>> from Boston, Massachusetts. It's the queue covering W T. G transformed 2019 by Winslow Technology Group. >> Hi. I'm Stew Minutemen. And this is the Cuban W. T. G. Transformed 2019 here home game in Boston, Massachusetts, our third year. The event happened a Welcome back to the program. Second time on the program in less than a year. Matt Kozlowski, Who's the vice president? Professional services, Winslow Technology Group. Thanks so much for joining. Thank you. Alright, uh, second tie I've had on the program, but first vest and cufflinks you like today. So, you know, showing your own individual style for, >> like, the Ted talk. Look, >> Absolutely. So we will keep this under 18 minutes. Okay? Probably be more like about 12 theirs and no slide. But you tell us a story of change and inspiration. Uh, you know, in all seriousness there what? I actually want to hear the story of change that we're seeing inside of Winslow attack. So, um, you know, question I asked, You know, some of your peers in the company is, you know, if I thought about Winslow attack, you know, just a couple of years ago, it's like, Oh, hey, great deal, partner. No, the pellet side, you know, picking up the servers and some of the other pieces. Yeah, Here, you bring it on Brook board on board. You know, professional services security. Uh, you know, tell us a little bit about you know what? What were you doing since last time we caught up? >> Sure. So if you think about years ago where we had not just winslow but like bars as a whole came from it was, like, way sell boxes and we sell things. And now we're transitioning where people are using cloud or the hybrid cloud models. And they're actually using software in infrastructure as services and way need, like professional services and consulting to help people on that journey. That's like the simplified version of it. >> Yeah, and just, you know, I want to play something back for you and see if it resonates with you. You know, if I go back, you know, let's say 5 to 10 years ago, it was, you know, we get the boxes and the bar gets it, and they've got to spend a lot of work to configure it and do all the pieces. And, you know, that kind of day. One roll out when we talked about OK, how many months from when the equipment got to the bar versus when we're up and running? When we rolled out converged infrastructure, hyper converged infrastructure and all this cloudy stuff, it actually shifted things backwards. Now, before it gets there, there's a lot of work that either the customer or the partner with the customer needs to do so. It shifted it because once it gets on site, well, there's less wiring and cabling. You configuration I need to do. But it just shifted where that engagement service happened. It did not eliminated that what you're saying? >> Yeah, so there's a lot in terms of like planning. I mean, even, like integration work that we do ahead of time. >> I would say things that have changed even over the last, like three or four years is like the complexity of everything is gone up like we're trying to simplify it. We're simplifying maybe the delivery of it and users. But behind the scenes, certainly it's It's more complicated, I would say, than than ever. >> Yeah, you know it. We're no longer just, you know, let's lock the door and Hafiz of Security and put the firewall in place. Right now, it's like, Oh, well, it's micro segmentation in all the places and my application spread out across. You know how many locations, how many services from and therefore write everything has become a little bit >> more and more >> complicated, eh? So how do we make sure we stay secure in 2019? >> So I think there's a couple areas they're so first is, like maintaining that same kind of sense of securing people, infrastructure and things along those lines that we've kind of been doing for a while now that your basic like firewalls and even vulnerability assessments and things like that. But I think over the last couple years and this as we move to like more of like distributed workforce, like people working from home, people working remotely, finding like the right people, there's gonna be more of a focus on like and point protection and, like protecting users at, like the end point >> or the mobile level on them than ever before. >> Um, >> a lot of talking the keynote this morning, amount cloud. Yeah, and you said, you know, where does that put things so, you know, give us from your standpoint. You know, obviously services were hugely important piece of it, you know, a CZ the box. And the location becomes a little bit less important, despite the fact that even when you have things like server list, we know that there's ultimately hardware sure runs underneath it somewhere. You know, what were those Winslow play today and in the future? >> Okay, so I'm gonna give you two kind of conflicting answers to that. So the 1st 1 is, if you look at reasons why people don't go to the cloud, it's there not comfortable in the security of it. I'll say in like the my like, real world, not in the academic or statistical version of it. One of the reasons people do go to the cloud is for security, right? Look a like a lot of health care organizations are goingto like cloud based electronic medical record systems. I feel like that in some ways has insulated or shifted >> some of the burden of the risk and keeping those systems secure to the provider that's hosting them. >> Which is probably better for us, his patients, right, And for the health >> care providers in general. In that case, >> yeah. You know, one of the things we know is that what you need to do as user is you can't just keep doing things the old way because your competition will move faster. Right? And we know from a security standpoint, my friends that aren't even security is like you need to be able to move fast. One of the great things about the cloud is you know, if I'm running on Azure eight of us Hey, that latticed latest patch in that security vulnerability did that get rolled out? Well, I'm not responsible. Yes, they absolutely right. I didn't have to wait for that roll out, you know? So So there's that piece of it. So you know, just how do I keep up obtained? I need to, as as user, do some updates, and therefore, I'm not saying everything goes in the public cloud, but how do I make sure that it's not? Oh, I update my software every two years, or it's I need to make sure that I'm closing those gaps and vulnerabilities of taking advantage of words. I >> think there's going to be like a shift in changing from like normal. CIS admits they're thinking about like patching Windows and patching Lennox and operating systems. But, like once we move information to the cloud and you think about it, more is like information security. So now data is in the cloud. I'm not patching the system's anymore because we'll just assume that, you know, eight of us Microsoft. They're doing a great job with that. But like once data say is in one drive like how my governing, like where that data's going, who's accessing it, who it's being shared with, how it's being backed up things along those lines. It's just a different mindset that people need to adopt, you know, in relation to securing information, not systems. All right, >> man, I'm trying to figure we gotta replace Patch Tuesday with some celebration or some battering event where we can try to tackle some of the some of these new challenges there, You know? What does that mean to some of the changing roles that you're seeing in the customers, though? I guess here here went to attack. You know, I was talking to Arctic wolf in a typical customer, you know, doesn't have their whole security team that runs 24 7 That's where your partner with that. So you know, we're just security fit in. The organization has said, If it was a large enterprise, you know, it's a four level discussion. You know you've got your sea. So where somebody like that, what does the typical kind of mid to small sized company security team look? >> Yeah, it looks like I'm gonna partner with someone. Or that's what it should look like because, like even if companies have like a managed provider, that's doing like patch management and things along those lines, there's something to be said for having like 1/3 party in another party party, like as your security partner, Because if the people that air like doing the patching, they're probably doing a great job at it. But, like you might not want them being the ones also doing like your vulnerability assessments. It's good to have, like different parties in there, So I feel like for smaller medium businesses, it's getting comfortable partnering on and using like professional services. Frankly, Tio to do that. All >> right, so it's really interest Matt next week. Actually, Amazon is holding a cloud security show here in Boston called Reinforced. So, uh, you know, Boston seems an interesting place, You know, the arse. A conference has always been out in San Francisco. Give us kind of the state of security here in the area. >> Okay, so I think I have a unique perspective on this because I'm not from the area. Like I'm from Connecticut. So I come up here. >> You really most people in the United States would be like Connecticut is a suburb of Austin. You know where you are? Yeah, that's that's the one you need to know. Where we are. You on the Yankees Red Sox line that goes down the middle of the state, right? Right around Hartford. >> Yeah, are are like, claim to fame is being in between both city. So yes, um, way do see, though, like Boston emerging as, like, a regional tech hub, if not like the tech hub of the East Coast. Frankly, so I feel like why not have it here? Like, why wouldn't we have it here? Compared to everywhere else? Like there's so many tech companies, and this just doesn't feel like a tech hub of the region's. >> Okay, Well, you know I'm all in favor of things where I could take the trainer drive to rather than have to fly around the president. Huge is part of you Give a session here on Talked about some branch somewhere Give give us so some of the key takeaways and thanks for the audience that they should be thinking about. >> So So in that session, I kind of invented a completely fictional account of a ransomware attack on a hospital. It was Bill on real world scenarios that I just kind of, like merged together. So I would say up front things that I would say that were important to talk about and that we're, you know, cyber security awareness training. I'm making sure people you know are understand. Like the risks involved with female security advance like modern and point protection. We kind of touched on that a little earlier. So, like older, signature based detection is just not not really effective anymore. Um, having a good tamper proof backup strategy is important, too. So let's say, like, systems get ransomware it. Everything's encrypted, like you need a way to restore that data without necessarily paying the ransom on DH like tamperproof backups >> are are the way to do that. Really? So >> all right, that I want to give you the final word. Uh, w t g transform 2019 gives a little inside some of the customers you're talking to. Some of the top of mine, diffuse or any. I don't work >> for me. A lot of the top mine issues around security seriously, but also like modernizing People's Data Center so that delivering on the hybrid cloud message of like installing hardware and software that not just provides, like data storage services on Prem but could do a lot of cloud tearing >> cloud archiving. Also >> because last, we really appreciate the updates. Thank you. Money for Sarah. We're all initiated. I want to thank our audience here. We've had a full day here. Got to talk to some of the users, some of the partners and, of course, our host for the event. Winslow Technology Group. Scott Winslow and the team. Great to see the growth. Always love to be able to dig in with the users and what's happening locally for myself, stupid. And want to thank the whole team here at the Cube for helping us to be ableto support these events and be sure to check out the cute dot net. You could do some searches there. You could find all the guests here and see previously what they've been talking about. See what future events were going out and dig their archive and is always if you have any questions, feel free to reach out myself, the rest of the team and always a pleasure to be able to share with you and thank you for watching.

>> From Gillette Stadium in Foxborough, Massachusetts It's theCUBE, covering VTUG Winter Warmer 2019. Brought to you by SiliconANGLE media. >> Hi, I'm Stu Miniman and this is theCUBE's coverage of the VTUG Winter Warmer 2019. We talk about virtualization, we talk about cloud computing. In this segment, we're going to talk about cyber security. Absolutely a hugely important to every user out there and if it's not hugely important to them today, I don't know I want to do business with 'em. Helping me to dig into this conversation-- >> (laughs) >> Is Matt Kozloski who's the Vice President of Professional Services at Winslow Technology Group. Matt, thanks so much for joining us. >> Thank you for having me. >> Alright, so I set it up. >> You did. >> Cyber security. >> Yeah. >> You know, what I said, Matt, in my career, I remember back, you know, 15, 20 years ago, security would be top of mind, kind of bottom of budget. >> Yep. >> It got great lip service, but when you looked at the project, if you look what's going off, it was like, I didn't do it. Now, that security project that I've been putting off for years, it's a board level discussion, you know, everybody needs to be paying attention to it, so, there's got to be no better time to be in the cyber security business than today, right? >> Well, you would think. So I would say a lot of organizations are taking the right steps that they need to in their budgeting and preparing for, you know, incidents or protecting themselves, but a lot of organizations, still, are just not taking the right steps to protect themselves and their, you know, patients or just their organization's information. >> Yeah, it's challenging, 'cause they say while it gets more attention, there's huge-- >> Mhmm. >> Emphasis on it, many companies are doing it, boards do care about it. Dave Vellante, one of our hosts of theCUBE, something he said many times, he said, okay, do I feel more secure now than I did last year and, you know, we've been doing this program for nine years and every year it's like, oh my god, it seems scarier now than ever. >> Yeah, that's a great, yeah. I mean-- >> So, you know, how are we doing as an industry? >> Yeah, I think technology continues to get more complicated, which is part of it. Another part is just the way that technology's integrated into everyone's lives, whether it's their smartphone, their smartwatch, their, you know, smart everything now. And the software behind the scenes is just incredibly complicated, too. So, things are getting more complicated. We rely on it a lot more and it just gives more opportunity for, you know, hackers to do bad things. >> Yeah, so my background is in network-- >> Mhmm. >> And virtualization technology and it used to be, you know, you talk about security products. >> Yeah. >> It was like, oh well, I've got the firewall-- >> Yeah, the thing. >> Or I've got something in, you know, the virtualization layer-- >> Yeah. >> That does things. I heard, the line that I hear that resonates with me is security is everyone's responsibility. >> Sure. >> And where does it go? The answer is yes, everywhere. >> Yeah. >> And everything from, it can go down to the chip level to absolutely at the application level and everywhere in between, but boy, that sounds complicated. >> It is. >> So, is it, you know, I need to have a security practice more than buying security products and security mindset. Is that what you hear and what you recommend to clients? >> Yeah, it's a practice or program. So you have to think of cyber security as that, like a program. It's about people, policies, the technology in place. I mean, one of the, you know, most common ways that malware gets into organizations is through a phishing attack. That's all social engineering. That's not exactly the most high tech thing around, right? So, there's an example of it on the people angle. >> Okay, so Matt, tell us a little bit about your background, you know, what you've been doing and maybe explain, so Winslow Technology Group, we're familiar, hopefully people have watched some of the videos we've done because they, you know, offer products that are made by other people-- >> Yes, yes, yeah. >> So you know, Dell, VMware and the like, Nutanix-- >> Yep. >> And things like that. So tell us your background and what, say how security fits into that. >> Sure, so my background is in supporting enterprise, you know, environments in the past and then I became, you know, a consultant and now at Winslow. Winslow, yes, is a reseller of products, but we also do services, which is kind of my role there too. So, in a way, the services is Winslow's product. >> Right. Yeah, absolutely. So, is it consulting, is it, you know, helping to bring in various products? >> Yeah. >> Is it doing, you know, a comprehensive analysis? >> It's all of those things. >> Yeah. >> So it's the comprehensive analyis, that's usually where things start, where we do a gap assessment and we figure out, like, hey, even if you're not HIPAA regulated or fall under PCI complaince, maybe you just want to look at NIST as a framework to start with. That's a government standard for cyber security, right? So we can do a gap assessment against that and then figure out, well you're deficit in awareness training or, you know, that firewall is not effective for what you need it to do, things along those lines. >> Okay, so you know, I mentioned earlier, security can be lots of places. Is this a holistic approach do you have? Are you, you know, data center, SAS, public cloud, all of the above, everything in between? >> I think all of the above. >> Yeah. >> It really starts with security as a philosophy and a way of doing things and then figuring out how that pipes down to the individual app components and infrastructure component. >> So, you know, I hear statements sometimes that it's, you know, it's not a question of if you will be hacked, but it's usually how soon you'll find out that you have been hacked. >> (laughs) Yeah. >> Is it that dire, I mean, I feel like the weather is, you know, appropriate for what we have today. There's fog rolling in, the rain is pouring, there's no sunshine here, you know, give us some sunlight in-- >> Yeah. >> How we can disinfect, you know, some of these challenges. You know, what are we doing well-- >> Yeah, people are doing well in that they're actually talking about it now. I do see a lot of people doing things like awareness training and it's actually really become part of what people consider, even in, like, mergers and acquisitions, right up front, people are asking, like, are they secure? How about we don't just connect their networks together and hope for the best, right? There's firewalls put in and even here today at VTUG, you see a lot about microsegmentation and what we're doing to containerize apps and secure, you know, software and applications from each other and, you know, have like, almost a zero trust policy on the inside of the network too, not just on the perimeter. >> Well, that's great, 'cause yeah. You know, I think back, you know, five years ago it was, the general conversation was, oh wait, I shouldn't do public cloud because it's not secure and now it's like, look, we understand. In many cases, public cloud is more secure-- >> Way more secure, sure. >> And many times just 'cause they update things. >> Yeah. >> You know, much more often. They have thousands of people focused and working on it as opposed to, how many people do you have-- >> Exactly. >> Maintaining and watching your environment. >> Yep, mhmm. >> So yeah, maybe, what are some of the hot segments? You brought up, you know, containerization-- >> Yeah. >> You know I remember, you know, can containers be secure? I have gone to, you know, the Docker Kan show, the group entities show and it seems like it's still a major issue, just shove it all into the-- >> Yes, yeah. In some ways too, I wonder if we're creating a problem in certain circumstances that way too because now we're giving more power and more scale in different ways that, and it just could be used in different ways that we didn't intend, I guess, right? I think in terms of segments, though, where we see, like, the cloud adoption. One example is in medical space, right? So medical records are incredibly important. When you think back to, you know, there's a server in the closet that the private practice I go to, my PCP's office, you're like, how are you securing that? Like, you're doctors, you know, you're good at keeping me alive, but what's going on there? A lot of private practices, just an an example, have actually migrated to cloud-based systems for patient management and I personally feel like that's more secure because doctors, in that case, can focus on what they're good at and they've offloaded, not necessarily all the risk, but a lot of the care and feeding and like, all of the security to people who know what they're doing and they're good at it, so that's like, an example. >> Matt, Matt, have you talked to doctors? They know how to do this. >> (laughs) >> Absolutely. They totally understand and have taken every, you know, thing to make sure that that absolutely is true-- >> (laughs) >> But, yeah maybe sometimes they understand that bringing in an expert that focuses on that more than the, you know, one hour every couple of months. >> (laughs) >> Would be there. >> Yeah. >> So, good to hear. What then, what would you like to see from the vendor ecosystem out there to, you know, is there more training, is it, you know, improvement of the products? >> I'd like to see some standardizations around the way products work with each other a little bit more. I mean, I think like, you know, you have vendor A, vendor B, vendor C, creating all these really great products and there's a lot going on from, you know, network monitoring and like, deep analysis to different technologies on the endpoints themselves, so like, traditional malware isn't, I mean it's a thing, but we're talking about more advanced protection, but really, like a framework for all of these products to talk to each other, 'cause that would, you know, allow, you know, cyber security consultants and engineers to really see all of this without being locked in to some proprietary system as well. >> Yeah, ransomware's been, you know, a hot topic the last couple of years. Are we getting a good handle on that? >> The studies that I've read recently say that it's relatively leveling off. So it's not necessarily getting any worse, but it's not getting an better either, so yeah. >> Excellent, so what you're saying is, you will not be put out of a job anytime soon, right? >> No. (laughs) >> Alright, want to give you the final word, Matt, you know, 2019, you know, what's interesting you, what are some of the, you know, top initiatives that your customers are going to have going forward? >> Yeah, so just in cyber security in general, just putting these programs together, doing the assessments they need. Enterprise customers are really interested in containers, we talked about that a little bit. So, me this year, I want to do a little more, you know, investigation and figuring out, like, cyber security as it relates to containers and how enterprise environments can secure the containerized apps. >> Alright well, Matt, really appreciate you-- >> Thank you. >> Helping bring us up to speed on some of the state of cyber security here at 2019 and you're watching theCUBE's coverage of VTUG Winter Warmer 2019 here from Gillette Stadium, home of the AFC Championship New England Pariots, going off to Super Bowl LIII in just a week. Thank you for watching theCUBE. (upbeat music)