameless people who are working on making something better in a way that everybody benefits from it. But open source is really hard, especially if you're a company whose core competency is running a business, right? Maybe you're running an e-commerce business, or maybe you're running, I don't know, some sort of like, any sort of business, especially if you're a company running a business, you don't really want to spend your time figuring out how to run open source software. You just want to use it, you want to use the best of it, you want to use the community around it, you want to be able to google something and get answers for it, you want the benefits of open source. You don't have the time or the resources to invest in becoming an expert in open source, right? And I think that dynamic is really what's given companies like us an ability to kind of form businesses around that in the sense that we'll make it so people get the best of both worlds. You'll get this vast open ecosystem that you can build on top of, that you can benefit from, that you can learn from. But you won't have to spend your time doing undifferentiated heavy lifting. You can do things that are just specific to your business. >> It's always been great to see that business model evolve. We used a debate 10 years ago, can there be another Red Hat? And we said, not really the same, but there'll be a lot of little ones that'll grow up to be big soon. Great stuff. Final question, can you guys share the history of the company? The milestones of Astromer's journey in data orchestration? >> Yeah, we could. So yeah, I mean, I think, so Viraj and I have obviously been at Astronomer along with our other founding team and leadership folks for over five years now. And it's been such an incredible journey of learning, of hiring really amazing people, solving, again, mission critical problems for so many types of organizations. We've had some funding that has allowed us to invest in the team that we have and in the software that we have, and that's been really phenomenal. And so that investment, I think, keeps us confident, even despite these sort of macroeconomic conditions that we're finding ourselves in. And so honestly, the milestones for us are focusing on our product, focusing on our customers over the next year, focusing on that market for us that we know can get valuable out of what we do, and making developers' lives better, and growing the open source community and making sure that everything that we're doing makes it easier for folks to get started, to contribute to the project and to feel a part of the community that we're cultivating here. >> You guys raised a little bit of money. How much have you guys raised? >> Don't know what the total is, but it's in the ballpark over $200 million. It feels good to... >> A little bit of capital. Got a little bit of cap to work with there. Great success. I know as a Series C Financing, you guys have been down. So you're up and running, what's next? What are you guys looking to do? What's the big horizon look like for you from a vision standpoint, more hiring, more product, what is some of the key things you're looking at doing? >> Yeah, it's really a little of all of the above, right? Kind of one of the best and worst things about working at earlier stage startups is there's always so much to do and you often have to just kind of figure out a way to get everything done. But really investing our product over the next, at least over the course of our company lifetime. And there's a lot of ways we want to make it more accessible to users, easier to get started with, easier to use, kind of on all areas there. And really, we really want to do more for the community, right, like I was saying, we wouldn't be anything without the large open source community around us. And we want to figure out ways to give back more in more creative ways, in more code driven ways, in more kind of events and everything else that we can keep those folks galvanized and just keep them happy using Airflow. >> Paola, any final words as we close out? >> No, I mean, I'm super excited. I think we'll keep growing the team this year. We've got a couple of offices in the the US, which we're excited about, and a fully global team that will only continue to grow. So Viraj and I are both here in New York, and we're excited to be engaging with our coworkers in person finally, after years of not doing so. We've got a bustling office in San Francisco as well. So growing those teams and continuing to hire all over the world, and really focusing on our product and the open source community is where our heads are at this year. So, excited. >> Congratulations. 200 million in funding, plus. Good runway, put that money in the bank, squirrel it away. It's a good time to kind of get some good interest on it, but still grow. Congratulations on all the work you guys do. We appreciate you and the open source community does, and good luck with the venture, continue to be successful, and we'll see you at the Startup Showcase. >> Thank you. >> Yeah, thanks so much, John. Appreciate it. >> Okay, that's the CUBE Conversation featuring astronomer.io, that's the website. Astronomer is doing well. Multiple rounds of funding, over 200 million in funding. Open source continues to lead the way in innovation. Great business model, good solution for the next gen cloud scale data operations, data stacks that are emerging. I'm John Furrier, your host, thanks for watching. (soft upbeat music)

(soft music) >> Hello everyone, welcome to this Cube conversation here from the studios of theCube in Palo Alto, California. John Furrier, your host. We're featuring a startup, Astronomer, astronomer.io is the url. Check it out. And we're going to have a great conversation around one of the most important topics hitting the industry, and that is the future of machine learning and AI and the data that powers it underneath it. There's a lot of things that need to get done, and we're excited to have some of the co-founders of Astronomer here. Viraj Parekh, who is co-founder and Paola Peraza Calderon, another co-founder, both with Astronomer. Thanks for coming on. First of all, how many co-founders do you guys have? >> You know, I think the answer's around six or seven. I forget the exact, but there's really been a lot of people around the table, who've worked very hard to get this company to the point that it's at. And we have long ways to go, right? But there's been a lot of people involved that are, have been absolutely necessary for the path we've been on so far. >> Thanks for that, Viraj, appreciate that. The first question I want to get out on the table, and then we'll get into some of the details, is take a minute to explain what you guys are doing. How did you guys get here? Obviously, multiple co-founders sounds like a great project. The timing couldn't have been better. ChatGPT has essentially done so much public relations for the AI industry. Kind of highlight this shift that's happening. It's real. We've been chronologicalizing, take a minute to explain what you guys do. >> Yeah, sure. We can get started. So yeah, when Astronomer, when Viraj and I joined Astronomer in 2017, we really wanted to build a business around data and we were using an open source project called Apache Airflow, that we were just using sort of as customers ourselves. And over time, we realized that there was actually a market for companies who use Apache Airflow, which is a data pipeline management tool, which we'll get into. And that running Airflow is actually quite challenging and that there's a lot of, a big opportunity for us to create a set of commercial products and opportunity to grow that open source community and actually build a company around that. So the crux of what we do is help companies run data pipelines with Apache Airflow. And certainly we've grown in our ambitions beyond that, but that's sort of the crux of what we do for folks. >> You know, data orchestration, data management has always been a big item, you know, in the old classic data infrastructure. But with AI you're seeing a lot more emphasis on scale, tuning, training. You know, data orchestration is the center of the value proposition when you're looking at coordinating resources, it's one of the most important things. Could you guys explain what data orchestration entails? What does it mean? Take us through the definition of what data orchestration entails. >> Yeah, for sure. I can take this one and Viraj feel free to jump in. So if you google data orchestration, you know, here's what you're going to get. You're going to get something that says, data orchestration is the automated process for organizing silo data from numerous data storage points to organizing it and making it accessible and prepared for data analysis. And you say, okay, but what does that actually mean, right? And so let's give sort of an example. So let's say you're a business and you have sort of the following basic asks of your data team, right? Hey, give me a dashboard in Sigma, for example, for the number of customers or monthly active users and then make sure that that gets updated on an hourly basis. And then number two, a consistent list of active customers that I have in HubSpot so that I can send them a monthly product newsletter, right? Two very basic asks for all sorts of companies and organizations. And when that data team, which has data engineers, data scientists, ML engineers, data analysts get that request, they're looking at an ecosystem of data sources that can help them get there, right? And that includes application databases, for example, that actually have end product user behavior and third party APIs from tools that the company uses that also has different attributes and qualities of those customers or users. And that data team needs to use tools like Fivetran, to ingest data, a data warehouse like Snowflake or Databricks to actually store that data and do analysis on top of it, a tool like DBT to do transformations and make sure that that data is standardized in the way that it needs to be, a tool like Hightouch for reverse ETL. I mean, we could go on and on. There's so many partners of ours in this industry that are doing really, really exciting and critical things for those data movements. And the whole point here is that, you know, data teams have this plethora of tooling that they use to both ingest the right data and come up with the right interfaces to transform and interact with that data. And data orchestration in our view is really the heartbeat of all of those processes, right? And tangibly the unit of data orchestration, you know, is a data pipeline, a set of tasks or jobs that each do something with data over time and eventually run that on a schedule to make sure that those things are happening continuously as time moves on. And, you know, the company advances. And so, you know, for us, we're building a business around Apache Airflow, which is a workflow management tool that allows you to author, run and monitor data pipelines. And so when we talk about data orchestration, we talk about sort of two things. One is that crux of data pipelines that, like I said, connect that large ecosystem of data tooling in your company. But number two, it's not just that data pipeline that needs to run every day, right? And Viraj will probably touch on this as we talk more about Astronomer and our value prop on top of Airflow. But then it's all the things that you need to actually run data and production and make sure that it's trustworthy, right? So it's actually not just that you're running things on a schedule, but it's also things like CI/CD tooling, right? Secure secrets management, user permissions, monitoring, data lineage, documentation, things that enable other personas in your data team to actually use those tools. So long-winded way of saying that, it's the heartbeat that we think of the data ecosystem and certainly goes beyond scheduling, but again, data pipelines are really at the center of it. >> You know, one of the things that jumped out Viraj, if you can get into this, I'd like to hear more about how you guys look at all those little tools that are out there. You mentioned a variety of things. You know, if you look at the data infrastructure, it's not just one stack. You've got an analytic stack, you've got a realtime stack, you've got a data lake stack, you got an AI stack potentially. I mean you have these stacks now emerging in the data world that are >> Yeah. - >> fundamental, but we're once served by either a full package, old school software, and then a bunch of point solution. You mentioned Fivetran there, I would say in the analytics stack. Then you got, you know, S3, they're on the data lake stack. So all these things are kind of munged together. >> Yeah. >> How do you guys fit into that world? You make it easier or like, what's the deal? >> Great question, right? And you know, I think that one of the biggest things we've found in working with customers over, you know, the last however many years, is that like if a data team is using a bunch of tools to get what they need done and the number of tools they're using is growing exponentially and they're kind of roping things together here and there, that's actually a sign of a productive team, not a bad thing, right? It's because that team is moving fast. They have needs that are very specific to them and they're trying to make something that's exactly tailored to their business. So a lot of times what we find is that customers have like some sort of base layer, right? That's kind of like, you know, it might be they're running most of the things in AWS, right? And then on top of that, they'll be using some of the things AWS offers, you know, things like SageMaker, Redshift, whatever. But they also might need things that their Cloud can't provide, you know, something like Fivetran or Hightouch or anything of those other tools and where data orchestration really shines, right? And something that we've had the pleasure of helping our customers build, is how do you take all those requirements, all those different tools and whip them together into something that fulfills a business need, right? Something that makes it so that somebody can read a dashboard and trust the number that it says or somebody can make sure that the right emails go out to their customers. And Airflow serves as this amazing kind of glue between that data stack, right? It's to make it so that for any use case, be it ELT pipelines or machine learning or whatever, you need different things to do them and Airflow helps tie them together in a way that's really specific for a individual business's needs. >> Take a step back and share the journey of what your guys went through as a company startup. So you mentioned Apache open source, you know, we were just, I was just having an interview with the VC, we were talking about foundational models. You got a lot of proprietary and open source development going on. It's almost the iPhone, Android moment in this whole generative space and foundational side. This is kind of important, the open source piece of it. Can you share how you guys started? And I can imagine your customers probably have their hair on fire and are probably building stuff on their own. How do you guys, are you guys helping them? Take us through, 'cuz you guys are on the front end of a big, big wave and that is to make sense of the chaos, reigning it in. Take us through your journey and why this is important. >> Yeah Paola, I can take a crack at this and then I'll kind of hand it over to you to fill in whatever I miss in details. But you know, like Paola is saying, the heart of our company is open source because we started using Airflow as an end user and started to say like, "Hey wait a second". Like more and more people need this. Airflow, for background, started at Airbnb and they were actually using that as the foundation for their whole data stack. Kind of how they made it so that they could give you recommendations and predictions and all of the processes that need to be or needed to be orchestrated. Airbnb created Airflow, gave it away to the public and then, you know, fast forward a couple years and you know, we're building a company around it and we're really excited about that. >> That's a beautiful thing. That's exactly why open source is so great. >> Yeah, yeah. And for us it's really been about like watching the community and our customers take these problems, find solution to those problems, build standardized solutions, and then building on top of that, right? So we're reaching to a point where a lot of our earlier customers who started to just using Airflow to get the base of their BI stack down and their reporting and their ELP infrastructure, you know, they've solved that problem and now they're moving onto things like doing machine learning with their data, right? Because now that they've built that foundation, all the connective tissue for their data arriving on time and being orchestrated correctly is happening, they can build the layer on top of that. And it's just been really, really exciting kind of watching what customers do once they're empowered to pick all the tools that they need, tie them together in the way they need to, and really deliver real value to their business. >> Can you share some of the use cases of these customers? Because I think that's where you're starting to see the innovation. What are some of the companies that you're working with, what are they doing? >> Raj, I'll let you take that one too. (all laughing) >> Yeah. (all laughing) So you know, a lot of it is, it goes across the gamut, right? Because all doesn't matter what you are, what you're doing with data, it needs to be orchestrated. So there's a lot of customers using us for their ETL and ELT reporting, right? Just getting data from all the disparate sources into one place and then building on top of that, be it building dashboards, answering questions for the business, building other data products and so on and so forth. From there, these use cases evolve a lot. You do see folks doing things like fraud detection because Airflow's orchestrating how transactions go. Transactions get analyzed, they do things like analyzing marketing spend to see where your highest ROI is. And then, you know, you kind of can't not talk about all of the machine learning that goes on, right? Where customers are taking data about their own customers kind of analyze and aggregating that at scale and trying to automate decision making processes. So it goes from your most basic, what we call like data plumbing, right? Just to make sure data's moving as needed. All the ways to your more exciting and sexy use cases around like automated decision making and machine learning. >> And I'd say, I mean, I'd say that's one of the things that I think gets me most excited about our future is how critical Airflow is to all of those processes, you know? And I think when, you know, you know a tool is valuable is when something goes wrong and one of those critical processes doesn't work. And we know that our system is so mission critical to answering basic, you know, questions about your business and the growth of your company for so many organizations that we work with. So it's, I think one of the things that gets Viraj and I, and the rest of our company up every single morning, is knowing how important the work that we do for all of those use cases across industries, across company sizes. And it's really quite energizing. >> It was such a big focus this year at AWS re:Invent, the role of data. And I think one of the things that's exciting about the open AI and all the movement towards large language models, is that you can integrate data into these models, right? From outside, right? So you're starting to see the integration easier to deal with, still a lot of plumbing issues. So a lot of things happening. So I have to ask you guys, what is the state of the data orchestration area? Is it ready for disruption? Is it already been disrupted? Would you categorize it as a new first inning kind of opportunity or what's the state of the data orchestration area right now? Both, you know, technically and from a business model standpoint, how would you guys describe that state of the market? >> Yeah, I mean I think, I think in a lot of ways we're, in some ways I think we're categoric rating, you know, schedulers have been around for a long time. I recently did a presentation sort of on the evolution of going from, you know, something like KRON, which I think was built in like the 1970s out of Carnegie Mellon. And you know, that's a long time ago. That's 50 years ago. So it's sort of like the basic need to schedule and do something with your data on a schedule is not a new concept. But to our point earlier, I think everything that you need around your ecosystem, first of all, the number of data tools and developer tooling that has come out the industry has, you know, has some 5X over the last 10 years. And so obviously as that ecosystem grows and grows and grows and grows, the need for orchestration only increases. And I think, you know, as Astronomer, I think we, and there's, we work with so many different types of companies, companies that have been around for 50 years and companies that got started, you know, not even 12 months ago. And so I think for us, it's trying to always category create and adjust sort of what we sell and the value that we can provide for companies all across that journey. There are folks who are just getting started with orchestration and then there's folks who have such advanced use case 'cuz they're hitting sort of a ceiling and only want to go up from there. And so I think we as a company, care about both ends of that spectrum and certainly have want to build and continue building products for companies of all sorts, regardless of where they are on the maturity curve of data orchestration. >> That's a really good point Paola. And I think the other thing to really take into account is it's the companies themselves, but also individuals who have to do their jobs. You know, if you rewind the clock like five or 10 years ago, data engineers would be the ones responsible for orchestrating data through their org. But when we look at our customers today, it's not just data engineers anymore. There's data analysts who sit a lot closer to the business and the data scientists who want to automate things around their models. So this idea that orchestration is this new category is spot on, is right on the money. And what we're finding is it's spreading, the need for it, is spreading to all parts of the data team naturally where Airflows have emerged as an open source standard and we're hoping to take things to the next level. >> That's awesome. You know, we've been up saying that the data market's kind of like the SRE with servers, right? You're going to need one person to deal with a lot of data and that's data engineering and then you're going to have the practitioners, the democratization. Clearly that's coming in what you're seeing. So I got to ask, how do you guys fit in from a value proposition standpoint? What's the pitch that you have to customers or is it more inbound coming into you guys? Are you guys doing a lot of outreach, customer engagements? I'm sure they're getting a lot of great requirements from customers. What's the current value proposition? How do you guys engage? >> Yeah, I mean we've, there's so many, there's so many. Sorry Raj, you can jump in. - >> It's okay. So there's so many companies using Airflow, right? So our, the baseline is that the open source project that is Airflow that was, that came out of Airbnb, you know, over five years ago at this point, has grown exponentially in users and continues to grow. And so the folks that we sell to primarily are folks who are already committed to using Apache Airflow, need data orchestration in the organization and just want to do it better, want to do it more efficiently, want to do it without managing that infrastructure. And so our baseline proposition is for those organizations. Now to Raj's point, obviously I think our ambitions go beyond that, both in terms of the personas that we addressed and going beyond that data engineer, but really it's for, to start at the baseline. You know, as we continue to grow our company, it's really making sure that we're adding value to folks using Airflow and help them do so in a better way, in a larger way and a more efficient way. And that's really the crux of who we sell to. And so to answer your question on, we actually, we get a lot of inbound because they're are so many - >> A built-in audience. >> In the world that use it, that those are the folks who we talk to and come to our website and chat with us and get value from our content. I mean the power of the open source community is really just so, so big. And I think that's also one of the things that makes this job fun, so. >> And you guys are in a great position, Viraj, you can comment, to get your reaction. There's been a big successful business model to starting a company around these big projects for a lot of reasons. One is open source is continuing to be great, but there's also supply chain challenges in there. There's also, you know, we want to continue more innovation and more code and keeping it free and and flowing. And then there's the commercialization of product-izing it, operationalizing it. This is a huge new dynamic. I mean, in the past, you know, five or so years, 10 years, it's been happening all on CNCF from other areas like Apache, Linux Foundation, they're all implementing this. This is a huge opportunity for entrepreneurs to do this. >> Yeah, yeah. Open source is always going to be core to what we do because, you know, we wouldn't exist without the open source community around us. They are huge in numbers. Oftentimes they're nameless people who are working on making something better in a way that everybody benefits from it. But open source is really hard, especially if you're a company whose core competency is running a business, right? Maybe you're running e-commerce business or maybe you're running, I don't know, some sort of like any sort of business, especially if you're a company running a business, you don't really want to spend your time figuring out how to run open source software. You just want to use it, you want to use the best of it, you want to use the community around it. You want to take, you want to be able to google something and get answers for it. You want the benefits of open source. You don't want to have, you don't have the time or the resources to invest in becoming an expert in open source, right? And I think that dynamic is really what's given companies like us an ability to kind of form businesses around that, in the sense that we'll make it so people get the best of both worlds. You'll get this vast open ecosystem that you can build on top of, you can benefit from, that you can learn from, but you won't have to spend your time doing undifferentiated heavy lifting. You can do things that are just specific to your business. >> It's always been great to see that business model evolved. We used to debate 10 years ago, can there be another red hat? And we said, not really the same, but there'll be a lot of little ones that'll grow up to be big soon. Great stuff. Final question, can you guys share the history of the company, the milestones of the Astronomer's journey in data orchestration? >> Yeah, we could. So yeah, I mean, I think, so Raj and I have obviously been at astronomer along with our other founding team and leadership folks, for over five years now. And it's been such an incredible journey of learning, of hiring really amazing people. Solving again, mission critical problems for so many types of organizations. You know, we've had some funding that has allowed us to invest in the team that we have and in the software that we have. And that's been really phenomenal. And so that investment, I think, keeps us confident even despite these sort of macroeconomic conditions that we're finding ourselves in. And so honestly, the milestones for us are focusing on our product, focusing on our customers over the next year, focusing on that market for us, that we know can get value out of what we do. And making developers' lives better and growing the open source community, you know, and making sure that everything that we're doing makes it easier for folks to get started to contribute to the project and to feel a part of the community that we're cultivating here. >> You guys raised a little bit of money. How much have you guys raised? >> I forget what the total is, but it's in the ballpark of 200, over $200 million. So it feels good - >> A little bit of capital. Got a little bit of cash to work with there. Great success. I know it's a Series C financing, you guys been down, so you're up and running. What's next? What are you guys looking to do? What's the big horizon look like for you? And from a vision standpoint, more hiring, more product, what is some of the key things you're looking at doing? >> Yeah, it's really a little of all of the above, right? Like, kind of one of the best and worst things about working at earlier stage startups is there's always so much to do and you often have to just kind of figure out a way to get everything done, but really invest in our product over the next, at least the next, over the course of our company lifetime. And there's a lot of ways we wanting to just make it more accessible to users, easier to get started with, easier to use all kind of on all areas there. And really, we really want to do more for the community, right? Like I was saying, we wouldn't be anything without the large open source community around us. And we want to figure out ways to give back more in more creative ways, in more code driven ways and more kind of events and everything else that we can do to keep those folks galvanized and just keeping them happy using Airflow. >> Paola, any final words as we close out? >> No, I mean, I'm super excited. You know, I think we'll keep growing the team this year. We've got a couple of offices in the US which we're excited about, and a fully global team that will only continue to grow. So Viraj and I are both here in New York and we're excited to be engaging with our coworkers in person. Finally, after years of not doing so, we've got a bustling office in San Francisco as well. So growing those teams and continuing to hire all over the world and really focusing on our product and the open source community is where our heads are at this year, so. >> Congratulations. - >> Excited. 200 million in funding plus good runway. Put that money in the bank, squirrel it away. You know, it's good to kind of get some good interest on it, but still grow. Congratulations on all the work you guys do. We appreciate you and the open sourced community does and good luck with the venture. Continue to be successful and we'll see you at the Startup Showcase. >> Thank you. - >> Yeah, thanks so much, John. Appreciate it. - >> It's theCube conversation, featuring astronomer.io, that's the website. Astronomer is doing well. Multiple rounds of funding, over 200 million in funding. Open source continues to lead the way in innovation. Great business model. Good solution for the next gen, Cloud, scale, data operations, data stacks that are emerging. I'm John Furrier, your host. Thanks for watching. (soft music)

>> Hey everyone. Welcome back to theCUBE's coverage day two of CloudNative Security CON 23. Lisa Martin here in studio in Palo Alto with John Furrier. John, we've had some great conversations. I've had a global event. This was a global event. We had Germany on yesterday. We had the Boston Studio. We had folks on the ground in Seattle. Lot of great conversations, a lot of great momentum at this event. What is your number one takeaway with this inaugural event? >> Well, first of all, our coverage with our CUBE alumni experts coming in remotely this remote event for us, I think this event as an inaugural event stood out because one, it was done very carefully and methodically from the CNCF. I think they didn't want to overplay their hand relative to breaking out from CUBE CON So Kubernetes success and CloudNative development has been such a success and that event and ecosystem is booming, right? So that's the big story is they have the breakout event and the question was, was it a good call? Was it successful? Was it going to, would the dog hunt as they say, in this case, I think the big takeaway is that it was successful by all measures. One, people enthusiastic and confident that this has the ability to stand on its own and still contribute without taking away from the benefits and growth of Kubernetes CUBE CON and CloudNative console. So that was the key. Hallway conversations, the sessions all curated and developed properly to be different and focused for that reason. So I think the big takeaway is that the CNCF did a good job on how they rolled this out. Again, it was very intimate event small reminds me of first CUBE CON in Seattle, kind of let's test it out. Let's see how it goes. Again, clearly it was people successful and they understood why they're doing it. And as we commented out in our earlier segments this is not something new. Amazon Web Services has re:Invent and re:Inforce So a lot of parallels there. I see there. So I think good call. CNCF did the right thing. I think this has legs. And then as Dave pointed out, Dave Vellante, on our last keynote analysis was the business model of the hackers is better than the business model of the industry. They're making more money, it costs less so, you know, they're playing offense and the industry playing defense. That has to change. And as Dave pointed out we have to make the cost of hacking and breaches and cybersecurity higher so that the business model crashes. And I think that's the strategic imperative. So I think the combination of the realities of the market globally and open source has to go faster. It's good to kind of decouple and be highly cohesive in the focus. So to me that's the big takeaway. And then the other one is, is that there's a lot more security problems still unresolved. The emphasis on developers productivity is at risk here, if not solved. You saw supply chain software, again, front and center and then down in the weeds outside of Kubernetes, things like BIND and DNS were brought up. You're seeing the Linux kernel. Really important things got to be paid attention to. So I think very good call, very good focus. >> I would love if for us to be able to, as the months go on talk to some of the practitioners that actually got to attend. There were 72 sessions, that's a lot of content for a small event. Obviously to your point, very well curated. We did hear from some folks yesterday who were just excited to get the community back together in person. To your point, having this dedicated focus on CloudNativesecurity is incredibly important. You talked about, you know, the offense defense, the fact that right now the industry needs to be able to pivot from being on defense to being on offense. This is a challenging thing because it is so lucrative for hackers. But this seems to be from what we've heard in the last couple days, the right community with the right focus to be able to make that pivot. >> Yeah, and I think if you look at the success of Kubernetes, 'cause again we were there at theCUBE first one CUBE CON, the end user stories really drove end user participation. Drove the birth of Kubernetes. Left some of these CloudNative early adopters early pioneers that were using cloud hyperscale really set the table for CloudNative CON. I think you're seeing that here with this CloudNative SecurityCON where I think we're see a lot more end user stories because of the security, the hairs on fire as we heard from Madrona Ventures, you know, as they as an investor you have a lot of use cases out there where customers are leaning in with getting the rolling up their sleeves, working with open source. This has to be the driver. So I'm expecting to see the next level of SecurityCON to be end user focused. Much more than vendor focused. Where CUBECON was very end user focused and then attracted all the vendors in that grew the industry. I expect the similar pattern here where end user action will be very high at the beginning and that will essentially be the rising tide for the vendors to be then participating. So I expect almost a similar trajectory to CUBECON. >> That's a good path that it needs to all be about all the end users. One of the things I'm curious if what you heard was what are some of the key factors that are going to move CloudNative Security forward? What did you hear the last two days? >> I heard that there's a lot of security problems and no one wants to kind of brag about this but there's a lot of under the hood stuff that needs to get taken care of. So if automation scales, and we heard that from one of the startups we've just interviewed. If automation and scale continues to happen and with the business model of the hackers still booming, security has to be refactored quickly and there's going to be an opportunity structurally to use the cloud for that. So I think it's a good opportunity now to get dedicated focus on fixing things like the DNS stuff old school under the hood, plumbing, networking protocols. You're going to start to see this super cloud-like environment emerge where data's involved, everything's happening and so security has to be re imagined. And I think there's a do over opportunity for the security industry with CloudNative driving that. And I think this is the big thing that I see as an opportunity to, from a story standpoint from a coverage standpoint is that it's a do-over for security. >> One of the things that we heard yesterday is that there's a lot of it, it's a pretty high percentage of organizations that either don't have a SOCK or have a very primitive SOCK. Which kind of surprised me that at this day and age the risks are there. We talked about that today's focus and the keynote was a lot about the software supply chain and what's going on there. What did you hear in terms of the appetite for organizations through the voice of the practitioner to say, you know what guys, we got to get going because there's going to be the hackers are they're here. >> I didn't hear much about that in the coverage 'cause we weren't in the hallways. But from reading the tea leaves and talking to the folks on the ground, I think there's an implied like there's an unlimited money from customers. So it's a very robust from the data infrastructure stack building we cover with the angel investor Kane you're seeing data infrastructure's going to be part of the solution here 'cause data and security go hand in hand. So everyone's got basically checkbook wide open everyone wants to have the answer. And we commented that the co-founder of Palo Alto you had on our coverage yesterday was saying that you know, there's no real platform, there's a lot of tools out there. People will buy anything. So there's still a huge appetite and spend in security but the answer's not going to more tool sprawling. It's going to more platform auto, something that enables automation, fix some of the underlying mechanisms involved and fix it fast. So to me I think it's going to be a robust monetary opportunity because of the demand on the business side. So I don't see that changing at all and I think it's going to accelerate. >> It's a great point in terms of the demand for the business side because as we know as we said yesterday, the next Log4j is out there. It's not a matter of if this happens again it's when, it's the extent, it's how frequent we know that. So organizations all the way up to the board have to be concerned about brand reputation. Nobody wants to be the next big headline in terms of breaches and customer data being given to hackers and hackers making all this money on that. That has to go all the way up to the board and there needs to be alignment between the board and the executives at the organization in terms of how they're going to deal with security, and now. This is not a conversation that can wait. Yeah, I mean I think the five C's we talked about yesterday the culture of companies, the cloud is an enabler, you've got clusters of servers and capabilities, Kubernetes clusters, you've got code and you've got all kinds of, you know, things going on there. Each one has elements that are at risk for hacking, right? So that to me is something that's super important. I think that's why the focus on security's different and important, but it's not going to fork the main event. So that's why I think the spin out was, spinout, or the new event is a good call by the CNCF. >> One of the things today that struck me they're talking a lot about software supply chain and that's been in the headlines for quite a while now. And a stat that was shared this morning during the keynote just blew my brains that there was a 742% increase in the software supply chain attacks occurring over the last three years. It's during Covid times, that is a massive increase. The threat landscape is just growing so amorphously but organizations need to help dial that down because their success and the health of the individuals and the end users is at risk. Well, Covid is an environment where everyone's kind of working at home. So there was some disruption to infrastructure. Also, when you have change like that, there's opportunities for hackers, they'll arbitrage that big time. But I think general the landscape is changing. There's no perimeter anymore. It's CloudNative, this is where it is and people who are moving from old IT to CloudNative, they're at risk. That's why there's tons of ransomware. That's why there's tons of risk. There's just hygiene, from hygiene to architecture and like Nick said from Palo Alto, the co-founder, there's not a lot of architecture in security. So yeah, people have bulked up their security teams but you're going to start to see much more holistic thinking around redoing security. I think that's the opportunity to propel CloudNative, and I think you'll see a lot more coming out of this. >> Did you hear any specific information on some of the CloudNative projects going on that really excite you in terms of these are the right people going after the right challenges to solve in the right direction? >> Well I saw the sessions and what jumped out to me at the sessions was it's a lot of extensions of what we heard at CUBECON and I think what they want to do is take out the big items and break 'em out in security. Kubescape was one we just covered. They want to get more sandbox type stuff into the security side that's very security focused but also plays well with CUBECON. So we'll hear more about how this plays out when we're in Amsterdam coming up in April for CUBECON to hear how that ecosystem, because I think it'll be kind of a relief to kind of decouple security 'cause that gives more focus to the stakeholders in CUBECON. There's a lot of issues going on there and you know service meshes and whatnot. So it's a lot of good stuff happening. >> A lot of good stuff happening. One of the things that'll be great about CUBECON is that we always get the voice of the customer. We get vendors coming on with the voice of the customer talking about and you know in that case how they're using Kubernetes to drive the business forward. But it'll be great to be able to pull in some of the security conversations that spin out of CloudNative Security CON to understand how those end users are embracing the technology. You brought up I think Nir Zuk from Palo Alto Networks, one of the themes there when Dave and I did their Ignite event in December was, of 22, was really consolidation. There are so many tools out there that organizations have to wrap their heads around and they need to be able to have the right enablement content which this event probably delivered to figure out how do we consolidate security tools effectively, efficiently in a way that helps dial down our risk profile because the risks just seem to keep growing. >> Yeah, and I love the technical nature of all that and I think this is going to be the continued focus. Chris Aniszczyk who's the CTO listed like E and BPF we covered with Liz Rice is one of the most three important points of the conference and it's just, it's very nerdy and that's what's needed. I mean it's technical. And again, there's no real standards bodies anymore. The old days developers I think are super important to be the arbiters here. And again, what I love about the CNCF is that they're developer focused and we heard developer first even in security. So you know, this is a sea change and I think, you know, developers' choice will be the standards bodies. >> Lisa: Yeah, yeah. >> They decide the future. >> Yeah. >> And I think having the sandboxing and bringing this out will hopefully accelerate more developer choice and self-service. >> You've been talking about kind of putting the developers in the driver's seat as really being the key decision makers for a while. Did you hear information over the last couple of days that validates that? >> Yeah, absolutely. It's clearly the fact that they did this was one. The other one is, is that engineering teams and dev teams and script teams, they're blending together. It's not just separate silos and the ones that are changing their team dynamics, again, back to the culture are winning. And I think this has to happen. Security has to be embedded everywhere in making it frictionless and to provide kind of the guardrail so developers don't slow down. And I think where security has become a drag or an anchor or a blocker has been just configuration of how the organization's handling it. So I think when people recognize that the developers are in charge and they're should be driving the application development you got to make sure that's secure. And so that's always going to be friction and I think whoever does it, whoever unlocks that for the developer to go faster will win. >> Right. Oh, that's what I'm sure magic to a developer's ear is the ability to go faster and be able to focus on co-development in a secure fashion. What are some of the things that you're excited about for CUBECON. Here we are in February, 2023 and CUBECON is just around the corner in April. What are some of the things that you're excited about based on the groundswell momentum that this first inaugural CloudNative Security CON is generating from a community, a culture perspective? >> I think this year's going to be very interesting 'cause we have an economic challenge globally. There's all kinds of geopolitical things happening. I think there's going to be very entrepreneurial activity this year more than ever. I think you're going to see a lot more innovative projects ideas hitting the table. I think it's going to be a lot more entrepreneurial just because the cycle we're in. And also I think the acceleration of mainstream deployments of out of the CNCF's main event CUBECON will happen. You'll see a lot more successes, scale, more clarity on where the security holes are or aren't. Where the benefits are. I think containers and microservices are continuing to surge. I think the Cloud scale hyperscale as Amazon, Azure, Google will be more aggressive. I think AI will be a big theme this year. I think you can see how data is going to infect some of the innovation thinking. I'm really excited about the data infrastructure because it powers a lot of things in the Cloud. So I think the Amazon Web Services, Azure next level gen clouds will impact what happens in the CloudNative foundation. >> Did you have any conversations yesterday or today with respect to AI and security? Was that a focus of anybody's? Talk to me about that. >> Well, I didn't hear any sessions on AI but we saw some demos on stage. But they're teasing out that this is an augmentation to their mission, right? So I think a lot of people are looking at AI as, again, like I always said there's the naysayers who think it's kind of a gimmick or nothing to see here, and then some are just going to blown away. I think the people who are alpha geeks and the industry connect the dots and understand that AI is going to be an accelerant to a lot of heavy lifting that was either manual, you know, hard to do things that was boring or muck as they say. I think that's going to be where you'll see the AI stories where it's going to accelerate either ways to make security better or make developers more confident and productive. >> Or both. >> Yeah. So definitely AI will be part of it. Yeah, definitely. One of the things too that I'm wondering if, you know, we talk about CloudNative and the goal of it, the importance of it. Do you think that this event, in terms of what we were able to see, obviously being remote the event going on in Seattle, us being here in Palo Alto and Boston and guests on from Seattle and Germany and all over, did you hear the really the validation for why CloudNative Security why CloudNative is important for organizations whether it's a bank or a hospital or a retailer? Is that validation clear and present? >> Yeah, absolutely. I think it was implied. I don't think there was like anyone's trying to debate that. I think this conference was more of it's assumed and they were really trying to push the ability to make security less defensive, more offensive and more accelerated into the solving the problems with the businesses that are out there. So clearly the CloudNative community understands where the security challenges are and where they're emerging. So having a dedicated event will help address that. And they've got great co-chairs too that put it together. So I think that's very positive. >> Yeah. Do you think, is it possible, I mean, like you said several times today so eloquently the industry's on the defense when it comes to security and the hackers are on the offense. Is it really possible to make that switch or obviously get some balances. As technology advances and industry gets to take advantage of that, so do the hackers, is that balance achievable? >> Absolutely. I mean, I think totally achievable. The question's going to be what's the environment going to be like? And I remember as context to understanding whether it's viable or not, is to look at, just go back 13 years ago, I remember in 2010 Amazon was viewed as an unsecure environment. Everyone's saying, "Oh, the cloud is not secure." And I remember interviewing Steve Schmidt at AWS and we discussed specifically how Amazon Cloud was being leveraged by hackers. They made it more complex for the hackers. And he said, "This is just the beginning." It's kind of like barbed wire on a fence. It's yeah, you're not going to climb it so people can get over it. And so since then what's happened is the Cloud has become more secure than on premises for a lot of either you know, personnel reasons, culture reasons, not updating, you know, from patches to just being insecure to be more insecure. So that to me means that the flip the script can be flipped. >> Yeah. And I think with CloudNative they can build in automation and code to solve some of these problems and make it more complex for the hacker. >> Lisa: Yes. >> And increase the cost. >> Yeah, exactly. Make it more complex. Increase the cost. That'll be in interesting journey to follow. So John, here we are early February, 2023 theCUBE starting out strong as always. What year are we in, 12? Year 12? >> 13th year >> 13! What's next for theCUBE? What's coming up that excites you? >> Well, we're going to do a lot more events. We got the theCUBE in studio that I call theCUBE Center as kind of internal code word, but like, this is more about getting the word out that we can cover events remotely as events are starting to change with hybrid, digital is going to be a big part of that. So I think you're going to see a lot more CUBE on location. We're going to do, still do theCUBE and have theCUBE cover events from the studio to get deeper perspective because we can then bring people in remote through our our studio team. We can bring our CUBE alumni in. We have a corpus of content and experts to bring to table. So I think the coverage will be increased. The expertise and data will be flowing through theCUBE and so Cube Center, CUBE CUBE Studio. >> Lisa: Love it. >> Will be a integral part of our coverage. >> I love that. And we have such great conversations with guests in person, but also virtually, digitally as well. We still get the voices of the practitioners and the customers and the vendors and the partner ecosystem really kind of lauded loud and clear through theCUBE megaphone as I would say. >> And of course getting the clips out there, getting the highlights. >> Yeah. >> Getting more stories. No stories too small for theCUBE. We can make it easy to get the best content. >> The best content. John, it's been fun covering CloudNative security CON with you with you. And Dave and our guests, thank you so much for the opportunity and looking forward to the next event. >> John: All right. We'll see you at Amsterdam. >> Yeah, I'll be there. We want to thank you so much for watching TheCUBES's two day coverage of CloudNative Security CON 23. We're live in Palo Alto. You are live wherever you are and we appreciate your time and your view of this event. For John Furrier, Dave Vellante, I'm Lisa Martin. Thanks for watching guys. We'll see you at the next show.

(upbeat music) >> Hello and welcome back to theCUBE's coverage of Cloud Native SecurityCon North America 2023. Its first inaugural event. It's theCUBE's coverage. We were there at the first event for a KubeCon before CNCF kind of took it over. It was in Seattle. And so in Seattle this week is Cloud Native SecurityCon. Of course, theCUBE is there covering via our Palo Alto Studios and our experts around the world who are bringing in Bassam Tabbara who's the CEO and founder of upbound.io. That's the URL, but Upbound is the company. The creators of Crossplane. Really kind of looking at the Crossplane, across the abstraction layer, across clouds. A big part of, as we call supercloud trend. Bassam, great to see you. You've been legend in the open source community. Great to have you on. >> Thanks, John. Always good to be on theCUBE. >> I really wanted to bring you in 'cause I want to get your perspective. You've seen the movie, you've seen open source software grow, it continues to grow. Now you're starting to see the Linux Foundation, which has CNCF really expanding their realm. They got the CloudNativeCon, KubeCon, which is Kubernetes event. That's gotten so massive and so successful. We've been to every single one as you know. I've seen you there and all of them as well. So that's going great. Now they got this new event that's spins out dedicated to security. Everybody wants to know why the new event? What's the focus? Is it needed? What will they do? What's different from KubeCon? Where do I play? And so there's a little bit of a question mark in the ecosystem around this event. And so we've been reporting on it. Looking good so far. People are buzzing, again, they're keeping it small. So that kind of managing expectations like any good event would do. But I think it's been successful, which I wanted like to get your take on how you see it. Is this good? Are you indifferent? Are you excited by this? What's your take? >> I mean, look, it's super exciting to see all the momentum around cloud native. Obviously there are different dimensions of cloud native securities, an important piece. Networking, storage, compute, like all those things I think tie back together and in some ways you can look at this event as a focused event on the security aspect as it relates to cloud native. And there are lots of vendors in this space. There's lots of interesting projects in the space, but the unifying theme is that they come together and probably around the Kubernetes API and the momentum around cloud native and with Kubernetes at the center of it. >> On the focus on Kubernetes, it seems this event is kind of classic security where you want to have deep dives. Again, I call it the event operating system 'cause you decouple, make things highly cohesive, and you link them together. I don't see a problem with it. I kind of like this. I gave it good reviews if they stay focused because security is super critical. There was references to bind and DNS. There's a lot of things in the infrastructure plumbing that need to be looked at or managed or figured out or just refactored for modernization needs. And I know you've done a lot with storage, for instance, storage, networking, kernel. There's a lot of things in the old tech or tech in the cloud that needs to be kind, I won't say rebooted, but maybe reset or jump. Do you see it that way? Are there things that need to get done or is it just that there's so much complexity in the different cloud cluster code thing going on? >> It's obviously security is a very, very big space and there are so many different aspects of it that people you can go into. I think the thing that's interesting around the cloud native community is that there is a unifying theme. Like forget the word cloud native for a second, but the unifying theme is that people are building around what looks like a standardized play around Kubernetes and the Kubernetes API. And as a result you can recast a lot of the technologies that we are used to in the past in a traditional security sense. You can recast them on top of this new standardized approach or on Kubernetes, whether it's policy or protecting a supply chain or scanning, or like a lot of the access control authorization, et cetera. All of those things can be either revived to apply to this cloud native play and the Kubernetes play or creating new opportunities for companies to actually build new and interesting projects and companies around a standardized play. >> Do you think this also will help the KubeCon be more focused around the developer areas there and just touching on security versus figuring out how to take something so important in KubeCon, which the stakeholders in KubeCon have have grown so big, I can see security sucking a lot of oxygen out of the room there. So here you move it over, you keep it over here. Will anything change on the KubeCon site? We'll be there in in Amsterdam in April. What do you think the impact will be? Good? Is it good for the community? Just good swim lanes? What's your take? >> Yeah, I still think KubeCon will be an umbrella event for the whole cloud native community. I suspect that you'll see some of the same vendors and projects and everything else represented in KubeCon. The way I think about all the branched cloud native events are essentially a way to have a more focused discussion, get people together to talk about security topics or networking topics or things that are more focused way. But I don't think it changes the the effect of KubeCon being the umbrella around all of it. So I think you'll see the same presence and maybe larger presence going forward at Amsterdam. We're planning to be there obviously and I'm excited to be there and I think it'll be a big event and having a smaller event is not going to diminish the effect of KubeCon. >> And if you look at the developer community they've all been online for a long time, from IRC chat to now Slack and now new technologies and stuff like Discord out there. The event world has changed post-pandemic. So it makes sense. And we're seeing this with all vendors, by the way, and projects. The digital community angle is huge because if you have a big tent event like KubeCon you can make that a rallying moment in the industry and then have similar smaller events that are highly focused that build off that that are just connective tissue or subnets, if you will, or communities targeted for really deeper conversations. And they could be smaller events. They don't have to be monster events, but they're connected and traverse into the main event. This might be the event format for the future for all companies, whether it's AWS or a company that has a community where you create this network effect, if you will, around the people. >> That's right. And if you look at things like AWS re:Invent, et cetera, I mean, that's a massive events. And in some ways it, if it was a set of smaller sub events, maybe it actually will flourish more. I don't know, I'm not sure. >> They just killed the San Francisco event. >> That's right. >> But they have re:Inforce, all right, so they just established that their big events are re:Invent and re:Inforce as their big. >> Oh, I didn't hear about re:Inforce. That's news to me. >> re:Inforce is their third event. So they're doing something similar as CloudNativeCon, which is you have to have an event and then they're going to create a lot of sub events underneath. So I think they are trying to do that. Very interesting. >> Very interesting for sure. >> So let's talk about what you guys are up to. I know from your standpoint, you had a lot of security conversations. How is Crossplane doing? Obviously, you saw our Supercloud coverage. You guys fit right into that model where clients, customers, enterprises are going to want to have multiple cloud operating environments for whatever the use case, whether you're using ChatGPT, you got to get an Azure instance up and running for that. Now with APIs, we're hearing a lot of developers doing that. So you're going to start to see this cross cloud as VMware calls, what we call it supercloud. There's more need for Crossplane like thinking. What's the update? >> For sure, and we see this very clearly as well. So the fact that there is a standardization layer, there is a layer that lets you converge the different vendors that you have, the different clouds that you have, the different hype models that you have, whether it's hybrid or private, public, et cetera. The unifying theme is that you're literally bringing all those things under one control plane that enables you to actually centralize and standardize on security, access control, helps you standardize on cost control, quota policy, as well as create a self-service experience for your developers. And so from a security standpoint, the beauty of this is like, you could use really popular projects like open policy agent or Kyverno or others if you want to do policy and do so uniformly across your entire stack, your entire footprint of tooling, vendors, services and across deployment models. Those things are possible because you're standardizing and consolidating on a control plane on top of all. And that's the thing that gets our customers excited. That we're seeing in the community that they could actually now normalize standardize on small number of projects and tools to manage everything. >> We were talking about that in our summary of the keynote yesterday. Dave Vellante and I were talking about the idea of clients want to have a redo of their security. They've been, just the tooling has been building up. They got zero trust in place, maybe with some big vendor, but now got the cloud native opportunity to refactor and reset and reinvent their security paradigm. And so that's the positive thing we're hearing. Now we're seeing enterprises want this cross cloud capabilities or Crossplane like thinking that you guys are talking about. What are your customers telling you? Can you share from an enterprise perspective where they're at in this journey? Because part of the security problems that we've been reporting on has been because clients are moving from IT to cloud native and not everyone's moved over yet. So they're highly vulnerable to ransomware and all kinds of other crap. So another attacks, so they're wide open, But people who are moving into cloud native, are they stepping up their game on this Crossplane opportunity? Where are they at? Can you share data on that? >> Yeah, we're grateful to be talking to a lot of customers these days. And the interesting thing is even if you talked about large financial institutions, banks, et cetera, the common theme that we hear is that they bought tools for each of the different departments and however they're organized. Sometimes you see the folks that are running databases, networking, being separated from say, the computer app developers or they're all these different departments within an organization. And for each one of those, they've made localized decisions for tooling and services that they bought. What we're seeing now consistently is that they're all together, getting together, and trying to figure out how to standardize on a smaller one set of tooling and services that goes across all the different departments and all different aspects of the business that they're running. And this is where this discussion gets a lot very interesting. If instead of buying a different policy tool for each department, or once that fits it you could actually standardize on policy or the entire footprint of services that they're managing. And you get that by standardizing on a control plane or standardizing on effectively one point of control for everything that they're doing. And that theme is like literally, it gets all our customers excited. This is why they're engaging in all of this. It's almost the holy grail. The thing that I've been trying to do for a long time. >> I know. >> And it's finally happening. >> I know you and I have talked about this many times, but I got to ask you the one thing that jumps into everybody's head when you hear control plane is lock-in. So how do you discuss that lock-in, perception from the reality of the situation? How do you unpack that for the customer? 'Cause they want choice at the end of the day. There's the preferred vendors for sure on the hyperscale side and app side and open source, but what's the lock-in? What does the lock-in conversation look like? Or do they even have that conversation? >> Yeah. To be honest, I mean, so their lock-in could be a two dimensions here. Most of our customers and people are using Crossplane or using app on product around it. Most of our do, concentrated in, say a one cloud vendor and have others. So I don't think this is necessarily about multicloud per se or being locked into one vendor. But they do manage many different services and they have legacy tooling and they have different systems that they bought at different stages and they want to bring them all together. And by bringing them all together that helps them make choices about consulting or even replacing some of them. But right now everything is siloed, everything is separate, both organizationally as well as the code bases or investments and tooling or contracts. Everything is just completely separated and it requires humans to put them together. And organizations actually try to gather around and put them together. I don't know if lock-in is the driving goal for this, but it is standardization consolidation. That's the driving initiative. >> And so unification and building is the big driver. They're building out >> Correct, and you can ask why are they doing that? What does standardization help with? It helps them to become more productive. They can move faster, they can innovate faster. Not as a ton of, like literally revenue written all over. So it's super important to them that they achieved this, increase their pace of innovation around this and they do that by standardizing. >> The great point in all this and your success at Upbound and now CNCF success with KubeCon + CloudNativeCon and now with the inaugural event of Cloud Native SecurityCon is that the customers are involved, a lot of end users are involved. There's a big driver not only from the industry and the developers and getting architecture right and having choice. The customers want this to happen. They're leaning in, they're part of it. So that's a big driver. Where does this go? If you had to throw a dart at the board five years from now Cloud Native SecurityCon, what does it look like if you had to predict the trajectory of this event and community? >> Yeah, I mean, look, I think the trajectory one is that we have what looks like a standardization layer emerging that is all encompassing. And as a result, there is a ton of opportunity for vendors, projects, communities to build around within on top of this layer. And essentially create, I think you talked about an operating system earlier and decentralized aspect of this, but it's an opportunity to actually, what it looks like for the first time we have a convergence happening industry-wide and through open source and open source foundations. And I think that means that there'll be new opportunity and lots of new projects and things that are created in the space. And it also means that if you don't attach this space, you'll likely be left out. >> Awesome. Bassam, great to have you on, great expert commentary, obviously multi CUBE alumni and supporter of theCUBE and as you become successful we really appreciate your support for helping us get the content out there. And best of luck to your team and thanks for weighing in on Cloud Native SecurityCon. >> Awesome. It's always good talking to you, John. Thank you. >> Great stuff. This is more CUBE coverage from Palo Alto, getting folks on the ground on location, getting us the stories in Seattle. Of course, Cloud Native SecurityCon, the inaugural event, which looks like will be the beginning of a series of multi-year journey for the CNCF, focusing on security. Of course, theCUBE's here to cover it, every angle of it, and extract the signal from the noise. I'm John Furrier, thanks for watching. (upbeat music)

(energetic music plays) >> Lisa: Hey everyone, we're so glad you're here with us. theCUBE is covering Cloud Native Security Con 23. Lisa Martin here with John Furrier. This is our second day of coverage of the event. We've had some great conversations with a lot of intellectual, exciting folks, as you know cuz you've been watching. John and I are very pleased to welcome back one of our alumni to theCUBE Taylor Dolezal joins us the head of ecosystem at CNCF. Taylor, welcome back to theCUBE. Great to see you. >> Taylor: Hey everybody, great to see you again. >> Lisa: So you are on the ground in Seattle. We're jealous. We've got fomo as John would say. Talk to us about, this is a inaugural event. We were watching Priyanka keynote yesterday. Seemed like a lot of folks there, 72 sessions a lot of content, a lot of discussions. What's the buzz, what's the reception of this inaugural event from your perspective? >> Taylor: So it's been really fantastic. I think the number one thing that has come out of this conference so far is that it's a wonderful chance to come together and for people to see one another. It's, it's been a long time that we've kind of had that opportunity to be able to interact with folks or you know, it's just a couple months since last Cube Con. But this is truly a different vibe and it's nice to have that focus on security. We're seeing a lot of folks within different organizations work through different problems and then finally have a vendor neutral space in which to talk about all of those contexts and really raise everybody up with all this new knowledge and new talking points, topics, and different facets of knowledge. >> John: Taylor, we were joking on our yesterday's summary of the keynotes, Dave Vellante and I, and the guests, Lisa and I, about the CNCF having an event operating system, you know, very decoupled highly cohesive events, strung together beautifully through the Linux Foundation, you know, kind of tongue in cheek but it was kind of fun to play on words because it's a very technical community. But the business model of, of hackers is booming. The reality of businesses booming and Cloud Native is the preferred developer environment for the future application. So the emphasis, it's very clear that this is a good move to do and targeting the community around security's a solid move. Amazon's done it with reinforce and reinvent. We see that Nice segmentation. What's the goal? Because this is really where it connects to Cube Con and Cloud Native Con as well because this shift left there too. But here it's very much about hardcore Cloud Native security. What's your positioning on this? Am I getting it right or is there is that how you guys see it? >> Taylor: Yeah, so, so that's what we've see that's what we were talking about as well as we were thinking on breaking this event out. So originally this event was a co-located event during the Cube Con windows in both Europe and North America. And then it just was so consistently popular clearly a topic that people wanted to talk, which is good that people want to talk of security. And so when we saw this massive continued kind of engagement, we wanted to break this off into its own conference. When we were going through that process internally, like you had mentioned the events team is just phenomenal to work with and they, I love how easy that they make it for us to be able to do these kinds of events too though we wanted to talk through how we differentiate this event from others and really what's changed for us and kind of how we see this space is that we didn't really see any developer-centric open source kinds of conferences. Ones that were really favoring of the developer and focus on APIs and ways in which to implement these things across all of your workloads within your organization. So that's truly what we're looking to go for here during these, all of these sessions. And that's how it's been playing out so far which has been really great to see. >> John: Taylor, I want to ask you on the ecosystem obviously the built-in ecosystem at CNCF.IO with Cube Cons Cloud Cons there, this is a new ecosystem opportunity to add more people that are security focused. Is their new entrance coming into the fold and what's been the reaction? >> Taylor: So short answer is yes we've seen a huge uptick across our vendor members and those are people that are creating Cloud offerings and selling those and working with others to implement them as well as our end users. So people consuming Cloud Native projects and using them to power core parts of their business. We have gotten a lot of data from groups like IBM and security, IBM security and put 'em on institute. They gave us a cost of data breach report that Priyanka mentioned and talked about 43% of those organizations haven't started or in the early stages of updating security practices of their cloud environments and then here on the ground, you know, talking through some best practices and really sharing those out as well. So it's, I've gotten to hear pieces and parts of different conversations and and I'm certain we'll hear more about those soon but it's just really been great to, to hear everybody with that main focus of, hey, there's more that we can do within the security space and you know, let's let's help one another out on that front just because it is such a vast landscape especially in the security space. >> Lisa: It's a huge landscape. And to your point earlier, Taylor it's everyone has the feeling that it's just so great to be back together again getting folks out of the silos that they've been operating in for such a long time. But I'd love to get some of your, whatever you can share in terms of some of the Cloud Native security projects that you've heard about over the last day or so. Anything exciting that you think is really demonstrating the value already and this inaugural event? >> Taylor: Yes, so I I've been really excited to hear a lot of, personally I've really liked the talks around EBPF. There are a whole bunch of projects utilizing that as far as runtime security goes and actually getting visibility into your workloads and being able to see things that you do expect and things that you don't expect and how to remediate those. And then I keep hearing a lot of talks about open policy agents and projects like Caverno around you know, how do we actually automate different policies or within regulated industries, how do we actually start to solve those problems? So I've heard even more around CNCF projects and other contexts that have come up but truly most of them have been around the telemetry space EBPF and, and quite a few others. So really great to, to see all those projects choosing something to bind to and making it that much more accessible for folks to implement or build on top of as well. >> John: I love the reference you guys had just the ChatGPT that was mentioned in the keynote yesterday and also the reference to Dan Kaminsky who was mentioned on the reference to DNS and Bind, lot of root level security going on. It seems like this is like a Tiger team event where all the top alpha security gurus come together, Priyanka said, experts bottoms up, developer first practitioners, that's the vibe. Is that kind of how you guys want it to be more practitioners hardcore? >> Taylor: Absolutely, absolutely. I think that when it comes to security, we really want to help. It's definitely a grassroots movement. It's great to have the people that have such a deep understanding of certain security, just bits of knowledge really when it comes to EBPF. You know, we have high surveillance here that we're talking things through. Falco is here with Sysdig and so it it's great to have all of these people here, though I have seen a good spread of folks that are, you know, most people have started their security journey but they're not where they want to be. And so people that are starting at a 2 0 1, 3 0 1, 4 0 1 level of understanding definitely seeing a good spread of knowledge on that front. But it's really, it's been great to have folks from all varying experiences, but then to have the expertise of the folks that are writing these specifications and pushing the boundaries of what's possible with security to to ensure that we're all okay and updated on that front too, I think was most notable yesterday. Like you had said >> Lisa: Sorry Taylor, when we think of security, again this is an issue that, that organizations in every industry face, nobody is immune to this. We can talk about the value in it for the hackers in terms of ransomware alone for example. But you mentioned a stat that there's a good amount of organizations that are really either early in their security journeys or haven't started yet which kind of sounds a bit scary given the landscape and how much has changed in the last couple of years. But it sounds like on the good news front it isn't too late for organizations. Talk a little bit about some of the recommendations and best practices for those organizations who are behind the curve knowing that the next attack is going to happen. >> Taylor: Absolutely. So fantastic question. I think that when it comes to understanding the fact that people need to implement security and abide by best practices, it's like I I'm sure that many of us can agree on that front, you know, hopefully all of us. But when it comes to actually implementing that, that's I agree with you completely. That's where it's really difficult to find where where do I start, where do I actually look at? And there are a couple of answers on that front. So within the CNTF ecosystem we have a technical action group security, so tag security and they have a whole bunch of working groups that cover different facets of the Cloud Native experience. So if you, for example, are concerned about runtime security or application delivery concerns within there, those are some really good places to find people knowledgeable about, that even when the conference isn't going on to get a sense of what's going on. And then TAG security has also published recently version two of their security report which is free accessible online. They can actually look through that, see what some of the recent topics are and points of focus and of interest are within our community. There are also other organizations like Open SSF which is taking a deeper dive into security. You know, initially kind of having a little bit more of an academic focus on that space and then now getting further into things around software bill materials or SBOMs supply chain security and other topics as well. >> John: Well we love you guys doing this. We think it's very big deal. We think it's important. We're starting to see events post COVID take a certain formation, you know joking aside about the event operating systems smaller events are happening, but they're tied together. And so this is key. And of course the critical need is our businesses are under siege with threats, ransomware, security challenges, that's IT moves to Cloud Native, not everyone's moved over yet. So that's in progress. So there's a huge business imperative and the hackers have a business model. So this isn't like pie in the sky, this is urgent. So, that being said, how do you see this developing from who should attend the next one or who are you looking for to be involved to get input from you guys are open arms and very diverse and great great culture there, but who are you looking for? What's the makeup persona that you hope to attract and nurture and grow? >> Taylor: Absolutely. I, think that when it comes to trying the folks that we're looking for the correct answer is it varies you know, from, you know, you're asking Priyanka or our executive director or Chris Aniszczyk our CTO, I work mostly with the end users, so for me personally I really want to see folks that are operating within our ecosystem and actually pulling these down, these projects down and using them and sharing those stories. Because there are people creating these projects and contributing to them might not always have an idea of how they're used or how they can be exploited too. A lot of these groups that I work with like Mercedes or Intuit for example, they're out there in the world using these, these projects and getting a sense for, you know, what can come up. And by sharing that knowledge I think that's what's most important across the board. So really looking for those stories to be told and novel ways in which people are trying to exploit security and attacking the supply chain, or building applications, or just things we haven't thought about. So truly that that developer archetype is really helpful to have the consumers, the end users, the folks that are actually using these. And then, yeah, and I'm truly anywhere knowledgeable about security or that wants to learn more >> John: Super important, we're here to help you scale those stories up whatever you need, send them our way. We're looking forward to getting those. This is a super important movement getting the end users who are on the front lines bringing it back into the open, building, more software, making it secure and verified, all super important. We really appreciate the mission you guys are on and again we're here to help. So send those stories our way. >> Taylor: Cool, cool. We couldn't do it without you. Yeah, just everyone contributing, everyone sharing the news. This is it's people, people is the is the true operating system of our ecosystem. So really great to, really great to share. >> Lisa: That's such a great point Taylor. It is all about people. You talked about this event having a different vibe. I wanted to learn a little bit more about that as we, as we wrap up because there's so much cultural change that's required for organizations to evolve their security practices. And so people of course are at the center of culture. Talk a little bit about why that vibe is different and do you think that yeah, it's finally time. Everyone's getting on the same page here we're understanding, we're learning from each other. >> Taylor: Yes. So, so to kind of answer that, I think it's really a focus on, there's this term shift left and shift right. And talking about where do we actually put security in the mix as it comes to people adopting this and and figuring out where things go. And if you keep shifting at left, that meaning that the developers should care more deeply about this and a deeper understanding of all of these, you know, even if it's, even if they don't understand how to put it together, maybe understand a little bit about it or how these topics and, and facets of knowledge work. But you know, like with anything, if you shift everything off to one side or the other that's also not going to be efficient. You know, you want a steady stream of knowledge flowing throughout your whole organization. So I think that that's been something that has been a really interesting topic and, and hearing people kind of navigate and try to get through, especially groups that have had, you know, deployed an app and it's going to be around for 40 years as well. So I think that those are some really interesting and unique areas of focus that I've come up on the floor and then in a couple of the sessions here >> Lisa: There's got to be that, that balance there. Last question as we wrap the last 30 seconds or so what are you excited about given the success and the momentum of day one? What excites you about what's ahead for us on day two? >> Taylor: So on day two, I'm really, it's, there's just so many sessions. I think that it was very difficult for me to, you know pick which one I was actually going to go see. There are a lot of favorites that I had kind of doubled up at each of the time so I'm honestly going to be in a lot of the sessions today. So really excited about that. Supply chain security is definitely one that's close to my heart as well but I'm really curious to see what new topics, concepts or novel ideas people have to kind of exploit things. Like one for example is a package is out there it's called Browser Test but somebody came up with one called Bowser Test. Just a very simple misname and then when you go and run that it does a fake kind of like, hey you've been exploited and just even these incorrect name attacks. That's something that is really close and dear to me as well. Kind of hearing about all these wild things people wouldn't think about in terms of exploitation. So really, really excited to hear more stories on that front and better protect myself both at home and within the Cloud Community as I stand these things up. >> Lisa: Absolutely you need to clone yourself so that you can, there's so many different sessions. There needs to be multiple versions of Taylor that you can attend and then you can all get together and talk about and learn. But that's actually a really good problem to have as we mentioned when we started 72 sessions yesterday and today. Lots of great content. Taylor, we thank you for your participation. We thank you for bringing the vibe and the buzz of the event to us and we look forward as well to hearing and seeing what day two brings us today. Thank you so much for your time Taylor. >> Taylor: Thank you for having me. >> John: All right >> Lisa: Right, for our guest and John Furrier, I'm Lisa Martin. You're watching theCube's Day two coverage of Cloud Native Security Con 23. (energetic music plays)

(upbeat music) >> Hey, everyone. Welcome back to theCUBE's day one coverage of Cloud Native SecurityCon 2023. This has been a great conversation that we've been able to be a part of today. Lisa Martin with John Furrier and Dave Vellante. Dave and John, I want to get your take on the conversations that we had today, starting with the keynote that we were able to see. What are your thoughts? We talked a lot about technology. We also talked a lot about people and culture. John, starting with you, what's the story here with this inaugural event? >> Well, first of all, there's two major threads. One is the breakout of a new event from CloudNativeCon/KubeCon, which is a very successful community and events that they do international and in North America. And that's not stopping. So that's going to be continuing to go great. This event is a breakout with an extreme focus on security and all things security around that ecosystem. And with extensions into the Linux Foundation. We heard Brian Behlendorf was on there from the Linux Foundation. So he was involved in Hyperledger. So not just Cloud Native, all things containers, Kubernetes, all things Linux Foundation as an open source. So, little bit more of a focus. So I like that piece of it. The other big thread on this story is what Dave and Yves were talking about on our panel we had earlier, which was the business model of security is real and that is absolutely happening. It's impacting business today. So you got this, let's build as fast as possible, let's retool, let's replatform, refactor and then the reality of the business imperative. To me, those are the two big high-order bits that are going on and that's the reality of this current situation. >> Dave, what are your top takeaways from today's day one inaugural coverage? >> Yeah, I would add a third leg of the stool to what John said and that's what we were talking about several times today about the security is a do-over. The Pat Gelsinger quote, from what was that, John, 2011, 2012? And that's right around the time that the cloud was hitting this steep part of the S-curve and do-over really has meant in looking back, leveraging cloud native tooling, and cloud native technologies, which are different than traditional security approaches because it has to take into account the unique characteristics of the cloud whether that's dynamic resource allocation, unlimited resources, microservices, containers. And while that has helped solve some problems it also brings new challenges. All these cloud native tools, securing this decentralized infrastructure that people are dealing with and really trying to relearn the security culture. And that's kind of where we are today. >> I think the other thing too that I had Dave is that was we get other guests on with a diverse opinion around foundational models with AI and machine learning. You're going to see a lot more things come in to accelerate the scale and automation piece of it. It is one thing that CloudNativeCon and KubeCon has shown us what the growth of cloud computing is is that containers Kubernetes and these new services are powering scale. And scale you're going to need to have automation and machine learning and AI will be a big part of that. So you start to see the new formation of stacks emerging. So foundational stacks is the machine learning and data apps are coming out. It's going to start to see more apps coming. So I think there's going to be so many new applications and services are going to emerge, and if you don't get your act together on the infrastructure side those apps will not be fully baked. >> And obviously that's a huge risk. Sorry, Dave, go ahead. >> No, that's okay. So there has to be hardware somewhere. You can't get away with no hardware. But increasingly the security architecture like everything else is, is software-defined and makes it a lot more flexible. And to the extent that practitioners and organizations can consolidate this myriad of tools that they have, that means they're going to have less trouble learning new skills, they're going to be able to spend more time focused and become more proficient on the tooling that is being applied. And you're seeing the same thing on the vendor side. You're seeing some of these large vendors, Palo Alto, certainly CrowdStrike and fundamental to their strategy is to pick off more and more and more of these areas in security and begin to consolidate them. And right now, that's a big theme amongst organizations. We know from the survey data that consolidating redundant vendors is the number one cost saving priority today. Along with, at a distant second, optimizing cloud costs, but consolidating redundant vendors there's nowhere where that's more prominent than in security. >> Dave, talk a little bit about that, you mentioned the practitioners and obviously this event bottoms up focused on the practitioners. It seems like they're really in the driver's seat now. With this being the inaugural Cloud Native SecurityCon, first time it's been pulled out of an elevated out of KubeCon as a focus, do you think this is about time that the practitioners are in the driver's seat? >> Well, they're certainly, I mean, we hear about all the tech layoffs. You're not laying off your top security pros and if you are, they're getting picked up very quickly. So I think from that standpoint, anybody who has deep security expertise is in the driver's seat. The problem is that driver's seat is pretty hairy and you got to have the stomach for it. I mean, these are technical heroes, if you will, on the front lines, literally saving the world from criminals and nation-states. And so yes, I think Lisa they have been in the driver's seat for a while, but it it takes a unique person to drive at those speeds. >> I mean, the thing too is that the cloud native world that we are living in comes from cloud computing. And if you look at this, what is a practitioner? There's multiple stakeholders that are being impacted and are vulnerable in the security front at many levels. You have application developers, you got IT market, you got security, infrastructure, and network and whatever. So all that old to new is happening. So if you look at IT, that market is massive. That's still not transformed yet to cloud. So you have companies out there literally fully exposed to ransomware. IT teams that are having practices that are antiquated and outdated. So security patching, I mean the blocking and tackling of the old securities, it's hard to even support that old environment. So in this transition from IT to cloud is changing everything. And so practitioners are impacted from the devs and the ones that get there faster and adopt the ways to make their business better, whether you call it modern technology and architectures, will be alive and hopefully thriving. So that's the challenge. And I think this security focus hits at the heart of the reality of business because like I said, they're under threats. >> I wanted to pick up too on, I thought Brian Behlendorf, he did a forward looking what could become the next problem that we really haven't addressed. He talked about generative AI, automating spearphishing and he flat out said the (indistinct) is not fixed. And so identity access management, again, a lot of different toolings. There's Microsoft, there's Okta, there's dozens of companies with different identity platforms that practitioners have to deal with. And then what he called free riders. So these are folks that go into the repos. They're open source repos, and they find vulnerabilities that developers aren't hopping on quickly. It's like, you remember Patch Tuesday. We still have Patch Tuesday. That meant Hacker Wednesday. It's kind of the same theme there going into these repos and finding areas where the practitioners, the developers aren't responding quickly enough. They just don't necessarily have the resources. And then regulations, public policy being out of alignment with what's really needed, saying, "Oh, you can't ship that fix outside of Germany." Or I'm just making this up, but outside of this region because of a law. And you could be as a developer personally liable for it. So again, while these practitioners are in the driver's seat, it's a hairy place to be. >> Dave, we didn't get the word supercloud in much on this event, did we? >> Well, I'm glad you brought that up because I think security is the big single, biggest challenge for supercloud, securing the supercloud with all the diversity of tooling across clouds and I think you brought something up in the first supercloud, John. You said, "Look, ultimately the cloud, the hyperscalers have to lean in. They are going to be the enablers of supercloud. They already are from an infrastructure standpoint, but they can solve this problem by working together. And I think there needs to be more industry collaboration. >> And I think the point there is that with security the trend will be, in my opinion, you'll see security being reborn in the cloud, around zero trust as structure, and move from an on-premise paradigm to fully cloud native. And you're seeing that in the network side, Dave, where people are going to each cloud and building stacks inside the clouds, hyperscaler clouds that are completely compatible end-to-end with on-premises. Not trying to force the cloud to be working with on-prem. They're completely refactoring as cloud native first. And again, that's developer first, that's data first, that's security first. So to me that's the tell sign. To me is if when you see that, that's good. >> And Lisa, I think the cultural conversation that you've brought into these discussions is super important because I've said many times, bad user behavior is going to trump good security every time. So that idea that the entire organization is responsible for security. You hear that all the time. Well, what does that mean? It doesn't mean I have to be a security expert, it just means I have to be smart. How many people actually use a VPN? >> So I think one of the things that I'm seeing with the cultural change is face-to-face problem solving is one, having remote teams is another. The skillset is big. And I think the culture of having these teams, Dave mentioned something about intramural sports, having the best people on the teams, from putting captains on the jersey of security folks is going to happen. I think you're going to see a lot more of that going on because there's so many areas to work on. You're going to start to see security embedded in all processes. >> Well, it needs to be and that level of shared responsibility is not trivial. That's across the organization. But they're also begs the question of the people problem. People are one of the biggest challenges with respect to security. Everyone has to be on board with this. It has to be coming from the top down, but also the bottom up at the same time. It's challenging to coordinate. >> Well, the training thing I think is going to solve itself in good time. And I think in the fullness of time, if I had to predict, you're going to see managed services being a big driver on the front end, and then as companies realize where their IP will be you'll see those managed service either be a core competency of their business and then still leverage. So I'm a big believer in managed services. So you're seeing Kubernetes, for instance, a lot of managed services. You'll start to see more, get the ball going, get that rolling, then build. So Dave mentioned bottoms up, middle out, that's how transformation happens. So I think managed services will win from here, but ultimately the business model stuff is so critical. >> I'm glad you brought up managed services and I want to add to that managed security service providers, because I saw a stat last year, 50% of organizations in the US don't even have a security operations team. So managed security service providers MSSPs are going to fill the gap, especially for small and midsize companies and for those larger companies that just need to augment and compliment their existing staff. And so those practitioners that we've been talking about, those really hardcore pros, they're going to go into these companies, some large, the big four, all have them. Smaller companies like Arctic Wolf are going to, I think, really play a key role in this decade. >> I want to get your opinion Dave on what you're hoping to see from this event as we've talked about the first inaugural standalone big focus here on security as a standalone. Obviously, it's a huge challenge. What are you hoping for this event to get groundswell from the community? What are you hoping to hear and see as we wrap up day one and go into day two? >> I always say events like this they're about educating, aspiring to action. And so the practitioners that are at this event I think, I used to say they're the technical heroes. So we know there's going to be another Log4j or a another SolarWinds. It's coming. And my hope is that when that happens, it's not an if, it's a when, that the industry, these practitioners are able to respond in a way that's safe and fast and agile and they're able to keep us protected, number one and number two, that they can actually figure out what happened in the long tail of still trying to clean it up is compressed. That's my hope or maybe it's a dream. >> I think day two tomorrow you're going to hear more supply chain, security. You're going to start to see them focus on sessions that target areas if within the CNCF KubeCon + CloudNativeCon area that need support around containers, clusters, around Kubernetes cluster. You're going to start to see them laser focus on cleaning up the house, if you will, if you can call it cleaning up or fixing what needs to get fixed or solved what needs to get solved on the cloud native front. That's going to be urgent. And again, supply chain software as Dave mentioned, free riders too, just using open source. So I think you'll see open source continue to grow, but there'll be an emphasis on verification and certification. And Docker has done a great job with that. You've seen what they've done with their business model over hundreds of millions of dollars in revenue from a pivot. Catch a few years earlier because they verify. So I think we're going to be in this verification blue check mark of code era, of code and software. Super important bill of materials. They call SBOMs, software bill of materials. People want to know what's in their software and that's going to be, again, another opportunity for machine learning and other things. So I'm optimistic that this is going to be a good focus. >> Good. I like that. I think that's one of the things thematically that we've heard today is optimism about what this community can generate in terms of today's point. The next Log4j is coming. We know it's not if, it's when, and all organizations need to be ready to Dave's point to act quickly with agility to dial down and not become the next headline. Nobody wants to be that. Guys, it's been fun working with you on this day one event. Looking forward to day two. Lisa Martin for Dave Vellante and John Furrier. You're watching theCUBE's day one coverage of Cloud Native SecurityCon '23. We'll see you tomorrow. (upbeat music)

(upbeat music) >> Hello and welcome back to theCUBE. We're here in Palo Alto, California. I'm your host, John Furrier with a special guest here in the studio. As part of our Cloud Native SecurityCon Coverage we had an opportunity to bring in Jon Turow who is the partner at Madrona Venture Partners formerly with AWS and to talk about machine learning, foundational models, and how the future of AI is going to be impacted by some of the innovation around what's going on in the industry. ChatGPT has taken the world by storm. A million downloads, fastest to the million downloads there. Before some were saying it's just a gimmick. Others saying it's a game changer. Jon's here to break it down, and great to have you on. Thanks for coming in. >> Thanks John. Glad to be here. >> Thanks for coming on. So first of all, I'm glad you're here. First of all, because two things. One, you were formerly with AWS, got a lot of experience running projects at AWS. Now a partner at Madrona, a great firm doing great deals, and they had this future at modern application kind of thesis. Now you are putting out some content recently around foundational models. You're deep into computer vision. You were the IoT general manager at AWS among other things, Greengrass. So you know a lot about data. You know a lot about some of this automation, some of the edge stuff. You've been in the middle of all these kind of areas that now seem to be the next wave coming. So I wanted to ask you what your thoughts are of how the machine learning and this new automation wave is coming in, this AI tools are coming out. Is it a platform? Is it going to be smarter? What feeds AI? What's your take on this whole foundational big movement into AI? What's your general reaction to all this? >> So, thanks, Jon, again for having me here. Really excited to talk about these things. AI has been coming for a long time. It's been kind of the next big thing. Always just over the horizon for quite some time. And we've seen really compelling applications in generations before and until now. Amazon and AWS have introduced a lot of them. My firm, Madrona Venture Group has invested in some of those early players as well. But what we're seeing now is something categorically different. That's really exciting and feels like a durable change. And I can try and explain what that is. We have these really large models that are useful in a general way. They can be applied to a lot of different tasks beyond the specific task that the designers envisioned. That makes them more flexible, that makes them more useful for building applications than what we've seen before. And so that, we can talk about the depths of it, but in a nutshell, that's why I think people are really excited. >> And I think one of the things that you wrote about that jumped out at me is that this seems to be this moment where there's been a multiple decades of nerds and computer scientists and programmers and data thinkers around waiting for AI to blossom. And it's like they're scratching that itch. Every year is going to be, and it's like the bottleneck's always been compute power. And we've seen other areas, genome sequencing, all kinds of high computation things where required high forms computing. But now there's no real bottleneck to compute. You got cloud. And so you're starting to see the emergence of a massive acceleration of where AI's been and where it needs to be going. Now, it's almost like it's got a reboot. It's almost a renaissance in the AI community with a whole nother macro environmental things happening. Cloud, younger generation, applications proliferate from mobile to cloud native. It's the perfect storm for this kind of moment to switch over. Am I overreading that? Is that right? >> You're right. And it's been cooking for a cycle or two. And let me try and explain why that is. We have cloud and AWS launch in whatever it was, 2006, and offered more compute to more people than really was possible before. Initially that was about taking existing applications and running them more easily in a bigger scale. But in that period of time what's also become possible is new kinds of computation that really weren't practical or even possible without that vast amount of compute. And so one result that came of that is something called the transformer AI model architecture. And Google came out with that, published a paper in 2017. And what that says is, with a transformer model you can actually train an arbitrarily large amount of data into a model, and see what happens. That's what Google demonstrated in 2017. The what happens is the really exciting part because when you do that, what you start to see, when models exceed a certain size that we had never really seen before all of a sudden they get what we call emerging capabilities of complex reasoning and reasoning outside a domain and reasoning with data. The kinds of things that people describe as spooky when they play with something like ChatGPT. That's the underlying term. We don't as an industry quite know why it happens or how it happens, but we can measure that it does. So cloud enables new kinds of math and science. New kinds of math and science allow new kinds of experimentation. And that experimentation has led to this new generation of models. >> So one of the debates we had on theCUBE at our Supercloud event last month was, what's the barriers to entry for say OpenAI, for instance? Obviously, I weighed in aggressively and said, "The barriers for getting into cloud are high because all the CapEx." And Howie Xu formerly VMware, now at ZScaler, he's an AI machine learning guy. He was like, "Well, you can spend $100 million and replicate it." I saw a quote that set up for 180,000 I can get this other package. What's the barriers to entry? Is ChatGPT or OpenAI, does it have sustainability? Is it easy to get into? What is the market like for AI? I mean, because a lot of entrepreneurs are jumping in. I mean, I just read a story today. San Francisco's got more inbound migration because of the AI action happening, Seattle's booming, Boston with MIT's been working on neural networks for generations. That's what we've found the answer. Get off the neural network, Boston jump on the AI bus. So there's total excitement for this. People are enthusiastic around this area. >> You can think of an iPhone versus Android tension that's happening today. In the iPhone world, there are proprietary models from OpenAI who you might consider as the leader. There's Cohere, there's AI21, there's Anthropic, Google's going to have their own, and a few others. These are proprietary models that developers can build on top of, get started really quickly. They're measured to have the highest accuracy and the highest performance today. That's the proprietary side. On the other side, there is an open source part of the world. These are a proliferation of model architectures that developers and practitioners can take off the shelf and train themselves. Typically found in Hugging face. What people seem to think is that the accuracy and performance of the open source models is something like 18 to 20 months behind the accuracy and performance of the proprietary models. But on the other hand, there's infinite flexibility for teams that are capable enough. So you're going to see teams choose sides based on whether they want speed or flexibility. >> That's interesting. And that brings up a point I was talking to a startup and the debate was, do you abstract away from the hardware and be software-defined or software-led on the AI side and let the hardware side just extremely accelerate on its own, 'cause it's flywheel? So again, back to proprietary, that's with hardware kind of bundled in, bolted on. Is it accelerator or is it bolted on or is it part of it? So to me, I think that the big struggle in understanding this is that which one will end up being right. I mean, is it a beta max versus VHS kind of thing going on? Or iPhone, Android, I mean iPhone makes a lot of sense, but if you're Apple, but is there an Apple moment in the machine learning? >> In proprietary models, here does seem to be a jump ball. That there's going to be a virtuous flywheel that emerges that, for example, all these excitement about ChatGPT. What's really exciting about it is it's really easy to use. The technology isn't so different from what we've seen before even from OpenAI. You mentioned a million users in a short period of time, all providing training data for OpenAI that makes their underlying models, their next generation even better. So it's not unreasonable to guess that there's going to be power laws that emerge on the proprietary side. What I think history has shown is that iPhone, Android, Windows, Linux, there seems to be gravity towards this yin and yang. And my guess, and what other people seem to think is going to be the case is that we're going to continue to see these two poles of AI. >> So let's get into the relationship with data because I've been emerging myself with ChatGPT, fascinated by the ease of use, yes, but also the fidelity of how you query it. And I felt like when I was doing writing SQL back in the eighties and nineties where SQL was emerging. You had to be really a guru at the SQL to get the answers you wanted. It seems like the querying into ChatGPT is a good thing if you know how to talk to it. Labeling whether your input is and it does a great job if you feed it right. If you ask a generic questions like Google. It's like a Google search. It gives you great format, sounds credible, but the facts are kind of wrong. >> That's right. >> That's where general consensus is coming on. So what does that mean? That means people are on one hand saying, "Ah, it's bullshit 'cause it's wrong." But I look at, I'm like, "Wow, that's that's compelling." 'Cause if you feed it the right data, so now we're in the data modeling here, so the role of data's going to be critical. Is there a data operating system emerging? Because if this thing continues to go the way it's going you can almost imagine as you would look at companies to invest in. Who's going to be right on this? What's going to scale? What's sustainable? What could build a durable company? It might not look what like what people think it is. I mean, I remember when Google started everyone thought it was the worst search engine because it wasn't a portal. But it was the best organic search on the planet became successful. So I'm trying to figure out like, okay, how do you read this? How do you read the tea leaves? >> Yeah. There are a few different ways that companies can differentiate themselves. Teams with galactic capabilities to take an open source model and then change the architecture and retrain and go down to the silicon. They can do things that might not have been possible for other teams to do. There's a company that that we're proud to be investors in called RunwayML that provides video accelerated, sorry, AI accelerated video editing capabilities. They were used in everything, everywhere all at once and some others. In order to build RunwayML, they needed a vision of what the future was going to look like and they needed to make deep contributions to the science that was going to enable all that. But not every team has those capabilities, maybe nor should they. So as far as how other teams are going to differentiate there's a couple of things that they can do. One is called prompt engineering where they shape on behalf of their own users exactly how the prompt to get fed to the underlying model. It's not clear whether that's going to be a durable problem or whether like Google, we consumers are going to start to get more intuitive about this. That's one. The second is what's called information retrieval. How can I get information about the world outside, information from a database or a data store or whatever service into these models so they can reason about them. And the third is, this is going to sound funny, but attribution. Just like you would do in a news report or an academic paper. If you can state where your facts are coming from, the downstream consumer or the human being who has to use that information actually is going to be able to make better sense of it and rely better on it. So that's prompt engineering, that's retrieval, and that's attribution. >> So that brings me to my next point I want to dig in on is the foundational model stack that you published. And I'll start by saying that with ChatGPT, if you take out the naysayers who are like throwing cold water on it about being a gimmick or whatever, and then you got the other side, I would call the alpha nerds who are like they can see, "Wow, this is amazing." This is truly NextGen. This isn't yesterday's chatbot nonsense. They're like, they're all over it. It's that everybody's using it right now in every vertical. I heard someone using it for security logs. I heard a data center, hardware vendor using it for pushing out appsec review updates. I mean, I've heard corner cases. We're using it for theCUBE to put our metadata in. So there's a horizontal use case of value. So to me that tells me it's a market there. So when you have horizontal scalability in the use case you're going to have a stack. So you publish this stack and it has an application at the top, applications like Jasper out there. You're seeing ChatGPT. But you go after the bottom, you got silicon, cloud, foundational model operations, the foundational models themselves, tooling, sources, actions. Where'd you get this from? How'd you put this together? Did you just work backwards from the startups or was there a thesis behind this? Could you share your thoughts behind this foundational model stack? >> Sure. Well, I'm a recovering product manager and my job that I think about as a product manager is who is my customer and what problem he wants to solve. And so to put myself in the mindset of an application developer and a founder who is actually my customer as a partner at Madrona, I think about what technology and resources does she need to be really powerful, to be able to take a brilliant idea, and actually bring that to life. And if you spend time with that community, which I do and I've met with hundreds of founders now who are trying to do exactly this, you can see that the stack is emerging. In fact, we first drew it in, not in January 2023, but October 2022. And if you look at the difference between the October '22 and January '23 stacks you're going to see that holes in the stack that we identified in October around tooling and around foundation model ops and the rest are organically starting to get filled because of how much demand from the developers at the top of the stack. >> If you look at the young generation coming out and even some of the analysts, I was just reading an analyst report on who's following the whole data stacks area, Databricks, Snowflake, there's variety of analytics, realtime AI, data's hot. There's a lot of engineers coming out that were either data scientists or I would call data platform engineering folks are becoming very key resources in this area. What's the skillset emerging and what's the mindset of that entrepreneur that sees the opportunity? How does these startups come together? Is there a pattern in the formation? Is there a pattern in the competency or proficiency around the talent behind these ventures? >> Yes. I would say there's two groups. The first is a very distinct pattern, John. For the past 10 years or a little more we've seen a pattern of democratization of ML where more and more people had access to this powerful science and technology. And since about 2017, with the rise of the transformer architecture in these foundation models, that pattern has reversed. All of a sudden what has become broader access is now shrinking to a pretty small group of scientists who can actually train and manipulate the architectures of these models themselves. So that's one. And what that means is the teams who can do that have huge ability to make the future happen in ways that other people don't have access to yet. That's one. The second is there is a broader population of people who by definition has even more collective imagination 'cause there's even more people who sees what should be possible and can use things like the proprietary models, like the OpenAI models that are available off the shelf and try to create something that maybe nobody has seen before. And when they do that, Jasper AI is a great example of that. Jasper AI is a company that creates marketing copy automatically with generative models such as GPT-3. They do that and it's really useful and it's almost fun for a marketer to use that. But there are going to be questions of how they can defend that against someone else who has access to the same technology. It's a different population of founders who has to find other sources of differentiation without being able to go all the way down to the the silicon and the science. >> Yeah, and it's going to be also opportunity recognition is one thing. Building a viable venture product market fit. You got competition. And so when things get crowded you got to have some differentiation. I think that's going to be the key. And that's where I was trying to figure out and I think data with scale I think are big ones. Where's the vulnerability in the stack in terms of gaps? Where's the white space? I shouldn't say vulnerability. I should say where's the opportunity, where's the white space in the stack that you see opportunities for entrepreneurs to attack? >> I would say there's two. At the application level, there is almost infinite opportunity, John, because almost every kind of application is about to be reimagined or disrupted with a new generation that takes advantage of this really powerful new technology. And so if there is a kind of application in almost any vertical, it's hard to rule something out. Almost any vertical that a founder wishes she had created the original app in, well, now it's her time. So that's one. The second is, if you look at the tooling layer that we discussed, tooling is a really powerful way that you can provide more flexibility to app developers to get more differentiation for themselves. And the tooling layer is still forming. This is the interface between the models themselves and the applications. Tools that help bring in data, as you mentioned, connect to external actions, bring context across multiple calls, chain together multiple models. These kinds of things, there's huge opportunity there. >> Well, Jon, I really appreciate you coming in. I had a couple more questions, but I will take a minute to read some of your bios for the audience and we'll get into, I won't embarrass you, but I want to set the context. You said you were recovering product manager, 10 plus years at AWS. Obviously, recovering from AWS, which is a whole nother dimension of recovering. In all seriousness, I talked to Andy Jassy around that time and Dr. Matt Wood and it was about that time when AI was just getting on the radar when they started. So you guys started seeing the wave coming in early on. So I remember at that time as Amazon was starting to grow significantly and even just stock price and overall growth. From a tech perspective, it was pretty clear what was coming, so you were there when this tsunami hit. >> Jon: That's right. >> And you had a front row seat building tech, you were led the product teams for Computer Vision AI, Textract, AI intelligence for document processing, recognition for image and video analysis. You wrote the business product plan for AWS IoT and Greengrass, which we've covered a lot in theCUBE, which extends out to the whole edge thing. So you know a lot about AI/ML, edge computing, IOT, messaging, which I call the law of small numbers that scale become big. This is a big new thing. So as a former AWS leader who's been there and at Madrona, what's your investment thesis as you start to peruse the landscape and talk to entrepreneurs as you got the stack? What's the big picture? What are you looking for? What's the thesis? How do you see this next five years emerging? >> Five years is a really long time given some of this science is only six months out. I'll start with some, no pun intended, some foundational things. And we can talk about some implications of the technology. The basics are the same as they've always been. We want, what I like to call customers with their hair on fire. So they have problems, so urgent they'll buy half a product. The joke is if your hair is on fire you might want a bucket of cold water, but you'll take a tennis racket and you'll beat yourself over the head to put the fire out. You want those customers 'cause they'll meet you more than halfway. And when you find them, you can obsess about them and you can get better every day. So we want customers with their hair on fire. We want founders who have empathy for those customers, understand what is going to be required to serve them really well, and have what I like to call founder-market fit to be able to build the products that those customers are going to need. >> And because that's a good strategy from an emerging, not yet fully baked out requirements definition. >> Jon: That's right. >> Enough where directionally they're leaning in, more than in, they're part of the product development process. >> That's right. And when you're doing early stage development, which is where I personally spend a lot of my time at the seed and A and a little bit beyond that stage often that's going to be what you have to go on because the future is going to be so complex that you can't see the curves beyond it. But if you have customers with their hair on fire and talented founders who have the capability to serve those customers, that's got me interested. >> So if I'm an entrepreneur, I walk in and say, "I have customers that have their hair on fire." What kind of checks do you write? What's the kind of the average you're seeing for seed and series? Probably seed, seed rounds and series As. >> It can depend. I have seen seed rounds of double digit million dollars. I have seen seed rounds much smaller than that. It really depends on what is going to be the right thing for these founders to prove out the hypothesis that they're testing that says, "Look, we have this customer with her hair on fire. We think we can build at least a tennis racket that she can use to start beating herself over the head and put the fire out. And then we're going to have something really interesting that we can scale up from there and we can make the future happen. >> So it sounds like your advice to founders is go out and find some customers, show them a product, don't obsess over full completion, get some sort of vibe on fit and go from there. >> Yeah, and I think by the time founders come to me they may not have a product, they may not have a deck, but if they have a customer with her hair on fire, then I'm really interested. >> Well, I always love the professional services angle on these markets. You go in and you get some business and you understand it. Walk away if you don't like it, but you see the hair on fire, then you go in product mode. >> That's right. >> All Right, Jon, thank you for coming on theCUBE. Really appreciate you stopping by the studio and good luck on your investments. Great to see you. >> You too. >> Thanks for coming on. >> Thank you, Jon. >> CUBE coverage here at Palo Alto. I'm John Furrier, your host. More coverage with CUBE Conversations after this break. (upbeat music)