(soft electronic music) >> Well, it's good to have you here as we continue our series of CUBE Conversations in the AWS Startup Showcase. Today, our focus is on HackerOne and the CEO of HackerOne, Mårten Mickos joins us. Mårten, thanks for being with us, we appreciate the time. Good to see you here, on theCUBE, today. >> Thanks for inviting me, John. >> Let's talk about HackerOne, the global, digital security leader. You are taking care of everybody's worst digital nightmares these days and so congratulations on that front, but I know you've got your hands full. Let's go back for those who are watching that don't know a lot about your history and just tell us about the origination, about how you gathered this stable of hackers, if you will, for good, ethical hacking, we might call that, and how that began and where that path has led you. >> Yes, thank you, John. You mentioned it already, you said the worst nightmare. The worst nightmare we all now have is that we get hacked. We all have to worry as consumers, companies, governments that criminals will break into our system. And then when you start thinking rational think, okay, if the worst nightmare is a cyber crime and getting breached, what is then a medication potent enough to rise to that same level? What can stop your software vulnerabilities from being exploited by criminals? And the world has built a lot of testing software, procedures, scanners, all kinds of things to get there, but none have risen to the level of true criminal activity. But then this movement of ethical hacking has people with the same skill and same passion, and same ability to come from the outside and break in except one difference, they have good intent. So we have a collection, a community of all the ethical hackers in the world, over a million of them, who are all ready to go in and in a way, think the bad and do the good. So they approach your system as if they were attacking you and when they find a hole, they tell you and you can fix it. And it turns out that there's no other way of finding all the ways in which a bad guy could break in. You could do all the other things and you should do all the testing and scanning and whatnot, but it won't rise to that same level, it won't find all the vulnerabilities, it won't think as expansively as a criminal will think. But the ethical hackers do and they are unstoppable. And there are many more ethical hackers than are bad hackers in the world. We have 1.2 million in our community, that's more than there are black hats or criminal hackers in the whole world. >> Yeah, that's an incredible number. I mean, 1.2 million-- >> And growing. >> Ethical hackers. >> And growing. >> How did you go about building that community and vetting that community, right? Because there has to be some kind of credential that you bring to the table, some kind of expertise. So how do you know that everybody in that 1.2 million, which again, just a phenomenal number is of the same cloth, if you will, of good intent and willing to help? >> They would never sign up if they didn't have good intent because we know about them, we can see where they came from. So if you're a criminal, you would never voluntarily give away such information about yourself. So we know their intent. They're, of course, varying in terms of skill and drive and passion and abilities, so we have a ranking system where we can learn about their skills and we test them, so we can, out of that giant community, find the ones who are truly outstanding. Because like in any endeavor in life, some are just natural talent, some work hard to become the top talent, and most of us are just regular, mediocre players in whatever sports we are in, like, like I am. But we have, we managed to find the most talented hackers in the whole world and through sort of a social competition we cause them to learn more, get better, and just better and better. And, and here's the other dimension. So the first dimension is that we have to have a cure that is as strong, as potent as the risk so we have to find vulnerabilities at the same level as criminals will find. Well our hackers will do that. The second thing is it's a moving target. Whatever you learned in cybersecurity yesterday may already be outdated. Whatever technology you are, you are catching up with may already be different than it was yesterday. But thanks to our giant community, we have this sort of evolution inside of the community where new talent is always coming in with new skill and replacing the old ones. So as a hacker, of course, you compete with all your other friendly hackers to be the best, but one day you'll get beaten by a new guy, a new person, a new hacker who has figured out the new technology. And that's how we stay current. Like we, there's no risk of the knowledge being outdated or stagnated because the people revolve in this community and it's always the freshest, most accurate, current talent that's being deployed in our programs. >> Yeah, we've had a lot of conversations with cybersecurity experts over the years here, on theCUBE and generally there's been a theme of, I wouldn't say resignation, that's too strong. I'd say almost acceptance that there are going to be challenges and sometimes bad guys win. Sometimes vulnerabilities are, do yield results, you know, will ill intent. So how do you match the skill level on your side with the skill level and the motivation of the criminal actors on the other side and keep up with that? Because there's great financial motivation on that, on the bad side, you know, in order to, ransomware, you know, a great example of that. But how do you continue to fortify the hackers on your side to match that motivation that is so deeply embedded on the ill side? >> You brought up many good points, so let me start from the backend of them. So first of all, when we say that it's very lucrative to do cyber crime, I don't think it is lucrative for the actual doers. Like in ransomware, a lot of monies is changing hands, but I think it ends up in, ends up in very few hands. So a lot of the technical cyber criminals who are conducting it are probably not making much money. In opposition of this, in our ethical hacking community, we already have 14 hackers who have earned more than a million dollars by working on our programs. That is a lot of money. It's a lot of money even for criminals. If you are enlisted by a nefarious government or other nefarious organization to work for them, they don't necessarily pay you well, but working as a white hat, you can earn much, much more. So I do think the economics is rigged the right way, especially as human beings inherently want to do good. And they are ready to do good even if their pay is much lower. Now, the pay isn't lower, but even if it were, the propensity to do good, it overpowers the likelihood of somebody becoming a criminal. So, so as we, as long as we work together and pool our defenses, we'll be much stronger than any criminals. >> So, so let, if you would, let's turn the page then to you've established the talent pool, very deep, great bench. You've got a lot of people doing really good work. So let's talk about the work they are doing in terms of vulnerabilities that they're sighting, whether it's app security, cloud security, whatever the case may be. What, generally, what are you finding? What are you seeing, like where are the mistakes being made generally in your client base? What kinds of things are you pinpointing to them that you're finding through your work that they can shore up and build those defenses a little stronger? >> Broadly speaking, when you look at the industry today, every organization is undergoing digital transformation, and some do it from a primitive standpoint, some are already running on software. But there's a digital transformation going on, most organizations are moving workloads to the cloud, to a public cloud. When that happens, the nature of your application workload changes, the nature of the threat changes, and the possibilities for mistakes will be different. When you deploy workloads on a public cloud, you may have configuration issues, you may leave secrets in public repositories, there are new threats that come to you. But at the same time, it's a more uniform space because everybody's running on the same cloud and the cloud, itself, is secure. So we have devised specific services for those who run on cloud, where we go in and say, we know AWS, we know Google Cloud, we know Microsoft Azure. We will find the specific, typical vulnerabilities that you have there and we'll tell you about them so you can fix them. And then you get a much stronger cyber defense because the, the world of vulnerabilities is known to us, we've trained our hackers in identifying them. When we find them with one company, we learn, and we can look for the same in some other company. So the pace of learning is much faster in our system and that's how we can bring companies to a higher level of security when they're on the public cloud than they were before. So actually, like when you said many are resigned in front of the situation, the ship is already turning. It's important to look the threats in the eye and be unafraid of it, and just meet it, but we don't have to be resigned anymore. We have the powers in the cloud vendors, in the ethical hacking community, in software automation to now build proper systems that are broadly speaking, very secure. >> So, so how do you? >> Yes. >> How, how do we, when you look at the ransomware incidents that continue to occur, and yet I, and, and that, you know, it frightens a lot of people in the corporate world, municipal, public sector and private citizens even, right? But, but you sound, if I hearing you right, a little more optimistic, that we're getting to be a little more adept at security, if you will, and of sighting vulnerabilities and finding these loopholes and whatever. So you're not as pessimistic as, as some might be. You're thinking that perhaps we are starting to turn the corner a little bit and maybe some of these things that have been big threats are being somewhat more mitigated now? >> Well, I believe that whether you think you can fight cyber crime or not, you are correct, meaning you must have a belief of the power that you have with your other defenders. And today, we can create a defense that's strong enough. Nobody's 100% safe, ever. You can take any vaccinations you like, you may still get the, the virus. So like, as a metaphor, it's the same with software. You can never get 100% safety, but you can get much better than you were before. And you do it step by step with boring, small steps. It's not, there's no silver bullet. There's nothing that in one change will make you secure. But if you, every day fix one little thing, soon, you are more secure than your competitors and soon you are among the most secure in the industry. >> So, you know, Mårten, it is almost, I think about the old saying, "If you can't beat 'em, join 'em." This is like, if you can't beat them, have them join you. Right? >> No, it is if you can't beat them, keep beating them, keep beating at them. Like, criminal activity is very bad. The nefarious actors that are out there, there's nothing good with them. And whether they are operating voluntarily or mandated by somebody who has power over them, it's really, really bad. But, but in terms of numbers of people, they are already in a minority. They have vast resources, they have as technical resources and skills, but we have more people lined up on the defense and pooled defense will always overpower an asymmetric threat. >> Well, it's a great story what HackerOne has done in just a very short period of time over the past seven, eight years. It's important work, it's vital work and you're doing it very well. And so thanks for being with us here, on theCUBE and we wish you all the best down the road, too. >> We want the companies to do well, that's when we do well and they are very secure. So thank you very much, John. This was a wonderful conversation. >> I appreciate the time. Mårten Mickos joining us, the CEO of HackerOne. You've been watching a CUBE Conversation part of the AWS Startup Showcase. (soft electronic music)

(quiet jazz) >> Announcer: Live from Los Angeles, it's theCUBE covering Open Source Summit North America 2017. Brought to you by the Linux Foundation and Red Hat. (upbeat techno music) >> Okay, welcome back, everyone, live in Los Angeles to theCUBE's exclusive coverage of the Open Source Summit in North America, I'm John Furrier. My cohost, Steve Miniman. Our next guest is Jono Bacon, who is the founder of Jono Bacon Consulting in the community. A great talk here-- >> Jono: Thank you. >> at Open Source Summit. Great to see you. >> Yeah, thank you for having me on. >> Congratulation on all your recent success, on the personal and business side. Congratulations, great to see you. So, bottom line, Open Source Summit is kind of powered by the Linux Foundation, but pretty significant accomplishment and State of the Union, if you will, calling an Open Source Summit, big tent event. What's your view on this? How do you explain to folks watching? Is this a new event, is it a combination of multiple events, certainly a great, great big tent, >> Jono: Yeah. >> cross pollination. Whatever you want to call it. But what is this event about? Share your opinion. >> I think it's interesting, and I don't work for the Linux Foundation, but I've worked very closely with them for a number of years. And I think what we've been seeing is that in the earlier days of open source, there was, you know, the Linux foundation have played a fairly key role in certain specific areas. And in recent years, they've become a real center of gravity around open source in a variety of different areas, from automotive to cloud and beyond. And obviously there's a ton of events that are happening all over the world. And the open source thing I think is interesting because it's really an umbrella event that's got four other events that are part of it. So the event that I was running, which we launched this time around, was the Open Community Conference, which is kind of like one thread of this broader event. So one of the things I like about it is is different events from my experience draw different types of audiences. The Linux Foundation events have traditionally brought a lot of professionals who work in the industry. In a similar way, that happens at OSCON as well. But I like that the events kind of become a little bit more organized and diversified into those four areas. And I think what happens then is you get a greater bandwidth of content and discussions that go with that. >> I think it's an interesting point of these other streams, if you will, kind of going into the big tent event. It's got an ecosystem vibe to it, cause you don't want to lose the specialty of the topics and interest at the events that matter for the audiences on a content basis and face-to-face communications. But it's interesting that they're taking this approach because, when you look at it, the scale that's coming, in open source generally, categorically, if you put all of the code together, it's exponentially growing. >> Jono: Oh, yeah. >> So, there's a flood coming, there's a big open source flood of code coming. So, I think it's time to think architecturally about the dams and the rivers and the flows. To your point, this is a super important point in history. >> Oh, it's without question. And one of the things that's interesting to me is in my work as a consultant, when I help companies to build communities, it's broken into a few different layers. For example, so one is a technology layer, like which of the lego bricks that you're going to choose to put together, and how do you click them together in different ways? And that's where I think the LF has become a real center of gravity around what those projects are and how to integrate. But the other thing that we're starting to see more and more of is the formalization of the software development lifecycle, which is, it's not nearly just writing code anymore. It's about automated testing and continuous delivery and deployment, and all these different pieces. So I think we're seeing a formalization of the Lego bricks, but also the instructions for how you click them together. And that's really important if we're going to broaden out this bubble. Because this is a bubble that we're in right now. This is full of invariably tech companies talking about technology. But when we get into the bigger enterprises, when we get into non-tech into the-- >> John: Blocking and tackling, the realities are there. >> And there is so much nuance wrapped up in open source that it's alien to the people outside of this world, that we need to build that better interface for that. >> And that's just putting some hardening around either software or process that there's some comfort and reliability to the users. >> I'll give you one example. Like one company that I was working with, who were a large hardware company, fairly unfamiliar with open source. And one of the first questions they asked me was, "What does success look like? We know what all these options are, we see all the things that people are talking about, but we don't know how to determine what success is." And I think even just that, it seems like an obvious thing to the people in this room, but it's not obvious to a lot of people who are new to consumer technology this way. >> They want to see a finish line or some KPI that's says, we're done! >> Jono: Exactly! >> Shipped! >> And also because this is technology that's built by a broad diverse community of people, you then, a lot of these organizations then say, "So, what is my expected social responsibility here?" So, like how do I participate in this world that I'm broadly unfamiliar with? To me it's like a hip hop guy who's trying to join a metal band. You know? (John laughs) It works differently. >> It's completely different genres of developers and also environments. So, what's your advice to customers? Because they have to navigate because the mainstream adoption of Linux, obviously, and now new projects as they graduate or come to fruition will be deployed. So there is an ops, the DevOps certainly is a movement we're seeing, we can agree on. But now I got to put it into production. I'm a bank or I'm an enterprise. Hey, I got some guys that are monitoring. We're not that active, but we're happy to use it, be a user. How do you talk to that customer? >> Jono: Right. >> The way which I try to approach it is is to break it into a few different areas. The first thing is to first of all make sure that everybody's got the same sense of what the problem is that you want to solve. One of the things that was most transformative to me when I started consulting was it's amazing how many people think they're solving the same problem, but they're actually on a completely different grade of the same problem. So to me, what I like to do, is I like to define what I call a set of key themes which are these are the big rocks that we want to target in a time frame, six months or a year, or whatever it might be. Particularly with, when you're either doing community strategy or development, or you're doing a level of open source, it's fundamentally cross-functional. It involves marketing, engineering, product, there are executive stakeholder requirements, and then there's the people on the ground who are delivering those, so getting those themes in place I think is critical. But then to me what's important next, is to break a broader strategy down into smaller, consumable pieces. I think one of the things where a lot of companies get stuck is they're aware of these different Lego bricks that are available to them. They're aware of some optimizations in terms of workflow, but it's such a huge thing to bring into an organization that invariable is already got a very, very, stodgy or very specific culture that they've got to somewhat unseat. So to me, you need that combination of permissive, top-down approach, which is invariably your exec saying we see value in this, but then you need to break the strategy and the execution down into smaller manageable pieces that a team can wrap their head around. >> We talked to the Cisco guy, Ed, and he was, we were talking about DevNet, a huge developer community for Cisco. DevNet Create was kind of their cloud-native group that they've put together, great little skunk works, worked out great. But those are two languages. It's two worlds. The semantics of what they're saying is the same thing, but the translation is needed. This seems to be a common thread within the DevOps community now that the rubber hits the road, and people see the obvious benefits of what is true private cloud or cloud native. So, how do you go ahead? You provide like a dictionary, and say, "Hey, here's the translation. Okay, he really means that." I mean, are you being more herding the cats, being a translator, or is the client further along than that in your mind? >> It varies, it does vary from company to company. And a chunk of this, at least from my experience, is there is a significant translation layer. One of the things I talked about in my keynote on Monday was I see collaboration ... When I do community strategy, but fundamentally, it really is organizational design. It's just outside of a company in some cases, and sometimes inside of a company. In an organization, you'll have a set of stakeholders making decisions, and then the people who've got to execute on those decisions. And there is often a massive translation layer between them. I run a conference called the Community Leadership Summit each year at OSCON, and every year a couple hundred community managers come along, and I hear the same story from a lot of them, which is, I joined this company, I started building out, I started doing my work and my manager wasn't happy. And to me it's because the execs are defining value that they want to see, but it's not getting translated into tatics, and invariably a lot of the folks who are coming into it-- >> John: Where their ROI calculations are-- >> Yeah, a lot of that's-- >> They're not seeing a real answer. They don't know what success looks like. >> And they come in, and they don't necessarily have the strategic background to internalize that requirement into a place that they can move it forward. So, you get this kind of, this impedance mismatch. So, a big chunk of what I tend to do is to really try to understand what those requirements are and to work across the organization to try and-- >> John: You're doing architecture? Like what would be organizational behavior architecture in the wild, but also an arbiter to the managers. It's looking good, it's like you're trying to the score of the game. You're keeping-- >> Jono: And some days as well, as I'm sure anyone who's watching this, will have seen this with the companies they work with, this isn't rocket science. You know, what someone says they want, this is going to sound incredibly patronizing, it's not meant to, but when someone says what they want, invariably what they actually want is not that thing. So for example, I was working with a company a couple of months ago and they were saying, "We just want growth. We absolutely want to grow as quickly as we can." And when I dug into it with their CEO, what they really wanted was brand recognition and acceptance. And those are two very different challenges that you got to approach there. >> John: Stu, get a word in, I'm sorry if I've taken all of it. >> Yeah, John's passionate about community if you can't tell. The question I have for you is, building a community takes time, and things are changing faster than ever. How do you help people manage that pace of change versus I want results? It seems strategy is something that is for today, and we're changing often. So, how do you manage that give and take of growing yet breaking? >> It's a great question. And again, I think it varies. To me, there's some fundamental pieces that are involved in the way that I, and I take one approach and other people will take different approaches, I'm certainly not the only person who's doing this. The approach that I like to take is is we first of all need to treat communities as a journey. I think a lot of people think we have a product or a service, let's get people interested, and it's seen as a series of individual interactions with individual people. Whereas the way I like to look at it is when that person discovers your product, your service, your framework, whatever it may be, there's a journey from how they learn about it, how they go up an on-ramp to get something done, how you get people making their first contribution or how they derive their first piece of value, and then how you incentivize and reward them to keep them moving along the journey. So to me I look at it as this zoomed-out birds-eye view of this journey that I want to craft. And then I like to break that down into small bite-sized pieces that form the strategy. But the other thing is, and this varies depending on the company, is to what level of transparency and openness you need to communicate with different people. So, for example, one of the first things I do with inner source when people bring in open source principles inside a company is to make sure we have weekly reports going out and we're updating the stakeholders, more specifically, on a regular cadence. Because in that kind of environment where there's an existing enterprise, we all see these like digital transformation consultants come in-- >> Oh god, it's a total gravy train. They make the bookings and the billings. Reminds me of the old ERP deployments. Write a big fat check, and it'd be like, all these consultants come in and make all the cash. >> I think a lot of people look around thinking, alright, Lunchbox, you'll be here for a year. You'll be gone then, all right, and we'll go on to the next thing now our CEO cares about. So to me it's like-- >> John: Well, the consulting is being disrupted. It's interesting, you're a contrarian in your world because you have a consulting firm, but the old model things used to be the next gig is get that next consulting gig, so you worked not to actually put yourself out of a job, which is where the client wants to get. And that's where Agile and cloud has come in. It's interesting is, this is where the work product is. You know what success is in that model. You can come in and say, look, we did our work, everything. You've got a community that's vibrant. You got operational, they operationalized your value. >> Jono: Yep. >> You don't need me anymore, unless you want me. So, it's one of those kinds of conversations. Your thoughts? >> I agree. And it's interesting you mentioned Agile. One of the things that I've noticed as well, and I'm sure lots of not just consultants but people notice this as well is there are, I think there are broadly two types of people in the world. I think there's people who take a very kind of organic and somewhat animated approach to how they do things. And then there's some people who really need a roadmap. They need to follow a plan. I think a lot of people who are building organizational design or building communities default to we need to create a process and a workflow so people can follow that and we can have a sense of order. I don't think most people naturally want to work like that. I think there's a reason why people don't stick with to-do lists. It's because people like to have a more organic way of working. And a good example of this, in my mind, is Agile. Some people will take Agile to the nth degree with story points and epics and a lot of that kind of stuff-- >> You serve the process, the process doesn't serve the objective. I mean, it's the classic effectiveness model. But, I mean, that's the whole point. I mean, you could foreclose opportunities if you're too structured. But yet you got to have some boundaries, let the ball bounce around. So, you kind of want both. What is the ideal in your mind? >> In my mind, the approach that I'm a big fan is an approach called munsing, which was a story of, I forget his name, there's a story of a guy back in like the 50s. And he basically owned a TV factory. And what he'd do is he'd go up to like an engineer who's building one of these big, bulky old TVs, and he'd basically pull out components until it stopped working. And then he'd put that last component in so it would be the minimum level of components for it to work. Ended up saving the company a ton of money. I like to take the same approach process. What's the minimum level that you need that gives people the creativity to be successful in a predictable way? So, like with Agile, these epics and stories and things like that, I think a lot of that stuff is just there to deal with crappy product managers, like people who aren't very good at manning your project. No process is going to deal with someone who's not good at organizing. >> You need to bring to me the right level of the human ingredient and the process is what keeps people ticking over-- >> The other thing too that I find in that area is people kind of redefine, or they maybe mischaracterize what outcome is. Everyone's outcome driven. Love that word. (Jono laughs) It's all about the outcome. In this case, the TV's got to work with a less amount of moving parts. >> Jono: Right. >> That's the outcome. And so, outcomes can be bastardized if you will, could be really mangled in its definition. How do you work with clients on trying to really temper and set the expectations on what the outcome is? Cause the manager still wants to know what the outcome is going to be. So, do you reverse engineer from there? How do you tackle that? >> Jono: It's interesting. A big chunk of it for me is just being realistic. There is no minimum amount of work that needs to be put in to achieve any kind of community. I think you can build a tiny community with one person. However, depending on the requirements and the goals, there's just certain things you have to do. And there's certain time and resources that are required. And also just expectations. Like one of the expectations that some people wrestle with I think is, if you're building a community they're either inside your organization or outside, it's only going to succeed if a broader set of people participate. You know, we see this trend where you hire a community manager and that person lives in a forum or a slack channel to build out the community. Doesn't work. >> John: Yeah. >> Because the people in that community want access to other people. >> This value creation mindset in communities. Value has to be a group dynamic. This individual contributions, I get that. But the group dynamic is critical. Not just a message board moderator. I mean, that's basically what you're saying. >> Jono: Exactly. >> That's a message board. >> Nobody wants to deal with >> John: That's a tool. >> the interface of the thing you care about. And that's the community manager. So, a chunk of this then is a different mindset in how people operate. One of my clients is a company called HackerOne. I wrapped up work with them a little while ago, and their CEO is this guy called Mårten Mickos who-- >> John: Yeah, Mårten's great CUBE alumni. >> Phenomenal. For me, he's one of the people I most respect in our industry. >> John: He's a great strategic thinker, understands community, knows tech. Great guy >> Jono: Amazing. >> One of the things that he said when he joined HackerOne was I want everybody in this company to know a hacker. Everybody's got to know our audience. Everybody's got to understand the needs, the desires, the insecurities, the worries, the dynamics, otherwise we can't build a community. It's not just hiring a person to interface to that. That's one of the trickiest things because, again, it takes time. >> John: It's alignment to the audience. >> Right >> John: This is classic. >> Ingratiating in and actually being cool. Aligning with them >> Right. And if it's done well it's really rewarding because I think people who ordinarily wouldn't see the fruits of their labor. >> Well, Jono, I want to get your thoughts as we wrap up the segment here on what's exciting you about potential new things that are coming around the corner. Obviously, we see the promise of blockchain which could have a great big application for communities. We're doing some things with it now that we're testing in our community around trying to create these new value networks. Certainly, there's new tooling coming out. Things like theCUBE and content and communities. New things are coming. The growth is going to be here which is going to create great new opportunities. >> Jono: Yeah. >> What are you excited about as you want to navigate the community landscape? Because the thesis is more people are coming in, more rivers of distinct audiences are going to want specialty but yet the broad market ... What are you excited about the community opportunity? From compensation to interaction to culture. What's your thoughts? >> There's a few things I'll subdivide it into things that relate to my bread and butter which is communities and things just more broadly in technology. The one thing I'm really excited about communities is I feel like the value proposition has become well understood, is not just in open source but outside with Proctor & Gamble, H&R Block, Harley Davidson, all these examples. Where people see the value in doing this work and doing it well. And that's great because I think we're improving the state-of-the-art of how we do this. One of the reasons why I got into this was I want my career to leave a fingerprint on structured, predictable ways in which we can do this as opposed to seeming magic science that a lot of people seem to think community is. >> John: Or a series of one-offs that are not understood or can't be operationalized or leveraged in any way. >> Jono: Yeah, exactly. From a technology perspective, there's a bunch of things. I'm really excited about crowdsource security, things like HackerOne, Bugcrowd, Synack, things like that. I think there's a lot of excitement in my mind around bringing open source into financial services. I think that's an industry that's ripe to be disrupted which is a sentence I never thought I'd ever say. Ripe to be disrupted. (John laughs) And then I'm also really excited about the work that's going on obviously in A.I., but the intersection of A.I. with kind of like voice control. Obviously, things such as Google Home and Alexa, but also things like Mycroft. I think blockchain is interesting. It's kind of less interesting to me. It's not really something I've really been following very closely, but I think it is. I think it's pretty neat. But then also just the formalization of the end-to-end software development lifecycle and how we're seeing, you know, GitHub was transformative in technology for a lot of companies. And now we're seeing GitHub as one piece, and you've got continuous delivery and continuous deployment. And also, we manage ideas, the project manager, all that kind of stuff. >> I think there's a lot of transformative ideas coming. And I think it's super exciting. Congratulations on all the great work you're doing. >> Jono: Thank you. Appreciate it. >> I just think that the self-governing community model that's now becoming mainstream people are starting to figure out how to balance that with the command and control top down and hierarchy job definition specifics, and balancing that. I think the self-governing open source model certainly prove that. And communities as a working example of what you can operationalize. >> It's exciting. >> And crowdsourcing just takes it to the consumer level. >> Right. >> Okay, it's working there too. Okay, great job. Thanks for coming on. >> Thank you. >> John: Jono Bacon, >> John: Bacon Consulting. This is theCUBE. I'm John Furrier, Stu Miniman. More live coverage after this short break. (upbeat techno music)