(digital music) >> And we're back live in New York. It's theCUBE. It's not SNL, it's better than SNL. Lisa Martin and John Furrier here with about 10,000 to 12,000 folks. (John chuckles) There is a ton of energy here. There's a ton of interest in what's going on. But one of the things that we know that AWS is really well-known for is its massive ecosystem. And one of its ecosystem partners is joining us. Please welcome Domenic Ravita, the VP of Product Marketing from SingleStore. Dominic, great to have you on the program. >> Well, thank you. Glad to be here. >> It's a nice opening, wasn't it? (Lisa and John laughing) >> I love SNL. Who doesn't? >> Right? I know. So some big news came out today. >> Yes. >> Funding. Good number. Talk to us a little bit about that before we dig in to SingleStore and what you guys are doing with AWS. >> Right, yeah. Thank you. We announced this morning our latest round, 116 million. We're really grateful to our customers and our investors and the partners and employees and making SingleStore a success to go on this journey of, really, to fulfill our mission to unify and simplify modern, real time data. >> So talk to us about SingleStore. Give us the value prop, the key differentiators, 'cause obviously customers have choice. Help us understand where you're nailing it. >> SingleStore is all about, what we like to say, the moments that matter. When you have an analytical question about what's happening in the moment, SingleStore is your best way to solve that cost-effectively. So that is for, in the case of Thorn, where they're helping to protect and save children from online trafficking or in the case of True Digital, which early in the pandemic, was a company in Southeast Asia that used anonymized phone pings to identify real time population density changes and movements across Thailand to have a proactive response. So really real time data in the moment can help to save lives quite literally. But also it does things that are just good commercially that gives you an advantage like what we do with Uber to help real time pricing and things like this. >> It's interesting this data intensity happening right now. We were talking earlier on theCUBE with another guest and we said, "Why is it happening now?" The big data has been around since the dupe days. That was hard to work with, then data lakes kicked in. But we seem to be, in the past year, everyone's now aware like, "Wow, I got a lot of data." Is it the pandemic? Now we're seeing customers understand the consequences. So how do you look at that? Because is it just timing, evolution? Are they now getting it or is the technology better? Is machine learning better? What's the forces driving the massive data growth acceleration in terms of implementing and getting stuff out, done? (chuckles) >> We think it's the confluence of a lot of those things you mentioned there. First of all, we just celebrate the 15-year anniversary of the iPhone, so that is like wallpaper now. It's just faded into our daily lives. We don't even think of that as a separate thing. So there's an expectation that we all have instant information and not just for the consumer interactions, for the business interactions. That permeates everything. I think COVID with the pandemic forced everyone, every business to try to move to digital first and so that put pressure on the digital service economy to mature even faster and to be digital first. That is what drives what we call data intensity. And more generally, the economic phenomenon is the data intensive era. It's a continuous competition and game for customers. In every moment in every location, in every dimension, the more data hat you have, the better value prop you can give. And so SingleStore is uniquely positioned to and focused on solving this problem of data intensity by bringing and unifying data together. >> What's the big customer success story? Can you share any examples that highlight that? What are some cool things that are happening that can illustrate this new, I won't say bit that's been flipped, that's been happening for a while, but can you share some cutting edge customer successes? >> It's happening across a lot of industries. So I would say first in financial services, FinTech. FinTech is always at the leading edge of these kind of technology adaptions for speeds and things like that. So we have a customer named IEX Cloud and they're focused on providing real time financial data as an API. So it's a data product, API-first. They're providing a lot of historical information on instruments and that sort of thing, as well as real time trending information. So they have customers like Seeking Alpha, for instance, who are providing real time updates on massive, massive data sets. They looked at lots of different ways to do this and there's the traditional, transactionals, LTP database and then maybe if you want to scale an API like theirs, you might have a separate end-memory cache and then yet another database for analytics. And so we bring all that together and simplify that and the benefit of simplification, but it's also this unification and lower latency. Another example is GE who basically uses us to bring together lots of financial information to provide quicker close to the end-of-month process across many different systems. >> So we think about special purpose databases, you mentioned one of the customers having those. We were in the keynote this morning where AWS is like, "We have the broadest set of special purpose databases," but you're saying the industry can't afford them anymore. Why and would it make SingleStore unique in terms of what you deliver? >> It goes back to this data intensity, in that the new business models that are coming out now are all about giving you this instant context and that's all data-driven and it's digital and it's also analytical. And so the reason that's you can't afford to do this, otherwise, is data's getting so big. Moving that data gets expensive, 'cause in the cloud you pay for every byte you store, every byte you process, every byte you move. So data movement is a cost in dollars and cents. It's a cost in time. It's also a cost in skill sets. So when you have many different specialized data sets or data-based technologies, you need skilled people to manage those. So that's why we think the industry needs to be simplified and then that's why you're seeing this unification trend across the database industry and other parts of the stack happening. With AWS, I mean, they've been a great partner of ours for years since we launched our first cloud database product and their perspective is a little bit different. They're offering choice of the specialty, 'cause many people build this way. But if you're going after real time data, you need to bring it. They also offer a SingleStore as a service on AWS. We offer it that way. It's in the AWS Marketplace. So it's easily consumable that way. >> Access to real time data is no longer a nice-to-have for any company, it's table stakes. We saw that especially in the last 20 months or so with companies that needed to pivot so quickly. What is it about SingleStore that delivers, that you talked about moments that matter? Talk about the access to real time data. How that's a differentiator as well? >> I think businesses need to be where their customers are and in the moments their customers are interacting. So that is the real time business-driver. As far as technology wise, it's not easy to do this. And you think about what makes a database fast? A major way of what makes it fast is how you store the data. And so since 2014, when we first released this, what Gartner called at the time, hybrid transaction/analytical processing or HTAP, where we brought transactional data and analytical data together. Fast forward five years to 2019, we released this innovation called Universal Storage, which does that in a single unified table type. Why that matters is because, I would say, basically cost efficiency and better speed. Again, because you pay for the storage and you pay for the movement. If you're not duplicating that data, moving it across different stores, you're going to have a better experience. >> One of the things you guys pioneered is unifying workloads. You mentioned some of the things you've done. Others are now doing it. Snowflake, Google and others. What does that mean for you guys? I mean, 'cause are they copying you? Are they trying to meet the functionality? >> I think. >> I mean, unification. I mean, people want to just store things and make it, get all the table stakes, check boxes, compliance, security and just keep coding and keep building. >> We think it's actually great 'cause they're validating what we've been seeing in the market for years. And obviously, they see that it's needed by customers. And so we welcome them to the party in terms of bringing these unified workloads together. >> Is it easy or hard? >> It's a difficult thing. We started this in 2014. And we've now have lots of production workloads on this. So we know where all the production edge cases are and that capability is also a building block towards a broader, expansive set of capabilities that we've moved onto that next phase and tomorrow actually we have an event called, The Real Time Data Revolution, excuse me, where we're announcing what's in that new product of ours. >> Is that a physical event or virtual? >> It's a virtual event. >> So we'll get the URL on the show notes, or if you know, just go to the new site. >> Absolutely. SingleStore Real Time Data Revolution, you'll find it. >> Can you tease us with the top three takeaways from Revolution tomorrow? >> So like I said, what makes a database fast? It's the storage and we completed that functionality three years ago with Universal Storage. What we're now doing for this next phase of the evolution is making enterprise features available and Workspaces is one of the foundational capabilities there. What SingleStore Workspaces does is it allows you to have this isolation of compute between your different workloads. So that's often a concern to new users to SingleStore. How can I combine transactions and analytics together? That seems like something that might be not a good thing. Well, there are multiple ways we've been doing that with resource governance, workload management. Workspaces offers another management capability and it's also flexible in that you can scale those workloads independently, or if you have a multi-tenant application, you can segment your application, your customer tenant workloads by each workspace. Another capability we're releasing is called Wasm, which is W-A-S-M, Web Assembly. This is something that's really growing in the open source community and SingleStore's contributing to that open source scene, CF project with WASI and Wasm. Where it's been mentioned mostly in the last few years has been in the browser as a more efficient way to run code in the browser. We're adapting that technology to allow you to run any language of your choice in the database and why that's important, again, it's for data movement. As data gets large in petabyte sizes, you can't move it in and out of Pandas in Python. >> Great innovation. That's real valuable. >> So we call this Code Engine with Wasm and- >> What do you call it? >> Code Engine Powered by Wasm. >> Wow. Wow. And that's open source? >> We contribute to the Wasm open source community. >> But you guys have a service that you- >> Yes. It's our implementation and our database. But Wasm allows you to have code that's portable, so any sort of runtime, which is... At release- >> You move the code, not the data. >> Exactly. >> With the compute. (chuckles) >> That's right, bring the compute to the data is what we say. >> You mentioned a whole bunch of great customer examples, GE, Uber, Thorn, you talked about IEX Cloud. When you're in customer conversations, are you dealing mostly with customers that are looking to you to help replace an existing database that was struggling from a performance perspective? Or are you working with startups who are looking to build a product on SingleStore? Is it both? >> It is a mix of both. I would say among SaaS scale up companies, their API, for instance, is their product or their SaaS application is their product. So quite literally, we're the data engine and the database powering their scale to be able to sign that next big customer or to at least sleep at night to know that it's not going to crash if they sign that next big costumer. So in those cases, we're mainly replacing a lot of databases like MySQL, Postgre, where they're typically starting, but more and more we're finding, it's free to start with SingleStore. You can run it in production for free. And in our developer community, we see a lot of customers running in that way. We have a really interesting community member who has a Minecraft server analytics that he's building based on that SingleStore free tier. In the enterprise, it's different, because there are many incumbent databases there. So it typically is a case where there is a, maybe a new product offering, they're maybe delivering a FinTech API or a new SaaS digital offering, again, to better participate in this digital service economy and they're looking for a better price performance for that real time experience in the app. That's typically the starting point, but there are replacements of traditional incumbent databases as well. >> How has the customer conversation evolved the last couple of years? As we talked about, one of the things we learned in the pandemic was access to real time data and those moments that matter isn't a nice-to-have anymore for businesses. There was that force march to digital. We saw the survivors, we're seeing the thrivers, but want to get your perspective on that. From the customers, how has the conversation evolved or elevated, escalated within an organization as every company has to be a data company? >> It really depends on their business strategy, how they are adapting or how they have adapted to this new digital first orientation and what does that mean for them in the direct interaction with their customers and partners. Often, what it means is they realize that they need to take advantage of using more data in the customer and partner interaction and when they come to those new ideas for new product introductions, they find that it's complicated and expensive to build in the old way. And if you're going to have these real time interactions, interactive applications, APIs, with all this context, you're going to have to find a better, more cost-effective approach to get that to market faster, but also not to have a big sprawling data-based technology infrastructure. We find that in those situations, we're replacing four or five different database technologies. A specialized database for key value, a specialized database for search- >> Because there's no unification before? Is that one of the reasons? >> I think it's an awareness thing. I think technology awareness takes a little bit of time, that there's a new way to do things. I think the old saying about, "Don't pave cow paths when the car..." You could build a straight road and pave it. You don't have to pave along the cow path. I think that's the natural course of technology adaption and so as more- >> And the- pandemic, too, highlighted a lot of the things, like, "Do we really need that?" (chuckles) "Who's going to service that?" >> That's right. >> So it's an awakening moment there where it's like, "Hey, let's look at what's working." >> That's right. >> Double down on it. >> Absolutely. >> What are you excited about new round of funding? We talked about, obviously, probably investments in key growth areas, but what excites you about being part of SingleStore and being a partner of AWS? >> SingleStore is super exciting. I've been in this industry a long time as an engineer and an engineering leader. At the time, we were MemSQL, came into SingleStore. And just that unification and simplification, the systems that I had built as a system engineer and helped architect did the job. They could get the speed and scale you needed to do track and trace kinds of use cases in real time, but it was a big trade off you had to make in terms of the complexity, the skill sets you needed and the cost and just hard to maintain. What excites me most about SingleStore is that it really feels like the iPhone moment for databases because it's not something you asked for, but once your friend has it and shows it to you, why would you have three different devices in your pocket with a flip phone, a calculator? (Lisa and Domenic chuckles) Remember these days? >> Yes. >> And a Blackberry pager. (all chuckling) You just suddenly- >> Or a computer. That's in there. >> That's right. So you just suddenly started using iPhone and that is sort of the moment. It feels like we're at it in the database market where there's a growing awareness and those announcements you mentioned show that others are seeing the same. >> And your point earlier about the iPhone throwing off a lot of data. So now you have data explosions at levels that unprecedented, we've never seen before and the fact that you want to have that iPhone moment, too, as a database. >> Absolutely. >> Great stuff. >> The other part of your question, what excites us about AWS. AWS has been a great partner since the beginning. I mean, when we first released our database, it was the cloud database. It was on AWS by customer demand. That's where our customers were. That's where they were building other applications. And now we have integrations with other native services like AWS Glue and we're in the Marketplace. We've expanded, that said we are a multi-cloud system. We are available in any cloud of your choice and on premise and in hybrid. So we're multi-cloud, hybrid and SaaS distribution. >> Got it. All right. >> Got it. So the event is tomorrow, Revolution. Where can folks go to register? What time does it start? >> 1:00 PM Eastern and- >> 1:00 PM. Eastern. >> Just Google SingleStore Real Time Data Revolution and you'll find it. Love for everyone to join us. >> All right. We look forward to it. Domenic, thank you so much for joining us, talking about SingleStore, the value prop, the differentiators, the validation that's happening in the market and what you guys are doing with AWS. We appreciate it. >> Thanks so much for having me. >> Our pleasure. For Domenic Ravita and John Furrier, I'm Lisa Martin. You're watching theCUBE, live from New York at AWS Summit 22. John and I are going to be back after a short break, so come back. (digital pulsing music)

(upbeat music) >> Welcome to theCUBE. I'm Dave Nicholson, and this is part of the continuing conversation about Managing Risk in the Digital Supply Chain. I have with me today Vincent Danen, vice president of product security from Red Hat and Luke Hines security engineering lead from the office of the CTO at Red Hat. Gentlemen, welcome to theCUBE. >> Thank you. >> Great to be here. >> So let's just start out and dive right into this, Vincent, what is the software or digital supply chain? What are we talking about? Yeah, that's a good question. Software supply chain is basically the software that an end user would get from a vendor or in our case, we're talking about open source, so upstream. It is the software that comes in that is part of your package, operating system, applications. It could be something that you get from one vendor, multiple vendors. So we look at in the example of Red Hat, we are one part of the customer's software supply chain. >> So it's interesting that it's coming in from different areas. Do we have a sense for the ratio of kind of commercial software versus open source software that makes up an enterprise today? >> I think that's a really hard thing to answer and I think every enterprise or every company would have a little bit different. Depends if you have an open source vendor that you choose, you may get a significant amount of software from them. Certainly you're not going to get it all. As an example, Red Hat provides thousands of open source packages. We certainly can't provide all of them. There are millions that are out there. So when you're looking at a specific application that you're building, chances are, you could be running that on a managed platform or an enterprise supply platform, but there are going to be packages that you're going to be obtaining from other sources in other communities as well in order to power your applications. >> So, Luke, that sounds like a kind of a vague situation we're looking at in terms of where all of our software is coming from. So what do we need to know about our software supply chain in that context? What do we need to understand? Before we even get anywhere near the idea of securing it, what are some of the issues that arise from that? >> Yeah, so Vincent's touchpoint is a very wide range in ecosystem, multiple sources when we're talking about open source. So essentially awareness is key really. I think a lot of people are really not aware of the sources that they're drawing from to create their own supply chain. So there's multiple supply chains. You can be somebody like Red Hat that the provide software, and then people will leverage Red Hats for their own supply chain. And then you have the cloud provider and they have their own source of software. So I think that the key thing is the awareness of how much you rely upon that ecosystem before we look at the security of the supply chain. It's really understanding your supply chain. >> And just to follow up on that. So can you... I'm sort of checking my own level of understanding on this subject. When you talk about open source code, you're talking about a code base that is often maintained essentially by volunteers, isn't that correct? >> A mix of volunteers and paid professionals where a company has an interest in the open source project, but predominantly I would say it's... Well, I'm not entirely sure, but volunteers make up a substantial part of the ecosystem that is for sure. So it's a mix really. Some people do it because they enjoy writing software. They want to share software. Other people also enjoy working software, but they're in the position that a company pays for them to work on that software. So it's a mix of both. >> Vincent, give us a reminder of reminder of why this is important from a little bit of a higher level. Step back from the data center view of things, from the IT view of things, just from a societal perspective, Vincent, what happens when we don't secure our digital supply chain? What are the things that are put at risk? >> Okay, well, there's a significant number of things that are placed at risk, the security of the enterprise itself. So your own customer data, your own internal corporate data is place at risk if there were a supply chain breach. But further to that for a software provider, and I think that in a lot of cases, most companies today are software providers or software developers. You actually put your own customers at risk as well, not just their data, but their actual... The things that they're working on, any workloads that they may have, an order that they might place as an example. So there's a number of areas where you want to have the security of that supply chain and the software components that you have figured out. You want to be on top of that because there is that risk that trickles down when it comes to an event. I mean, we've seen that with breaches earlier this year, one company is breached multiple companies end up being breached as a result of that. So it's really important. I think we all have a part to play in that I always view it as it's not just about the company itself. So I mean, speaking from a Red Hat perspective, I don't look at it as we're just securing Red Hat, we're securing our customers, and then we're also doing that for their customers as well, because they're writing software that's running on the software that we're providing to them. So there is this trickle down effect that comes, and so I think that every link in that chain, I mean, it's wonderful that it's called a supply chain. It's only as strong as its weakest link. So our view is how do we strengthen every link in that chain? And we're one part of it, but we're kind of looking a little broader, what can we do upstream and how can we help our customers to ensure the security of their part in that supply chain? >> Yeah, I want to talk about that in a broad sense, but let's see if we can get a little bit more specific in terms of what some of the chains look like because it's not just really one chain when you think about it, there's the idea of inherent flaws that can be caught and then there are the things that bad actors might be doing to leverage those flaws. So you've got all of these different things that are converging. So first and Vincent, if you want to toss this to Luke back and forth, it's up to you guys. What about this issue of inherent flaws in code? We referenced this idea of the maintainer community. What are best practices for locking that down to make sure that there aren't inherent flaws or security risks? >> I'll take a stab at it, and then I'll let Luke follow up with maybe some of the technologies that Red Hat provides. And again, speaking to Red Hat as part of that chain. When we're talking about inherent risk, there's a vulnerability that's present upstream. We pull that software to Red Hat. We package it as a component of one of the pieces of software that we provide to our customers. It's our responsibility to pay attention to those upstream potential vulnerabilities, potential risks, and correct them in our code. So that might be taking a patch from upstream, applying it to our software, might be grabbing the latest version from upstream, whatever the case might be, but it's our responsibility to provide that protection for that software to actually remediate that risk, and then our customers can then install the update and apply the mitigation themselves. If we take a look at it from, when we're looking at multiple suppliers where you'd asked earlier about, what part of it is Red Hat and what part of it is self-service open source? When you look at that, the work that Red Hat's doing there as a commercial provider of open source and end user for that little bit that they're going to grab themselves, that Red Hat doesn't provide, it's going to have to do all of those things as well. They're going to have to pay attention to that risk from upstream. They're going to have to pay attention to any potential vulnerabilities and pull that in to figure out, do I need to patch? Where do I need to patch it? And that's something we didn't really touch on was an inventory of the software that you have in place. I mean, you don't know that you need to fix something. You don't even know that it's running. So, I mean, there's a lot of considerations there where you have to pay attention to a lot of sources. Certainly there's metadata, automation, all of these things that make it easier, but it doesn't absolve us of the responsibility across the board to pay attention to these things, whether you're grabbing it from upstream directly or from the vendor. And it's the vendor's responsibility to then be paying attention to things upstream. >> Yeah, so Luke, I want you to kind of riff on that from the perspective that let's just assume that Vincent was just primarily talking about the idea that, okay, we've established that this code is solid and we've got gold copy of it and we know it's okay. There aren't inherent problems in the code as far as we can tell. Well, that's fine. I'm a developer. I go out to pull code and to use. How do I know if it's not been tampered with? How do I know if it's in fact the code that was validated during this process before? What do you do about that? >> So there's several methods there, but I just like to loop back to that point, because I think this is really interesting around, so if you look at a software supply chain, this is a mix of humans and machines, and both have flaws, probably humans a bit more. And a supply chain, you have developers. You have code reviewers, you have your systems administrators that set up the systems, and then you have your machine actors. So you've got your build systems, the various machines that are part of that supply chain. Now the humans, there's a as an attack factor there 'cause typically they will have some sort of identity, which they leverage for access to the supply chain. So quite often a developer's identity can be compromised. So a lot of the time people will have a corporate account that gives them some sort of single sign on access to multiple systems. So the developers are coming and this could be somebody in the community as well. Their account is compromised, then they're able to easily backdoor systems. So that's one aspect. And then there is machines as well. There's the whole premise of machines software not being up to date. So when the latest nasty vulnerability is released, machines are updated, then the machines have their flaws. They can be exploited. So I would say it's not just a technical problem. There is a humanistic element to this as well around protecting your supply chain. And I would say a really good perspective to carry when you're looking to, how do I secure my supply chain is treat it like you would a production system. So what do I mean by that? When we put something into production and we've got this very long legacy of treating it with a very strict security context around who can access that people, okay. How much it's upgraded and it's patched? And we seem to not have this same perception around our supply chain and our build systems, the integrity of those, the access of those, the policy around the access and so forth. So that's one giveaway that I would say is a real key focus that you should have is treat it like a production system. Be very mindful about what you're bringing in, who can access it because it is the keys to the kingdom, because if somebody compromises your supply chain, your build systems and so forth, they can compromise the whole chain because the chain is only as strong as the weakest link. So that's what I draw upon it. And around the verifications, there is multiple technologies that you can leverage. So Red Hat, we've got a very robust sign in system that we use so that you can be sure that the packages that we get you have non-repudiation that they've been produced by Red Hat. When you update your system, that's automatically looked after. And there are other systems as well, there's other new technologies that are starting to get a foothold around the provenance of aspects of your build system. So when you're pulling in from these multiple sources of open source communities, you can have some provenance around what you're putting in as well. And yeah, I don't want to bite share too much on the technologies, but there's some exciting stuff starting to happen there as well. >> So let's look at an example of something, because I think it's important to understand all of these different aspects. Recently, I think actually still in the news, we found that some logging software distributed by Apache that's widely used in people's websites to gather information about... To help from a security perspective and to help developers improve things that are going on in websites. A vulnerability was discovered. I guess, first Alibaba, some folks were reported it directly to some folks at Apache and the Apache Organization. And then of all people, some folks from Minecraft mentioned it in a blog. That seems like a crazy way to find out about something that's a critical flaw. Now we're looking at this right now with hindsight. So with hindsight, what could we have done to not be in the circumstances that we're in right now? Vincent, I'll toss that to you first, but again, if Luke is more appropriate, let us know. >> No, it's a great question, and it's a hard question. >> How did you let this happen, Vincent? How did you let this happen? >> It wasn't me, I promise. (Dave laughs) >> What I mean, it's a challenging question I mean, and there's a number of areas where we focused on a lot of what we perceived as critical software. So it comes to web server applications, DNS, a number of the kind of the critical infrastructure that powers the internet. Right or wrong. Do we look at logging software as a critical piece of that? Well, maybe, maybe we should, right? Logging is definitely important as part of an incident response or just an awareness of what's going on. So, I mean, yeah, it probably should have been considered critical software, but I mean, it's open source, right? So there's a number of different logging applications. I imagine now we're scrutinizing those a little bit more, but looking beforehand, how do you determine what's critical until an event like this happens, and it's unfortunate that it happens. And I like to think of these as learning opportunities, and certainly not just for Red Hat, but for this (talking over each other) >> Certainly this is not... Yeah, this is not an indictment of our entire industry. We are all in this together and learning every day. It just highlights how complex the situation is that we're dealing with, right? >> It really is. And I mean, a lot of what we're looking at now is how do we get tools into the hands of developers who can catch some of these things earlier. And there's a lot of commercial offerings, there's a lot of open source tools that are available and being produced that are going to help with these sorts of situations moving forward. But I mean, all the tools on the planet aren't going to help if they're not being used. So, I mean, there has to be an education and an incentive for these developers, particularly, maybe in some upstream communities where they are labors of love and they're passionate projects they're not sponsored or backed by a corporation who's paying for these tools, to be able to use some of them and move that forward. I think that looking at things now, there is work to be done. Obviously there's always going to be work to be done. Not all of these tools, and we have to recognize this, they're not all perfect. They're not going to catch everything. These tools could have been... I mean, I don't know if they were running these tools or not, they could have been, and the tool simply could not have picked them up. So part of it is the proactive part. We talk a lot about shift left and moving these things earlier into the development process and that's great, and we should do it. It certainly should never be seen as a silver bullet or a replacement for a good response. And I think the really important thing to highlight with respect to this, and I mean, this touches on the supply chain issue as well, companies, especially those who never maybe saw themselves as a software development company really have to figure out and understand how to do appropriate response. Part of that is awareness, what do you have installed? Part of it is sources of information. Like how do I find out about a new vulnerability or a potential vulnerability? And then it's just the speed to respond. We know that a number of companies they have, maybe it's a Patch Tuesday, maybe it's a patch 26th of the month, maybe it's patch day of the quarter, we have to learn how to respond to these things quickly so that we can apply these mitigations and these fixes as quickly as possible to them protect ourselves and protect the end users or customers that we have, or to keep the kids from using some backdoors in Minecraft is the word. >> (laughs) Yeah. Look, this is an immensely important subject. To wrap us up on this, Luke, I'd like you to pretend that you just got into an elevator in a moderately tall building, and you have 60 seconds to share with me someone who already trusts you, you don't have to convince me of your credentials or anything. I trust you. What tools specifically do you need me to be running, tools and processes. You've got 60 seconds to say, Dave, if you're not doing these things right now, you're unnecessarily vulnerable. So ready, and go, Luke. >> So automatically update all packages. Always stay up-to-date so that when an issue does hit, you're not having to go back 10 versions and work your way forward. That's the key thing. Ensure that everything you pull in, you're not going to have 100%, but have a very strict requirement that there is non-repudiation, is signed content, so you can verify that it's not being tampered with. For your developers that are producing code, run static, dynamic analysis, API fuzzes, all of these sorts of tools. They will find some vulnerabilities for you. Be part of communities. Be part of communities, help chop the wood and carry the water because the log for Jay, the thing is that was found because it was in the open. If it wasn't any open, it wouldn't have been found. And I've been in this business for a long time. Software developers will always write bugs. I do. Some of them will be security bugs. That's never going to change. So it's not about stopping something that's inevitable. It's about being prepared to react accordingly in our right and correct manner when it does happen so that you can mitigate against those risks. >> Well, we're here on the 35th floor. That was amazing. Thank you, Luke. Vincent, you were in the elevator also listening in on this conversation. Did we miss anything? >> No, I mean, the only thing I'll say is that it's really helpful to partner with an enterprise open source provider, be it Red Hat or anybody else. I don't want to toot our own horn. They do a lot of that work on your behalf that you don't have to do. A lot of the things that Luke was talking about, those providers do, so you don't have to. And that's where you.. I liked that you talked about, hey, you don't have to convince me that I'm trusted, or that I trust you. Trust those vendors. They're literally here to do a lot of that heavy lifting for you and trust the process. Yeah, it's a very, very good point. And I know that sometimes it's hard to get to that point where you are the trusted advisor. Both of you certainly are. And with that, I would like to thank you very much for an interesting conversation. Gentlemen, let's keep in touch. You're always welcome on theCUBE. Luke, second time, getting a chance to talk to you on theCUBE personally. Fantastic. With that, I would like to thank everyone for joining this very special series on theCUBE. Managing risk in the digital supply chain is a critical topic to keep on top of. Thanks for tuning into theCUBE. We'll be back soon. I'm Dave Nicholson saying, thanks again. (upbeat music)

from the cube studios in palo alto in boston bringing you data-driven insights from the cube and etr this is breaking analysis with dave vellante you know we've often said that the next 10 years in cloud computing won't be like the last ten cloud has firmly planted its footprint on the other side of the chasm with the momentum of the entire multi-trillion dollar tech business behind it both sellers and buyers are leaning in by adopting cloud technologies and many are building their own value layers on top of cloud in the coming years we expect innovation will continue to coalesce around the three big u.s clouds plus alibaba in apac with the ecosystem building value on top of the hardware saw tooling provided by the hyperscalers now importantly we don't see this as a race to the bottom rather our expectation is that the large public cloud players will continue to take cost out of their platforms through innovation automation and integration while other cloud providers and the ecosystem including traditional companies that buy it mine opportunities in their respective markets as matt baker of dell is fond of saying this is not a zero sum game welcome to this week's wikibon cube insights powered by etr in this breaking analysis we'll update you on our latest projections in the cloud market we'll share some new etr survey data with some surprising nuggets and drill into this the important cloud database landscape first we want to take a look at what people are talking about in cloud and what's been in the recent news with the exception of alibaba all the large cloud players have reported earnings google continues to focus on growth at the expense of its profitability google reported that it's cloud business which includes applications like google workspace grew 45 percent to five and a half billion dollars but it had an operating loss of 890 billion now since thomas curion joined google to run its cloud business google has increased head count in its cloud business from 25 000 25 000 people now it's up to 40 000 in an effort to catch up to the two leaders but playing catch up is expensive now to put this into perspective let's go back to aws's revenue in q1 2018 when the company did 5.4 billion so almost exactly the same size as google's current total cloud business and aws is growing faster at the time at 49 don't forget google includes in its cloud numbers a big chunk of high margin software aws at the time had an operating profit of 1.4 billion that quarter around 26 of its revenues so it was a highly profitable business about as profitable as cisco's overall business which again is a great business this is what happens when you're number three and didn't get your head out of your ads fast enough now in fairness google still gets high marks on the quality of its technology according to corey quinn of the duck bill group amazon and google cloud are what he called neck and neck with regard to reliability with microsoft azure trailing because of significant disruptions in the past these comments were made last week in a bloomberg article despite some recent high-profile outages on aws not surprisingly a microsoft spokesperson said that the company's cloud offers industry-leading reliability and that gives customers payment credits after some outages thank you turning to microsoft and cloud news microsoft's overall cloud business surpassed 22 billion in the december quarter up 32 percent year on year like google microsoft includes application software and sas offerings in its cloud numbers and gives little nuggets of guidance on its azure infrastructure as a service business by the way we estimate that azure comprises about 45 percent of microsoft's overall cloud business which we think hit a 40 billion run rate last quarter microsoft guided in its earning call that recent declines in the azure growth rates will reverse in q1 and that implies sequential growth for azure and finally it was announced that the ftc not the doj will review microsoft's announced 75 billion acquisition of activision blizzard it appears ftc chair lena khan wants to take this one on herself she of course has been very outspoken about the power of big tech companies and in recent a recent cnbc interview suggested that the u.s government's actions were a meaningful contributor back then to curbing microsoft's power in the 90s i personally found that dubious just ask netscape wordperfect novell lotus and spc the maker of harvard presentation graphics how effective the government was in curbing microsoft power generally my take is that the u s government has had a dismal record regulating tech companies most notably ibm and microsoft and it was market forces company hubris complacency and self-inflicted wounds not government intervention these were far more effective than the government now of course if companies are breaking the law they should be punished but the u.s government hasn't been very productive in its actions and the unintended consequences of regulation could be detrimental to the u.s competitiveness in the race with china but i digress lastly in the news amazon announced earnings thursday and the company's value increased by 191 billion dollars on friday that's a record valuation gain for u.s stocks aws amazon's profit engine grew 40 percent year on year for the quarter it closed the year at 62 billion dollars in revenue and at a 71 billion dollar revenue run rate aws is now larger than ibm which without kindrel is at a 67 billion dollar run rate just for context ibm's revenue in 2011 was 107 billion dollars now there's a conversation going on in the media and social that in order to continue this growth and compete with microsoft that aws has to get into the sas business and offer applications we don't think that's the right strategy for amp from for amazon in the near future rather we see them enabling developers to compete in that business finally amazon disclosed that 48 of its top 50 customers are using graviton 2 instances why is this important because aws is well ahead of the competition in custom silicon chips is and is on a price performance curve that is far better than alternatives especially those based on x86 this is one of the reasons why we think this business is not a race to the bottom aws is being followed by google microsoft and alibaba in terms of developing custom silicon and will continue to drive down their internal cost structures and deliver price performance equal to or better than the historical moore's law curves so that's the recent news for the big u.s cloud providers let's now take a look at how the year ended for the big four hyperscalers and look ahead to next year here's a table we've shown this view before it shows the revenue estimates for worldwide is and paths generated by aws microsoft alibaba and google now remember amazon and alibaba they share clean eye ass figures whereas microsoft and alphabet only give us these nuggets that we have to interpret and we correlate those tidbits with other data that we gather we're one of the few outlets that actually attempts to make these apples to apples comparisons there's a company called synergy research there's another firm that does this but i really can't map to their numbers their gcp figures look far too high and azure appears somewhat overestimated and they do include other stuff like hosted private cloud services but it's another data point that you can use okay back to the table we've slightly adjusted our gcp figures down based on interpreting some of alphabet's statements and other survey data only alibaba has yet to announce earnings so we'll stick to a 2021 market size of about 120 billion dollars that's a 41 growth rate relative to 2020 and we expect that figure to increase by 38 percent to 166 billion in 2022 now we'll discuss this a bit later but these four companies have created an opportunity for the ecosystem to build what we're calling super clouds on top of this infrastructure and we're seeing it happen it was increasingly obvious at aws re invent last year and we feel it will pick up momentum in the coming months and years a little bit more on that later now here's a graphical view of the quarterly revenue shares for these four companies notice that aws has reversed its share erosion and is trending up slightly aws has accelerated its growth rate four quarters in a row now it accounted for 52 percent of the big four hyperscaler revenue last year and that figure was nearly 54 in the fourth quarter azure finished the year with 32 percent of the hyper scale revenue in 2021 which dropped to 30 percent in q4 and you can see gcp and alibaba they're neck and neck fighting for the bronze medal by the way in our recent 2022 predictions post we said google cloud platform would surpass alibaba this year but given the recent trimming of our numbers google's got some work to do for that prediction to be correct okay just to put a bow on the wikibon market data let's look at the quarterly growth rates and you'll see the compression trends there this data tracks quarterly revenue growth rates back to 20 q1 2019 and you can see the steady downward trajectory and the reversal that aws experienced in q1 of last year now remember microsoft guided for sequential growth and azure so that orange line should trend back up and given gcp's much smaller and big go to market investments that we talked about we'd like to see an acceleration there as well the thing about aws is just remarkable that it's able to accelerate growth at a 71 billion run rate business and alibaba you know is a bit more opaque and likely still reeling from the crackdown of the chinese government we're admittedly not as close to the china market but we'll continue to watch from afar as that steep decline in growth rate is somewhat of a concern okay let's get into the survey data from etr and to do so we're going to take some time series views on some of the select cloud platforms that are showing spending momentum in the etr data set you know etr uses a metric we talked about this a lot called net score to measure that spending velocity of products and services netscore basically asks customers are you spending more less or the same on a platform and a vendor and then it subtracts the lesses from the moors and that yields a net score this chart shows net score for five cloud platforms going back to january 2020. note in the table that the table we've inserted inside that chart shows the net score and shared n the latter metric indicates the number of mentions in the data set and all the platforms we've listed here show strong presence in the survey that red dotted line at 40 percent that indicates spending is at an elevated level and you can see azure and aws and vmware cloud on aws as well as gcp are all nicely elevated and bounding off their october figures indicating continued cloud momentum overall but the big surprise in these figures is the steady climb and the steep bounce up from oracle which came in just under the 40 mark now one quarter is not necessarily a trend but going back to january 2020 the oracle peaks keep getting higher and higher so we definitely want to keep watching this now here's a look at some of the other cloud platforms in the etr survey the chart here shows the same time series and we've now brought in some of the big hybrid players notably vmware cloud which is vcf and other on-prem solutions red hat openstack which as we've reported in the past is still popular in telcos who want to build their own cloud we're also starting to see hpe with green lake and dell with apex show up more and ibm which years ago acquired soft layer which was really essentially a bare metal hosting company and over the years ibm cobbled together its own public cloud ibm is now racing after hybrid cloud using red hat openshift as the linchpin to that strategy now what this data tells us first of all these platforms they don't have the same presence in the data set as do the previous players vmware is the one possible exception but other than vmware these players don't have the spending velocity shown in the previous chart and most are below the red line hpe and dell are interesting and notable in that they're transitioning their early private cloud businesses to dell gr sorry hpe green lake and dell apex respectively and finally after years of kind of staring at their respective navels in in cloud and milking their legacy on-prem models they're finally building out cloud-like infrastructure for their customers they're leaning into cloud and marketing it in a more sensible and attractive fashion for customers so we would expect these figures are going to bounce around for a little while for those two as they settle into a groove and we'll watch that closely now ibm is in the process of a complete do-over arvin krishna inherited three generations of leadership with a professional services mindset now in the post gerschner gerstner era both sam palmisano and ginny rometty held on far too long to ibm's service heritage and protected the past from the future they missed the cloud opportunity and they forced the acquisition of red hat to position the company for the hybrid cloud remedy tried to shrink to grow but never got there krishna is moving faster and with the kindred spin is promising mid-single-digit growth which would be a welcome change ibm is a lot of work to do and we would expect its net score figures as well to bounce around as customers transition to the future all right let's take a look at all these different players in context these are all the clouds that we just talked about in a two-dimensional view the vertical axis is net score or spending momentum and the horizontal axis is market share or presence or pervasiveness in the data set a couple of call-outs that we'd like to make here first the data confirms what we've been saying what everybody's been saying aws and microsoft stand alone with a huge presence many tens of billions of dollars in revenue yet they are both well above the 40 line and show spending momentum and they're well ahead of gcp on both dimensions second vmware while much smaller is showing legitimate momentum which correlates to its public statements alibaba the alibaba in this survey really doesn't have enough sample to make hardcore conclusions um you can see hpe and dell and ibm you know similarly they got a little bit more presence in the data set but they clearly have some work to do what you're seeing there is their transitioning their legacy install bases oracle's the big surprise look what oracle was in the january survey and how they've shot up recently now we'll see if this this holds up let's posit some possibilities as to why it really starts with the fact that oracle is the king of mission critical apps now if you haven't seen video on twitter you have to check it out it's it's hilarious we're not going to run the video here but the link will be in our post but i'll give you the short version some really creative person they overlaid a data migration narrative on top of this one tooth guy who speaks in spanish gibberish but the setup is he's a pm he's a he's a a project manager at a bank and aws came into the bank this of course all hypothetical and said we can move all your apps to the cloud in 12 months and the guy says but wait we're running mission critical apps on exadata and aws says there's nothing special about exadata and he starts howling and slapping his knee and laughing and giggling and talking about the 23 year old senior engineer who says we're going to do this with microservices and he could tell he was he was 23 because he was wearing expensive sneakers and what a nightmare they encountered migrating their environment very very very funny video and anyone who's ever gone through a major migration of mission critical systems this is gonna hit home it's funny not funny the point is it's really painful to move off of oracle and oracle for all its haters and its faults is really the best environment for mission critical systems and customers know it so what's happening is oracle's building out the best cloud for oracle database and it has a lot of really profitable customers running on-prem that the company is migrating to oracle cloud infrastructure oci it's a safer bet than ripping it and putting it into somebody else's cloud that doesn't have all the specialized hardware and oracle knowledge because you can get the same integrated exadata hardware and software to run your database in the oracle cloud it's frankly an easier and much more logical migration path for a lot of customers and that's possibly what's happening here not to mention oracle jacks up the license price nearly doubles the license price if you run on other clouds so not only is oracle investing to optimize its cloud infrastructure it spends money on r d we've always talked about that really focused on mission critical applications but it's making it more cost effective by penalizing customers that run oracle elsewhere so this possibly explains why when the gartner magic quadrant for cloud databases comes out it's got oracle so well positioned you can see it there for yourself oracle's position is right there with aws and microsoft and ahead of google on the right-hand side is gartner's critical capabilities ratings for dbms and oracle leads in virtually all of the categories gartner track this is for operational dvms so it's kind of a narrow view it's like the red stack sweet spot now this graph it shows traditional transactions but gartner has oracle ahead of all vendors in stream processing operational intelligence real-time augmented transactions now you know gartner they're like old name framers and i say that lovingly so maybe they're a bit biased and they might be missing some of the emerging opportunities that for example like snowflake is pioneering but it's hard to deny that oracle for its business is making the right moves in cloud by optimizing for the red stack there's little question in our view when it comes to mission critical we think gartner's analysis is correct however there's this other really exciting landscape emerging in cloud data and we don't want it to be a blind spot snowflake calls it the data cloud jamactagani calls it data mesh others are using the term data fabric databricks calls it data lake house so so does oracle by the way and look the terminology is going to evolve and most of the action action that's happening is in the cloud quite frankly and this chart shows a select group of database and data warehouse companies and we've filtered the data for aws azure and gcp customers accounts so how are these accounts or companies that were showing how these vendors were showing doing in aws azure and gcp accounts and to make the cut you had to have a minimum of 50 mentions in the etr survey so unfortunately data bricks didn't make it just not enough presence in the data set quite quite yet but just to give you a sense snowflake is represented in this cut with 131 accounts aws 240 google 108 microsoft 407 huge [ __ ] 117 cloudera 52 just made the cut ibm 92 and oracle 208. again these are shared accounts filtered by customers running aws azure or gcp the chart shows a net score lime green is new ads forest green is spending more gray is flat spending the pink is spending less and the bright red is defection again you subtract the red from the green and you get net score and you can see that snowflake as we reported last week is tops in the data set with a net score in the 80s and virtually no red and even by the way single digit flat spend aws google and microsoft are all prominent in the data set as is [ __ ] and snowflake as i just mentioned and they're all elevated over the 40 mark cloudera yeah what can we say once they were a high flyer they're really not in the news anymore with anything compelling other than they just you know took the company private so maybe they can re-emerge at some point with a stronger story i hope so because as you can see they actually have some new additions and spending momentum in the green just a lot of customers holding steady and a bit too much red but they're in the positive territory at least with uh plus 17 percent unlike ibm and oracle and this is the flip side of the coin ibm they're knee-deep really chest deep in the middle of a major transformation we've said before arvind krishna's strategy and vision is at least achievable prune the portfolio i.e spin out kindrel sell watson health hold serve with the mainframe and deal with those product cycles shift the mix to software and use red hat to win the day in hybrid red hat is working for ibm's growing well into the double digits unfortunately it's not showing up in this chart with little database momentum in aws azure and gcp accounts zero new ads not enough acceleration and spending a big gray middle in nearly a quarter of the base in the red ibm's data and ai business only grew three percent this last quarter and the word database wasn't even mentioned once on ibm's earnings call this has to be a concern as you can see how important database is to aws microsoft google and the momentum it's giving companies like snowflake and [ __ ] and others which brings us to oracle with a net score of minus 12. so how do you square the momentum in oracle cloud spending and the strong ratings and databases from gartner with this picture good question and i would say the following first look at the profile people aren't adding oracle new a large portion of the base 25 is reducing spend by 6 or worse and there's a decent percentage of the base migrating off oracle with a big fat middle that's flat and this accounts for the poor net score overall but what etr doesn't track is how much is being spent rather it's an account based model and oracle is heavily weighted toward big spenders running mission critical applications and databases oracle's non-gaap operating margins are comparable to ibm's gross margins on a percentage basis so a very profitable company with a big license and maintenance in stall basin oracle has focused its r d investments into cloud erp database automation they've got vertical sas and they've got this integrated hardware and software story and this drives differentiation for the company but as you can see in this chart it has a legacy install base that is constantly trying to minimize its license costs okay here's a little bit of different view on the same data we expand the picture with the two dimensions of net score on the y-axis and market share or pervasiveness on the horizontal axis and the table insert is how the data gets plotted y and x respectively not much to add here other than to say the picture continues to look strong for those companies above the 40 line that are focused and their focus and have figured out a clear cloud strategy and aren't necessarily dealing with a big install base the exception of course is is microsoft and the ones below the line definitely have parts of their portfolio which have solid momentum but they're fighting the inertia of a large install base that moves very slowly again microsoft had the advantage of really azure and migrating those customers very quickly okay so let's wrap it up starting with the big three cloud players aws is accelerating and innovating great example is custom silicon with nitro and graviton and other chips that will help the company address concerns related to the race to the bottom it's not a race to zero aws we believe will let its developers go after the sas business and for the most part aws will offer solutions that address large vertical markets think call centers the edge remains a wild card for aws and all the cloud players really aws believes that in the fullness of time all workloads will run in the public cloud now it's hard for us to imagine the tesla autonomous vehicles running in the public cloud but maybe aws will redefine what it means by its cloud microsoft well they're everywhere and they're expanding further now into gaming and the metaverse when he became ceo in 2014 many people said that satya should ditch xbox just as an aside the joke among many oracle employees at the time was that safra katz would buy her kids and her nieces and her nephews and her kids friends everybody xbox game consoles for the holidays because microsoft lost money for everyone that they shipped well nadella has stuck with it and he sees an opportunity to expand through online gaming communities one of his first deals as ceo was minecraft now the acquisition of activision will make microsoft the world's number three gaming company by revenue behind only 10 cent and sony all this will be powered by azure and drive more compute storage ai and tooling now google for its part is battling to stay relevant in the conversation luckily it can afford the massive losses it endures in cloud because the company's advertising business is so profitable don't expect as many have speculated that google is going to bail on cloud that would be a huge mistake as the market is more than large enough for three players which brings us to the rest of the pack cloud ecosystems generally and aws specifically are exploding the idea of super cloud that is a layer of value that spans multiple clouds hides the underlying complexity and brings new value that the cloud players aren't delivering that's starting to bubble to the top and legacy players are staying close to their customers and fighting to keep them spending and it's working dell hpe cisco and smaller predominantly on-plan prem players like pure storage they continue to do pretty well they're just not as sexy as the big cloud players the real interesting activity it's really happening in the ecosystem of companies and firms within industries that are transforming to create their own digital businesses virtually all of them are running a portion of their offerings on the public cloud but often connecting to on-premises workloads and data think goldman sachs making that work and creating a great experience across all environments is a big opportunity and we're seeing it form right before our eyes don't miss it okay that's it for now thanks to my colleague stephanie chan who helped research this week's topics remember these episodes are all available as podcasts wherever you listen just search breaking analysis podcast check out etr's website at etr dot ai and also we publish a full report every week on wikibon.com and siliconangle.com you can get in touch with me email me at david.velante siliconangle.com you can dm me at divalante or comment on my linkedin post this is dave vellante for the cube insights powered by etr have a great week stay safe be well and we'll see you next time [Music] you

(upbeat music) >> Welcome to theCUBE. I'm Dave Nicholson, and this is part of the continuing conversation about Managing Risk in the Digital Supply Chain. I have with me today Vincent Danen, vice president of product security from Red Hat and Luke Hines security engineering lead from the office of the CTO at Red Hat. Gentlemen, welcome to theCUBE. >> Thank you. >> Great to be here. >> So let's just start out and dive right into this, Vincent, what is the software or digital supply chain? What are we talking about? Yeah, that's a good question. Software supply chain is basically the software that an end user would get from a vendor or in our case, we're talking about open source, so upstream. It is the software that comes in that is part of your package, operating system, applications. It could be something that you get from one vendor, multiple vendors. So we look at in the example of Red Hat, we are one part of the customer's software supply chain. >> So it's interesting that it's coming in from different areas. Do we have a sense for the ratio of kind of commercial software versus open source software that makes up an enterprise today? >> I think that's a really hard thing to answer and I think every enterprise or every company would have a little bit different. Depends if you have an open source vendor that you choose, you may get a significant amount of software from them. Certainly you're not going to get it all. As an example, Red Hat provides thousands of open source packages. We certainly can't provide all of them. There are millions that are out there. So when you're looking at a specific application that you're building, chances are, you could be running that on a managed platform or an enterprise supply platform, but there are going to be packages that you're going to be obtaining from other sources in other communities as well in order to power your applications. >> So, Luke, that sounds like a kind of a vague situation we're looking at in terms of where all of our software is coming from. So what do we need to know about our software supply chain in that context? What do we need to understand? Before we even get anywhere near the idea of securing it, what are some of the issues that arise from that? >> Yeah, so Vincent's touchpoint is a very wide range in ecosystem, multiple sources when we're talking about open source. So essentially awareness is key really. I think a lot of people are really not aware of the sources that they're drawing from to create their own supply chain. So there's multiple supply chains. You can be somebody like Red Hat that the provide software, and then people will leverage Red Hats for their own supply chain. And then you have the cloud provider and they have their own source of software. So I think that the key thing is the awareness of how much you rely upon that ecosystem before we look at the security of the supply chain. It's really understanding your supply chain. >> And just to follow up on that. So can you... I'm sort of checking my own level of understanding on this subject. When you talk about open source code, you're talking about a code base that is often maintained essentially by volunteers, isn't that correct? >> A mix of volunteers and paid professionals where a company has an interest in the open source project, but predominantly I would say it's... Well, I'm not entirely sure, but volunteers make up a substantial part of the ecosystem that is for sure. So it's a mix really. Some people do it because they enjoy writing software. They want to share software. Other people also enjoy working software, but they're in the position that a company pays for them to work on that software. So it's a mix of both. >> Vincent, give us a reminder of reminder of why this is important from a little bit of a higher level. Step back from the data center view of things, from the IT view of things, just from a societal perspective, Vincent, what happens when we don't secure our digital supply chain? What are the things that are put at risk? >> Okay, well, there's a significant number of things that are placed at risk, the security of the enterprise itself. So your own customer data, your own internal corporate data is place at risk if there were a supply chain breach. But further to that for a software provider, and I think that in a lot of cases, most companies today are software providers or software developers. You actually put your own customers at risk as well, not just their data, but their actual... The things that they're working on, any workloads that they may have, an order that they might place as an example. So there's a number of areas where you want to have the security of that supply chain and the software components that you have figured out. You want to be on top of that because there is that risk that trickles down when it comes to an event. I mean, we've seen that with breaches earlier this year, one company is breached multiple companies end up being breached as a result of that. So it's really important. I think we all have a part to play in that I always view it as it's not just about the company itself. So I mean, speaking from a Red Hat perspective, I don't look at it as we're just securing Red Hat, we're securing our customers, and then we're also doing that for their customers as well, because they're writing software that's running on the software that we're providing to them. So there is this trickle down effect that comes, and so I think that every link in that chain, I mean, it's wonderful that it's called a supply chain. It's only as strong as its weakest link. So our view is how do we strengthen every link in that chain? And we're one part of it, but we're kind of looking a little broader, what can we do upstream and how can we help our customers to ensure the security of their part in that supply chain? >> Yeah, I want to talk about that in a broad sense, but let's see if we can get a little bit more specific in terms of what some of the chains look like because it's not just really one chain when you think about it, there's the idea of inherent flaws that can be caught and then there are the things that bad actors might be doing to leverage those flaws. So you've got all of these different things that are converging. So first and Vincent, if you want to toss this to Luke back and forth, it's up to you guys. What about this issue of inherent flaws in code? We referenced this idea of the maintainer community. What are best practices for locking that down to make sure that there aren't inherent flaws or security risks? >> I'll take a stab at it, and then I'll let Luke follow up with maybe some of the technologies that Red Hat provides. And again, speaking to Red Hat as part of that chain. When we're talking about inherent risk, there's a vulnerability that's present upstream. We pull that software to Red Hat. We package it as a component of one of the pieces of software that we provide to our customers. It's our responsibility to pay attention to those upstream potential vulnerabilities, potential risks, and correct them in our code. So that might be taking a patch from upstream, applying it to our software, might be grabbing the latest version from upstream, whatever the case might be, but it's our responsibility to provide that protection for that software to actually remediate that risk, and then our customers can then install the update and apply the mitigation themselves. If we take a look at it from, when we're looking at multiple suppliers where you'd asked earlier about, what part of it is Red Hat and what part of it is self-service open source? When you look at that, the work that Red Hat's doing there as a commercial provider of open source and end user for that little bit that they're going to grab themselves, that Red Hat doesn't provide, it's going to have to do all of those things as well. They're going to have to pay attention to that risk from upstream. They're going to have to pay attention to any potential vulnerabilities and pull that in to figure out, do I need to patch? Where do I need to patch it? And that's something we didn't really touch on was an inventory of the software that you have in place. I mean, you don't know that you need to fix something. You don't even know that it's running. So, I mean, there's a lot of considerations there where you have to pay attention to a lot of sources. Certainly there's a metadata automation, all of these things that make it easier, but it doesn't absolve us of the responsibility across the board to pay attention to these things, whether you're grabbing it from upstream directly or from the vendor. And it's the vendor's responsibility to then be paying attention to things upstream. >> Yeah, so Luke, I want you to kind of riff on that from the perspective that let's just assume that Vincent was just primarily talking about the idea that, okay, we've established that this code is solid and we've got gold copy of it and we know it's okay. There aren't inherent problems in the code as far as we can tell. Well, that's fine. I'm a developer. I go out to pull code and to use. How do I know if it's not been tampered with? How do I know if it's in fact the code that was validated during this process before? What do you do about that? >> So there's several methods there, but I just like to loop back to that point, because I think this is really interesting around, so if you look at a software supply chain, this is a mix of humans and machines, and both have flaws, probably humans a bit more. And a supply chain, you have developers. You have code reviewers, you have your systems administrators that set up the systems, and then you have your machine actors. So you've got your build systems, the various machines that are part of that supply chain. Now the humans, there's a as an attack factor there 'cause typically they will have some sort of identity, which they leverage for access to the supply chain. So quite often a developer's identity can be compromised. So a lot of the time people will have a corporate account that gives them some sort of single sign on access to multiple systems. So the developers are coming and this could be somebody in the community as well. Their account is compromised, then they're able to easily backdoor systems. So that's one aspect. And then there is machines as well. There's the whole premise of machines software not being up to date. So when the latest nasty vulnerability is released, machines are updated, then the machines have their flaws. They can be exploited. So I would say it's not just a technical problem. There is a humanistic element to this as well around protecting your supply chain. And I would say a really good perspective to carry when you're looking to, how do I secure my supply chain is treat it like you would a production system. So what do I mean by that? When we put something into production and we've got this very long legacy of treating it with a very strict security context around who can access that people, okay. How much it's upgraded and it's patched? And we seem to not have this same perception around our supply chain and our build systems, the integrity of those, the access of those, the policy around the access and so forth. So that's one giveaway that I would say is a real key focus that you should have is treat it like a production system. Be very mindful about what you're bringing in, who can access it because it is the keys to the kingdom, because if somebody compromises your supply chain, your build systems and so forth, they can compromise the whole chain because the chain is only as strong as the weakest link. So that's what I draw upon it. And around the verifications, there is multiple technologies that you can leverage. So Red Hat, we've got a very robust sign in system that we use so that you can be sure that the packages that we get you have non-repudiation that they've been produced by Red Hat. When you update your system, that's automatically looked after. And there are other systems as well, there's other new technologies that are starting to get a foothold around the provenance of aspects of your build system. So when you're pulling in from these multiple sources of open source communities, you can have some provenance around what you're putting in as well. And yeah, I don't want to bite share too much on the technologies, but there's some exciting stuff starting to happen there as well. >> So let's look at an example of something, because I think it's important to understand all of these different aspects. Recently, I think actually still in the news, we found that some logging software distributed by Apache that's widely used in people's websites to gather information about... To help from a security perspective and to help developers improve things that are going on in websites. A vulnerability was discovered. I guess, first Alibaba, some folks were reported it directly to some folks at Apache and the Apache Organization. And then of all people, some folks from Minecraft mentioned it in a blog. That seems like a crazy way to find out about something that's a critical flaw. Now we're looking at this right now with hindsight. So with hindsight, what could we have done to not be in the circumstances that we're in right now? Vincent, I'll toss that to you first, but again, if Luke is more appropriate, let us know. >> No, it's a great question, and it's a hard question. >> How did you let this happen, Vincent? How did you let this happen? >> It wasn't me, I promise. (Dave laughs) >> What I mean, it's a challenging question I mean, and there's a number of areas where we focused on a lot of what we perceived as critical software. So it comes to web server applications, DNS, a number of the kind of the critical infrastructure that powers the internet. Right or wrong. Do we look at logging software as a critical piece of that? Well, maybe, maybe we should, right? Logging is definitely important as part of an incident response or just an awareness of what's going on. So, I mean, yeah, it probably should have been considered critical software, but I mean, it's open source, right? So there's a number of different logging applications. I imagine now we're scrutinizing those a little bit more, but looking beforehand, how do you determine what's critical until an event like this happens, and it's unfortunate that it happens. And I like to think of these as learning opportunities, and certainly not just for Red Hat, but for this (talking over each other) >> Certainly this is not... Yeah, this is not an indictment of our entire industry. We are all in this together and learning every day. It just highlights how complex the situation is that we're dealing with, right? >> It really is. And I mean, a lot of what we're looking at now is how do we get tools into the hands of developers who can catch some of these things earlier. And there's a lot of commercial offerings, there's a lot of open source tools that are available and being produced that are going to help with these sorts of situations moving forward. But I mean, all the tools on the planet aren't going to help if they're not being used. So, I mean, there has to be an education and an incentive for these developers, particularly, maybe in some upstream communities where they are labors of love and they're passionate projects they're not sponsored or backed by a corporation who's paying for these tools, to be able to use some of them and move that forward. I think that looking at things now, there is work to be done. Obviously there's always going to be work to be done. Not all of these tools, and we have to recognize this, they're not all perfect. They're not going to catch everything. These tools could have been... I mean, I don't know if they were running these tools or not, they could have been, and the tool simply could not have picked them up. So part of it is the proactive part. We talk a lot about shift left and moving these things earlier into the development process and that's great, and we should do it. It certainly should never be seen as a silver bullet or a replacement for a good response. And I think the really important thing to highlight with respect to this, and I mean, this touches on the supply chain issue as well, companies, especially those who never maybe saw themselves as a software development company really have to figure out and understand how to do appropriate response. Part of that is awareness, what do you have installed? Part of it is sources of information. Like how do I find out about a new vulnerability or a potential vulnerability? And then it's just the speed to respond. We know that a number of companies they have, maybe it's a Patch Tuesday, maybe it's a patch 26th of the month, maybe it's patch day of the quarter, we have to learn how to respond to these things quickly so that we can apply these mitigations and these fixes as quickly as possible to them protect ourselves and protect the end users or customers that we have, or to keep the kids from using some backdoors in Minecraft is the word. >> (laughs) Yeah. Look, this is an immensely important subject. To wrap us up on this, Luke, I'd like you to pretend that you just got into an elevator in a moderately tall building, and you have 60 seconds to share with me someone who already trusts you, you don't have to convince me of your credentials or anything. I trust you. What tools specifically do you need me to be running, tools and processes. You've got 60 seconds to say, Dave, if you're not doing these things right now, you're unnecessarily vulnerable. So ready, and go, Luke. >> So automatically update all packages. Always stay up-to-date so that when an issue does hit, you're not having to go back 10 versions and work your way forward. That's the key thing. Ensure that everything you pull in, you're not going to have 100%, but have a very strict requirement that there is non-repudiation, is signed content, so you can verify that it's not being tampered with. For your developers that are producing code, run static, dynamic analysis, API fuzzes, all of these sorts of tools. They will find some vulnerabilities for you. Be part of communities. Be part of communities, help chop the wood and carry the water because the log for Jay, the thing is that was found because it was in the open. If it wasn't any open, it wouldn't have been found. And I've been in this business for a long time. Software developers will always write bugs. I do. Some of them will be security bugs. That's never going to change. So it's not about stopping something that's inevitable. It's about being prepared to react accordingly in our right and correct manner when it does happen so that you can mitigate against those risks. >> Well, we're here on the 35th floor. That was amazing. Thank you, Luke. Vincent, you were in the elevator also listening in on this conversation. Did we miss anything? >> No, I mean, the only thing I'll say is that it's really helpful to partner with an enterprise open source provider, be it Red Hat or anybody else. I don't want to toot our own horn. They do a lot of that work on your behalf that you don't have to do. A lot of the things that Luke was talking about, those providers do, so you don't have to. And that's where you.. I liked that you talked about, hey, you don't have to convince me that I'm trusted, or that I trust you. Trust those vendors. They're literally here to do a lot of that heavy lifting for you and trust the process. Yeah, it's a very, very good point. And I know that sometimes it's hard to get to that point where you are the trusted advisor. Both of you certainly are. And with that, I would like to thank you very much for an interesting conversation. Gentlemen, let's keep in touch. You're always welcome on theCUBE. Luke, second time, getting a chance to talk to you on theCUBE personally. Fantastic. With that, I would like to thank everyone for joining this very special series on theCUBE. Managing risk in the digital supply chain is a critical topic to keep on top of. Thanks for tuning into theCUBE. We'll be back soon. I'm Dave Nicholson saying, thanks again. (upbeat music)

>>covering the space and cybersecurity symposium 2020 hosted by Cal poly. Hold on. Welcome to this special presentation with Cal poly hosting the space and cybersecurity symposium, 2020 virtual, um, John for your host with the cube and Silicon angle here in our Palo Alto studios with our remote guests, we couldn't be there in person, but we're going to be here remotely. Got a great session and a panel for one hour topic preparing students for the jobs of today and tomorrow, but a great lineup. Bill Britain, Lieutenant Colonel from the us air force, retired vice president for information technology and CIO and the director of the California cyber security Institute for Cal poly bill. Thanks for joining us, dr. Amy Fisher, who's the Dean of the college of engineering at Cal poly and trunk fam professor and researcher at the U S air force Academy. Folks, thanks for joining me today. >>Our pleasure got a great, great panel. This is one of my favorite topics preparing students for the next generation, the jobs for today and tomorrow. We've got an hour. I'd love you guys to start with an opening statement, to kick things off a bill. We'll start with you. Well, I'm really pleased to be, to start on this. Um, as the director for the cybersecurity Institute and the CIO at Cal poly, it's really a fun, exciting job because as a Polytechnic technology, as such a forefront in what we're doing, and we've had a, a wonderful opportunity being 40 miles from Vandenberg air force base to really look at the nexus of space and cyber security. And if you add into that, uh, both commercial government and civil space and cybersecurity, this is an expanding wide open time for cyber and space. In that role that we have with the cyber security Institute, we partner with elements of the state and the university. >>And we try to really add value above our academic level, which is some of the highest in the nation and to really merge down and go a little lower and start younger. So we actually are running the week prior to this showing a cybersecurity competition for high schools or middle schools in the state of California, that competition this year is based on a scenario around hacking of a commercial satellite and the forensics of the payload that was hacked and the networks associated with it. This is going to be done using products like Wireshark autopsy and other tools that will give those high school students. What we hope is a huge desire to follow up and go into cyber and cyber space and space and follow that career path. And either come to Cal poly or some other institution that's going to let them really expand their horizons in cybersecurity and space for the future >>Of our nation. >>Bill, thanks for that intro, by the way, it's gonna give you props for an amazing team and job you guys are doing at Cal poly, that Dex hub and the efforts you guys are having with your challenge. Congratulations on that great work. Thank you >>Star team. It's absolutely amazing. You find that much talent in one location. And I think Amy is going to tell you she's got the same amount of talent in her staff. So it's, it's a great place to be. >>Amy flasher. You guys have a great organization down there, amazing curriculum, grazing people, great community, your opening statement. >>Hello everybody. It's really great to be a part of this panel on behalf of the Cal poly college of engineering here at Cal poly, we really take preparing students for the jobs of today and tomorrow completely seriously. And we claim that our students really graduate. So they're ready day one for their first real job, but that means that in getting them to that point, we have to help them get valuable and meaningful job experience before they graduate, but through our curriculum and through multiple internship or summer research opportunities. So we focus our curriculum on what we call a learn by doing philosophy. And this means that we have a combination of practical experience and learn by doing both in and out of the classroom. And we find that to be really critical for preparing students for the workforce here at Cal poly, we have more than 6,000 engineering students. >>We're one of the largest undergraduate engineering schools in the country. Um, and us news ranks us the eighth best undergraduate engineering program in the, in the country and the top ranked state school. We're really, really proud that we offer this impactful hands on engineering education that really exceeds that of virtually all private universities while reaching a wider audience of students. We offer 14 degree programs and really we're talking today about cyber and space. And I think most of those degree programs can really make an impact in the space and cybersecurity economy. And this includes not only things like Aero and cyber directly, but also electrical engineering, mechanical engineering, computer engineering, materials, engineering, even manufacturing, civil and biomedical engineering. As there's a lot of infrastructure needs that go into supporting launch capabilities. Our aerospace program graduates hundreds of aerospace engineers, and most of them are working right here in California. >>I'm with many of our corporate partners, including Northrop Grumman, Lockheed, Boeing, Raytheon space, X, Virgin, galactic JPL, and so many other places where we have Cal poly engineer's impacting the space economy. Our cybersecurity focus is found mainly in our computer science and software engineering programs. And it's really a rapidly growing interest among our students. Computer science is our most popular major and industry interest and partnerships are integrated into our curriculum. And we do that oftentimes through support from industry. So we have partnerships with Northrop Grumman for professorship and a cyber lab and from PG and E for critical infrastructure, cybersecurity lab, and professorship. And we think that industry partnerships like these are really critical to preparing students for the future as the field's evolving so quickly and making sure we adapt our facilities and our curriculum to stay in line with what we're seeing in industry is incredibly important. >>In our aerospace program, we have an educational partnership with the air force research labs. That's allowing us to install new high performance computing capabilities and a space environments lab. That's going to enhance our satellite design capabilities. And if we talk about satellite design, Cal poly is the founding home of the cube sat program, which pioneered small satellite capabilities. And we remain the worldwide leader in maintaining the cube set standard. And our student program has launched more cube sets than any other program. So here again, we have this learn by doing experience every year for dozens of aerospace, electrical, computer science, mechanical engineering students, and other student activities that we think are just as important include ethical hacking through our white hat club, Cal poly space systems, which does really, really big rocket launches and our support program for women in both of these fields like wish, which is women in software and hardware. >>Now, you know, really trying to bring in a wide variety of people into these fields is incredibly important and outreach and support to those demographics. Traditionally underrepresented in these fields is going to be really critical to future success. So by drawing on the lived experiences by people with different types of backgrounds, while we develop the type of culture and environment where all of us can get to the best solution. So in terms of bringing people into the field, we see that research shows, we need to reach kids when they're in late elementary and middle schools to really overcome that cultural bias that works against diversity in our fields. And you heard bill talking about the cyber cybersec, the California cybersecurity institutes a year late cyber challenge. There's a lot of other people who are working to bring in a wider variety of, uh, of people into the field, like girl Scouts, which has introduced dozens of new badges over the past few years, including a whole cybersecurity series of badges and a concert with Palo Alto networks. So we have our work cut out for us, but we know what we need to do. And if we're really committed to prep properly preparing the workforce for today and tomorrow, I think our future is going to be bright. I'm looking forward to our discussion today. >>Yeah, you got a flashy for great, great comment, opening statement and congratulations. You got the right formula down there, the right mindset, and you got a lot of talent and community as well. Thank thank you for that opening statement. Next step from Colorado Springs, trunk fam, who's a professor and researcher. The us air force Academy is doing a lot of research around the areas that are most important for the intersection of space and technology trunk. >>Good afternoon, first electric and Cal poli for the opportunity. And today I want to go briefly about cyber security in S application. Whenever we talk about cyber security, the impression is got yes, a new phew that is really highly complex involving a lot of technical area. But in reality, in my personal opinion, it is in be complex because involve many disciplines. The first thing we think about is computer engineering and computer networking, but it's also involving communication sociology, law practice. And this practice of cyber security goes in on the info computer expert, but it's also info everybody else who has a computing device that is connected to the internet. And this participation is obviously every body in today's environment. When we think about the internet, we know that is a good source of information, but come with the convenience of information that we can access. >>We are constantly faced in being from the internet. Some of them, we might be aware of some of them we might not be aware of. For example, when we search on the internet, a lot of time, our browser will be saved and gotten this site is not trusted. So we will be more careful. What about the sites that we trusted? We know getting those salad chicken sites, but they're not a hundred percent good at proof. What happened? It was all side, uh, attack by hacker. And then they will be a silent source that we might not be aware of. So in the reality, we need to be more practicing the, um, cyber security from our SIBO point of view and not from a technical point of view. When we talk about space application, we should know that all the hardware, a computer based tool by computer system and therefore the hardware and the software must go through some certification process so that they can be record that air with the flight. >>What the, when we know that in the certification process is focusing on the functionality of the hardware and software, but one aspect that is explicitly and implicitly required is the security of those components. And we know that those components have to be connected with the ground control station and be communication is through the air, through the layby or signal. So anybody who has access to those communication regular signal will be able to control the space system that we put up there. And we certainly do not want our system to be hijacked by a third party. >>I'm not going to aspect of cybersecurity is we try to design the space system in a very strong manner. So it's almost impossible to hack in, but what about some August week system that might be connected to so strong system? For example, the spare system will be connected to the ground control station and on the ground control station, we have the human controller in those people have cell phone. They are allowed to use cell phones for communication, but at the same time, they are connected to the internet, to the cell phone and their cell phone might be connected to the computer that control the flight software and hardware. So what I want to say is that we try to build strong system and we protected them, but there will be some weaker system that we could not intended, but exists to be connected to our strong system. And those are the points that hacker will be trying to attack. If we know how to control the access to those points, we will be having a much better system for the space system. And when we see the cybersecurity that is requiring the participation everywhere, it's important to Merck that there is a source of opportunity for students to engage the workforce. To concede the obviously student in engineering can focus their knowledge and expertise to provide technological solution, to protect the system that we view. But we also >>Have students in business who can focus to write a business plan to reach the market. We also have student in law who can focus policy governing the cyber security. And we also have student in education who can focus the expert. She should be saying how to teach cyber security practice and students can focus the effort to implement security measures and it implies job opportunity. >>Thank you trunk for those great comments, great technology opportunities, but interesting as well as the theme that we're seeing across the entire symposium and in the virtual hallways that we're hearing conversations and you pointed out some of them, dr. Fleischer did as well. And bill, you mentioned it. It's not one thing. It's not just technology, it's different skills. And, um, Amy, you mentioned that computer science is the hottest degree, but you have the hottest aerospace program in the world. I mean, so all of this is kind of balancing it's interdisciplinary. It's a structural change before we get into some of the, um, how they prepare the students. Can you guys talk about some of the structural changes that are modern now in preparing, um, in these opportunities because societal impact is a law potentially impact it's, it's how we educate there's no cross-discipline skillsets. It's not just get the degree, see out in the field bill, you want to start. >>Well, what's really fun about this job is, is that in the air force, uh, I worked in the space and missile business and what we saw was a heavy reliance on checklist format, security procedures, analog systems, and what we're seeing now in our world, both in the government and the commercial side, uh, is a move to a digital environment. And the digital environment is a very quick and adaptive environment. And it's going to require a digital understanding. Matter of fact, um, the, uh, under secretary of the air force for acquisition, uh, rev recently referenced the need to understand the digital environment and how that's affecting acquisition. So as, as both Amy, um, and trunk said, even business students are now in the >>Cybersecurity business. And, and so, again, what we're seeing is, is the change. Now, another phenomenon that we're seeing in the space world is there's just so much data. Uh, one of the ways that we addressed that in the past was to look at high performance computing. It was a lot stricter control over how that worked, but now what we're seeing these adaptation of cloud cloud technologies in space support, space, data, command, and control. Uh, and so what we see is a modern space engineer who asked to understand digital, has to understand cloud and has to understand the context of all those with a cyber environment. That's really changing the forefront of what is a space engineer, what is a digital engineer and what does a future engineer, both commercial or government? So I think the opportunity for all of these things is really good, particularly for a Polytechnic air force Academy and others that are focusing on a more, uh, widened experiential level of cloud and engineering and other capabilities. >>And I'll tell you the part that as the CIO, I have to remind everybody, all this stuff works for the it stuff. So you've got to understand how your it infrastructures are tied and working together. Um, as we noted earlier, one of the things is, is that these are all relays from point the point, and that architecture is part of your cybersecurity architecture. So again, every component has now become a cyber aware cyber knowledgeable, and in what we'd like to call as a cyber cognizant citizen, where they have to understand the context, patients chip software, that the Fleischer talk about your perspective, because you mentioned some of the things that computer science. Remember when I'm in the eighties, when I got my computer science degree, they call the software engineers, and then you became software developers. And then, so again, engineering is the theme. If you're engineering a system, there's now software involved, um, and there's also business engineering business models. So talk about some of your comments was, you mentioned, computer science is hot. You got the aerospace, you've got these multidisciplines you got definitely diversity as well. It brings more perspectives in as well. Your thoughts on these structural interdisciplinary things. >>I think this is, this is really key to making sure that students are prepared to work in the workforce is looking at the, the blurring between fields no longer are you just a computer scientist, no longer are you just an aerospace engineer? You really have to have an expertise where you can work with people across disciplines. All of these, all of these fields are just working with each other in ways we haven't seen before. And bill brought up data, you know, data science is something that's cross cutting across all of our fields. So we want engineers that have the disciplinary expertise so that they can go deep into these fields, but we want them to be able to communicate with each and to be able to communicate across disciplines and to be able to work in teams that are across disciplines. You can no longer just work with other computer scientists or just work with other aerospace engineers. >>There's no part of engineering that is siloed anymore. So that's how we're changing. You have to be able to work across those, those disciplines. And as you, as Tron pointed out, you know, ethics has to come into this. So you can no longer try to fully separate what we would traditionally have called the, the liberal arts and say, well, that's over there in general education. No ethics is an important part of what we're doing and how we integrate that into our curriculum. So it was communication. So is working on public policy and seeing where all of these different aspects tied together to make the impact that we want to have in the world. So it, you no longer can work solo in these fields. >>Great point. And bill also mentioned the cloud. One thing about the cloud that showed us as horizontal scalability has created a lot of value and certainly data is now horizontal Trung. You mentioned some of the things about cryptography for the kids out there. I mean, you can look at the pathway for career. You can do a lot of tech and, but you don't have to go deep. Sometimes you can go, you can go as deep as you want, but there's so much more there. Um, what technology do you see, how it's going to help students in your opinion? >>Well, I'm a professor in computer science, so I'd like to talk out a little bit about computer programming. Now we, uh, working in complex project. So most of the time we design a system from scratch. We view it from different components and the components that we have either we get it from or some time we get it from the internet in the open source environment, it's fun to get the source code and then work to our own application. So now when we are looking at a Logie, when we talk about encryption, for example, we can easily get the source code from the internet. And the question is, is safe to use those source code. And my, my, my question is maybe not. So I always encourage my students to learn how to write source score distribution, where that I learned a long time ago before I allow them to use the open source environment. And one of the things that they have to be careful, especially with encryption is be quote that might be hidden in the, in the source, get the download here, some of the source. >>So open source, it's a wonderful place to be, but it's also that we have to be aware of >>Great point before we get into some of the common one quick thing for each of you like to get your comments on, you know, the there's been a big movement on growth mindset, which has been a great, I'm a big believer in having a growth mindset and learning and all that good stuff. But now that when you talk about some of these things that we're mentioning about systems, there's, there's an, there's a new trend around a systems mindset, because if everything's now a system distributed systems, now you have space in cyber security, you have to understand the consequences of changes. And you mentioned some of that Trung in changes in the source code. Could you guys share your quick opinions on the, the idea of systems thinking, is that a mindset that people should be looking at? Because it used to be just one thing, Oh, you're a systems guy or galley. There you go. You're done. Now. It seems to be in social media and data. Everything seems to be systems. What's your take dr. Fleischer, we'll start with you. >>Uh, I'd say it's a, it's another way of looking at, um, not being just so deep in your discipline. You have to understand what the impact of the decisions that you're making have on a much broader, uh, system. And so I think it's important for all of our students to get some exposure to that systems level thinking and looking at the greater impact of the decision that they're making. Now, the issue is where do you set the systems boundary, right? And you can set the systems boundary very close in and concentrate on an aspect of a design, or you can continually move that system boundary out and see, where do you hit the intersections of engineering and science along with ethics and public policy and the greater society. And I think that's where some of the interesting work is going to be. And I think at least exposing students and letting them know that they're going to have to make some of these considerations as they move throughout their career is going to be vital as we move into the future. Bill. What's your thoughts? >>Um, I absolutely agree with Amy and I think there's a context here that reverse engineering, um, and forensics analysis and forensics engineering are becoming more critical than ever, uh, the ability to look at what you have designed in a system and then tear it apart and look at it for gaps and holes and problem sets, or when you're given some software that's already been pre developed, checking it to make sure it is, is really going to do what it says it's going to do. That forensics ability becomes more and more a skillset that also you need the verbal skills to explain what it is you're doing and what you found. So the communication side, the systems analysis, >>The forensics analysis side, >>These are all things that are part of that system >>Approach that I think you could spend hours on. And we still haven't really done great job on it. So it's a, it's. One of my fortes is the really the whole analysis side of forensics and it reverse engineering >>Try and real quick systems thinking. >>Well, I'd like to share with you my experience. When I worked in the space patient program at NASA, we had two different approaches. One is a down approach where we design it from the system general point of view, where we put components to complex system. But at the same time, we have the bottom up approach where we have Ken Chile who spent time and effort the individual component. And they have to be expert in those Chinese component. That might be general component the gallery. And in the space station program, we bring together the welcome up engineer, who designed everything in detail in the system manager who manage the system design from the top down. And we meet in the middle and took the idea with compromise a lot of differences. Then we can leave a display station that we are operating to be okay, >>Great insight. And that's the whole teamwork collaboration that, that was mentioning. Thanks so much for that insight. I wanted to get that out there because I know myself as a, as a parent, I'm always trying to think about what's best for my kids in their friends, as they grow up into the workforce. I know educators and leaders in industry would love to know some of the best practices around some of the structural changes. So thanks for that insight, but this topics about students and helping them prepare. Uh, so we heard, you know, be, be multiple discipline, broaden your horizons, think like systems top down, bottom up, work together as a team and follow the data. So I got to ask you guys, there's a huge amount of job openings in cybersecurity. It's well documented and certainly at the intersection of space and cyber, it's only gonna get bigger, right? You're going to see more and more demand for new types of jobs. How do we get high school and college students interested in security as a career at the flagship? We'll start with you in this one. >>I would say really one of the best ways to get students interested in the career is to show them the impact that it's going to have. There's definitely always going to be students who are going to want to do the technology for the technology sake, but that will limit you to a narrow set of students. And by showing that the greater impact that these types of careers are going to have on the types of problems that you're going to be able to solve and the impact you're going to be able to have on the world, around you, that's the word that we really need to get out. And a wide variety of students really respond to these messages. So I think it's really kind of reaching out at the, uh, the elementary, the middle school level, and really kind of getting this idea that you can make a big difference, a big positive difference in the field with some of these careers is going to be really critical. >>Real question, follow up. What do you think is the best entry point? You mentioned middle squad in here, elementary school. This comes, there's a lot of discussions around pipelining and we're going to get into women in tech and under-represented matters later, but you know, is it too early or what's the, what's your feeling on this? >>My feeling is the earlier we can normalize it the better the, uh, if you can normalize an interest in, in computers and technology and building an elementary school, that's absolutely critical. But the dropoff point that we're seeing is between what I would call like late elementary and early middle school. Um, and just kind of as an anecdote, I, for years ran an outreach program for girl Scouts in grades four and five and grade six, seven, and eight. And we had a hundred slots in each program. And every year the program would sell out for girls in grades four and five, and every year we'd have spots remaining in grades six, seven, and eight. And that's literally where the drop-off is occurring between that late elementary and that middle school range. So that's the area that we need to target to make sure we keep those young women involved and interested as we move forward. >>Bill, how are we going to get these kids interested in security? You mentioned a few programs you got. Yeah. I mean, who wants to, who wouldn't want to be a white hat hacker? I mean, yeah, that sounds exciting. Yeah. Great questions. Let's start with some basic principles though. Is let me ask you a question, John, a name for me, one white hat, good person hacker. The name who works in the space industry and is an exemplar for students to look up to, um, you, um, Oh man. I'm hearing really. I can't, I can't, I can't, I can't imagine because the answer we normally get is the cricket sound. So we don't have individuals we've identified in those areas for them to look up to. I was going to be snarky and say, most white hackers won't even use their real name, but, um, there's a, there's an aura around their anonymity here. >>So, so again, the real question is, is how do we get them engaged and keep them engaged? And that's what Amy was pointing out too. Exactly the engagement and sticking with it. So one of the things that we're trying to do through our competition on the state level and other elements is providing connections. We call them ambassadors. These are people in the business who can contact the students that are in the game or in that, uh, challenge environment and let them interact and let them talk about what they do and what they're doing in life would give them a challenging game format. Um, a lot of computer based training, um, capture the flag stuff is great, but if you can make it hands on, if you can make it a learn by doing experiment, if you can make it am personally involved and see the benefit as a result of doing that challenge and then talk to the people who do that on a daily basis, that's how you get them involved. >>The second part is as part of what we're doing is, is we're involving partnership companies in the development of the teams. So this year's competition that we're running has 82 teams from across the state of California, uh, of those 82 teams at six students team, middle school, high school, and many of those have company partners. And these are practitioners in cybersecurity who are working with those students to participate. It's it's that adult connectivity, it's that visualization. Um, so at the competition this year, um, we have the founder of Def con red flag is a participant to talk to the students. We have Vince surf as who is of course, very well known for something called the internet to participate. It's really getting the students to understand who's in this. Who can I look up to and how do I stay engaged with them? >>There's definitely a celebrity aspect of it. I will agree. I mean, the influencer aspect here with knowledge is key. Can you talk about, um, these ambassadors and, and, and how far along are you on that program? First of all, the challenge stuff is anything gamification wise. We've seen that with hackathons is just really works well. Grades, bonding, people who create together kinda get sticky and get very high community aspect to it. Talking about this ambassador thing. What does that industry is that academic >>Absolutely partners that we've identified? Um, some of which, and I won't hit all of them. So I'm sure I'll short changes, but, uh, Palo Alto, Cisco, um, Splunk, um, many of the companies in California and what we've done is identified, uh, schools, uh, to participate in the challenge that may not have a strong STEM program or have any cyber program. And the idea of the company is they look for their employees who are in those school districts to partner with the schools to help provide outreach. It could be as simple as a couple hours a week, or it's a team support captain or it's providing computers and other devices to use. Uh, and so again, it's really about a constant connectivity and, uh, trying to help where some schools may not have the staff or support units in an area to really provide them what they need for connectivity. What that does gives us an opportunity to not just focus on it once a year, but throughout the year. So for the competition, all the teams that are participating have been receiving, um, training and educational opportunities in the game of education side, since they signed up to participate. So there's a website, there's learning materials, there's materials provided by certain vendor companies like Wireshark and others. So it's a continuum of opportunity for the, >>You know, I've seen just the re randomly, just going to random thought, you know, robotics clubs are moving den closer into that middle school area, in fact Fleischer. And certainly in high schools, it's almost like a varsity sport. E-sports is another one. My son just combined made the JV at the college Dean, you know, it's big and it's up and serious. Right. And, um, it's fun. This is the aspect of fun. It's hands on. This is part of the culture down there you learn by doing, is there like a group? Is it like, um, is it like a club? I mean, how do you guys organize these bottoms up organically interest topics? >>So, so here in the college of engineering, uh, when we talk about learning by doing, we have learned by doing both in the classroom and out of the classroom. And if we look at the, these types of, out of the classroom activities, we have over 80 clubs working on all different aspects of many of these are bottom up. The students have decided what they want to work on and have organized themselves around that. And then they get the leadership opportunities. The more experienced students train in the less experienced students. And it continues to build from year after year after year with them even doing aspects of strategic planning from year to year for some of these competitions. So, yeah, it's an absolutely great experience. And we don't define for them how their learned by doing experiences should be, we want them to define it. And I think the really cool thing about that is they have the ownership and they have the interest and they can come up with new clubs year after year to see which direction they want to take it. And, you know, we will help support those clubs as old clubs fade out and new clubs come in >>Trunk real quick. Before we go on the next, uh, talk track, what, what do you recommend for, um, middle school, high school or even elementary? Um, a little bit of coding Minecraft. I mean, what, how do you get them hooked on the fun and the dopamine of, uh, technology and cybersecurity? What's your, what's your take on that? >>On, on this aspect, I like to share with you my experience as a junior high and high school student in Texas, the university of Texas in Austin organized a competition for every high school in Texas. If we phew from poetry to mathematics, to science, computer engineering, but it's not about with university of Texas. The university of Texas is on the serving SSN for the final competition that we divide the competition to be strict and then regional, and then spit at each level, we have local university and colleges volunteering to host it competition and make it fun. >>Also students with private enterprises to raise funding for scholarship. So students who see the competition they get exposed to so they can see different option. They also get a scholarship when they attend university in college. So I've seen the combination in competition aspect would be a good thing to be >>Got the engagement, the aspiration scholarship, you know, and you mentioned a volunteer. I think one of the things I'll observe is you guys are kind of hitting this as community. I mean, the story of Steve jobs and was, was building the Mac, they call it bill Hewlett up in Palo Alto. It was in the phone book and they scoured some parts from them. That's community. This is kind of what you're getting at. So this is kind of the formula we're seeing. So the next question I really want to get into is the women in technology, STEM, underrepresented minorities, how do we get them on cybersecurity career path? Is there a best practices there, bill, we'll start with you? >>Well, I think it's really interesting. First thing I want to add is if I could have just a clarification, what's really cool that the competition that we have and we're running, it's run by student from Cal poly. Uh, so, you know, Amy referenced the clubs and other activities. So many of the, uh, organizers and developers of the competition that we're running are the students, but not just from engineering. So we actually have theater and liberal arts majors and technology for liberal arts majors who are part of the competition. And we use their areas of expertise, set design, and other things, uh, visualization of virtualization. Those are all part of how we then teach and educate cyber in our game effication and other areas. So they're all involved in their learning as well. So we have our students teaching other students. So we're really excited about that. And I think that's part of what leads to a mentoring aspect of what we're providing, where our students are mentoring the other students. And I think it's also something that's really important in the game. Um, the first year we held the game, we had several all girl teams and it was really interesting because a, they, they didn't really know if they could compete. I mean, this is their, their reference point. We don't know if they did better than anybody. I mean, they, they knocked the ball out >>Of the park. The second part then is building that confidence level that they can going back and telling their cohorts that, Hey, it's not this thing you can't do. It's something real that you can compete and win. And so again, it's building that comradery, that spirit, that knowledge that they can succeed. And I think that goes a long way and an Amy's programs and the reach out and the reach out that Cal poly does to schools to develop. Uh, I think that's what it really is going to take. It. It is going to take that village approach to really increase diversity and inclusivity for the community. >>That's the flusher. I'd love to get your thoughts. You mentioned, um, your, your outreach program and the dropoff, some of those data, uh, you're deeply involved in this. You're passionate about it. What's your thoughts on this career path opportunity for STEM? >>Yeah, I think STEM is an incredible career path opportunity for so many people. There's so many interesting problems that we can solve, particularly in cyber and in space systems. And I think we have to meet the kids where they are and kind of show them, you know, what the exciting part is about it, right. But, you know, bill was, was alluding to this. And when he was talking about, you know, trying to name somebody that you can can point to. And I think having those visible people where you can see yourself in that is, is absolutely critical and those mentors and that mentorship program. So we use a lot of our students going out into California, middle schools and elementary schools. And you want to see somebody that's like you, somebody that came from your background and was able to do this. So a lot of times we have students from our national society of black engineers or a society of Hispanic professional engineers or our society of women engineers. >>We have over a thousand members, a thousand student members in our society of women engineers who were doing these outreach programs. But like I also said, it's hitting them at the lower levels too. And girl Scouts is actually distinguishing themselves as one of the leading STEM advocates in the country. And like I said, they developed all these cybersecurity badges, starting in kindergarten. There's a cybersecurity badge for kindergarten and first graders. And it goes all the way up through late high school, the same thing with space systems. And they did the space systems in partnership with NASA. They did the cybersecurity and partnership with Palo Alto networks. And what you do is you want to build these, these skills that the girls are developing. And like bill said, work in and girl led teams where they can do it. And if they're doing it from kindergarten on, it just becomes normal. And they never think, well, this is not for me. And they see the older girls who are doing it and they see a very clear path leading them into these careers. >>Yeah. It's interesting. You used the word normalization earlier. That's exactly what it is. It's life, you get life skills and a new kind of badge. Why wouldn't learn how to be a white, white hat hacker, or have fun or learn new skills just in, in the, in the grind of your fun day. Super exciting. Okay. Trung your thoughts on this. I mean, you have a diverse diversity. It brings perspective to the table in cybersecurity because you have to think like the other, the adversary, you got to be the white headed hippie, a white hat, unless you know how black hat thinks. So there's a lot of needs here for more, more, more points of view. How are we going to get people trained on this from under represented minorities and women? What's your thoughts? >>Well, as a member of, I took a professional society of directed pool in the electronic engineer. You have the, uh, we participate in the engineering week. We'll be ploy our members to local junior high school and high school to talk about our project, to promote the discovery of engineering. But at the same time, we also participate in the science fair that we scaled up flex. As the squad organizing our engineer will be mentoring students, number one, to help them with the part check, but number two, to help us identify talents so that we can recruit them further into the field of STEM. One of the participation that week was the competition of the, what they call future CV. We're still going, we'll be doing a CT on a computer simulation. And in recent year we promote ops smart CV where CT will be connected the individual houses to be added in through the internet. >>And we want to bring awareness of cybersecurity into competition. So we deploy engineer to supervise the people, the students who participate in the competition, we bring awareness, not in the technical be challenged level, but in what we've called the compound level. So speargun will be able to know what is, why to provide cyber security for the smart city that they are building. And at the same time, we were able to identify talent, especially talent in the minority and in the room. And so that we can recruit them more actively. And we also raise money for scholarship. We believe that scholarship is the best way to get students to continue education in Epic college level. So with scholarship, it's very easy to recruit them, to give you and then push them to go further into the cyber security Eylea. >>Yeah. I mean, you know, I see a lot of the parents like, Oh, my kid's going to go join the soccer team, >>Private lessons, and maybe look at a scholarship >>Someday. Well, they only do have scholarships anyway. I mean, this is if they spent that time doing other things, it's just, again, this is a new lifestyle, like the girl Scouts. And this is where I want to get into this whole silo breaking down because Amy, you brought this up and bill, you were talking about as well, you've got multiple stakeholders here with this event. You got, you know, public, you got private and you've got educators. It's the intersection of all of them. It's again, that those, if those silos break down the confluence of those three stakeholders have to work together. So let's, let's talk about that. Educators. You guys are educating young minds, you're interfacing with private institutions and now the public. What about educators? What can they do to make cyber better? Cause there's no real manual. I mean, it's not like this court is a body of work of how to educate cybersecurity is maybe it's more recent, it's cutting edge, best practices, but still it's an, it's an evolving playbook. What's your thoughts for educators, bill? We'll start with you. >>Well, I don't really, I'm going to turn it off. >>I would say, I would say as, as educators, it's really important for us to stay on top of how the field is evolving, right? So what we want to do is we want to promote these tight connections between educators and our faculty and, um, applied research in industry and with industry partnerships. And I think that's how we're going to make sure that we're educating students in the best way. And you're talking about that inner, that confluence of the three different areas. And I think you have to keep those communication lines open to make sure that the information on where the field is going and what we need to concentrate on is flowing down into our educational process. And that, that works in both ways that, you know, we can talk as educators and we can be telling industry what we're working on and what are types of skills our students have and working with them to get the opportunities for our students to work in industry and develop those skills along the way as well. >>And I think it's just all part of this is really looking at, at what's going to be happening and how do we get people talking to each other and the same thing with looking at public policy and bringing that into our education and into these real hands on experiences. And that's how you really cement this type of knowledge with students, not by not by talking to them and not by showing them, but letting them do it. It's this learn by doing and building the resiliency that it takes when you learn by doing. And sometimes you learn by failing, but you just up and you keep going. >>And these are important skills that you develop along the way >>You mentioned, um, um, sharing too. That's the key collaborating and sharing knowledge. It's an open, open world and everyone's collaborating feel private public partnerships. I mean, there's a real private companies. You mentioned Palo Alto networks and others. There's a real intersection there there's, they're motivated. They could, the scholarship opportunities, trunk points to that. What is the public private educator view there? How do companies get involved? What's the benefit for them? >>Well, that's what a lot of the universities are doing is to bring in as part of either their cyber centers or institutes, people who are really focused on developing and furthering those public private partnerships. That's really what my role is in all these things is to take us to a different level in those areas, uh, not to take away from the academic side, but to add additional opportunities for both sides. Remember in a public private partnership, all entities have to have some gain in the process. Now, what I think is really interesting is the timing on particularly this subject space and cyber security. This has been an absolute banner year for space. The Stanhope of space force, the launch of commercial partnership, leaving commercial platforms, delivering astronauts to the space station, recovering them and bringing back the ability of a commercial satellite platform to be launched a commercial platforms that not only launch, but return back to where they're launched from. >>These are things that are stirring the hearts of the American citizens, the kids, again, they're getting interested, they're seeing this and getting enthused. So we have to seize upon that and we have to find a way to connect that public private partnerships is the answer for that. It's not one segment that can handle it all. It's all of them combined together. If you look at space, space is going to be about commercial. It's going to be about civil moving from one side of the earth, to the other via space. And it's about government. And what's really cool for us. All those things are in our backyard. Yeah. That's where that public private comes together. The government's involved, the private sector is involved. The educators are involved and we're all looking at the same things and trying to figure out like this forum, what works best to go to the future. >>You know, if people are bored and they want to look for an exciting challenge, he couldn't have laid it out any clearer. It's the most exciting discipline. It hits everything. I mean, we just talk about space. GPS is everything we do is well tested. Do with satellites. >>I have to tell you a story on that, right? We have a very unique GPS story right in our backyard. So our sheriff is the son of the father of GPS for the air force. So you can't get better than that when it comes to being connected to all those platforms. So we, we really want to say, you know, this is so exciting for all of us because >>It gives everybody a job for a long time. >>You know, the kids that don't think tick toxic, exciting, wait til they see what's going on here with you guys, this program, trunk final word on this from the public side, you're at the air force. You're doing research. Are you guys opening it up? Are you integrating into the private and educational sectors? How do you see that formula playing out? And what's the best practice for students and preparing them? >>I think it's the same in athlete university CP in the engineering program will require our students to be final project before graduation. And in this kind of project, we send them out to work in the private industry. The private company got sponsor. Then they get the benefit of having an intern working for them and they get the benefit of reviewing the students as the prospective employee in the future. So it's good for the student to gain practical experience working in this program. Some, some kind of, we call that a core program, some kind, we call that a capstone program and the company will accept the students on a trial PRCS, giving them some assignment and then pay them a little bit of money. So it's good for the student to earn some extra money, to have some experience that they can put on their resume when they apply for the final of the job. >>So the collaboration between university and private sector is really important. We, when I joined a faculty, normally they already exist that connection. It came from. Normally it came from the Dean of engineering who would whine and dine with companies. We work relationship and sign up women, but it's approach to do a good performance so that we can be credibility to continue the relationship with those company and the students that we selected to send to those company. We have to make sure that they will represent the university. Well, they will go a good job and they will make a good impression. >>Thank you very much for great insight, trunk, bill, Amy, amazing topic. I'd like to end this session with each of you to make a statement on the importance of cybersecurity to space. We'll go Trung bill and Amy Truong, the importance of cybersecurity space statement. >>We know that it's affecting components that we are using and we are connecting to. And normally we use them for personal purpose. But when we connect to the important system that the government public company put into space, so it's really important to practice cyber security and a lot of time, it's very easy to know concept. We have to be careful, but in reality, we tend to forget to partnership the way we forget how to ride safely. And with driving a car, we have a program called defensive driving that requires every two or three years to get. We can get discount. >>We are providing the cyber security practice, not to tell people about the technology, but to remind them not practicing cybersecurity. And it's a requirement for every one of us, bill, the importance of cyber security to space. It's not just about young people. It's about all of us as we grow and we change as I referenced it, you know, we're changing from an analog world to a digital world. Those of us who have been in the business and have hair that looks like mine. We need to be just as cognizant about cybersecurity practice as the young people, we need to understand how it affects our lives and particularly in space, because we're going to be talking about people, moving people to space, moving payloads, data, transfer all of those things. And so there's a whole workforce that needs to be retrained or upskilled in cyber that's out there. So the opportunity is ever expensive for all of us, Amy, the importance of cybersecurity space, >>Uh, and the, the emphasis of cybersecurity is space. Just simply, can't be over emphasized. There are so many aspects that are going to have to be considered as systems get ever more complex. And as we pointed out, we're putting people's lives at stake here. This is incredibly, incredibly complicated and incredibly impactful, and actually really exciting the opportunities that are here for students and the workforce of the future to really make an enormous impact on the world around us. And I hope we're able to get that message out to students, to children >>Today. But these are my really interesting fields that you need to consider. >>Thank you very much. I'm John foray with the cube and the importance of cybersecurity and space is the future of the world's all going to happen in and around space with technology, people and society. Thank you to Cal poly. And thank you for watching the Cypress of computer security and space symposium 2020.

>> Announcer: From around the globe, it's theCUBE, covering Space and Cybersecurity Symposium 2020, hosted by Cal Poly. >> Everyone, welcome to this special presentation with Cal Poly hosting the Space and Cybersecurity Symposium 2020 virtual. I'm John Furrier, your host with theCUBE and SiliconANGLE here in our Palo Alto studios with our remote guests. We couldn't be there in person, but we're going to be here remote. We got a great session and a panel for one hour, topic preparing students for the jobs of today and tomorrow. Got a great lineup. Bill Britton, Lieutenant Colonel from the US Air Force, retired vice president for information technology and CIO and the director of the California Cybersecurity Institute for Cal Poly. Bill, thanks for joining us. Dr. Amy Fleischer, who's the dean of the College of Engineering at Cal Poly, and Trung Pham, professor and researcher at the US Air Force Academy. Folks, thanks for joining me today. >> Our pleasure. >> Got a great- >> Great to be here. >> Great panel. This is one of my favorite topics. >> Thank you for the opportunity. >> Preparing students for the next generation, the jobs for today and tomorrow. We got an hour. I'd love you guys to start with an opening statement to kick things off. Bill, we'll start with you. >> Well, I'm really pleased to be, to start on this as the director for the Cybersecurity Institute and the CIO at Cal Poly, it's really a fun, exciting job, because as a polytechnic, technology has such a forefront in what we're doing, and we've had a wonderful opportunity being 40 miles from Vandenberg Air Force Base to really look at the nexus of space and cybersecurity. And if you add into that both commercial, government, and civil space and cybersecurity, this is an expanding wide open time for cyber and space. In that role that we have with the Cybersecurity Institute, we partner with elements of the state and the university, and we try to really add value above our academic level, which is some of the highest in the nation, and to really merge down and go a little lower and start younger. So we actually are running the week prior to this showing a cybersecurity competition for high schools and middle schools in the state of California. That competition this year is based on a scenario around hacking of a commercial satellite and the forensics of the payload that was hacked and the networks associated with it. This is going to be done using products like Wireshark, Autopsy, and other tools that will give those high school students what we hope is a huge desire to follow up and go into cyber and cyberspace and space and follow that career path and either come to Cal Poly or some other institution that's going to let them really expand their horizons in cybersecurity and space for the future of our nation. >> Bill, thanks for that intro. By the way, I just want to give you props for an amazing team and job you guys are doing at Cal Poly, the DxHub and the efforts you guys are having with your challenge. Congratulations on that great work. >> Thank you. It's a rock star team. It's absolutely amazing to find that much talent at one location. And I think Amy's going to tell you, she's got the same amount of talent in her staff, so it's a great place to be. >> Dr. Amy Fleischer. You guys have a great organization down there, amazing curriculum, amazing people, great community. Your opening statement. >> Hello everybody. It's really great to be a part of this panel on behalf of the Cal Poly College of Engineering. Here at Cal Poly, we really take preparing students for the jobs of today and tomorrow completely seriously, and we can claim that our students really graduate so they're ready day one for their first real job. But that means that in getting them to that point, we have to help them get valuable and meaningful job experience before they graduate, both through our curriculum and through multiple internship or summer research opportunities. So we focus our curriculum on what we call a learn by doing philosophy. And this means that we have a combination of practical experience and learn by doing both in and out of the classroom. And we find that to be really critical for preparing students for the workforce. Here at Cal Poly, we have more than 6,000 engineering students. We're one of the largest undergraduate engineering schools in the country. And US News ranks us the eighth best undergraduate engineering program in the country and the top ranked state school. We're really, really proud that we offer this impactful hands-on engineering education that really exceeds that of virtually all private universities while reaching a wider audience of students. We offer 14 degree programs, and really, we're talking today about cyber and space, and I think most of those degree programs can really make an impact in the space and cybersecurity economy. And this includes not only things like aero and cyber directly, but also electrical engineering, mechanical engineering, computer engineering, materials engineering, even manufacturing, civil, and biomedical engineering, as there's a lot of infrastructure needs that go into supporting launch capabilities. Our aerospace program graduates hundreds of aerospace engineers and most of them are working right here in California with many of our corporate partners, including Northrop Grumman, Lockheed, Boeing, Raytheon, SpaceX, Virgin Galactic, JPL, and so many other places where we have Cal Poly engineers impacting the space economy. Our cybersecurity focus is found mainly in our computer science and software engineering programs, and it's really a rapidly growing interest among our students. Computer science is our most popular major, and industry interests and partnerships are integrated into our cyber curriculum, and we do that oftentimes through support from industry. So we have partnerships with Northrop Grumman for professorship in a cyber lab and from PG&E for critical infrastructure cybersecurity lab and professorship. And we think that industry partnerships like these are really critical to preparing students for the future as the field is evolving so quickly and making sure we adapt our facilities and our curriculum to stay in line with what we're seeing in industry is incredibly important. In our aerospace program, we have an educational partnership with the Air Force Research Labs that's allowing us to install new high-performance computing capabilities and a space environments lab that's going to enhance our satellite design capabilities. And if we talk about satellite design, Cal Poly is the founding home of the CubeSat program, which pioneered small satellite capabilities, And we remain the worldwide leader in maintaining the CubeSat standard, and our student program has launched more CubeSats than any other program. So here again we have this learn by doing experience every year for dozens of aerospace, electrical, computer science, mechanical engineering students, and other student activities that we think are just as important include ethical hacking through our white hat club, Cal Poly Space Systems, which does really, really big rocket launches, and our support program for women in both of these fields, like WISH, which is Women In Software and Hardware. Now, you know, really trying to bring in a wide variety of people into these fields is incredibly important, and outreach and support to those demographics traditionally underrepresented in these fields is going to be really critical to future success. So by drawing on the lived experiences by people with different types of backgrounds will we develop the type of culture and environment where all of us can get to the best solution. So in terms of bringing people into the field, we see that research shows we need to reach kids when they're in late elementary and middle schools to really overcome that cultural bias that works against diversity in our fields. And you heard Bill talking about the California Cybersecurity Institute's yearly cyber challenge, and there's a lot of other people who are working to bring in a wider variety of people into the field, like Girl Scouts, which has introduced dozens of new badges over the past few years, including a whole cybersecurity series of badges in concert with Palo Alto Networks. So we have our work cut out for us, but we know what we need to do, and if we're really committed to properly preparing the workforce for today and tomorrow, I think our future is going to be bright. I'm looking forward to our discussion today. >> Thank you, Dr. Fleischer, for a great comment, opening statement, and congratulations. You got the right formula down there, the right mindset, and you got a lot of talent, and community, as well. Thank you for that opening statement. Next up, from Colorado Springs, Trung Pham, who's a professor and researcher at the US Air Force Academy. He's doing a lot of research around the areas that are most important for the intersection of space and technology. Trung. >> Good afternoon. First I'd like to thank Cal Poly for the opportunity. And today I want to go briefly about cybersecurity in space application. Whenever we talk about cybersecurity, the impression is that it's a new field that is really highly complex involving a lot of technical area. But in reality, in my personal opinion, it is indeed a complex field because it involves many disciplines. The first thing we think about is computer engineering and computer networking, but it's also involving communication, sociology, law practice. And this practice of cybersecurity doesn't only involve computer expert, but it's also involve everybody else who has a computing device that is connected to the internet, and this participation is obviously everybody in today's environment. When we think about the internet, we know that it's a good source of information but come with the convenience of information that we can access, we are constantly facing danger from the internet. Some of them we might be aware of. Some of them we might not be aware of. For example, when we search on the internet, a lot of time our browser will be saying that this site is not trusted, so we will be more careful. But what about the sites that we trusted? We know that those are legitimate sites, but they're not 100% bulletproof. What happen if those site are attacked by a hacker and then they will be a silent source of danger that we might not be aware of. So in the reality, we need to be more practicing the cybersecurity from our civil point of view and not from a technical point of view. When we talk about space application, we should know that all the hardware are computer-based or controlled by by computer system, and therefore the hardware and the software must go through some certification process so that they can be rated as airworthy or flightworthy. When we know that in the certification process is focusing on the functionality of the hardware and software, but one aspect that is explicitly and implicitly required is the security of those components. And we know that those components have to be connected with the ground control station, and the communication is through the air, through the radio signal, so anybody who has access to those communication radio signal will be able to control the space system that we put up there. And we certainly do not want our system to be hijacked by a third party. Another aspect of cybersecurity is that we try to design the space system in a very strong manner so it's almost impossible to hack in. But what about some other weak system that might be connected to the strong system? For example, the space system will be connected to the ground control station, and on the ground control station, we have the human controller, and those people have cell phone. They are allowed to use cell phone for communication. But at the same time, they are connected to the internet through the cell phone, and their cell phone might be connected to the computer that control the flight software and hardware. So what I want to say is we try to build strong system and we've protected them, but there will be some weaker system that we could not intended but exists to be connected to our strong system, and those are the points the hacker will be trying to attack. If we know how to control the access to those weak points, we will be having a much better system for the space system. And when we see the cybersecurity that is requiring the participation everywhere it's important to notice that there is a source of opportunity for students who enter the workforce to consider. Obviously students in engineering can focus their knowledge and expertise to provide technological solution to protect the system that we view. But we also have students in business who can focus their expertise to write business plan so that they can provide a pathway for the engineering advances to reach the market. We also have student in law who can focus their expertise in policy governing the internet, governing the cybersecurity practice. And we also have student in education who can focus their expertise to design how to teach cybersecurity practice, and student in every other discipline can focus their effort to implement security measure to protect the system that they are using in their field. So it's obvious that cybersecurity is everywhere and it implies job opportunity everywhere for everybody in every discipline of study. Thank you. >> Thank you, Trung, for those great comments. Great technology opportunities. But interesting, as well, is the theme that we're seeing across the entire symposium and in the virtual hallways that we're hearing conversations, and you pointed out some of them. Dr. Fleischer did, as well. And Bill, you mentioned it. It's not one thing. It's not just technology. It's different skills. And Amy, you mentioned that computer science is the hottest degree, but you have the hottest aerospace program in the world. I mean, so all this is kind of balancing. It's interdisciplinary. It's a structural change. Before we get into some of the, how they prepare the students, can you guys talk about some of the structural changes that are modern now in preparing in these opportunities, because societal impact is a, law potentially impact, it's how we educate. There's now cross-discipline skill sets. It's not just get the degree, see you out in the field. Bill, you want to start? >> Well, what's really fun about this job is that in the Air Force, I worked in the space and missile business, and what we saw was a heavy reliance on checklist format, security procedures, analog systems, and what we're seeing now in our world, both in the government and the commercial side, is a move to a digital environment, and the digital environment is a very quick and adaptive environment, and it's going to require a digital understanding. Matter of fact, the undersecretary of Air Force for acquisition recently referenced the need to understand the digital environment and how that's affecting acquisition. So as both Amy and Trung said, even business students are now in the cybersecurity business. And so again, what we're seeing is the change. Now, another phenomenon that we're seeing in the space world is there's just so much data. One of the ways that we addressed that in the past was to look at high-performance computing. There was a lot stricter control over how that worked. But now what we're seeing is adaptation of cloud, cloud technologies in space support, space data, command and control. And so what we see is a modern space engineer who has to understand digital, has to understand cloud, and has to understand the context of all those with a cyber environment. That's really changing the forefront of what is a space engineer, what is a digital engineer, and what is a future engineer, both commercial or government. So I think the opportunity for all of these things is really good, particularly for a polytechnic, Air Force Academy, and others that are focusing on a more widened experiential level of cloud and engineering and other capabilities. And I'll tell you the part that as the CIO I have to remind everybody, all this stuff works with the IT stuff. So you've got to understand how your IT infrastructures are tied and working together. As we noted earlier, one of the things is that these are all relays from point to point, and that architecture is part of your cybersecurity architecture. So again, every component has now become a cyber aware, cyber knowledgeable, and what we like to call as a cyber cognizant citizen where they have to understand the context. (speaking on mute) >> (indistinct) software Dr. Fleischer, talk about your perspective, 'cause you mentioned some of the things about computer science. I remember in the '80s when I got my computer science degree, they called us software engineers and then you became software developers. And then, so again, engineering is the theme. If you're engineering a system, there's now software involved, and there's also business engineering, business models. So talk about some of your comments, 'cause you mentioned computer science is hot. You got the aerospace. You got these multi-disciplines. You got definitely diversity, as well, brings more perspectives in, as well. Your thoughts on these structural interdisciplinary things? >> I think this is really key to making sure that students are prepared to work in the workforce is looking at the blurring between fields. No longer are you just a computer scientist. No longer are you just an aerospace engineer. You really have to have an expertise where you can work with people across disciplines. All of these fields are just working with each other in ways we haven't seen before. And Bill brought up data. You know, data science is something that's cross-cutting across all of our fields. So we want engineers that have the disciplinary expertise that they can go deep into these fields, but we want them to be able to communicate with each other and to be able to communicate across disciplines and to be able to work in teams that are across disciplines. You can no longer just work with other computer scientists or just work with other aerospace engineers. There's no part of engineering that is siloed anymore. So that's how we're changing. You have to be able to work across those disciplines. And as you, as Trung pointed out, ethics has to come into this. So you can no longer try to fully separate what we would traditionally have called the liberal arts and say, well, that's over there in general education. No, ethics is an important part of what we're doing and how we integrate that into our curriculum. So is communication. So is working on public policy and seeing where all these different aspects tie together to make the impact that we want to have in the world. So you no longer can work solo in these fields. >> That's great point. And Bill also mentioned the cloud. One thing about the cloud that's showed us is horizontal scalability has created a lot of value, and certainly data is now horizontal. Trung, you mentioned some of the things about cryptography for the kids out there, I mean, you can look at the pathway for career. You can do a lot of tech, but you don't have to go deep sometimes. You can as deep as you want, but there's so much more there. What technology do you see that's going to help students, in your opinion? >> Well, I'm a professor in computer science, so I like to talk a little bit about computer programming. Now we are working in complex projects. So most of the time we don't design a system from scratch. We build it from different components, and the components that we have, either we get it from vendors or sometimes we get it from the internet in the open source environment. It's fun to get the source code and then make it work to our own application. So now when we are looking at cryptology, when we talk about encryption, for example, we can easily get the source code from the internet. And the question, is it safe to use those source code? And my question is maybe not. So I always encourage my students to learn how to write source code the traditional way that I learned a long time ago before I allow them to use the open source environment. And one of the things that they have to be careful especially with encryption is the code that might be hidden in the source that they downloaded. Some of the source might be harmful. It might open up back gate for a hacker to get in later. We've heard about these back gates back then when Microsoft designed the operating system with the protection of encryption, and it is true that is existing. So while open source code is a wonderful place to develop complex system, but it's also a dangerous place that we have to be aware of. >> Great point. Before we get into the comments, one quick thing for each of you I'd like to get your comments on. There's been a big movement on growth mindset, which has been a great big believer in having a growth mindset and learning and all that good stuff. But now when you talk about some of these things we're mentioning about systems, there's a new trend around a systems mindset, because if everything's now a system, distributed systems now you have space and cybersecurity, you have to understand the consequences of changes. And you mention some of that, Trung, in changes in the source code. Could you guys share your quick opinions on the of systems thinking? Is that a mindset that people should be looking at? Because it used to be just one thing. Oh, you're a systems guy or gal. There you go. You're done. Now it seems to be in social media and data, everything seems to be systems. What's your take? Dr. Fleischer, we'll start with you. >> I'd say it's another way of looking at not being just so deep in your discipline. You have to understand what the impact of the decisions that you're making have on a much broader system. And so I think it's important for all of our students to get some exposure to that systems level thinking and looking at the greater impact of the decision that they're making. Now, the issue is where do you set the systems boundary, right? And you can set the systems boundary very close in and concentrate on an aspect of a design, or you can continually move that system boundary out and see where do you hit the intersections of engineering and science along with ethics and public policy and the greater society. And I think that's where some of the interesting work is going to be. And I think at least exposing students and letting them know that they're going to have to make some of these considerations as they move throughout their career is going to be vital as we move into the future. >> Bill, what's your thoughts? >> I absolutely agree with Amy. And I think there's a context here that reverse engineering and forensics analysis and forensics engineering are becoming more critical than ever. The ability to look at what you have designed in a system and then tear it apart and look at it for gaps and holes and problem sets. Or when you're given some software that's already been pre-developed, checking it to make sure it is really going to do what it says it's going to do. That forensics ability becomes more and more a skillset that also you need the verbal skills to explain what it is you're doing and what you found. So the communication side, the systems analysis side, the forensics analysis side, these are all things that are part of system approach that I think you could spend hours on and we still haven't really done a great job on it. So it's one of my fortes is really the whole analysis side of forensics and reverse engineering. >> Trung, real quick, systems thinking, your thoughts. >> Well, I'd like to share with you my experience when I worked in the space station program at NASA. We had two different approaches. One is a compound approach where we design it from the system general point of view where we put components together to be a complex system. But at the same time, we have the (indistinct) approach where we have an engineer who spent time and effort building individual component and they have to be expert in those tiny component that general component they deliver. And in the space station program, we bring together the (indistinct) engineer who designed everything in detail and the system manager who managed the system design from the top down, and we meet in the middle, and together we compromised a lot of differences and we delivered the space station that we are operating today. >> Great insight. And that's the whole teamwork collaboration that Dr. Fleischer was mentioning. Thanks so much for that insight. I wanted to get that out there because I know myself as a parent, I'm always trying to think about what's best for my kids and their friends as they grow up into the workforce. I know educators and leaders in industry would love to know some of the best practices around some of the structural changes. So thanks for that insight. But this topic's about students and helping them prepare. So we heard be multiple discipline, broaden your horizons, think like systems, top down, bottom up, work together as a team, and follow the data. So I got to ask you guys, there's a huge amount of job openings in cybersecurity. It's well-documented. And certainly with the intersection of space and cyber, it's only going to get bigger, right? You're going to see more and more demand for new types of jobs. How do we get high school and college students interested in security as a career? Dr. Fleischer, we'll start with you on this one. I would say really one of the best ways to get students interested in a career is to show them the impact that it's going to have. There's definitely always going to be students who are going to want to do the technology for the technology's sake, but that will limit you to a narrow set of students, and by showing the greater impact that these types of careers are going to have on the types of problems that you're going to be able to solve and the impact you're going to be able to have on the world around you, that's the word that we really need to get out. And a wide variety of students really respond to these messages. So I think it's really kind of reaching out at the elementary, the middle school level, and really kind of getting this idea that you can make a big difference, a big positive difference in the field with some of these careers, is going to be really critical. >> Real question to follow up. What do you think is the best entry point? You mentioned middle. I didn't hear elementary school. There's a lot of discussions around pipelining, and we're going to get into women in tech and underrepresented minorities later. But is it too early, or what's your feeling on this? >> My feeling is the earlier we can normalize it, the better. If you can normalize an interest in computers and technology and building in elementary school, that's absolutely critical. But the drop-off point that we're seeing is between what I would call late elementary and early middle school. And just kind of as an anecdote, I for years ran an outreach program for Girl Scouts in grades four and five and grade six, seven, and eight. And we had 100 slots in each program. And every year the program would sell out for girls in grades four and five, and every year we'd have spots remaining in grades six, seven, and eight. And that's literally where the drop-off is occurring between that late elementary and that middle school range. So that's the area that we need to target to make sure we keep those young women involved and interested as we move forward. >> Bill, how are we going to get these kids interested in security? You mentioned a few programs you got. >> Yeah. >> I mean, who wouldn't want to be a white hat hacker? I mean, that sounds exciting. >> So yeah, great questions. Let's start with some basic principles, though, is let me ask you a question, John. Name for me one white hat, good person hacker, the name, who works in the space industry and is an exemplar for students to look up to. >> You? >> Oh man, I'm feeling really... >> I'm only, I can't imagine a figure- >> (indistinct) the answer because the answer we normally get is the cricket sound. So we don't have individuals we've identified in those areas for them to look up to. >> I was going to be snarky and say most white hackers won't even use their real name, but... >> Right, so there's an aura around their anonymity here. So again, the real question is how do we get them engaged and keep them engaged? And that's what Amy was pointing out to exactly, the engagement and sticking with it. So one of the things that we're trying to do through our competition on the state level and other elements is providing connections. We call them ambassadors. These are people in the business who can contact the students that are in the game or in that challenge environment and let 'em interact and let 'em talk about what they do and what they're doing in life. But give them a challenging game format. A lot of computer-based training, capture the flag stuff is great, but if you can make it hands-on, if you can make it a learn by doing experiment, if you can make it personally involved and see the benefit as a result of doing that challenge and then talk to the people who do that on a daily basis, that's how you get them involved. The second part is part of what we're doing is we're involving partnership companies in the development of the teams. So this year's competition that we're running has 82 teams from across the state of California. Of those 82 teams at six students a team, middle school, high school, and many of those have company partners, and these are practitioners in cybersecurity who are working with those students to participate. It's that adult connectivity. It's that visualization. So at the competition this year, we have the founder of Defcon Red Flag is a participant to talk to the students. We have Vint Cerf, who is, of course, very well-known for something called the internet, to participate. It's really getting the students to understand who's in this, who can I look up to, and how do I stay engaged with them? >> There's definitely a celebrity aspect of it, I will agree. I mean, the influencer aspect here with knowledge is key. Can you talk about these ambassadors, and how far along are you on that program? First of all, the challenge stuff is, anything gamification-wise, we've seen that with hackathons, it just really works well. Creates bonding. People who create together can get sticky and get very high community aspect to it. Talk about this ambassador thing. What is that, industry, is that academic? >> Yeah, absolutely. >> What is this ambassador thing? >> Industry partners that we've identified, some of which, and I won't hit all of 'em, so I'm sure I'll short change this, but Palo Alto, Cisco, Splunk, many of the companies in California, and what we've done is identified schools to participate in the challenge that may not have a strong STEM program or have any cyber program. And the idea of the company is they look for their employees who are in those school districts to partner with the schools to help provide outreach. It could be as simple as a couple hours a week, or it's a team support captain or it's providing computers and other devices to use. And so again, it's really about a constant connectivity and trying to help where some schools may not have the staff or support units in an area to really provide them what they need for connectivity. What that does is it gives us an opportunity to not just focus on it once a year, but throughout the year. So for the competition, all the teams that are participating have been receiving training and educational opportunities in the gamification side since they signed up to participate. So there's a website, there's learning materials, there's materials provided by certain vendor companies like Wireshark and others. So it's a continuum of opportunity for the students. >> You know, I've seen, just randomly, just got a random thought. Robotics clubs are moving then closer into that middle school area, Dr. Fleischer, and in certainly in high schools, it's almost like a varsity sport. E-sports is another one. My son just called me. "I made the JV at the college team." It's big and serious, right? And it's fun. This is the aspect of fun. It's hands-on. This is part of the culture down there. Learn by doing. Is there, like, a group? Is it, like, a club? I mean, how do you guys organize these bottoms-up organically interest topics? >> So here in the college of engineering, when we talk about learn by doing, we have learned by doing both in the classroom and out of the classroom. And if we look at these types of out of the classroom activities, we have over 80 clubs working on all different aspects, and many of these are bottom-up. The students have decided what they want to work on and have organized themselves around that. And then they get the leadership opportunities. The more experienced students train the less experienced students. And it continues to build from year after year after year with them even doing aspects of strategic planning from year to year for some of these competitions. Yeah, it's an absolutely great experience. And we don't define for them how their learn by doing experiences should be. We want them to define it. And I think the really cool thing about that is they have the ownership and they have the interest and they can come up with new clubs year after year to see which direction they want to take it, and we will help support those clubs as old clubs fade out and new clubs come in. >> Trung, real quick, before we go on the next talk track, what do you recommend for middle school, high school, or even elementary? A little bit of coding, Minecraft? I mean, how do you get 'em hooked on the fun and the dopamine of technology and cybersecurity? What's your take on that? >> On this aspect, I'd like to share with you my experience as a junior high and high school student in Texas. The university of Texas in Austin organized a competition for every high school in Texas in every field from poetry to mathematics to science, computer engineering. But it's not about the University of Texas. The University of Texas is only serving as a center for the final competition. They divide the competition to district and then regional and then state. At each level, we have local university and colleges volunteering to host the competition and make it fun for the student to participate. And also they connected the students with private enterprises to raise fund for scholarship. So student who see the competition is a fun event for them, they get exposed to different university hosting the event so that they can see different option for them to consider college. They also get a promise that if they participate, they will be considered for scholarship when they attend university and college. So I think the combination of fun and competition and the scholarship aspect will be a good thing to entice the student to commit to the area of cybersecurity. >> Got the engagement, the aspiration, scholarship, and you mentioned a volunteer. I think one of the things I'll observe is you guys are kind of hitting this as community. I mean, the story of Steve Jobs and Woz building the Mac, they called Bill Hewlett up in Palo Alto. He was in the phone book. And they scoured some parts from him. That's community. This is kind of what you're getting at. So this is kind of the formula we're seeing. So the next question I really want to get into is the women in technology, STEM, underrepresented minorities, how do we get them on cybersecurity career path? Is there a best practices there? Bill, we'll start with you. >> Well, I think it's really interesting. First thing I want to add is, if I could, just a clarification. What's really cool, the competition that we have and we're running, it's run by students from Cal Poly. So Amy referenced the clubs and other activities. So many of the organizers and developers of the competition that we're running are the students, but not just from engineering. So we actually have theater and liberal arts majors and technology for liberal arts majors who are part of the competition, and we use their areas of expertise, set design and other things, visualization, virtualization. Those are all part of how we then teach and educate cyber in our gamification and other areas. So they're all involved and they're learning, as well. So we have our students teaching other students. So we're really excited about that. And I think that's part of what leads to a mentoring aspect of what we're providing where our students are mentoring the other students. And I think it's also something that's really important in the game. The first year we held the game, we had several all-girl teams, and it was really interesting because A, they didn't really know if they could compete. I mean, this is their reference point. We don't know if. They did better than anybody. I mean, they just, they knocked the ball out of the park. The second part, then, is building that confidence level that can, going back and telling their cohorts that, hey, it's not this obtuse thing you can't do. It's something real that you can compete and win. And so again, it's building that camaraderie, that spirit, that knowledge that they can succeed. And I think that goes a long way. And Amy's programs and the reach out and the reach out that Cal Poly does to schools to develop, I think that's what it really is going to take. It is going to take that village approach to really increase diversity and inclusivity for the community. >> Dr. Fleischer, I'd love to get your thoughts. You mentioned your outreach program and the drop-off, some of those data. You're deeply involved in this. You're passionate about it. What's your thoughts on this career path opportunity for STEM? >> Yeah, I think STEM is an incredible career path opportunity for so many people. There's so many interesting problems that we can solve, particularly in cyber and in space systems. And I think we have to meet the kids where they are and kind of show them what the exciting part is about it, right? But Bill was alluding to this when he was talking about trying to name somebody that you can point to. And I think having those visible people where you can see yourself in that is absolutely critical, and those mentors and that mentorship program. So we use a lot of our students going out into California middle schools and elementary schools. And you want to see somebody that's like you, somebody that came from your background and was able to do this. So a lot of times we have students from our National Society of Black Engineers or our Society of Hispanic Professional Engineers or our Society of Women Engineers, which we have over 1,000 members, 1,000 student members in our Society of Women Engineers who are doing these outreach programs. But like I also said, it's hitting them at the lower levels, too, and Girl Scouts is actually distinguishing themselves as one of the leading STEM advocates in the country. And like I said, they developed all these cybersecurity badges starting in kindergarten. There's a cybersecurity badge for kindergartener and first graders. And it goes all the way up through late high school. The same thing with space systems. And they did the space systems in partnership with NASA. They did the cybersecurity in partnership with Palo Alto Networks. And what you do is you want to build these skills that the girls are developing, and like Bill said, work in girl-led teams where they can do it, and if they're doing it from kindergarten on, it just becomes normal, and they never think, well, this is not for me. And they see the older girls who are doing it and they see a very clear path leading them into these careers. >> Yeah, it's interesting, you used the word normalization earlier. That's exactly what it is. It's life, you get life skills and a new kind of badge. Why wouldn't you learn how to be a white hat hacker or have some fun or learn some skills? >> Amy: Absolutely. >> Just in the grind of your fun day. Super exciting. Okay, Trung, your thoughts on this. I mean, you have a diverse, diversity brings perspective to the table in cybersecurity because you have to think like the other guy, the adversary. You got to be the white hat. You can't be a white hat unless you know how black hat thinks. So there's a lot of needs here for more points of view. How are we going to get people trained on this from underrepresented minorities and women? What's your thoughts? >> Well, as a member of the IEEE Professional Society of Electrical and Electronic Engineers, every year we participate in the engineering week. We deploy our members to local junior high school and high school to talk about our project to promote the study of engineering. But at the same time, we also participate in the science fair that the state of Texas is organizing. Our engineer will be mentoring students, number one, to help them with the project, but number two, to help us identify talent so that we can recruit them further into the field of STEM. One of the participation that we did was the competition of the, what they call Future City, where students will be building a city on a computer simulation. And in recent year, we promote the theme of smart city where city will be connected the individual houses and together into the internet. And we want to bring awareness of cybersecurity into that competition. So we deploy engineer to supervise the people, the students who participate in the competition. We bring awareness not in the technical detail level, but in what we've call the compound level so student will be able to know what required to provide cybersecurity for the smart city that they are building. And at the same time, we were able to identify talent, especially talent in the minority and in the woman, so that we can recruit them more actively. And we also raise money for scholarship. We believe that scholarship is the best way to entice student to continue education at the college level. So with scholarship, it's very easy to recruit them to the field and then push them to go further into the cybersecurity area. >> Yeah, I mean, I see a lot of the parents like, oh, my kid's going to go join the soccer team, we get private lessons, and maybe they'll get a scholarship someday. Well, they only do half scholarships. Anyway. I mean, if they spent that time doing these other things, it's just, again, this is a new life skill, like the Girl Scouts. And this is where I want to get into this whole silo breaking down, because Amy, you brought this up, and Bill, you were talking about it, as well. You got multiple stakeholders here with this event. You've got public, you've got private, and you've got educators. It's the intersection of all of them. It's, again, if those silos break down, the confluence of those three stakeholders have to work together. So let's talk about that. Educators. You guys are educating young minds. You're interfacing with private institutions and now the public. What about educators? What can they do to make cyber better? 'Cause there's no real manual. I mean, it's not like this court is a body of work of how to educate cybersecurity. Maybe it's more recent. There's cutting edge best practices. But still, it's an evolving playbook. What's your thoughts for educators? Bill, we'll start with you. >> Well, I'm going to turn to Amy and let her go first. >> Let you go. >> That's fine. >> I would say as educators, it's really important for us to stay on top of how the field is evolving, right? So what we want to do is we want to promote these tight connections between educators and our faculty and applied research in industry and with industry partnerships. And I think that's how we're going to make sure that we're educating students in the best way. And you're talking about that inner, that confluence of the three different areas. And I think you have to keep those communication lines open to make sure that the information on where the field is going and what we need to concentrate on is flowing down into our educational process. And that works in both ways, that we can talk as educators and we can be telling industry what we're working on and what types of skills our students have and working with them to get the opportunities for our students to work in industry and develop those skills along the way, as well. And I think it's just all part of this really looking at what's going to be happening and how do we get people talking to each other? And the same thing with looking at public policy and bringing that into our education and into these real hands-on experiences. And that's how you really cement this type of knowledge with students, not by talking to them and not by showing them, but letting them do it. It's this learn by doing and building the resiliency that it takes when you learn by doing. And sometimes you learn by failing, but you just pick up and you keep going. And these are important skills that you develop along the way. >> You mentioned sharing, too. That's the key. Collaborating and sharing knowledge. It's an open world and everyone's collaborating. Bill, private-public partnerships. I mean, there's a real, private companies, you mentioned Palo Alto Networks and others. There's a real intersection there. They're motivated. They could, there's scholarship opportunities. Trung points to that. What is the public-private educator view there? How do companies get involved and what's the benefit for them? >> Well, that's what a lot of the universities are doing is to bring in as part of either their cyber centers or institutes people who are really focused on developing and furthering those public-private partnerships. That's really what my role is in all these things is to take us to a different level in those areas, not to take away from the academic side, but to add additional opportunities for both sides. Remember, in a public-private partnership, all entities have to have some gain in the process. Now, what I think is really interesting is the timing on particularly this subject, space and cybersecurity. This has been an absolute banner year for space. The standup of Space Force, the launch of commercial partnership, you know, commercial platforms delivering astronauts to the space station, recovering them, and bringing them back. The ability of a commercial satellite platform to be launched. Commercial platforms that not only launch but return back to where they're launched from. These are things that are stirring the hearts of the American citizens, the kids, again, they're getting interested. They're seeing this and getting enthused. So we have to seize upon that and we have to find a way to connect that. Public-private partnerships is the answer for that. It's not one segment that can handle it all. It's all of them combined together. If you look at space, space is going to be about commercial. It's going to be about civil. Moving from one side of the Earth to the other via space. And it's about government. And what's really cool for us, all those things are in our backyard. That's where that public-private comes together. The government's involved. The private sector's involved. The educators are involved. And we're all looking at the same things and trying to figure out, like this forum, what works best to go to the future. >> You know, if people are bored and they want to look for an exciting challenge, you couldn't have laid it out any clearer. It's the most exciting discipline. It's everything. I mean, we just talk about space. GPS is, everything we do is involved, has to do with satellites. (laughs) >> I have to tell you a story on that right? We have a very unique GPS story right in our backyard. So our sheriff is the son of the father of GPS for the Air Force. So you can't get better than that when it comes to being connected to all those platforms. So we really want to say, you know, this is so exciting for all of us because it gives everybody a job for a long time. >> You know, the kids that think TikTok's exciting, wait till they see what's going on here with you guys, this program. Trung, final word on this from the public side. You're at the Air Force. You're doing research. Are you guys opening it up? Are you integrating into the private and educational sectors? How do you see that formula playing out? And what's the best practice for students and preparing them? >> I think it's the same in every university in the engineering program will require our students to do the final project before graduation. And in this kind of project, we send them out to work in the private industry, the private company that sponsor them. They get the benefit of having an intern working for them and they get the benefit of reviewing the students as the prospective employee in the future. So it's good for the student to gain practical experience working in this program. Sometimes we call that a co-op program. Sometimes we call that a capstone program. And the company will accept the student on a trial basis, giving them some assignment and then pay them a little bit of money. So it's good for the student to earn some extra money, to have some experience that they can put on their resume when they apply for the final, for the job. So the collaboration between university and private sector is really important. When I join a faculty normally there already exist that connection. It came from normally, again, from the dean of engineering, who would wine and dine with companies, build up relationship, and sign up agreement. But it's us professor who have to do the (indistinct) approach to do a good performance so that we can build up credibility to continue the relationship with those company and the student that we selected to send to those company. We have to make sure that they will represent the university well, they will do a good job, and they will make a good impression. >> Thank you very much for a great insight, Trung, Bill, Amy. Amazing topic. I'd like to end this session with each of you to make a statement on the importance of cybersecurity to space. We'll go Trung, Bill, and Amy. Trung, the importance of cybersecurity to space, brief statement. >> The importance of cybersecurity, we know that it's affecting every component that we are using and we are connecting to, and those component, normally we use them for personal purpose, but when we enter the workforce, sometimes we connect them to the important system that the government or the company are investing to be put into space. So it's really important to practice cybersecurity, and a lot of time, it's very easy to know the concept. We have to be careful. But in reality, we tend to forget to to practice it the way we forget how to drive a car safely. And with driving a car, we have a program called defensive driving that requires us to go through training every two or three years so that we can get discount. Every organization we are providing the annual cybersecurity practice not to tell people about the technology, but to remind them about the danger of not practicing cybersecurity and it's a requirement for every one of us. >> Bill, the importance of cybersecurity to space. >> It's not just about young people. It's about all of us. As we grow and we change, as I referenced it, we're changing from an analog world to a digital world. Those of us who have been in the business and have hair that looks like mine, we need to be just as cognizant about cybersecurity practice as the young people. We need to understand how it affects our lives, and particularly in space, because we're going to be talking about people, moving people to space, moving payloads, data transfer, all of those things. And so there's a whole workforce that needs to be retrained or upskilled in cyber that's out there. So the opportunity is ever expansive for all of us. >> Amy, the importance of cybersecurity in space. >> I mean the emphasis of cybersecurity is space just simply can't be over emphasized. There are so many aspects that are going to have to be considered as systems get ever more complex. And as we pointed out, we're putting people's lives at stake here. This is incredibly, incredibly complicated and incredibly impactful, and actually really exciting, the opportunities that are here for students and the workforce of the future to really make an enormous impact on the world around us. And I hope we're able to get that message out to students and to children today, that these are really interesting fields that you need to consider. >> Thank you very much. I'm John Furrier with theCUBE, and the importance of cybersecurity and space is the future of the world's all going to happen in and around space with technology, people, and society. Thank you to Cal Poly, and thank you for watching the Cybersecurity and Space Symposium 2020. (bright music)

>> Announcer: From around the globe, it's theCUBE with digital coverage of next level network experience event, brought to you by Infoblox. >> Okay, welcome back everyone's to CUBE's coverage and co creation with Infoblox. Next Level networking event, virtual event, I'm John Furrier, your host to theCUBE. We're here with Craig Sanderson, Vice President security products at Infoblox. Talking about securing the borderless enterprise, obviously Infoblox, we had a variety of different conversations. Craig, welcome to theCUBE. >> Thank you. Thanks, it's great to be here. >> Remote CUBE, normally we're in person, but since it's COVID-19, we're doing our best to get the stories out and one of things I want to chat with you is with COVID-19, this shift to remote working is interesting and the word work is interesting you got the work forces which are people work places which are locations, which is now home, workflows and work loads all work related, right? So if you think about the enterprise, you know, just the disruption to business model around this unforeseen, almost 100% VPN usage maybe or you got all this remote action, no one could have foreseen all this coming. How is this shift change the security paradigm and posture for enterprises? >> Yeah, I think for a lot of the customers that we've talked to, a lot of them are thinking about digital transformation for some time. What COVID has really done is rapidly expanded or kind of accelerated the need for them to think about what the digital transformation plans are. And unfortunately for some organizations who may be not as far down the line as others, they've looked at their current implementation for remote access, and their traditional security models of like perimeter based and they found that you know in this current environment where suddenly you've gone from being only a partial set of your workforce or remote to now all of them being remote and their applications, their data, the users, they're all kind of spread anytime, anyplace, anywhere. Their traditional models don't really work. So what it's caused a lot of organizations to do is to really accelerate their digital transformation plans and quite often for some of those organizations, they've realized that they've had to make the move relatively quickly because their traditional architectures have just not been designed for this level of disruption the digital transformation has had on their businesses. >> Give some examples of how companies have either been flat footed or on their heels, kind of push back and saying, well, we got caught off guard to ones that are kind of in place that kind of managed the pandemic well, what's the difference? Can you just give some color commentary around, you know, the the profile who got it right or some were right, and some that have gotten it wrong, or are struggling? >> So I think the ones who got it right are the ones who were already thinking about digital transformation. They're looking at the fact that a lot of the applications that their consumers or their users are consuming are increasingly going to be in the Cloud anyway. So the traditional architecture of all the good stuffs on the inside and the bad stuff on the outside, that simply doesn't work with Cloud and those organizations who were looking at obviously Cloud deployments for their applications, SDN IoT, those organizations have had be thinking about how they can secure those devices, the applications and users in a way that is going to be ubiquitous. The fact that you can deploy the security controls wherever those applications users or devices are going to be. So those organizations are already starting to think about how they can build a networking architecture that is going to be suited for digital transformation, and by extension, they've been recognizing that the security model has to change, 'cause they were much further down the path. Really, this has been an acceleration. For those organizations that well, I'm not really interested in Cloud, are worried about the risks associated with Cloud and things like that, who tended to try and stick or cling to the old traditional model. Where they really run into trouble now, it's like this model just doesn't work. And now the decisions almost been taken out of the hands with COVID, because now their users are not on the corporate network. They can't build a rock wall around those users. They now have to provide protection for a user who's potentially not even using the device that they can control. So for those organizations who are already thinking about cloud and SDN and IoT, because of that digital transformation effect they've been starting to think about security, for those who have not thought about that or who have tried have been pushing that off, they're the ones who've been caught somewhat flat footed and now they're been forced to make a decision which maybe not they're actually feeling comfortable already ready to go off and do. >> You know, Craig, I sat with a friend the other day and we're like briefing on hey, you know, COVID-19 really, kind of, exposes almost like the tide coming out as that tsunami comes. You can see everything, all the scabs and all the problems. And then we started talking about the whole work at home situation, like this is probably the biggest use case of IoT in real life because you can really see it play out, not just a factory or sensor or device at the edge of the network, these are work, people doing work, right? So this whole IoT Edge, it's about addressability. So you know, I have to ask you, 'cause we've talked with you guys earlier in other segments around this next level networking experience, I love the word experience, but next level networking means next level. So DDI has an abstraction, DDI being DNS DHCP, and IP address management. How does the security piece fit in? Because certainly, yes, you got at home, we got a bunch of IoT people running their stuff from their home networks and so remote access, and you got also the business around, which includes everything that's connected to the network now, and literally is borderless. So I like that term. So how does DDI security fit into that? Yeah, I mean, it's part of having the experience, I mean, one of the things that's changed, I mean, I've been in security for over 20 years, probably about 10 or 15 years ago, as a security guy, you could come back and you had a veto, you'd come back and say, well, no, we're not going to roll this thing out, these applications, or these services, because it's a risk to the business. Now in a lot of the CSOs that I've talked to is that veto is going away. If this application is going to get rolled out, we're going to run this service security has to catch up. Now what you can't have is from a seamless experience point of view, is to say well, okay, you've now got wonderful application experience, but then it gets ruined by all the security controls are very invasive. So all organizations are having to do is to think about how you can build a seamless networking architecture that can also seamlessly include the security as part of that. And so you can still have the security of the organization needs without it becoming a massive disruption to the experience. And one of the good examples is, for a lot of organizations their remote access, going back to the COVID example, is based on VPN. VPNs are cumbersome and have got troubles with passwords and all these sort of like traditional issues associated with the user experience from a VPN perspective. I mean, a lot of users have the patience to deal with that, and they don't necessary follow all the necessary security controls. So people are being forced to rethink how they can build the quality application experience underpinned by a digitally transformed network, but at the same time, making sure you could layer in at foundational layer, the security functions as well. And that's where a lot of organizations who are a little bit more forward thinking understood that and start to think about like DNS, is essentially this ubiquitous platform, which is already there it can already provide the sort of security services by default. Because going back to your example about IoT, one of the jokes with one of my friends is, and for every IoT security, sorry, every IoT offering, there's a separate IoT security offering. And one of the things that was a lightbulb moment for us is, if you're trying to secure all these heterogeneous IoT devices, well, one thing they have in common, they're all going to get an IP address, so we're going to use DNS. So what people have to start to do is to try and make security seamless, it has to be built into the foundations. It can't be this extra thing that you kind of glob on the side, because it then ruins the overall experience for the users. The nice thing about DNS is its ubiquitous, and you can apply the security, regardless of what the endpoint and application is, because the common denominator they choose they get an IP address and they use DNS. >> And DNS has such a great track record over the years of having layers of abstractions on top of it to pace with the functionality and it's really been an operating model and you bring up the different security packages and postures for each thing. And you mentioned, you know, the old days security guy, oh, no we're killing that, no we're going this way. That was the operational model, but now with DevOps, you put a Cloud earlier, DevOps has proven that agility, speed scale can work, and how to security catch up? It's an operating model. So this is really kind of the key epiphany is, hey, VPNs, that's not the experience that people want. And, you know, I was just talking with someone from Amazon this morning in another interview segment and the discussion was new expectations, new solutions. So that's kind of what we're seeing right now. So how do you enable that out at speed by not screwing over the operations people, right? So 'cause they got to be, operationally, I need to be really rock solid, so you need automation, you got to have those factors and requirements built in, but you got the agility for development. your reaction> >> Yeah, absolutely. We see that especially is one of the things about 'cause DNS essentially ubiquitous. You can apply similar security controls regardless of the environment. So, right now I'm stuck at home because of the COVID virus. So again, I'm going to use DNS, I go through one of our Cloud platforms, I have DNS applying the security controls there. But within the same thing because DNS works as one ubiquitous system and it's like how the internet works with DNS is quite easily, not only can you block malicious threats for myself, but also you can push that same block mitigation to a DNS server that's running in AWS. So if your workload that may also have been compromised, trying to go to the same malicious domain, you can also be blocked by DNS. And so that ubiquity, the fact that it's built as this ubiquitous system, mean one thing is very different in the networking world standards are great. We can plug different things together, they all kind of fit together nicely. Insecurity is not normally that not only the cases, normally, you've got this jigsaw puzzle, where all the pieces don't really fit together. The nice thing with DNS is is absolutely ubiquitous. So one basic example is, if I try to go to a malicious domain, or I tried to steal data over DNS, not only would we be able to block it, but we'd also be able to dynamically share that mitigation to all of the on prem DNS servers, the DNS servers rather in your public or private Cloud, and for all the other like remote users. So the fact you've got this pre built fabric, and it's not that we're security geniuses, it's just it happens to already be there because of DNS and how DNS has been developed over the last 30 or 40 years. So I think the nice thing about it is a lot of organizations are starting to realize that you've got this foundation already there. Ostensibly, it's there for networking purposes, but the ability to repurpose all the core assets of DNS, the scalability, the flexibility, adaptability, the ubiquity, all those things are there by default. Why don't you use that as the new foundation for that next gen security architecture? >> And you know, you got me as a fan, I'll say that right away, because when we think about the simplicity of going to the low level building block in DNS, it fits for what I said earlier, the future of work, the word Work, workplace, workforce, workload, workflows, no matter what it is, it works across. So it's a consistent, primitive. I mean, it makes total sense. Why would you want to have different things. So again, this brings up the whole foundational level of DDI that's got my interest. And I want you to explain this for folks, because I think it's not obvious. Abstractions are pretty clear, people get abstraction layers, reduce complexity, and increase functionality and capability. But DDI, you guys have from a foundational security standpoint, is kind of the unique thing Infoblox has. How is that different, DDI from other offerings in the security stack? >> Yeah, I think the one thing is pretty unique, especially when it comes to DNS is the fact that it's built together as this ubiquitous system, and it's there by default. I mean, otherwise, the internet just wouldn't work. So the nice thing is, is that if you deploy a DNS system we can deploy as a grid, so whether it's the an appliance running on prem or sitting in a public Cloud, or even for roaming users who are going through one of our points of presence, it works as one big ubiquitous system, whereas you take like traditional firewalls, you're configuring these devices separately, and you have to manually stitch it together. And you take multiple different vendors and you know, it doesn't quite fit neatly together. DNS is based on the standard, you could take a DNS server for master DNS server from another company and because it's based on standards, it will work seamlessly together, in fact, that the threat mitigation mechanism where you distribute threat intelligence to tell the DNS, what is the malicious domains or IP addresses to block is based on so called response policy zones. That's been part of the DNS standard since 2010. And it works seamlessly across multiple vendors, whereas in the security world, as I said, it's kind of like a jigsaw where you get all the pieces together that you think you need and then the burden is always on the customer or the organization to then piece these things together and as a chief source it doesn't fit together. I can see that burden can cause a hell of a lot of issues for a lot of the customers. >> Yeah, I got to ask you since DNS is so foundational to element *and have all internet activities obviously, you know URLs is DNS, it's string actually. So everything's based on DNS, how it resolves. So what what about the, how would you respond if someone said, hey, you know, I don't even know DNS is still around. I know it's palm. It's underneath there somewhere, I don't even have to deal with it, it just runs things, we've been using it for years. What's the big deal? So how do you go in and say, hey, customer, hey, enterprise, you're not borderless, I get a hitch. But they have DNS. How do they modernize it? How do they assess it? How do you go in and some of the young kids don't even know what DNS might even is? I mean, like, it's a new, so like, *what do you go where, how do you approach that and what's the pitch because they got it and as an opportunity to innovate. what's the story there? >> *Is really two aspects to it. The first one is, I mean, DNS is a bit like oxygen. If it's not there, you really need to notice it. You just take when we had the Mirai botnet attack a few years back, all these organizations suddenly realized how important DNS is. And there's a reason why DNS is the number one attack vector for DDoS attacks. If I'm an adversary, I could try and take out individual applications it's going to take me forever. I take out your DNS, everything's going to stop. I mean, it's that *foundational z. But because its been >> *Hackers no problem, yeah. >> Exactly, so and for that reason, that's why it's constantly targeted. So firstly, my first pitch to customers is, you've got to take this stuff seriously, because when it goes down, everything is down. And the impact to your organization, not just from a brand reputation, but just from running your business is going to be huge. But on top of that, the way to think of DNS is, the nice thing is is you don't have to change your network architecture. If you think about a typical user who clicks on a phishing link. When they click on a phishing link, who's going to see the malicious requests first? Is it your firewall? No, your DNS server. Because you made the request, you have to resolve the malicious domain that you're going to try and connect to. You need to find out the IP address of it. So your DNS server and it's been proven multiple studies that, the vast majority of malware uses DNS as its control plane. So if you want to understand what the bad guys are doing, you know, your DNS servers got a front row seat to exactly what the bad guys are doing. And to implement security on it is you don't have to change your network architecture, because your DNS is already there by default. All you need to do is infuse it with security knowledge, whether that is machine learning, analytics or threat intelligence. But those DNS servers are ideally positioned. They're going to see the malicious activity, regardless of what the application is. So it's foundational, not just in terms of, if it's not there, it's going to cause a massive issue to your field or environment anyway. But even if you secure the DNS, the DNS is also this wonderful tool that is in all the right places and it's also deeper into the network. One of the challenges you mentioned about operations is the challenges is okay, you can block malware but if you don't know the source address of the device that is actually trying to make the request, you don't know what to go and clean up, where's your DNS server, your DHCP server knows exactly who it is because we handed out the IP address, we know the MAC address, we know the IP address, we know the user name, we have all that information that is going to be critical for security operations. And now you can see what *it's or about maybe the first report, you start to see that organizations are waking up to the fact that you have this treasure trove of security operations data that you haven't tapped largely for political reasons, because the security guys can't reach over and grab the necessary DDI network context from those DNS platforms, because typically they're owned by the networking or the server team. >> Before we get into that *force reports, I think that had some threat investigation data. What you're getting at about this DNS is that basically, it's critical infrastructure. And if you try to forget about it, 'cause it works, you lose sight of the real opportunity, which is, if it's critical infrastructure, you got to treat it like critical infrastructure, and make sure it's modernized, refreshed in the right position to manage all this, right? >> Absolutely. Absolutely, yeah. It's unfortunate With the Mirai botnet attack. A lot of organizations, as they said well, okay, we'll just outsource this, we don't have to worry about it. But when it wasn't there, and it wasn't the fact that, I mean, it was an attempt to take out like Minecraft servers. Nothing to do with most of the businesses who were impacted, but there was a lot of collateral damage. And unfortunate is like one of those things is because DNS is a victim of its own success. The fact that is reliable, it is consistent. You don't have lots of DNS outages typically. As a result of that people tend to forget about how critical it is as the role it plays in serving all of your applications and your users. >> Let's get into the *fourth report 'cause they surveyed a bunch of hundreds of security and risk management leaders, both compliance and also security pros that are using DNS, what were your key thoughts on the takeaways from that study? What should people know about it? >> It's very encouraging as up in Infoblox about five years when I first joined, the usage of DNS as a network context as a way to help with security operations is very, very low. And that causes all sorts of issues for organizations when it comes to doing security operations. I mean, a prime example is, the guys who work in security operations, that is the biggest issue for customers right now. They've bought almost too much security gear. And each of those security tools and platforms, they're generating security events. So again, security events from your firewall, or from your IPS or from your neck system, or whatever it happens to be and the burden now falls on the security operations teams. And it's been proven that there's huge amounts of open opportunities because there just, isn't enough trained security operations staff and the ones who are already in the business, are massively overworked and struggle to get through all the security events that have been firing from their security operations tools. So for what I was encouraging from the first report is that organizations are realizing that DHCP is going to help* you be able to identify the fact that these two security events seem completely separate. One of them is got a source address of 10.1, the other ones 20.1, well, you know what? This laptop moved from one side the building to the other and got a different address, it's actually the same device. But based on the traditional security events you're getting from the existing tools, you know, you're going to think it's two separate events, and they're not. Likewise, one of the things that's coming out is that people start to use DNS as an audit trail. And one of the challenges for organizations is, if you get a data breach, what's one of the first questions a journalist is going to ask you is like, well, what is the scope of the breach? What was impacted? And quite often organizations are not prepared. They come back and say, well, at this stage, we don't know. That's a great way for a CEO or CFO to get fired. So a smarter way of doing it is, if you think about you got the devices under investigation, the DNS queries that those* machines have been making is a wonderful audit trail of not just the external resources it's been accessing, but also the internal resources as well, what has been potentially exposed. So I think from the forest report, we're certainly seeing people realizing what were their biggest challenges security operations. Essentially, the DDI data is almost like the oil that's going to grease the wheels of security operations. And if you don't do that, buying more security gear, it's not going to make the problem better, it's actually going to make it worse unless you can operationalize it. >> Yeah, at the end of the day, the failures right there in the low level of critical infrastructure and building floors no one cares what happened on the 10th floor foundations. I got to get your thoughts on this because as you guys have DDI abstraction, DNS, you know, as it's growing, had its evolutions with abstractions, you know, as these things kind of flex, used to be an old expression DNS tricks, you know, you would mangle DNS, and it was a naming system. So you use it the way you use it and then new innovation layers create more upside and more, takes away complexities. How does DNS scale enable value? Because now you got Cloud, you got Cloud native, new software's being written and developers want to rely on the DNS as a critical infrastructure, but also want to be enabled to have, you know, really robust applications. >> Yeah and I think with the, given the fact that all the work has been put into DNS over the last 20 or 30 years, work has resolved in a very highly available very resilient system. And so a lot of stuff has to go wrong for DNS to fully go down. And it's easy to just take things like *Anycast, Anycast allows you to connect to the nearest DNS server, that's going to give you the resolution. So it's going to give you the best performance. This also can give you the high availability and resilience that goes along with that. And I think also from the security guys point of view, is if all the things that we've started to realize is that DNS is a great avenue by which you can detect somewhat unique threats. So one of the things that comes up quite a lot, we're starting to see old malware being re weaponized to exfiltrate data over DNS. So if you're a DevOps guy, and you're building your new application, if someone compromises your application, if I tried to extract the data over HTTP or email, you probably have a solution for that. 6But how many organizations have visibility in the billions of DNS queries that's going to come out your network in a day. Which ones are those might be actually data that has been stolen, it gets encoded and corrupted, chopped up and sent out and DNS packets. Is very difficult for traditional security appliances to understand and really differentiate between legitimate DNS requests, the malicious ones are actually the ones who are benign applications that essentially tunnel over DNS because they're trying to bypass firewalls. So increasingly, DNS is a threat vector for basic data loss. It's also important to understand is really gives you a window into what the adversary is doing. So not just when it comes to data exfiltration, but other things like domain generation algorithms that allow adversaries to maintain control of devices that they compromised. So a lot of that stuff is not just about the high availability and the ubiquity of DNS, but also making sure you can be fully on top of the potential impact of DNS being exploited as a potential backdoor out of your network. >> Critical infrastructure, but also that's where you're going to see the footprints of any kind of activity right there, it's a great observation space as well for detection and analysis, great stuff. Craig, thank you for taking the time, great insight, great conversation. DNS is critical infrastructure, get on it, and people are on it, they're going to go the next level. Getting the next level networking experience is about having that security always on high availability, and protecting the bad guys. Craig, thanks for joining me on this CUBE conversation for the Infoblox virtual event. Thank you. >> Pleasure. Thanks for having me. >> Okay, that's the CUBE coverage of Infoblox is next level networking virtual event. I'm John Furrier, your hosts of the CUBE. Thanks for watching. (upbeat music)

>> Announcer: Live from San Diego, California, it's theCUBE, covering Kubecon and CloudNativeCon brought to you by Redhat, a CloudNative computing foundation and its ecosystem partners. >> Welcome back to theCUBE, we are here in San Diego where we are keeping CloudNative classy. I'm Stu Miniman, and my cohost is John Troyer, and we are happy to welcome back to the program, our host, Dan Kohn, who is the executive director of the CloudNative computing foundation, or the CNCF. Dan, thank you so much for having us. >> Thrilled to be back again. >> All right, and, yeah, so our fourth year doing this show, the big shows-- >> Dan: Nothing's really changed. You just tear right along the same level. One year to the next, you can just confuse them pretty easily.. >> So, you know, Dan, we actually did a prediction show yesterday, and I said, maybe it's my math background, but I look back two years ago, it was four thousand, then eight thousand, now twelve thousand, so I predict Boston must be sixteen thousand because I was used to those standardized tests, but with the growth, you never know, and it is very difficult, you know, we talk about planning, we've talked, this facility was booked before-- >> Dan: Two years ago. >> --the curve really started taking off. So, help us set the stage a little bit, we're getting towards the end of the event, but you know, tons of day zero things, so many sessions, so many people, there were pre-show events I heard that started like the end of last week, so, it's a small city in this community in so many pieces, and the CNCF helps enable all of it. >> It does, and what's fun for us is just that, the community is out there adopting these technologies and contributing to it and growing, and being able to come together, this is always our biggest event in North America but also in Europe and China. It's just a really nice snapshot of the point of time, in saying, okay, where are things, how many companies are interested in having sponsor booths, how many developers are there, how many track, but, I think maybe my favorite anecdote from Kubecon CloudNativeCon San Diego is that there was a, so we offer, a CFP track, a call for proposals that's extremely competitive, only 12% of the talks get accepted. And then we have a maintainer track, where the different providers can have either an intro, a deep-dive, or both. So the deep dive for the project Helm, which is not even a graduated project yet, I mean, it's very widely used, package manager for Kubernetes, but the deep dive for Helm had more than 1600 people inside their session, which is more than we had at all of attending Kubecon 2015 and 2016 combined. >> So, Dan, one of the words that gets mentioned a lot in this space, and it has lots of different meanings, is "scale". You know, we talk about Kubernetes built for big scale, we're talking about Edge computing which goes to small scale. This event, you look at the ecosystem. There's a thirty foot banner with all of the logos there, you look at the landscape-- >> Dan: They're not that big, either. >> --there are so many logos on there. Actually, I really thought you had an enjoyable yet useful analogy in your opening keynote. You talk about Minecraft. I've got a boy, he plays Xbox, I've seen Minecraft, so when he pulls up the little chart and there's like, you know, all of these little things on the side, my son can tell you how they're used and what you can build with them, I would be completely daunted looking at that, much like many of the people coming to this show, and they look around and they're like, I don't even know where to start. >> And that was fun keynote for me to put together, because I did need to make sure, both on the Minecraft part, that all the formulas were correct, I didn't want anyone... But then I drew the analogy to Kubernetes and how it is based on a set of building blocks, hundreds of them, that have evolved over time, and for that, I actually did some software archeology of reaching out to the people who created the original IPFW, Linux firewall 20 years ago based on PSD and then the evolution since then, made sure that they were comfortable with my description of it. But now, bringing it out to Kubecon, CNCF, we have a lot of projects now, so we're up to 43. When we met in Seattle four years ago, it was 2. And so it's definitely incumbent on CNCF to do a good job, and we can probably do an even better one on trying to draw this trail map, this recommended path through understanding the technologies, deciding on which ones people might want to adopt. >> Yeah, I think that would be really interesting. In fact, the words trail map kind of came up on Twitter, today, I saw. And one of the things that struck me was how the first rule of Kubecon is, well, Kubernetes is not maybe in the center of everything, it's underneath everything, but, like you said, 42 projects in the CNCF, many more projects, open-source projects, of course, from different vendors, from different coalitions, that you can see here on the show floor as well, if not in a session, so, without giving a maybe a CNCF 101, what does the path forward look like in terms of that, the growth of projects within the CNCF umbrella, the prominence of Kubecon, are we headed towards CloudNativeCon? >> Well, we've always been calling it Kubecon CloudNativeCon, and we could reverse the names, but I don't see any particular drive to do that. But I would really emphasize, and give credit to Craig McLuckie and some of the other people who originally set up CNCF, where Google had this technology, if they'd come to the Linux Foundation and said, we want to call it the Kubernetes Foundation, we probably would've said yes to that. But the impact, then, would be that all of these other technologies and approaches would have come in and said, we need to become part of the Kubernetes project, and instead, there was a vision of an ecosystem, and the reality is that Kubernetes is still by far the largest project. I mean, if you look at the total number of contributors, I believe it's approximately the same between Kubernetes and our other 42 projects combined. So, and of course, there's overlap. But in that sense, in some ways, Kubernetes sort of represents the sun, and the other projects are orbiting around it, but from the beginning, the whole idea was to say that we wanted to allow a diversity of different approaches, and CNCF has had this very clear philosophy that we're not king makers, that if you look at our landscape document, where we look at different functions like key management or container run times or databases or others, there can be multiple CNCF hosted projects in each box. And so far at least, that approach seems to be working quite well. >> Yeah, Dan, having been to a number of these, the maturity and progress is obvious. Something we've said is Kubernetes is really table sticks at this point, no matter where I go, there is going to be Kubernetes, and therefore, I've seen it some over the last year or so, but very prominent on this show, we're talking about work loads, we're talking about applications, you know, it's defining and explaining that CloudNative piece of it, and the tough thing is, you know, modern applications and building applications and that AppDev community. So, you know, speak a little bit-- You've got a very diverse audience here, talk about the personas you have to communicate with, and who you're attracting to this. I know they put out lots of metrics as to the surveys and who's coming and who's participating. >> Well, we do, and we'll be publishing those, and I love the fact. I think some people misunderstand in the thinking that Kubecon CloudNativeCon is all infrastructure engineers, and something like a third or more of the attendees are application developers, and so I do think there's this natural move, particularly towards AppDev. The difference is that on the infrastructure side, there's just a really strong consensus about Kubernetes, as you're saying, where on the application development side, it's still very early days. And I mean, if anything, I think really the only area that there is consensus on is that the abstractions that Kubernetes provides are not the ones that we want to have regular application developers at most enterprises working with, that they shouldn't actually need to build their own container and then write the YAML in order to configure it. Brian Liles hit that point nicely with his keynote today around Rails. But so we can agree that what we have isn't the right outcome, we can agree that whatever are the winning solutions are very likely underneath going to be building those containers and writing the YAML. But there are so many different approaches right now, at a high layer on what that right interface is. >> Yeah, I mean, just, one example I have, I had the opportunity to interview Bloomberg for the second time. And a year ago, we had talked very much about the infrastructure, and this year we talked about really, they've built internally that PaaS layer, so that their AppDevs, they might know that there's Kubernetes, but they don't have to interface with that at all. I've had a number of the CNCF end user members participate, maybe, speak to that, the community of end users participating, and end user usage overall. >> Yeah, so when we first met in Seattle four years ago, we had three members of our end user community. We appreciated them joining early, but that was a tough call. But to be up to 124 now, representing almost every industry, all around the world, just a huge number of brand names, has been fantastic. What is interesting is, if you go talk to them, almost all of them are using Kubernetes as the underlying layer for their own internal PaaS, and so the regular developers in their organizations can often just want to type get push, and then have the continuous integration run and the things built and then deployed out and everything. But it's somewhat surprising there hasn't yet been a level of consensus on what that sort of common PaaS, the common set of abstractions on top should be. There's a ton of our members and developers and others are all working to sort of build that winning solution, but I don't have a prediction for you yet. >> And of course, skill interoperability and skill transferability is going to be key in growing this ecosystem, but I thought the stats on you know, the searches you can do on the number of job openings for Kubernetes is incredible. >> Yeah, so on the interoperability, we were very pleased to announce Tuesday that we've now passed 100 certified vendors, and of all the things that CNCF does, probably even including Kubecon, I might say that that certified Kubernetes program is the one that's had the biggest impact. To have implementations from over 100 different organizations that you can take the same workloads and move them across and have the confidence, those APIs will be supported, it's just a huge accomplishment, and in some ways, up there with WiFi or Bluetooth or some of the best interoperability standards. And then you mentioned the job support, which is another-- >> Yeah, I want to transfer engineers too, as well as workloads. >> --area that we're thrilled, and we just launched that, but we now have a couple hundred jobs listed on it and a bunch of people applying, and it's just a perfect example of the kind of ecosystem development that we're thrilled to do, and in particular the fact that we're not charging either the employers or the applicants, so it's jobs.CNCF.io to get access to that. >> Great. Dan, you also mentioned in your keynote, Kubernetes has crossed the chasm. That changes the challenges that you have when you start talking about you know, the early or mid majority environment, so I know you've been flying around the globe, there's not only the three big events, but many small events, talk about how CNCF6 mission helps you know, educate and push, I guess not push, but educate and further innovation. >> Yeah, and just enable. So, one of the other programs we have is the Kubernetes Certified service provider, these are organizations, essentially consulting firms, that have a deep expertise that have had at least three of their engineers pass our certified Kubernetes administrator exam, and it is amazing now that we've passed 100 of those, but they're in over 30 different countries. So we're just thrilled to see businesses all around the world be able to take advantage of that. And I do get to go to a lot of events around the world; we're actually, CNCF is hosting our first ever events in Seoul and in Sydney in two weeks, that I'm quite excited for, and then in February, we're going to be back in India, and we're going to be in Bengaluru, where we had a very successful event in March. We'll be there in February 2020 and then our first one in New Delhi, those are both in the third week of February. And I think it does just speak to the number of people who are really eager for these to soak this up, but one of the cool things about it is we're combining both local experts, half of our speakers are local, half are international, and then we do a beginner track and an advanced track. >> Yeah, Dan, you know, I'd just love a little bit of insight from you as to, there's a little bit of uncontrolled chaos when you talk about open source. Many of the things that we're talking about this year, a year ago, we would've been, oh my gosh, I would've never thought of that. So give us what it's like to be kind of at the eye of the hurricane, if you would. >> A lot of criticism, to be honest. An amazing number of people like to point out the things that we're not quite doing correctly. But you know, the huge challenge for an organization like CNCF, where, we're a non-profit, these events are actually spinning off money that we're then able to reinvest directly into the projects, so doing things like a quarter million dollars for a security audit for Kubernetes that we were able to publish. Or a Jepson testing for NCD, or improving documentation and such. So a big part of it is trying to create those positive feedback loops, and have that, and then another huge part is just, given all the different competing interests and the fact that we literally have every big technology company in the world on our board and then all of the, I mean, hundreds of start ups that tend to be very competitive, it's just really important that we treat organizations similarly. So that all of our platinum members are treated the same, all our gold, all our silver, and then within the projects, that all the graduated projects are treated similarly, incubating, sandbox, and people really notice. I have kids, and it's a little bit there, where they're sort of always believing that the other kid is getting extra attention. >> Yeah, right, you can't be the king maker, if it will, you're letting it out. Look out a little bit, Dan, and you know, we still have more growth to go in the community, obviously the event has room for growth. What do you see looking forward to 2020 and beyond? >> Yeah, I would love to predict some sort of amazing discontinuity where everyone adopts these technologies and then CNCF is not necessary anymore, something like that. But the reality is, I mean, I love that crossing the chasm metaphor, and I do think it's very powerful, and we really do say 2018 was the year that Kubernetes crossed the chasm from the early adopters to the early majority, but I would emphasize the fact that it's only the early majority. We haven't reached in to the entire second half of the curve, the late majority and the laggards. And so there are a ton of organizations here at the event who are just getting up to speed on this and realizing, oh, we really need to invest and start understanding it. And so, I mean, I don't, we also talk about there will be some point of peak Kubecon, just like peak Loyal, and I don't yet see any signs of it being 2019 or 2020, but it's something that we're very cognizant of and working hard to try and ensure that the event remains useful for people and that they're seeing value from it. I mean, there was a real question when we went from one thousand Seattle four years ago to four thousand in Austin three years ago, oh, is this event even still useful, can developers still interact, do you still have conversations, is the hallway track still valuable? And thankfully, I'm able to chat with a lot of the core developers, where this is their fifth North American Kubecon and they're saying, no, I'm still getting value out of it. Now, what we tend to hear from them is, "but I didn't get to go to any sessions," or "I have so many hallway tracks and private meetings and interactions and such," but the great thing there is that we actually get all of these sessions up on YouTube within 48 or 72 hours, and so, people ask me, "oh, there's 18 different tracks, how do I decide which one to go to?" And I always say, "go to the one where you want to interact with the speaker afterwards, or ask a question," because the other ones, you can watch later. But there isn't really a substitute for being here on the ground. >> Well, there's so much content there, Dan, I think if they start watching now, by the time you get to Amsterdam, they'll have dented a little bit. >> I'll give a quick pitch for my favorite Chrome extension, it's called Video Speed Player. And you can speed people up to 120, 125%, get a little bit of that time back. >> Yeah, absolutely, we have at the backend of ours, there is YouTube, so you can adjust the speed and it does help most of the time, and you can back up a few seconds if needed. Dan, look, congratulations, we know you have a tough role, you and the CNCF, we really appreciate the partnership. We love our community, it has had a phenomenal time this week at the show, and look forward to 2020 and beyond. >> I do as well, I really want to thank you for being with us through this whole way, and I think it is just an important part of the ecosystem. >> And I know John Furrier also says thank you and looks forward to seeing you next year. >> Oh, absolutely. >> Dan, thank you so much. John Troyer, I'm Stu Miniman, getting towards the end of our three days, wall-to-wall coverage here in sunny San Diego, California, thanks for watching theCUBE.

>> Announcer: Live from San Diego, California, it's theCUBE, covering KubeCon and CloudNativeCon, brought to you by Red Hat, the Cloud Native Computing Foundation and its ecosystem partners. >> Welcome to theCUBE here at KubeCon CloudNativeCon, 2019. Second day of three days, wall to wall coverage. I am Stu Miniman, John Troyer is my cohost for the three days, and we've had a great schedule, but this one will be super dope, of course, 'cause it is the one, the only >> That's the right phrase to use >> Kelsey Hightower >> to bring me out. >> who is now a principal developer advocate at Google Cloud. Kelsey, thanks so much for joining us. >> Well, thanks for having me. >> All right, let's start. You did a keynote yesterday and I actually heard, not only did it rain in San Diego, people were talking about allergies. They were grabbing their tissues, eyes seemed to be tearing. You had stepped back for a little bit. When I first came into this show, we've been doing it for four years, it was, you know, Kelsey Hightower and Kubernetes almost seem to get top billing of the show. You specifically stepped back for a little bit, and you're here this week. So, talk a little bit about that piece. >> Yeah, so I stepped back to do some serverless stuff, right? So I worked on some cloud function stuff at Google, launching the ghost support for cloud functions, and really trying to understand the serverless base by being in it, and that means stepping back from Kubernetes quite a bit. So the keynote, I wanted people to have emotion. So no live demos, no slides, no speaker notes, and then just telling stories from the last six years of being a part of the Kubernetes community, and making people feel something. And I think it resonated with folks, and, of course, people got a little teary-eyed. I gave people a cover, so we just kept saying the allergies are starting to flare up in the room, and we really connected with people. >> Awesome. So you came back, which means serverless not completely taking over and obviating what we've been doing here for years. >> Yeah, I think serverless is just another tool in the toolbox, and I didn't want to miss it. So before I put it in its category, I wanted to make sure that I got super deep with it, used it myself, gave it a fair shot, and it definitely deserves a place. But I think the idea of serverless is the thing that's going to stick. This idea of eliminating as much infrastructure as possible and then putting that everywhere we can. >> I want to bring that idea of a tool in the toolbox to what we're talking about at this show. >> Kelsey: Okay. >> So, you know, Kubernetes is one of the most hottest topic at the show. The CNCF, now I mean, there's dozens and dozens of projects here. Dan Kohn, when he kicked it off, talked about Minecraft. And it's like there's that board there with all the tools, and, oh boy, which one do I pick, and how do I use it? >> How do you look at where Kubernetes fits in the overall landscape? Obviously, 12,000 people, it's really exciting. Why is there so much excitement around something that I think is really, it becomes another tool in the tool shed and baked into the platform? >> I think Kubernetes represents a problem that most people have. If you went down the Linux and then virtualization path, then you ended up with a bunch of virtual machines that you need to glue together somehow. So if you look inside of what Kubernetes has, like the scheduler, how it takes in the pain of running a workload. If you're running VMs in Linux, this is a problem you already have, so Kubernetes just resonates with almost everyone that is using virtualization. This is why it's so popular. So it fits. Now every tool in the landscape may not resonate the same way because everyone doesn't have the same set of problems around the edges, but Kubernetes is a very obvious thing to anyone that's managing more than a handful of machines. >> Well, I think that brings up an interesting question of, as companies and people assemble the stacks, right, assemble the engines out of the components, do you have any thoughts on, well, I guess we could take it from a couple of different ways. But maybe as a person coming here for the first time, representing their team, getting started, maybe not involved online with upstream Kubernetes but trying to make sense of the landscape here and all the different, the zoo of different projects. >> Lots of new people here. You talk to people, I think, what, 50% or more of the people are brand-new. People have been ignoring, rightfully so, Kubernetes for four or five years. "Maybe I don't need it, I'm good where I am." But we're at a point now where you can't ignore it. VMware's offering Kubernetes, every conference you go, where it's KubeCon or not, this is the thing they're talking about. It's just like Linux was years prior, right? It's just the thing that people are doing. So now, you're coming to see for yourself first-hand. You're coming to ask people how's it going, now that we're five years in? There's a sense of maturity, things are slowing down, the ecosystem's getting a lot more mature around it. So you almost have no choice but to be here because now it's in your world. >> All right, so, there's some people that I've been seeing online that are still looking at this a little bit skeptically, and said, "You know, we've been down this path before." You know, "Oh, everybody's involved in Kubernetes." you know, "There's my Kubernetes "versus some of the other environments." How should we think about that? 'Cause as you said, it's going to be baked into VMware when they do project-specific, and they've got a couple of ways to get you to Kubernetes. Yeah, Microsoft just announced an update. Is it an inter-operability issue? Is this the universal backplane? Do you have a good analogy as to how we should be thinking about where we are today and where we need to go so that we don't repeat the sins of the past when it was the multi-vendor mess that really didn't solve the customer's problems. >> You're going to always have multi-vendors because there's too many customers for one vendor to satisfy. That's always going to be the case, there's no way around that. But the way I look at Kubernetes now is like, take the web. Click around, webpages, link them together. And out of that, we extracted REST. People can build APIs, we build tooling on top, cloud providers built APIs to manage infrastructure. So the REST component comes out of the larger picture of the web. And when we take the larger components of Kubernetes, and we extract out that Kubernetes API, you get Istio, you get these network control plans, you get people building 5G infrastructure using that Kubernetes model. You get all the cloud providers saying, "Now, if the world's going to have "this set of APIs that are based on Kubernetes, "then I can actually build a global control plane "because I can assume that Kubernetes' API everywhere." Not just for containers, also for networking, authorization, management systems. So it's only natural that people start moving up the stack, and I expect even more panes, ever more fragmentation, if you will, because now it's so much easier to explore a new idea, even if it's only for a smaller subset of the market. So I expect it to explode. >> Yeah, one of the things we've been looking at this year is really the simplicity of the offering. You had done Kubernetes the hard way a couple of years back. We've been looking at things like lightweight Kubernetes, the K3s. How are we with that simplicity of the overall solution and making sure that Kubernetes can reach its potential to get to all of those use cases and end points that you were talking about? >> Kubernetes' job is to manage the complexity. If you need to run in multiple regions across the globe, that is a set up complexity, Kubernetes has one way of addressing it by sitting on top of all those VMs globally, and then providing a set of APIs. That Kubernetes set up end cluster is going to be way more complex than a MicroK8s, where you have a single virtual machine where you install the components on one machine, you don't deal with networking, you're not dealing with multiple nodes. That flow is super-easy. I think I did a tweet for the Canonical folks. They have a tool called MicroK8s, you just run one command, you have a Kubernetes cluster, and off you go. And that's great for a developer, but as the underlying infrastructure gets more complex, I think the overall cluster, and the components that you need in that cluster, matches the complexity. So I think Kubernetes has proven to scale up, and now you can see it's scaling down. So I think it's one of these things that's adapted to complexity, versus having to jump off of the platform because it can't meet either range. >> Now, Kelsey, we've talked a little bit about both Kubernetes as this universal API, but also being embedded, right, and being below a lot of application layer and other management-layer things, I mean, did you think about talking to our fellow technologists, right? There are some people who are going to be, we've also used the metaphor, mechanics, right? There's some people who are going to be the mechanics, but, like, everybody drives. So, as we get to this level of maturity here now at KubeCon 2019, any advice on how people should pick? Do I need to, and also online we hear a lot about, "Oh, I don't need, I don't know if I need Kubernetes. "I don't know if my particular use case right now, "boy, I don't know if I want to go there." So, I mean, how should people be looking at it? And also up scaling, should every IT and technologist and developer be working towards Kubernetes? >> Absolutely not. >> Thank you. >> If you're managing a bunch of machines, you got two choices. You could build a lot of custom tooling and build something that looks like Kubernetes, most people don't have the time to do that. So what we want to do is say, look, a lot of people are collaborating on that obvious thing that you should build to manage that. Now if I give you 80% of your time back, you should go and fill in that gap between what Kubernetes brings to the table and what your developers want to actually do. And at the end of the day, it's always been the same thing. You check in code, it should adopt the company's best practice, and I should be able to get an end point and some debugging tools. That has always been the north star, even when there was virtualization, early days of cloud. Kubernetes is no different. The thing that Kubernetes represents, though, is that you don't have to build as much glue between either your own VW ware or your pre-early cloud. Kubernetes has built all that stuff way up to this line, so maybe you actually finish that CICD part you were supposed to do anyway. >> All right, so, Kelsey, every year we try to figure out and distill down the theme of the event. A couple of years ago, the service matched really extensions were going at it. Here, there's so many different pieces, it's a little tough to kind of pin down. We talked about some of the edge simplicity use cases, security has, of course, been a discussion for a couple of years. Anything that you've distilled so far or the things that you are finding most interesting and new, kind of at the edges of this whole ecosystem? >> This whole thing is a Swiss army knife, so it depends on who's holding it. Whatever problem they have, that's the piece of the tool that they're going to make front and center. So that's what this is. And right now I think there's a lot of confusion on, do I even need all the other components in this Swiss army knife? Some people are just like, "Well, this tool looks interesting. "I don't have a problem that this tool is for." And some people are actively creating a problem so they can use the other tools in the Swiss army knife. I think the biggest thing that I've seen in the last two years is, make the new thing work the old way. So you're getting the more traditional vendors showing up and adding their Kubernetes integrations, and they're making the new thing more familiar to the people who have the existing tool. And when I look around, that's the thing that I see arise. "Hey, that firewall you were using? "We now have Kubernetes support. "That security tool you were using? "We now have Kubernetes support." The security tool works fundamentally the same, it's just now easier to adopt and maybe make Kubernetes things that are deployed in it, leverage those thing. >> So you're saying that's a good thing, not a bad thing. >> It's a good thing, but it can also be dangerous in some cases where we may get complacent a little bit, and what we end up doing is recreating the world that we tried to run away from a little bit. We try to create a little distance and maybe rethink a few of these approaches, maybe eliminate some need for some of these things. But if we get stuck in recreating the old world on top of the new thing, it doesn't really benefit anyone if we did that for too long. >> Yeah, it's interesting 'cause you talk to the enterprise and only 20% of applications are in the cloud, and if you talk about, out of my entire portfolio, how many are really new Cloud Native applications? Its much smaller than that 20%. So we know it's the long pole in the tent of modernization, but you spend a lot of time talking to customers, you're traveling the world, what are some of the best things that you're seeing out here that are helping people adopt those new environments and not just stake a place in, as you said? >> Pragmatism and leadership, if I see those two things. If there is someone that can make a decision. I see Spinnaker, I see Jenkins, I see a thousand things, I see the options. Leadership is pick one. They roughly do the same exact thing. You get someone that knows what they're doing, hires someone, get some help, make it work. And then the pragmatism is just be honest about your velocity. You might only bring in the VMs, and then you go to containers. So, this all or nothing approach never worked. You know it doesn't work. So I think when you have those two fundamental things, then you see a lot of success. And it's not about the age of the enterprise, either. There are hundred-year-old companies are making it work because they have the leadership component, and they're very skeptical, so they approach the problem with pragmatism, so they actually get to production. Sometimes faster than the startups that are trying 7,000 things in more of a reckless fashion, the whole thing catches fire. So, those are the positive outcomes that, there's so many tools now. You have your traditional vendors now with skin in the game, giving you documentation. I think right now, if you've got those two components, you're on your path to success. >> Yeah, I guess last thing, I want to get your thoughts just on this community these days. A couple of the keynote speakers today really talked about project over company, and definitely the open-source ethos is front and center at our show here. Give us your viewpoint how the community's doing and any highlight you want to share. >> So I have one more thing on top of that hierarchy, is people over projects always. And then that means that the people should be able to say, "Hey, I am not wedded to this project forever. "There's going to be a time when we have to jump off, "there's going to be a time when we have to learn "from the other communities." And if you do that, then we can actually be on the straight path. If we put the projects too much front and center I think we start to miss the boat. Kubernetes, Kubernetes, and the rest of the world is moving on. And then we look up, we've missed it, and we actually didn't even get to contribute to the new thing. So I think the biggest part about this community is that hopefully we keep the thing going where we keep reminding people, it's people over these projects. And I think in my keynote, I was trying to address the idea that we're just kind of pacesetters. You come in, you contribute, all contributions are welcome, documentation, code, or leadership, and then sometimes you got to jump back out and allow someone else to come in and set the pace and let the ecosystem become the marathon and let it keep running. >> All right well, Kelsey, thank you so much for sharing with our community. I tell ya, I've had countless stories of people over the years that have talked about how they've reached out to you, you've helped them along the way, and I know everybody in this ecosystem really appreciates everything that you've helped to move this to where we are today. >> Awesome, thanks for having me. >> All right, for John Troyer, I'm Stu Miniman. Super dope coverage of KubeCon CloudNativeCon continues. We'll be right back, thanks for watching theCUBE. (electronic beats)

>>Live from Miami, Florida. It's the cube covering IBM's data and AI forum brought to you by IBM. >>Welcome back to downtown Miami. Everybody. We're here at the Intercontinental hotel covering the IBM data AI form hashtag data AI forum. My name is Dave Volante and you're watching the cube, the leader in live tech coverage. Ritika gunner is here. She's the vice president of data and AI expert labs and learning at IBM. Ritika, great to have you on. Again, always a pleasure to be here. Dave. I love interviewing you because you're a woman executive that said a lot of different roles at IBM. Um, you know, you've, we've talked about the AI ladder. You're climbing the IBM ladder and so it's, it's, it's, it's awesome to see and I love this topic. It's a topic that's near and dear to the cubes heart, not only women in tech, but women in AI. So great to have you. Thank you. So what's going on with the women in AI program? We're going to, we're going to cover that, but let me start with women in tech. It's an age old problem that we've talked about depending on, you know, what statistic you look at. 15% 17% of, uh, of, of, of the industry comprises women. We do a lot of events. You can see it. Um, let's start there. >>Well, obviously the diversity is not yet there, right? So we talk about women in technology, um, and we just don't have the representation that we need to be able to have. Now when it comes to like artificial intelligence, I think the statistic is 10 to 15% of the workforce today in AI is female. When you think about things like bias and ethicacy, having the diversity in terms of having male and female representation be equal is absolutely essential so that you're creating fair AI, unbiased AI, you're creating trust and transparency, set of capabilities that really have the diversity in backgrounds. >>Well, you work for a company that is as chairman and CEO, that's, that's a, that's a woman. I mean IBM generally, you know, we could see this stuff on the cube because IBM puts women on a, we get a lot of women customers that, that come on >>and not just because we're female, because we're capable. >>Yeah. Well of course. Right. It's just because you're in roles where you're spokespeople and it's natural for spokespeople to come on a forum like this. But, but I have to ask you, with somebody inside of IBM, a company that I could say the test to relative to most, that's pretty well. Do you feel that way or do you feel like even a company like IBM has a long way to go? >>Oh, um, I personally don't feel that way and I've never felt that to be an issue. And if you look at my peers, um, my um, lead for artificial intelligence, Beth Smith, who, you know, a female, a lot of my peers under Rob Thomas, all female. So I have not felt that way in terms of the leadership team that I have. Um, but there is a gap that exists, not necessarily within IBM, but in the community as a whole. And I think it goes back to you want to, you know, when you think about data science and artificial intelligence, you want to be able to see yourself in the community. And while there's only 10 to 15% of females in AI today, that's why IBM has created programs such as women AI that we started in June because we want strong female leaders to be able to see that there are, is great representation of very technical capable females in artificial intelligence that are doing amazing things to be able to transform their organizations and their business model. >>So tell me more about this program. I understand why you started it started in June. What does it entail and what's the evolution of this? >>So we started it in June and the idea was to be able to get some strong female leaders and multiple different organizations that are using AI to be able to change their companies and their business models and really highlight not just the journey that they took, but the types of transformations that they're doing and their organizations. We're going to have one of those events tonight as well, where we have leaders from Harley Davidson in Miami Dade County coming to really talk about not only what was their journey, but what actually brought them to artificial intelligence and what they're doing. And I think Dave, the reason that's so important is you want to be able to understand that those journeys are absolutely approachable. They're doable by any females that are out there. >>Talk about inherent bias. The humans are biased and if you're developing models that are using AI, there's going to be inherent bias in those models. So talk about how to address that and why is it important for more diversity to be injected into those models? >>Well, I think a great example is if you took the data sets that existed even a decade ago, um, for the past 50 years and you created a model that was to be able to predict whether to give loans to certain candidates or not, all things being equal, what would you find more males get these loans than females? The inherent data that exists has bias in it. Even from the history based on what we've had yet, that's not the way we want to be able to do things today. You want to be able to identify that bias and say all things being equal, it is absolutely important that regardless of whether you are a male or a female, you want to be able to give that loan to that person if they have all the other qualities that are there. And that's why being able to not only detect these things but have the diversity and the kinds of backgrounds of people who are building AI who are deploying this AI is absolutely critical. >>So for the past decade, and certainly in the past few years, there's been a light shined on this topic. I think, you know, we were at the Grace Hopper conference when Satya Nadella stuck his foot in his mouth and it said, Hey, it's bad karma for you know, if you feel like you're underpaid to go complain. And the women in the audience like, dude, no way. And he, he did the right thing. He goes, you know what, you're right. You know, any, any backtrack on that? And that was sort of another inflection point. But you talk about the women in, in AI program. I was at a CDO event one time. It was I and I, an IBM or had started the data divas breakfast and I asked, can I go? They go, yeah, you can be the day to dude. Um, which was, so you're seeing a lot of initiatives like this. My question is, are they having the impact that you would expect and that you want to have? >>I think they absolutely are. Again, I mean, I'll go back to, um, I'll give you a little bit of a story. Um, you know, people want to be able to relate and see that they can see themselves in these females leaders. And so we've seen cases now through our events, like at IBM we have a program called grow, which is really about helping our female lead female. Um, technical leaders really understand that they can grow, they can be nurtured, and they have development programs to help them accelerate where they need to be on their technical programs. We've absolutely seen a huge impact from that from a technology perspective. In terms of more females staying in technology wanting to go in the, in those career paths as another story. I'll, I'll give you kind of another kind of point of view. Um, Dave and that is like when you look at where it starts, it starts a lot earlier. >>So I have a young daughter who a year, year and a half ago when I was doing a lot of stuff with Watson, she would ask me, you know, not only what Watson's doing, but she would say, what does that mean for me mom? Like what's my job going to be? And if you think about the changes in technology and cultural shifts, technology and artificial intelligence is going to impact every job, every industry, every role that there is out there. So much so that I believe her job hasn't been invented yet. And so when you think about what's absolutely critical, not only today's youth, but every person out there needs to have a foundational understanding, not only in the three RS that you and I know from when we grew up have reading, writing and arithmetic, we need to have a foundational understanding of what it means to code. And you know, having people feel confident, having young females feel confident that they can not only do that, that they can be technical, that they can understand how artificial intelligence is really gonna impact society. And the world is absolutely critical. And so these types of programs that shed light on that, that help bridge that confidence is game changing. >>Well, you got kids, I >>got kids, I have daughters, you have daughter. Are they receptive to that? So, um, you know, I think they are, but they need to be able to see themselves. So the first time I sent my daughter to a coding camp, she came back and said, not for me mom. I said, why? Because she's like, all the boys, they're coding in their Minecraft area. Not something I can relate to. You need to be able to relate and see something, develop that passion, and then mix yourself in that diverse background where you can see the diversity of backgrounds. When you don't have that diversity and when you can't really see how to progress yourself, it becomes a blocker. So as she started going to grow star programs, which was something in Austin where young girls coded together, it became something that she's really passionate about and now she's Python programming. So that's just an example of yes, you need to be able to have these types of skills. It needs to start early and you need to have types of programs that help enhance that journey. >>Yeah, and I think you're right. I think that that is having an impact. My girls who code obviously as a some does some amazing work. My daughters aren't into it. I try to send them to coder camp too and they don't do it. But here's my theory on that is that coding is changing and, and especially with artificial intelligence and cognitive, we're a software replacing human skills. Creativity is going to become much, much more important. My daughters are way more creative than my sons. I shouldn't say that, but >>I think you just admitted that >>they, but, but in a way they are. I mean they've got amazing creativity, certainly more than I am. And so I see that as a key component of how coding gets done in the future, taking different perspectives and then actually codifying them. Your, your thoughts on that. >>Well there is an element of understanding like the outcomes that you want to generate and the outcomes really is all about technology. How can you imagine the art of the possible with technology? Because technology alone, we all know not useful enough. So understanding what you do with it, just as important. And this is why a lot of people who are really good in artificial intelligence actually come from backgrounds that are philosophy, sociology, economy. Because if you have the culture of curiosity and the ability to be able to learn, you can take the technology aspects, you can take those other aspects and blend them together. So understanding the problem to be solved and really marrying that with the technological aspects of what AI can do. That's how you get outcomes. >>And so we've, we've obviously talking in detail about women in AI and women in tech, but it's, there's data that shows that diversity drives value in so many different ways. And it's not just women, it's people of color, it's people of different economic backgrounds, >>underrepresented minorities. Absolutely. And I think the biggest thing that you can do in an organization is have teams that have that diverse background, whether it be from where they see the underrepresented, where they come from, because those differences in thought are the things that create new ideas that really innovate, that drive, those business transformations that drive the changes in the way that we do things. And so having that difference of opinion, having healthy ways to bring change and to have conflict, absolutely essential for progress to happen. >>So how did you get into the tech business? What was your background? >>So my background was actually, um, a lot in math and science. And both of my parents were engineers. And I have always had this unwavering, um, need to be able to marry business and the technology side and really figure out how you can create the art of the possible. So for me it was actually the creativity piece of it where you could create something from nothing that really drove me to computer science. >>Okay. So, so you're your math, uh, engineer and you ended up in CS, is that right? >>Science. Yeah. >>Okay. So you were coded. Did you ever work as a programmer? >>Absolutely. My, my first years at IBM were all about coding. Um, and so I've always had a career where I've coded and then I've gone to the field and done field work. I've come back and done development and development management, gone back to the field and kind of seen how that was actually working. So personally for me, being able to create and work with clients to understand how they drive value and having that back and forth has been a really delightful part. And the thing that drives me, >>you know, that's actually not an uncommon path for IBM. Ours, predominantly male IBM, or is in the 50 sixties and seventies and even eighties. Who took that path? They started out programming. Um, I just think, trying to think of some examples. I know Omar para, who was the CIO of Aetna international, he started out coding at IBM. Joe Tucci was a programmer at IBM. He became CEO of EMC. It was a very common path for people and you took the same path. That's kind of interesting. Why do you think, um, so many women who maybe maybe start in computer science and coding don't continue on that path? And what was it that sort of allowed you to break through that barrier? >>No, I'm not sure why most women don't stay with it. But for me, I think, um, you know, I, I think that every organization today is going to have to be technical in nature. I mean, just think about it for a moment. Technology impacts every part of every type of organization and the kinds of transformation that happens. So being more technical as leaders and really understanding the technology that allows the kinds of innovations and business for informations is absolutely essential to be able to see progress in a lot of what we're doing. So I think that even general CXOs that you see today have to be more technically acute to be able to do their jobs really well and marry those business outcomes with what it fundamentally means to have the right technology backbone. >>Do you think a woman in the white house would make a difference for young people? I mean, part of me says, yeah, of course it would. Then I say, okay, well some examples you can think about Margaret Thatcher in the UK, Angela Merkel, and in Germany it's still largely male dominated cultures, but I dunno, what do you think? Maybe maybe that in the United States would be sort of the, >>I'm not a political expert, so I wouldn't claim to answer that, but I do think more women in technology, leadership role, CXO leadership roles is absolutely what we need. So, you know, politics aside more women in leadership roles. Absolutely. >>Well, it's not politics is gender. I mean, I'm independent, Republican, Democrat, conservative, liberal, right? Absolutely. Oh yeah. Well, companies, politics. I mean you certainly see women leaders in a, in Congress and, and the like. Um, okay. Uh, last question. So you've got a program going on here. You have a, you have a panel that you're running. Tell us more about. >>Well this afternoon we'll be continuing that from women leaders in AI and we're going to do a panel with a few of our clients that really have transformed their organizations using data and artificial intelligence and they'll talk about like their backgrounds in history. So what does it actually mean to come from? One of, one of the panelists actually from Miami Dade has always come from a technical background and the other panelists really etched in from a non technical background because she had a passion for data and she had a passion for the technology systems. So we're going to go through, um, how these females actually came through to the journey, where they are right now, what they're actually doing with artificial intelligence in their organizations and what the future holds for them. >>I lied. I said, last question. What is, what is success for you? Cause I, I would love to help you achieve that. That objective isn't, is it some metric? Is it awareness? How do you know it when you see it? >>Well, I think it's a journey. Success is not an endpoint. And so for me, I think the biggest thing I've been able to do at IBM is really help organizations help businesses and people progress what they do with technology. There's nothing more gratifying than like when you can see other organizations and then what they can do, not just with your technology, but what you can bring in terms of expertise to make them successful, what you can do to help shape their culture and really transform. To me, that's probably the most gratifying thing. And as long as I can continue to do that and be able to get more acknowledgement of what it means to have the right diversity ingredients to do that, that success >>well Retika congratulations on your success. I mean, you've been an inspiration to a number of people. I remember when I first saw you, you were working in group and you're up on stage and say, wow, this person really knows her stuff. And then you've had a variety of different roles and I'm sure that success is going to continue. So thanks very much for coming on the cube. You're welcome. All right, keep it right there, buddy. We'll be back with our next guest right after this short break, we're here covering the IBM data in a AI form from Miami right back.

(upbeat music) >> Live from Las Vegas, it's theCUBE covering Informatica World 2019. Brought to you by Informatica. >> Welcome back everyone to theCUBE's live coverage of Informatica World 2019. I'm your host, Rebecca Knight, along with my co-host, John Furrier. We're joined by Steven Guggenheimer, he is the corporate vice president of AI and ISV engagement at Microsoft. Thank you so much for coming on theCUBE. >> Sure, thanks for having me. >> So one of the things that we're hearing so much at this conference is, "data needs AI but AI needs data." I'm wondering from your perspective, AI engagement, where do you come down on this? What are you hearing? what are your thoughts on that big theme? >> Um, well, data is the -- some people say the oil for AI, pick your terminology, but there is no AI without data. The reason that AI is such a hot topic right now is the combination of sort of compute storage and networking at scale, which means the access for developers and data scientists to work with large sets of data and then the actual data. If you don't have data you can't build models, if you can't build models, that's what is the definition of AI. So you need data. I always-- all the coaching I do is about sort of, BI before AI. If you can't actually get insight out of your data, let's not try to add intelligence. If you can't get insight out of your data, it means your data is not in a good-- your data state is not in order. So data first. >> A lot of architectural work is being done on data. I see a horizontally scalable cloud, gives a nice access to a lot of different you know, observational data sets. >> Yeah >> It used to be give the guy the silo, got the data, go get more data, slower. Now, data feeds the developer process because SaaS business models have been proven that data and SaaS work well together. So how do we get more-- what's the sequence of architecture to usability of data so that not only can you just have analytical systems, but where developers can start building their SaaS apps with data? >> Yeah, I mean we have this notion where we often talk about sort of, blades or feedback loops. There's sort of four or five things most companies do. You work with customers, you have employees, you have a supply chain or some type of partner chain, You run your finance and operations. So the question becomes, in each of those processes, there's data. Human-generated forms over data or pick your loop and now you getting tons and tons of data. The trick now is to make it reusable. Mostly what we've done for years, form over data, take the data, form over data. And what we do is we get all these different databases. We try and create some layer that brings it all together. We build cubes out of it to view and then we get this hopeless spaghetti. So the trick right now, we're working on something called Common Data Model, which others are well, or Common Data Service. Let's get the entities lined up from the very beginning. We've worked with Adobe and SAP on the Open Data Initiative. Let's start at the core, let's make the data layer reusable, We're you know, databases have become data warehouses have become data lakes. We're heading towards a data tidal wave, and if we don't get the data estate in order to run the line of business applications, to feed all of the things we do to use the ML and AI on top of it, we're going to drown in data and not get what we want out of it. So, architecturally I think about the Common Data Model and the Common Data Service both generically by industry, we build accelerators for that, getting the big organizations like the three I mentioned aligned around that, making it such that any, you know, organization can build from that and then building on top of that. For big companies you have to decide, what do I keep and what do I throw out? You know, what do I just give up on and start from fresh? What do I actually clean? Where do I use tools from Informatica or others to help me clean it, secure it? But you've got to put all that thought in. >> You know we were chatting before we came on camera about the internet days and the storied history that you had at Microsoft. And during the internet, search was the big application. And search on the internet actually worked really well because they didn't have a legacy. And the people that tried to crack the code on search inside an enterprise, much harder problem (Giggles). Because of the database things you mentioned. How does today's enterprise get the benefit of SaaS as if they were cloud-native SaaS with the data? So you know, the challenge we're hearing here is having a Common Data Model is all great, but I just want to be a SaaS player, I want to use my data to feed into my business value. How does a company move out of those legacy constraints? What do you see as-- >> Well there's different paths that different companies will take. I mean, the good news is that if you get your data in order to do what you said, then whether you build, buy or partner for the SaaS services, you can use that data underneath and you should be feeding it back in and making it such that it's sort of reusable and the pipeline is consistent. The truth is on all this, it's just going to end up infused anyway. When you used the internet, which is a funny analogy 'cause I remind people, you know, when the internet came out we had internet products, we had internet events, we had internet shows. We don't have any of that anymore. It's just woven into everything we do. AI is going to be the same. You have all this hype right now, you have AI shows, you have, you know, AI groups. The truth is, in 10, 15 years, AI it's just going to be woven into everything. The data is going to be set up for that. >> So what's the misconception on AI? 'Cause, first of all, I love the fact that AI is hyped up because my kids love it. Machine learning they learn because they hear about AI and they hear all this coolness. So machine learning goes hand-in-hand with AI, you feed machine learning, machine learning feeds the AI application. But a lot of people have aspirations around AI. Some of them are ungettable and so that's probably a misalignment around the hype. What's your feeling of where the reality is and what's the misconceptions, how should people approach AI? Any thoughts there. >> I think a lot about the AI journey, the first year we were having these AI conversations, we talked about AI for everybody, just go play. Now the conversation is, I call it pragmatic AI. Look, lets talk about, you know, how you want to think about AI, it's going to end up everywhere, so the question becomes, what's your differentiation as a company, and how is AI going to support it? Like any other new technology, in the beginning, people just want to play. Just because you can -- let's just say just you can build a virtual agent, doesn't mean every company should. So the question becomes, first off, BI before AI, get your data state in order. Second, in a build buy partner model, what's your differentiation as a company? Whether you want to use either your unique data or your unique skill sets to use AI against that differentiation to help you grow. Otherwise, like, expect somebody else to have infused AI into the products you buy, the SaaS services, you know, use that, then build whatever you want and then there's, you know, if you think you're going to build a new business based on your unique data or your unique AI capabilities, great, let's have that conversation, we need that too but rarely does that become the state. so, most of the conversations move from, you know, the hype to okay, let's get pragmatic which is why I always come back to data first 'cause if you not doing that, you're not setting up for the long run. Let's build for the long run, then let's just have a business conversation like, how do you differentiate yourself as a business? Okay, how is this tool going to help you? >> I want to ask about, uh about innovation, and particularly because Microsoft is a company that's now entering its middle age (giggling) and-- >> What does that say about me, oh no >> As one of famously innovative company, but how do you stay on the cutting edge? I mean, I'm wondering internally how you think about AI for Microsoft's business purposes. What are the conversations around AI? >> One of such is, core conversations around this notion of tech intensity you know, from where we focus on how we think about things we think about tech intensity against different areas, AI being one of those. Look, AI is really this interesting thing. I would say we're plumbers by trade, we build software plumbing for others. So, we do three things right, with AI. Basically, there's a layer growing on top of the core development stack, compute, storage, networking for AI. So we're building a layer, cognitive services, bot services, machine learning, set of tools for developers to infuse AI into things that they've built, so that's thing number one. Thing number two, is we infuse AI into our own products, into Windows, into Office, into Azure, into dynamics. You don't see it, we don't talk about it, we don't say Microsoft Windows Inking brought to you by Azure AI. It just works, but our inking works, our face login works, oh, you know, I can -- it's helping me write a better resume in LinkedIn, that's all AI behind the scenes. Now, the third thing you think about then is, "how do you actually use AI to run the business better"? So, how do you think about, AI assisting professionals, how do we think about the, how we do mocking better, How we forecasting sales, so AI is about plumbing, let's build a platform for others, let's use it ourselves on our own products, and then let's think about how you actually use it to run the company better. And that's how we think about it-- >> That's pragmatic >> Very pragmatic AI is kind of -- >> Yeah, that's how I think about it and we, you know, it's interesting 'cause back to the tech intensity point, we get together on an AI conversation, we searching with the senior leadership team about once every other week, and we're round robin between a research topic, the platform and one of the solutions. So it's, you're always getting constant feedback about is the platform doing what we need to build solutions? Is the research feeding the platform? So, you're getting this really nice feedback loop right now and that tech intensity. >> Quality data always has been a big part of the data modeling in the past, Cloud now allows for data marketplaces I've seen sharing of data as a dynamic, almost like sharing libraries of your developer back in the day, so data is now being merchandised in a new way. This is a trend, what's your thought on it? Because if this continues, you're going to have more data inputs, does that-- >> Err, there are places where data is aggregated and potentially can be re-used. We can -- Bing is an example, Google would be an example um, I know people who aggregate data for different industries, etcetera. It's not an easy business, the rules and rights around data, the GPR compliance, the rest of it. I think there's a deer there but you really have to be in the business for-- the trick you run into is, if you're going to be an aggregator, and then a reseller of data, where's that data coming from? What are the rights, what's the security? And then, are the people who are providing that data comfortable with their competitors getting the data? 'cause if you're really going to be a data provider marketplace, first person who's going to want on is the competitor, so, I think it's an interesting conversation, I think it's kind of growing and there's some real good work there, I don't think it's as-- >> not viable yet >> Easily to do it at scale, for as many people who think they have the data asset as believed they do. But that's Steve's view, that's not a Microsoft's statement. (laughing) >> good disclaimer >> Steve's view, so I want to hear Steve's view on the skills gap, this is a huge problem in the technology industry, as so few people to fill roles. How's Microsoft dealing-- what's your view-- >> my view is I'm glad I work at Microsoft, 'cause we spend a lot of energy on that, um, I wish there were a single solution, but we have Minecraft for education, starting with kids, how do you help, you know, Minecraft is this great tool that teachers use help kids get started, so that's a tool set we work on something called tills, which is uh, basically, our developers teach school kids remotely, junior, high school level, you know, coding. Um, we have made investments against this, we have online training, you know, we work with universities. I don't know the perfect answer, um, but I do know we invest and we work with Hadi Partovi and his group on code.org, I mean any place that there is work going on, we work with the military for people coming out of the military service. So we're heavily invested. I'm hopeful that the ease of use of some of the tools and just from a job area, it drives people but I don't know the perfect answer. Steve's view is I don't know the answer, I do know we try every trick in the book-- >> Multipronged attack >> I'm a parent of two kids, like I have my daughter, you know, working on more on the tech side and you know, it's hard to keep kids on a track for that-- >> There's no degree yet, but we had a first degree this year, graduated from the school but there's kind of like a skills portfolio of different things depending on the make-up I mean, domain expertise is critical, if you don't know what you're tryna do, that's -- >> I think we got a mix, because what you're starting to see is, the tools for subject matter experts, are getting better, we have something called the power platfrom, which allows people who aren't necessarily coders by trade, but want to be able to build, you know, sort of apps or services to be able to do that more easily and mix their subject matter expertise. And you see many more people come out of any program, take biology, with sort of computer knowledge to a decent level. AI and ML research, different area, hard skills gap right there >> Steve, great insights, thanks for spending some time with us, great insights on the skills gap and just overall >> thanks for coming on theCUBE >> We didn't talk about rugby, but okay, fine. Thanks, next time >> next time >> You're one of those ballsmen >> we'd track you down >> The ballsmen can throw >> Exactly, shout out to them >> There we go, >> thank you >> Ah, you are watching theCUBE we'd come right back with more from Informatica World I'm Rebecca Knight for John Furrier, stay tuned (upbeat music)

(loud upbeat music) >> Narrator: Live from Boston, Massachusetts. It's the Cube. Covering Red Hat Summit 2019. Brought to you by Red Hat >> Well good morning and welcome to day two of Red Hat Summit 2019. We're in Boston. Beautiful Boston, Mass. again. Second day of just gorgeous sunshine as I'm looking outside but we're inside the Boston Convention and Exposition Center BCEC. Stu Miniman John Walls here on the Cube. Stu good morning to ya. >> Good good morning John. Yeah lovely spring day here in Boston. >> John: Yeah >> Crowd's all excited. >> John: Yes >> Lots of things to geek out on. >> John: Let's go back uh lets go back to last night for the sake of it if you don't mind. We just got done with keynotes this morning We'll touch on that in a second. Last night though, what an array of of CEO keynote you might as well call it. We have IBM. we have Microsoft. We have Red Hat. We have you know the boss of each. And first lets lets just jump in first with IBM Ginni Rometty on the stage last night. And settling maybe a few concerns with some of her comments. I don't have a death wish. Independent. All that. So that your she said all of the good things >> Look first of all, love the tone. It's we hear what your saying and we're kind of laughing with you. You know when they joked and said You know IBM's been working for a long time on Linux. You know we spent a billion dollars that was you know big dollar uh dollar Jim Whitter was like 34 billion dollars is a really big number too. Everybody laughed >> Right >> You know the the commentary notes and joking is look we want this to succeed. We're spending 34 billion dollars on Red Hat. We don't have a death with for it you know. We're not trying to kill it. And what she said specifically and they've said it before but it bears repeating you know more often is Red Hat will stay separate. They're not going to "blue wash" the company which is the term for when they normally integrate and take over. They're going to stay separate. The brand is going to stay separate. That's why they didn't stop something like the new rebranding you know uh you know new new >> Logo >> Hat same soul >> Right right >> You know same hat but new logo same soul All of those things are in place you know and when I talk to lots of people in Red Hat they expect that you know day after this closes they'll be doing the same job. They understand that you know things like IBM's scale should be able to enable them and there will be more collaberation there but you know they're under the umbrella but you know are managed separately. Uh and that's something what the other thing Ginni pointed out which I thought was important that she say it and that is something we're all be watching is the culture that they have built is super super important. She said Red Hat's built a wonderful company and maybe more importantly culture and Jim goes Oh and our eco system you know don't forget our eco system She's like of course but that culture should actually slowly infuse into IBM not the reverse. We don't want you know IBM look great culture, great innovations, strong history but IBM is not looking to take IBM's culture and put it on Red Hat. They want to learn from you know the younger you know you know company and you know moving and growing fast So help accelerate. Work together and you know absolutely important and as Jim said on stage you know pretty impressive here at the Red Hat show you start out with the CEO of IBM you end with the CEO of microsoft. Those are two pretty impressive tech companies >> John: Sure >> With your CEOs coming to talk to this community. >> Yeah tell me about on the culture standpoint though you you do have some very definite differences right just in terms of history you know IBM been around forever Red Hat new kid on the block relatively speaking. How hard do you think it really will be? I mean you've been around this space for a long time that's there just that I think an institutional resistance that is is almost inevitable >> Stu: Yeah >> You have (groan) it's gonna take a lot of open mindedness and bending on the IBM side. >> Look yes and no because look Red Hat has facilities. If they're not living in the same place as if they're you know the the tower down Raleigh where Red Hat is if that stays Red Hat people and they stay separate sure they might have some calls where they collaberate but its a you know Conway's law I like to go to is the way software is designed matches the organizational structure. If the organizational structure gets mixed between them, >> Mmhmm >> Expect that IBM culture just 'cause the size of it you know will likely overpower and it's really easy for it to leak that way. Going the other way you know Red Hat's got you know about twelve thirteen thousand employees you know IBM's got well over a hundred thousand employees. So can Red Hat inflitrate it? In pieces and places and start doing it, sure. But it would be very easy for IBM just to total have a blue wave wash over and make Red Hat lose you know what makes them so special and they are special in this industry. But one of the things that I actually really loved in the keynote we'll talk to is some of that what they called their innovation labs what they helped teach some of that culture to some pretty impressive companies and help them along that technical journey to you know not just do the technology but the cultural changes so that you know they can live in that multi cloud world. They can live you know work with the open source even more. >> I think we got the impression or at least I did you know listening to Ginni too there's a recognition there that we being IBM you know we need them. We need you know we we have we're at a somewhat of a competitive disadvantage right now. This gets us in the game on a whole new level. So I'm I'm would imagine that message is being communicated throughout the ranks at IBM. You know there's a reason why we're spending this kind of money and making this kind of a commitment because their ways worked. And it's in a space that we have to be more present >> Hey look I'm excited. Our first two guests of the day we've got Jim Whitehearst the CEO of Red Hat and then we've got Arvind Krishna who is you know the SVP of cloud and heavily involved in that decision to move IBM to do the acquisition and talking about that hybrid multi cloud world. We will dig in there because that you know is the product space it's the area where Red Hat and IBM intersect the most. Because you know I don't expect that IBM is going to mess up you know rhel >> John: right >> you know from a core linux standpoint they've been partnered for a decade on this. It's not competitive with what IBM does. They we you know IBM does not have a huge team doing it but some of the other spaces some of the tooling some of the you know orchestration and that multi cloud world is an area that IBM has a lot of bodies and a lot of resources and we'll see. But you know an area they want to have help is you know IBM absolutely needs to partner in the multi cloud world with more of the cloud environments so maybe we can talk a little bit about Microsoft. >> Yeah lets go Microsoft here um you know again um kind of a nice kumbaya moment last night where there's a handshaking backslapping five years ago they they both readily admitted it. We're talking about you know Satya Nadella and uh Jim Whitehearst last night wouldn've been like that! We weren't on the best of terms not too long ago and to think that we'd be sharing a stage and not only talking about working together but being partners and truly partners um many people would have imagined that to be just totally unfathomable but it happened. We saw it last night! >> Yeah so um and there's a lot more not just to Sataya being here but the relationship uh that I've been learning more about-walking the show floor, talking to some of the people, uh reading some of the articles online there so you know you know big announcement they talked about is open shift on Azure and that you know fully managed you know common operating platform, across the clouds, manage it yourself, consume it as a service, um you know deep integration there uh between Azure and Open Shift. So uh as I mentioned yesterday in our open Red Hat's working with all the clouds you know talk to them at Google at this show two years ago they announced the AWS piece uh but more than that even is you know some of the applications you know where is microsoft doing great? They have business productivity applications so sequel on rhel is something that you know fully supported and is something that you know Red Hat's been seeing a lot of growth there. And it's something that you know you think Microsoft usually you think Windows and today in the technology world you know Satya's goal is when you think Microsoft he wants you thinking you know Azure and AI and not that they don't have a strong Windows business or that it's not going uh you know not going away. See things like in the demo this morning their like oh hey you want to you know manage your all your linux environments and logins? Oh they pulled up a windows desktop. I mean you know it's it's I think it's it's interesting to see that Linux. It's like oh my gosh that's blasphemy. How dare you you know pull up you know a windows gooey and you see like minecraft and all these other stuff there. It's like that's that's not what a linux used to using. >> John: Right right >> But I can go to those environments so that blending of worlds uh is is what we see and uh yeah you know Microsoft and Red Hat uh living together uh you know in a lot of these customer environments is uh impressive. And I heard Satya spending a bunch of time with customers here. He didn't just fly in and do the keynote and then you know out on the jet off to his next environment You know working with the customers. Strong commitment uh to the partnership and as Satya said inter operate and commit to open source which if you haven't been watching the last five years has been a big push of Microsoft uh and uh is not the Microsoft that we grew up off of you know in the '90s and like um with proprietary software, proprietary operating systems, um committing to all of these environments. >> Yeah I mean so lets follow up a little bit on on the commitment angle or you know that discussion because I think you raised an interesting point that this was just not a fly by. It wasn't just a dropping kind of thing. This was a apparently from what you're uh sources have been telling you a very much more committed uh direction for the company for Microsoft we're talking about here. That's a strong statement. That this is not just for show. That our commitment is going to be the long term success. >> Yeah Yeah um you know we go to a lot of shows and when I've been at a lot of the open source shows especially uh really in the container and Kuraneti's space so we've got the Cube two weeks from now in uh Barcelona for the Cube con and Cloud native Con. Uh.. Microsoft and Red Hat are both really big players in that environment and it's not you know shooting arrows and throwing stones. It's everybody's committing to the growth of these environments and the reality for customers is going to be multi cloud. Uh you know Paul Cormier this morning said you know hybrid is the direction. I'm like well no no, it is where they are today. I think what he means to say is if you look in the future, it's not going away. It's not what a few years ago it was the public cloud was the enemy to some and it's taking over and beware. It's well no the reality is is customer's using a ton of SAS. Microsoft to their credit pushed a ton of customers into that environment. They moved Office 365. Wasn't a oh hey it'd be nice if you do it, it's like you were being pushed by you know into this environment and if Micrsoft is pushing you that way and you know I was used to you know getting my discs and downloading things and doing that. Well this is the new world. It's you know SAS first, public cloud, absolutely an environment. We have Azure you know strong growth you know really strong growth. Uh you know for for many years. Um and the data centers, so you're going to have all of these environments and to manage them and make multi cloud better than its parts? Uh... The partnerships need to be deeper than they were in the past. We can't have the old world of saying oh yeah we've signed some cooperative support agreement but if something goes wrong, we're all going to be pointing fingers as to who's fault it is. The customer doesn't care. They need to run their business. >> John: Right >> Uh you know it needs to be able to go. My data and my applications are the lifeblood of my business so partnerships like Microsoft and Red Hat just make all the sense in the world today. >> Yeah we saw some uh some demos today of uh well I saw Open Shift 4 on the stage. Uh you talked about what uh Microsoft and opening up in Windows and all. Um but pretty impressive in terms of upgrading capabilities and automation capabilities just in general that's kinda what the the impression that I left with was. It's pretty cool. This is pretty good. You're allowing a lot of jobs to be done simultaneously without interference without concerns where as you know a year or two back you couldn't have these dual operations going on because you're too worried about interfering or disrupting instead. You're giving great confidence to the application side and to the dev side. So like Dev Ops is you know you're uh taking a lot of the worry out of the equation. >> Yeah it's really interesting time 'cause I you know there are many of the solutions that will just really abstract away or manage away anything that I need to worry about. I just wanna consume it as a service. It's really simple um. I might just have something that I'll you know automatically does most of the stuff for me and I don't need get underneath but still a lot of these demos its okay here's my terminal and you know let me run through these environments uh and I want to have visibility. So um we're in a little bit of a transition period here as the you know where we are. You know what my teams, what the skill set they need to have, how much depth they need to be able to do um because you know these sins of IT in the past was you know how much am I reinventing the wheel or doing undifferentiated heavy lifting where the vendors of the platforms could really make this easier so that what I need to do as the IT is respond to the needs of the business. I need to be agile. I need to be flexible and if I need to you know build this you know build the temple every time they need something uh I'm not going to be able to be fast enough >> John: Right >> And so I need to be at cloud speed. Uh I need to you know be able to you know respond when uh the business says I need something or I need to make a change. It is uh no longer acceptable to say months or years. It's it's now usually measured you know days or weeks if not in certain things are like no no instantly >> Like now. >> You need to now (john laughs) >> Exactly. >> Ready for a big day? >> Stu: Yeah absolutely. >> All right Jim Whitehearst coming up in just a little bit, a moment or two, but we'll continue our coverage here live from Boston. We're at Red Hat Summit 2019 and you are watching the Cube (loud upbeat music) (music fades away)

>> [Announcer] Live from Los Angeles, it's theCUBE! Covering E3, 2018. Brought to you by SiliconANGLE Media. >> Hey, welcome back everybody. Jeff right here at theCUBE. We're at the L.A. Convention Center in E3. It's our first time coming to this convention. It's 68,000 people and every single hall and outside, inside hotels. It's pretty crazy--pretty crazy scene. We're happy to be here. Well, we've got our next guest. She's been coming for a while. It's Katie Stone Perez. She's the director of Mixer Interactive. From Mixer, Katie, great to see you. >> Thanks so much for having me! >> Absolutely. So before we jump into it, I'd love to get your perspective. You've been in this industry for-- >> 17 years. >> 17 years. I wasn't going to say that. I was going to say close to two decades. >> (Laughing) >> So as you've been in and watched this thing develop, what are your impressions today in 2018 and how it's transformed?-- >> Of the show? You know, the whole game industry has so fundamentally transformed over the last 17 years, right? I mean, at that point in time, we didn't even have services like Xbox Live where people were connecting and playing online together. Everything was really sold as a disc-based media. So you walked into a store to purchase your disk. Now we have so many digital purchases happening online. We had no player data. We had no way to actually know how far in the game our players were getting and all of this kind of stuff-- >> [Jeff] That's right. You just shipped the disc out, right? You didn't know. >> And now we have all of this telemetry, right? We have all of these experiences. You have the, you know, free-to-play has made a huge rise. We have mobile, right? Mobile gaming within the space. So the show has so transformed both from the people who are playing within the space, the technologies that people are using, and the growth. I mean, we can also just see-- years ago, it was really much more about a trade show so that the big people who are going to buy the disc can actually come to E3-- >> [Jeff] Right, right. >> Check out our games and place their disc orders. And now it's really much more of a consumer phenomenon as well. >> [Jeff] So I'm curious, we covered a ton of tech shows. Just I've been here before and data and the use of data is a huge part of the digital transformation story. >> Yeah. >> So I'm curious from your point of view from a game developer point of view, how did that change? Because you guys are a little bit ahead of the curve in getting the usage data, getting the tracking data. How did that impact the industry in the way you developed and shipped games? >> It's phenomenal. You know, all of a sudden, you can start to understand who your players are and so if you're gonna do an upsell offer, you know, you can understand, like, "Oh, this person has actually already purchased this type of material." So I'm gonna give him this type of upsell vs this type of upsell. Or, You know, "I see all of my players are really struggling on level three and no one is making it through. What's wrong with level three?" Let's look at changing that up a bit. >> [Jeff] Right. >> So data has actually really informed us in so many ways to re-look at our basic gameplay loops. Our retention mechanics and all of that kind of stuff and, you know, most game companies now have teams of data analysts who are just specifically focusing on those KPIs and just analyzing the data and learning. >> [Jeff] Right. >> But with that too, we've also then had to get more agile in our development and publishing processes because, you know, when you ship a disc and you just let it go, you can get data but then what are you gonna do about it, right? >> [Jeff] Right, right. >> Your next sequel is a couple of years out and so now, too, with the ability to push updates over the air and all of this kind of stuff, It changes it so we can actually take that information, have an immediate impact, and sometimes you can get that data within one or two days. Actually have an impact, you know? >> [Jeff] Right. >> So I actually work on mixer which is a game broadcasting platform so we have a live service. So we can just constantly update and make these changes. >> [Jeff] I'm gonna ask you a philosophical question that I'm always thinking about. In terms of difficulty and the right amount of difficulty, and just kind of generically but engage specifically-- >> Right. >> You want to be difficult enough so people feel challenged and want to continue the journey. >> Yeah. >> But obviously you can't make it so difficult that they just couldn't get through. So I just wondered if you had some-- >> Yeah! >> If there's some best practice or philosophy about what's the right level to the degree of difficulty? >> Yeah, you know funny enough, I gave a talk at GDC in, like, 2005 and it was called Let Me Win and so my background is actually in psychology and it was really as someone who has a psychology background who loves to play games. My issues of playing through so many games in our media because we're a very defeatist mentality. If you think about it, we started as an industry as this coin-op industry where we had to kill you off because we needed you to put another quarter in the machine. But now we carry that trope with us even though we have people put 60 quarters-- $60 worth of quarters in the machine in advance >> [Jeff] Right, right. >> But we're still killing you off in the same way. And so it's kind of crazy to me. And so we really as an industry, I do think, need to think about that more. Now there's certain games like Cuphead is one of my favorite games but it's really brutally hard but that was very much the intention, you know? >> [Jeff] Right. >> These dark souls and the cupheads in those games. Their genre is that they are super hard-- >> [Jeff] Right. >> So people kind of know that going into them. But I do think across our broader audience, we need to think about how we're being more inclusive in our design And that's everything from, you know, still giving people that harder experience but also an educational principal called scaffolding. So, you know, just like when you're teaching a kid to do something, you're not gonna say "Okay, do this and this and this and this and this." Because that's not fun. >> [Jeff] Right, right. >> So instead, if you can be, like, "Here's what the goal is. Here's your tools." And then within the game, we want to help do that. Now with data, actually, we can help scaffold better. Cause we can actually see "Oh, these players didn't do this" Or "This age group of players didn't do this." Or "This type of thing didn't do this." So we can actually use that to inform our decisions and actually do better scaffolding within the game. >> [Jeff] Okay, so before we get to mixer and streaming which is like the latest thing, I want to get to this middle step which was the Cloud. And really opening up the ability to do multi-player games, opening up the ability to go from just that consul out into the universe and play lots of other people. Again, how did that really transform the way you guys thought about designing and delivering games? >> I mean, fundamentally, you know, Xbox Live was a apart of our program. Very early on, Live came into the Xbox business and I think it was actually great because we had that as a Microsoft asset and strength that we can bring over that type of infrastructure. And we've seen it really just connect and bring people together in form community, right? And it's so much fun. There's some element that you get when you're sitting next to someone and playing but not everyone in the world has someone sitting next to them. >> [Jeff] Right. >> So we're doing that over Live by bringing people together and through different platforms and services like Mixer as well where we can bring these communities together. >> [Jeff] Right. >> So it's really, I really think about creating that essence of community. It just makes everything more fun. >> [Jeff] Right. So now we're in 2018 and actually, it's been going on for a little while which is a whole different level of community and that's streaming where someone's playing a game for those that aren't familiar and other people are invited to participate with them. >> Yeah. >> Again, another huge shift in the way that people interacting with the game. And more importantly, kind of the social aspects around their playing with the game. >> Yeah and that's what's so cool. So in traditional game streaming platforms too, there's quite a bit of latency so what the gamer-- the streamer's actually doing at the time, you know, by the time the viewers end up seeing it on a platform, and then, you know, they can comment on it and then the streamer kind of sees it. There's a lot of latency there. So Mixer was actually created by two young kids who actually were huge in the Minecraft community. They had already created a million dollar business actually hosting Minecraft servers and they had all these streamer friends that were Minecraft streamers and they were talking about how frustrating it was because they were streaming and people were like "Put the block over here, put the block over there." But by the time they saw that feedback from their fans, they had already moved on. They had already done something different. So Mixer created low latency streaming. So what we called our faster-than-light technology where we have sub-second latency. So exactly what's happening in the game, that's what people on Mixer are seeing. And then they can comment and the streamer immediately sees those comments and that then paved the way for this richer conversation. And from there, we had interactivity come about. So we have all of our new Mixplay experiences where people can actually come on to Mixer and not just watch. Now they are playing themselves. So you can actually be playing one of our games like Next Up Hero and I can actually choose to help heal you or I can choose to help throw in enemies. Then you'll see my gamer text "Sweets" go right across the screen, right? You can actually see as a gamer who's then broadcasting, you can see what I'm doing on Mixer and how that's having an impact within your game. >> Didn't the streamer kind of like the latency so that they had time to kind of split their attention between playing the game and interacting with the community? >> No because it's all->> streamers for them, It's all about community. Now there are certain competitive sports events and things like that that we do within the e-sports space, and so there might be certain instances in which you don't want to have low latency engaged. But for the most part, streamers want to be having that conversation and are faster- >> than-light technology on Mixer really enables that for them. >> [Jeff] Right. And it just seems like it's almost gonna come full circle so if I'm engaging with the streamer and I'm participating in the game to some degree, at some point, do I just step in and we're playing the game together? >> Yeah. I mean, really now, you can play on Mixer. That's really what we're talking about with our new Mixplay experiences. So we even have games that are playable only on Mixers so these games aren't even-- we were talking about distribution, right? These games aren't even shipping. There's no disc. They're not even shipping on any of these other platforms. They're playable only on Mixer and so you can actually go to mixer.com today and check out several of these game experiences and you can actually look for Mixplay experiences. We have filters and so you can actually find all of that content. >> [Jeff] Alright. So to get your perspective before we let you->> you've been at this for a while. So as storage and compute and networking, it gets infinite in scale and asymptotically approaches zero in cost. As you look forward, where do you see leveraging some of this new horsepower? >> Well, I think again, you know, Microsoft actually just had this amazing acquisition of PlayFab technology and I love seeing what they're doing within this space and bringing that into our portfolio of content as well. Because again, it's about having this data and being able to really respond and change your game instantly to really make sure that you're doing the best things for your business. And so it really just makes developers be informed and be able to be much more agile in their approach. And it's also democratizing that opportunity. Previously years ago, to get some of these insights, you would have had to be one of the largest game companies on the planet. And now with the democratization of these different game engines, and then then the democratization of this type of tooling and online services that are available, with things like Azure and things like PlayFab, it really creates an amazing opportunity for all developers everywhere. >> [Jeff] And to me, the democratization, the thing where you're over and over-- >> Yeah. >> More of data, more of the tools, and more of the ability to do something about it is distributed to a broader audience. Alright Katie, well thank you for-- >> We get more voices with that, right? >> Right, right. >> You get a much broader set of content that ends up like the content that you see here today is much more diverse and much broader. You know, we still have a long way to go as an industry but it's very different than my first E3 17 years ago. >> [Jeff] 17 years ago. Alright Katie, well thanks for taking-- >> Thank you! >> a few minutes out of your day and congrats on all the success. >> Thanks! >> Alright, this is Katie and I'm Jeff. You're watch theCUBE from E3, L.A. Convention Center. Thanks for watching. (upbeat, techno music)

(upbeat electronic music) >> Announcer: Live from San Francisco, it's theCUBE. Covering Red Hat Summit 2018. Brought to you by Red Hat. >> Hey, welcome back, everyone. This is theCUBE, we're live in San Francisco, California, here at Moscone West, Red Hat Summit 2018. I'm John Furrier, the co-host of theCUBE. We've got three great guests, exciting segment. Really looking at the future of computer programming, the youth in our generation, the young minds, and the award winners here at Red Hat Summit. Our three guests are Leigh Day, Vice Present of Marketing and Communications at Red Hat. Ellie Galloway with Jewelbots, and Sara Chipps, CTO at Jewelbots Thanks for spending the time and coming on. I really appreciate it. Love this story because I always, as a computer person, I always love getting nerdy, but now nerd is the new cool. So starting young and coding is not just for guys anymore, it's for everybody. So congratulations on your success. Take a minute to explain what's happened here, because the folks watching don't know what happened yesterday. You guys were featured at part of Open Source Stars. Leigh, talk about the story. >> So about three years ago, the Red Hat Marketing Communications Group decided that they needed a passion project, something that would make them feel more energized about coming to work and not just selling products, but telling genuine stories about people. We started our Open Source Stories films series, and that has turned into Open Source Stories Live as well. So yesterday we brought awesome stories, like Jewelbots to our stage to tell the story of children and others getting involved in coding. And Ellie and Femmie on our stage, talking about how people should code for good and we really love that message and applaud that. >> And coding is so social because it's fun. So talk about Jewelbots and what's happening here? So how did this get started? And then I'll go into some specific questions for the young future star here. (laughter) Sara, how did it all get started? >> Yeah, so Jewelbots got started out of a desire to make a product for young girls, to get them excited about coding. So we talked to about 200 girls and we asked them what was interesting to them, and over and over from them we heard that their friendships are really important to them. And so when we were talking to them about a bracelet that lights up when your friends are nearby and you can use it to send secret messages, they got really excited. And so that's what we built and we made it open source so they would code it as well. >> How did it all get started? What was the motivation, what motivated you to take on this project? >> Good question. So I've been a software developer for seventeen years, I was five years into my career before I worked with another woman and it was another five years after that, before I worked with another one. So I really, you know, I love this career and I wanted to figure out a way to get more women excited about doing it. So, talking to my male peers, I heard from them that they started about middle school age, and so I wanted to find something for girls that would also inspire them in that way. >> That's awesome, thank you so much for doing that. I love the story, it's super important. Now, how did you get involved? You just loved programming? You wake up one day and say, hey, I love programming? How did you get involved? >> Well first, me and my dad, my dad works for Microsoft, he helped me code a game in Unity and so I love coding games so much that later he showed me Minecraft min code. And so I got involved in that, by then I kind of knew how to code and everything, so I only asked my dad for help if I absolutely needed it. And then, since my dad new Sara Chipps from Microsoft, he showed me Jewelbot one day when I got home from school and I've been on my own programming since then. >> John: You having fun? >> I am. >> What's the favorite thing about coding that you like? >> I love solving problems, and so solving problems is probably my favorite part in coding. I solve a lot of problems and inventions, tiny ones and just kind of figuring things out. >> Did you get all your friends involved? Did you spread it around to your friend group? >> I am getting some friends involved. In my YouTube channel I have someone I shared Jewel a lot with and showed how to code, and yeah. And at school, at my next school, I am going to create a Jewelbots club, and I'm hoping I can get a lot of people to join. >> So is it fun, is Jewelbot fun? I mean, how does it work, how does he Jewelbot work? So I wear a bracelet and then it lights up? So how does the code work? Is it an io sensor in the front end? How does it work? >> It works by Bluetooth. Do you mean friendship coding mode, or? >> Friendship coding mode. >> Okay, friendship coding mode. Yeah, you use Bluetooth for friendship coding mode. You pair Jewelbots together and it's pretty simple. You don't need a program, you can start right away without any program and it already has a default on it, so yeah. >> Do you have an agreement with Snapchat yet? Because that would be a great geofence feature, if I had like a Jewelbot with Snapchat integration. >> You can communicate by vibrates but there's not a Snapchat picture. >> Not yet, we'll make sure that we get that back and I'll get my daughter involved to jump in. How about the community aspect? I love the story, because what it does, it makes it fun. You don't want coding to be like eating spinach or, you know, taking out the trash or sweeping, you know, the floor up, you want to make it fun. Kids want to make it fun and gaming is key. When did it start clicking with you, Sara? You know, when did it start getting momentum? >> Yeah, well I think one thing that we realized, is that coding doesn't have to be a lonely activity, it doesn't have to be just one person sitting in a basement coding, it could be really anyone, and it's such a social thing, you know? All coders are self-taught and we all learn from each other, so having the ability to have a community that you can reach out to that are excited to help you and that kind of thing was a really important part of what we were building. >> So you guys were on stage... So tell about what happened here, 'cause folks didn't get to see and they can see it online after on a replay, you guys are out on stage, did you do like a demo? Tell us what happened on stage. >> We had a whole afternoon session that was focused on showcasing collaboration, young people coding, STEM. We had a group from our co-op, alumni come to the stage and talk about their experiences with Co.Lab, programming Raspberry Pis to take pictures. These are middle school girls, we've done programs with them all over the east coast. Then we had our CMO talk about his open-source experience. We had Women Open Source Awards, and then Sara and Ellie came out and told the audience about Jewelbots and it was just an opportunity to shine a light on their awesome project and to showcase young women doing great things. And showing women that they should have the confidence to code alongside men. >> Yeah, great program, how does someone get involved? How can someone get involved with Red Hat's Open Stories and your communities with Jewelbots. What can you guys share? Is there locations or a web app? Is there something you can get involved in? How does someone get involved? >> Well, Red Hat, we have seven Open Source Stories films, that people can go online and watch. But then yet, there's 90 of them for an open-source story, OpenSourceStories@RedHat.com is a way to contribute to that. But we're always thinking about new ideas, taking contributions and love to hear about these stories. >> Sara, how do I get involved in the Jewelbots? For anyone else watching who might be inspired by this awesomeness you guys have going on here. Great practice, I love how you're doing this. How do they get involved with what you're doing? >> So, if you have young girls in your life Jewelbots.com, Amazon.com, Target.com is all where you can get Jewelbots. If you don't and you know some people that do, a lot of people have started hosting events around Jewelbots, so if people in your office might have daughters and they might be interested in something like that, that's something that we help people do, as well. >> That's great. Ellie, what's your thoughts on all this? This celebrity status you have? Your YouTube followers are going to go through the roof now. >> Yeah, since yesterday I've had over 75 new followers. >> John: Wow. >> So yeah, it's amazing. >> Can she say the name of her YouTube channel? >> Of course. >> EllieGJewelbots. >> EllieGJewelbots, we're going to promote it, make sure it's on the screen, guys, great program. I'm so excited for you, that's amazing, don't stop. It gets better, more fun every time. When you build cool stuff it's magical. And tell all your friends. Great stuff, thanks so much for doing this. Great program, thanks for coming on. >> Thanks for having us. >> Thanks for having us. It's theCUBE, live here. A really inspirational inspirational moment here, getting everyone started at the young age really kind of opens the aperture of all people, all diversity, inclusion and diversity, really critical part of the community paying it forward. Of course, theCUBE's doing our part here, be back with more live coverage after this short break. (upbeat electronic music)

[Music] and y'all know that these [Music] ladies and gentlemen please take your seats and silence your cellphone's our program will begin shortly ladies and gentlemen please welcome Red Hat executive vice president and chief people officer dallisa Alexander an executive vice president and chief marketing officer Tim Layton [Music] hi everyone we're so excited to kick off this afternoon day 2 at the Red Hat summit we've got a stage full of stories about people making amazing contributions with open source well you know dallisa you and I both been coming to this event for a long long time so what keeps you coming back well you know the summit started as a tech conference an amazing tech conference but now it's expanded to be so much more this year I'm really thrilled that we're able to showcase the power of open source going way beyond the data center and beyond the cloud and I'm here also on a secret mission oh yes I'm here to make sure you don't make too many bad dad jokes so there's no such thing as a bad dad they're just dad jokes are supposed to be bad but I promise to keep it to my limit but I do have one okay I may appeal to the geeks in the audience okay so what do you call a serving tray full of empty beer cans yeah we container platform well that is your one just the one that's what I only got a budget of one all right well you know I have to say though in all seriousness I'm with you yeah I've been coming to the summit since its first one and I always love to hear what new directions people are scoring what ideas they're pursuing and the perspectives they bring and this afternoon for example you're gonna hear a host of different perspectives from a lot of voices you wouldn't often see on a technology mainstage in our industry and it's all part of our open source series live and I have to say there's been a lot of good buzz about this session all week and I'm truly honored and inspired to be able to introduce them all later this afternoon I can tell you over the course the last few weeks I've spent time with all of them and every single one of them is brilliant they're an innovator they're fearless and they will restore your faith in the next generation you know I can't wait to see all these stories all of that and we've got some special guests that are surprised in store for us you know one of the things that I love about the people that are coming on the stage today with us is that so many of them teach others how to code and they're also bringing more people that are very different in to our open-source communities helping our community is more innovative and impactful and speaking of innovative and impactful that's the purpose of our open brand project right that's right we're actually in the process of exploring a refresh of our mark and we'd really like your help as well because we're doing this all in the open we've we've been doing it already in the open and so please join us in our feedback zone booth at the summit to tell us what you think now it's probably obvious but I'm big into Red Hat swag I've got the shirt I've got my pen I've got the socks so this is really important to me personally especially that when my 15 year old daughter sees me in my full regalia she calls me adorable okay that joke was fed horrible as you're done it wasn't it wasn't like I got way more well Tim thanks for helping us at this stage for today it's time to get started with our first guest all right I'll be back soon thank you the people I'm about to bring on the stage are making outstanding contributions to open source in new and brave ways they are the winners of the 2018 women and open source Awards the women in open source awards was created to highlight the contributions that women are making to open source and to inspire new generations to join the movement our judges narrowed down the panel a very long list just ten finalists and then the community selected our two winners that were honoring today let's learn a little bit more about them [Music] a lot of people assume because of my work that I must be a programmer engineer when in fact I specifically chose and communications paths for my career but what's fascinating to me is I was able to combine my love of Communications and helping people with technology and interesting ways I'm able to not be bound by the assumptions that everybody has about what the technology can and should be doing and can really ask the question of what if it could be different I always knew I wanted to be in healthcare just because I feel like has the most impact in helping people a lot of what I've been working on is geared towards developing technology and the health space towards developing world one of the coolest things about open-source is bringing people together working with other people to accomplish amazing things there's so many different projects that you could get involved in you don't even have to be the smartest person to be able to make impact when you're actually developing for someone I think it's really important to understand the need when you're pushing innovation forward sometimes the cooler thing is not [Music] for both of us to have kind of a health care focus I think it's cool because so many people don't think about health care as being something that open-source can contribute to it took a while for it to even get to the stage where it is now where people can open-source develop on concepts and health and it's an untapped potential to moving the world for this award is really about highlighting the work of dozens of women and men in this open source community that have made this project possible so I'm excited for more people to kind of turn their open-source interest in healthcare exciting here is just so much [Music] I am so honored to be able to welcome to the stage some brilliant women and opensource first one of our esteemed judges Denise Dumas VP of software engineering at Red Hat she's going to come up and share her insights on the judging process Denise so you've been judging since the very beginning 2015 what does this judge this being a judge represents you what does the award mean to you you know every year it becomes more and more challenging to select the women an opensource winner because every year we get more nominees and the quality of the submissions well there are women involved in so many fabulous projects so the things that I look for are the things that I value an open source initiative using technology to solve real world problems a work ethic that includes sin patches and altruism and I think that you'll see that this year's nominees this year's winners really epitomize those qualities totally agree shall we bring them on let's bring them on let's welcome to the stage Zoe de gay and Dana Lewis [Music] [Applause] [Applause] [Music] alright let's take a seat [Applause] well you both have had an interesting path to open-source zuy you're a biomedical engineering student any of it you have a degree in public relations tell us what led to your involvement and open source yeah so coming to college I was new I was interested in science but I didn't want to be a medical doctor and I didn't want to get involved in wet lab research so through classes I was taking oh that's why I did biomedical engineering and through classes I was taking I found the classroom to be very dry and I didn't know how how can I apply what I'm learning and so I got involved in a lot of entrepreneurship on campus and through one of the projects I was asked to build a front end and I had no idea how to go about doing that and I had some basic rudimentary coding knowledge and what happened was I got and was digging deep and then found an open source library that was basically building a similar thing that I needed and that was where I learned about open source and I went from there now I'm really excited to be able to contribute to many communities and work on a variety of projects amazing contributions Dana tell us about your journey well I come from a non-traditional background but I was diagnosed with type 1 diabetes at the age of 14 and over the next couple years got really frustrated with the limitations of my own diabetes devices but felt like I couldn't change them because that wasn't my job as a patient but it was actually through social media I discovered someone who had solved one of the problems that I had been found having which was getting date off my diabetes device and that's how I learned about open source was when he was willing to share his code with me so when we turned around and made this hybrid closed-loop artificial pancreas system it was a no brainer to make our work open source as well that's right absolutely and we see using the hash tag we are not waiting can you tell us about that yeah so this hash tag was created actually before I even discovered the open source diabetes world but I loved it because it really illustrates exactly the fact that we have this amazing technology in our hands in our pockets and we can solve some of our most common problems so yes you could wait but waiting is now a choice with open source we have the ability to solve some of our hardest problems even problems dealing with life and death that's great so zuy with the vaccine carrier system that you helped to build how were you able to identify the need and where did you build it yes so I think before you even build anything first need to understand what is the problem that you're trying to solve and that really was the case when starting this project I got to collaborate with engineers in Kampala Uganda and travel there and actually interview stakeholders in the medical field medical doctors as well as pharmaceutical companies and from there I really got to understand the health system there as well as what is how do vaccines enter the country and how can we solve this problem and that's how we came up with the solution for an IOT based vaccine carrier tracking system I think it's really important especially today when products might be flashy to also understand what is the need behind it and how do we solve problems with these products yeah yeah it's so interesting how both of you have this interest in health care Dana how do you see open-source playing a role in healthcare but first before you answer that tell us about your shirt so this shirt has the code of my artificial pancreas on it and I love it as an illustration of no thank you I love it as an illustration of how open-source is more than we think it is I've just been blown away by the contributions of people in my open-source communities and I think that that is what we should apply to all of healthcare there's a lot of tools and technologies that are solving real world problems and I think if we take what we know in technology and apply it to healthcare we'll solve a lot of problems more quickly but it really needs to be recognizing everything an open source it's the documentation it's the collaboration it's the problem-solving it's working together to take technologies that we didn't previously think we're applicable and finding new ways to apply it it's a great answer Sooey yeah I think especially where healthcare is related to people and open-source is the right way to collaborate with people all over the world especially in the project I've been working on we're looking at vaccines in Uganda but the same system can be applied in any other country and then you can look at cross countries health systems there and from there it becomes bigger and bigger and I think it's really important for people who have an idea and want to take it further to know that open-source is a way that you could actually take your idea further whether you have a technical background or not so yeah stories are amazing you're just an inspiration for everyone in open-source I want to thank you so much for joining us here today let's give another round of applause to our winners [Applause] [Music] you know the tagline for the award is honor celebrate inspire and I feel like we've been doing that today very very well and I know that so many people have been inspired today especially the next generation who go on to do things we can't even dream of yet [Music] I think collabs important because we need to make sure we get younger children interested in technology so that they understand the value of it but also that there are a lot of powerful women in technology and they can be one of them I hope after this experience maybe we'll get some engineers and some girls working our hot so cool right well we have some special guests convite for the club stage now I'd like to invite Tim back and also introduce Red Hat's own Jamie Chappell along with our collab students please welcome Gabby tenzen Sofia lyric Camila and a Volyn [Applause] you've been waiting for this moment for a while we're so excited hear all about your experiences but Jamie first tell us about collab sure so collab is red hats way of teaching students about the power of open source and collaboration we kicked off a little over a year ago in Boston and that was so successful that we decided to embark on an East Coast tour so in October we made stops at middle schools in New York DC and Raleigh and these amazing people over here are from that tour and this week they have gone from student to teacher so they've hosted two workshops where they have taught Red Hat summit attendees how to turn raspberry pies into digital cameras they assigned a poem song of the open road by Walt Whitman and they've been working at the open source stories booth helping to curate photos for an installation we're excited to finish up tomorrow so amazing and welcome future women in open source we want to know all about your experiences getting involved can you tell us tenzen tell us about something you've learned so during my experience with collab I learned many things but though however the ones that I valued the most were open source and women empowerment I just I was just so fascinated about how woman were creating and inventing things for the development of Technology which was really cool and I also learned about how open source OH was free and how anyone could access it and so I also learned that many people could you know add information to it so that other people could you learn from it and use it as well and during Monday's dinner I got this card saying that the world needed more people like you and I realized through my experience with collab that the world does not only need people like me but also everyone else to create great technology so ladies you know as you were working on your cameras and the coding was there a moment in time that you had an AHA experience and I'm really getting this and I can do this yes there was an aha moment because midway through I kind of figured out well this piece of the camera went this way and this piece of the camera did it go that way and I also figured out different features that were on the camera during the camera build I had to aha moments while I was making my camera the first one was during the process of making my camera where I realized I was doing something wrong and I had to collaborate with my peers in order to troubleshoot and we realize I was doing something wrong multiple times and I had to redo it and redo it but finally I felt accomplished because I finished something I worked hard on and my second aha moment was after I finished building my camera I just stared at it and I was in shock because I built something great and it was so such a nice feeling so we talked a lot about collaboration when we were at the lab tell us about how learning about collaboration in the lab is different than in school so in school collaboration is usually few and far between so when we went to collab it allowed us to develop new skills of creativity and joining our ideas with others to make something bigger and better and also allowed us to practice lots of cooperation an example of this is in my group everybody had a different problem with their pie camera and we had to use our different strengths to like help each other out and everybody ended up assembling and working PI camera great great awesome collaboration in collab and the school is very different because in collab we were more interactive more hands-on and we had to work closer together to achieve our own goals and collaboration isn't just about working together but also combining different ideas from different people to get a product that is so much better than some of its parts so girls one other interesting observation this actually may be for the benefit of the folks in our audience but out here we have represented literally hundreds and hundreds of companies all of whom are going to be actually looking for you to come to work for them after today we get first dibs that's right but um you know if you were to have a chance to speak to these companies and say what is it that they could do to help inspire you know your your friends and peers and get them excited about open source what would you say to them well I'm pretty sure we all have app store and I'm pretty sure we've all downloaded an app on that App Store well instead of us downloading app State well the computer companies or the phone companies they could give us the opportunity to program our own app and we could put it on the App Store great idea absolutely I've got to tell you I have a 15 year old daughter and I think you're all going to be an inspiration to her for the same absolutely so much so I see you brought some cameras why don't we go down and take a picture let's do it [Applause] all right I will play my very proud collab moderator role all right so one two three collab okay one two three [Applause] yeah so we're gonna let leave you and let you tell us more open source stories all right well thank you great job thank you all and enjoy the rest of your time at Summit so appreciate it thanks thank you everyone pretty awesome pretty awesome and I would just like to say they truly are fedorable that's just um so if you would like to learn more as you heard the girls say they're actually Manning our open-source stories booth at the summit you know please come down and say hello the stories you've seen thus far from our women and open-source winners as well as our co-op students are really bringing to life the theme of this year's summit the theme of ideas worth exploring and in that spirit what we'd like to do is explore another one today and that is how open-source concepts thrive and expand in the neverending organic way that they do much like the universe metaphor that you see us using here it's expanding in new perspectives and new ideas with voices beyond their traditional all starting to make open-source much bigger than what it was originally started as fact open-source goes back a long way long before actually the term existed in those early days you know in the early 80s and the like most open-source projects were sort of loosely organized collections of self-interested developers who are really trying to build low-cost more accessible replicas of commercial software yet here we are 2018 the world is completely different the open-source collaborative development model is the font of almost all original new innovation in software and they're driven from communities communities of innovation RedHat of course has been very fortunate to have been able to build an extraordinary company you know whose development model is harnessing these open-source innovations and in turning them into technologies consumable by companies even for their most mission-critical applications the theme for today though is we see open-source this open source style collaboration and innovation moving beyond just software this collaborative community innovation is starting to impact many facets of society and you're starting to see that even with the talks we've had already too and this explosion of community driven innovation you know is again akin to this universe metaphor it expands in all directions in a very organic way so for red hat you know being both beneficiaries of this approach and stewards of the open collaboration model we see it important for us to give voice to this broader view of open source stories now when we say open source in this context of course will meaning much more than just technology it's the style of collaboration the style of interaction it's the application of open source style methods to the innovation process it's all about accelerating innovation and expanding knowledge and this can be applied to a whole range of human endeavors of course in education as we just saw today on stage in agriculture in AI as the open source stories we shared at last year's summit in emerging industries like healthcare as we just saw in manufacturing even the arts all these are areas that are now starting to benefit from collaboration in driving innovation but do we see this potentially applying to almost any area of human endeavor and it expands again organically expanding existing communities with the addition of new voices and new participants catalyzing new communities and new innovations in new areas as we were talking about and even being applied inside organizations so that individual companies and teams can get the same collaborative innovation effects and most profound certainly in my perspective is so the limitless bounds that exist for how this open collaboration can start to impact some of humankind's most fundamental challenges we saw a couple of examples in fact with our women and open-source winners you know that's amazing but it also potentially is just the tip of the iceberg so we think it's important that these ideas you know as they continue to expand our best told through storytelling because it's a way that you can embrace them and find your own inspirations and that's fundamentally the vision behind our open-source stories and it's all about you know building on what's come before you know the term we use often is stay the shoulders are giants for a lot of the young people that you've seen on this stage and you're about to see on this stage you all are those giants you're the reason and an hour appears around the world are the reasons that open-source continues to expand for them you are those giants the other thing is we all particularly in this room those of us have been around open-source we have an open-source story of our own you know how were you introduced the power of open-source how did you engage a community who inspired you to participate those are all interesting elements of our personal open-source stories and in most cases each of them are punctuated by you here my question to the girls on stage an aha moment or aha moments you know that that moment of realization that enlightens you and causes you to think differently and to illustrate I'm going to spend just a few minutes sharing my open-source story for for one fundamental reason I've been in this industry for 38 years I am a living witness to the entire life of open-source going back to the early 80s I've been doing this in the open-source corner of the industry since the beginning if you've listened to Sirhan's command-line heroes podcasts my personal open story will actually be quite familiar with you because my arc is the same as the first several podcast as she talked about I'm sort of a walking history lesson in fact of open source I wound up at most of the defining moments that should have changed how we did this not that I was particularly part of the catalyst I was just there you know sort of like the Forrest Gump of open-source I was at all these historical things but I was never really sure how it went up there but it sure was interesting so with that as a little bit of context I'm just gonna share my aha moment how did I come to be you know a 59 year old in this industry for 38 years totally passionate about not just open source driving software innovation but what open source collaboration can do for Humanity so in my experience I had three aha moments I just like to share with you the first was in the early 80s and it was when I was introduced to the UNIX operating system and by the way if you have a ha moment in the 80s this is what it looks like so 1982 mustache 19 where were you 2018 beard that took a long time to do all right so as I said my first aha moment was about the technology itself in those early days of the 80s I became a product manager and what at the time was digital equipment corporation's workstation group and I was immediately drawn to UNIX I mean certainly these this is the early UNIX workstation so the user interface was cool but what I really loved was the ability to do interactive programming via the shell but by a--basically the command line and because it was my day job to help figure out where we took these technologies I was able to both work and learn and play all from the same platform so that alone was was really cool it was a very accessible platform the other thing that was interesting about UNIX is it was built with networking and and engagement in mind had its own networking stack built in tcp/ip of course and actually built in a set of services for those who've been around for a while think back to things like news groups and email lists those were the first enablers for cross internet collaboration and that was really the the elements that really spoke to me he said AHA to me that you know this technology is accessible and it lets people engage so that was my first aha moment my second aha moment came a little bit later at this point I was an executive actually running Digital Equipment Corporation UNIX systems division and it was at a time where the UNIX wars were raging right all these companies we all compartmentalized Trump those of the community and in the end it became an existential threat to the platform itself and we came to the point where we realized we needed to actually do something we needed to get ahead of this or UNIX would be doomed the particular way we came together was something called cozy but most importantly the the technique we learned was right under our noses and it was in the area of distributed computing distributed client-server computing inherently heterogenous and all these same companies that were fierce competitors at the operating system level were collaborating incredibly well around defining the generation of client-server and distributed computing technologies and it was all being done in open source under actually a BSD license initially and Microsoft was a participant Microsoft joined the open group which was the converged standards body that was driving this and they participated to ensure there was interoperability with Windows and and.net at the time now it's no spoiler alert that UNIX lost right we did but two really important things came out of that that sort of formed the basis of my second aha moment the first is as an industry we were learning how to collaborate right we were leveraging open source licenses we realized that you know these complex technologies are best done together and that was a huge epiphany for the industry at that time and the second of course is that event is what opened the door for Linux to actually solve that problem so my second aha was all about the open collaboration model works now at this point to be perfectly candidates late 1998 well we've been acquired by compacts when I'm doing the basically same role at Compaq and I really had embraced what the potential impact of this was going to be to the industry Linux was gaining traction there were a lot of open source projects emerging in distributed computing in other areas so it was pretty clear to me that the in business impact was going to be significant and and that register for me but there was seem to be a lot more to it that I hadn't really dropped yet and that's when I had my third aha moment and that was about the passion of open-source advocates the people so you know at this time I'm running a big UNIX group but we had a lot of those employees who were incredibly passionate about about Linux and open source they're actively participating so outside of working a lot of things and they were lobbying more and more for the leadership to embrace open source more directly and I have to say their passion was contagious and it eventually spread to me you know they were they were the catalyst for my personal passion and it also led me to rethink what it is we needed to go do and that's a passion that I carry forward to this day the one driven by the people and I'll tell you some interesting things many of those folks that were with us at Compaq at the time have gone on to be icons and leaders in open-source today and many of them actually are involved with with Red Hat so I'll give you a couple of names that some of whom you will know so John and Mad Dog Hall work for me at the time he was the person who wrote the first edition of Linux for dummies he did that on his own time when he was working for us he he coined he was part of the small team that coined the term open source' some other on that team that inspired me Brian Stevens and Tim Burke who wrote the first version to rent out Enterprise Linux actually they did that in Tim Burke's garage and cost Tim's still with Red Hat today two other people you've already seen him on stage today Denise Dumas and Marko bill Peter so it was those people that I was fortunate enough to work with early on who had passion for open-source and much like me they carry it forward to this day so the punchline there is they ultimately convinced us to you know embrace open-source aggressively in our strategy and one of the interesting things that we did as a company we made an equity investment in Red Hat pre-ipo and a little funny sidebar here I had to present this proposal to the compact board on investing in Red Hat which was at that time losing money hand over fist and they said well Tim how you think they're gonna make money selling free software and I said well you know I don't really know but their customers seem to love them and we need to do this and they approve the investment on the spot so you know how high do your faith and now here we are at a three billion dollar run rate of this company pretty extraordinary so from me the third and final ha was the passion of the people in the way it was contagious so so my journey my curiosity led me first to open source and then to Red Hat and it's been you know the devotion of my career for over the last thirty years and you know I think of myself as pretty literate when it comes to open source and software but I'd be the first one to admit I would have never envisioned the extent to which open source style collaboration is now being brought to bear on some of the most interesting challenges in society so the broader realization is that open source and open can really unlock the world's potential when applied in the collaborative innovative way so what about you you know you many of you particular those have been around for a while you probably have an open source story of your own for those that maybe don't or they're new to open source are new to Red Hat your open source story may be a single inspiration away it may happen here at the summit we certainly hope so it's how we build the summit to engage you you may actually find it on this stage when I bring up some of the people who are about to follow me but this is why we tell open-source stories and open source stories live so each of you hopefully has a chance to think about you know your story and how it relates over source so please take advantage of all the things that are here at the summit and and find your inspiration if you if you haven't already so next thing is you know in a spirit of our telling open source stories today we're introducing our new documentary film the science of collective discovery it's really about citizen scientists using open systems to do serious science in their backyards and environmental areas and the like we're going to preview that I'm gonna prove it preview it today and then please come see it tonight later on when we preview the whole video so let's take a look I may not have a technical scientific background but I have one thing that the scientists don't have which is I know my backyard so conventional science happens outside of public view so it's kind of in this black box so most are up in the ivory tower and what's exciting about citizen science is that it brings it out into the open we as an environmental community are engaging with the physical world every day and you need tools to do that we needed to democratize that technology we need to make it lightweight we need to make it low-cost we needed to make it open source so that we could put that technology in the hands of everyday people so they go out and make those measurements where they live and where they breathe when you first hear about an environmental organization you mostly hear about planting trees gardens things like that you don't really think about things that are really going to affect you hey we're the air be more they'd hold it in their hand making sure not to cover the intake or the exhaust I just stand here we look at the world with forensic eyes and then we build what you can't see so the approach that we're really centered on puts humans and real issues at the center of the work and I think that's the really at the core of what open source is social value that underlies all of it it really refers to sort of the rights and responsibilities that anyone on the planet has to participate in making new discoveries so really awesome and a great story and you know please come enjoy the full video so now let's get on with our open stories live speakers you're going to really love the rest of the afternoon we have three keynotes and a demo built in and I can tell you without exaggeration that when you see and hear from the young people we're about to bring forward you know it's truly inspirational and it's gonna restore totally your enthusiasm for the future because you're gonna see some of the future leaders so please enjoy our open source stories live presentation is coming and I'll be back to join you in a little bit thanks very much please welcome code newbie founder Saran yep Eric good afternoon how y'all doing today oh that was pretty weak I think you could do better than that how y'all doing today wonderful much better I'm Saran I am the founder of code newbie we have the most supportive community of programmers and people learning to code this is my very first Red Hat summits I'm super pumped super excited to be here today I'm gonna give you a talk and I'm going to share with you the key to coding progress yes and in order to do that I'm gonna have to tell you a story so two years ago I was sitting in my hotel room and I was preparing for a big talk the next morning and usually the night before I give a big talk I'm super nervous I'm anxious I'm nauseous I'm wondering why I keep doing this to myself all the speakers backstage know exactly what I'm what I'm talking about and the night before my mom knows this so she almost always calls just to check in to see how I'm doing to see how I'm feeling and she called about midnight the night before and she said how are you how are you doing are you ready and I said you know what this time I feel really good I feel confident I think I'm gonna do a great job and the reason was because two months ago I'd already given that talk in fact just a few days prior they had published the video of that talk on YouTube and I got some really really good positive feedback I got feedback from emails and DMS and Twitter and I said man I know people really like this it's gonna be great in fact that video was the most viewed video of that conference and I said to my office said you know what let's see how many people loved my talk and still the good news is that 14 people liked it and a lot more people didn't and I saw this 8 hours before I'm supposed to give that exact same talk and I said mom I gotta call you back do you like how I did that to hang up the phone as if that's how cellphones work yeah and so I looked at this and I said oh my goodness clearly there's a huge disconnect I thought they were really liked they were I thought they were into it and this showed me that something was wrong what do you do what do you do when you're about to give that same talk in 8 hours how do you begin finding out what the problem is so you can fix it I have an idea let's read the comments you got to believe you gotta have some optimism come on I said let's read the comments because I'm sure we'll find some helpful feedback some constructive criticism some insights to help me figure out how to make this talk great so that didn't happen but I did find some really colorful language and some very creative ideas of what I could do with myself now there are some kids in the audience so I will not grace you with these comments but there was this one comment that did a really great job of capturing the sentiment of what everyone else was saying I can only show you the first part because the rest is not very family-friendly but it reads like this how do you talk about coding and not fake societal issues see the thing about that talk is it wasn't just a code talk it was a code and talk is about code and something else that talked touched on code and social justice I talked a lot about how the things that we build the way we build them affect real people and their problems and their struggles and that was absolutely not okay not okay we talk about code and code only not the social justice stuff it also talked about code and diversity yeah I think we all know the diversity is really about lowering the bar it forces us to talk about people and their issues and their problems in their history and we just don't do that okay absolutely inappropriate when it comes to a Tech Talk That Talk touched on code and feelings and feelings are squishy they're messy they're icky and a lot of us feel uncomfortable with feelings feelings have no place in technology no place in code we want to talk about code and code I want you to show me that API and when you show me that new framework that new tool that's gonna solve my problems that's all I care about I want to talk about code and give me some more code with it now I host a podcast called command line heroes it's an original podcast from Red Hat super excited about it if you haven't checked it out and totally should and what I love about this show as we talk about these really important moments and open swords these inflection points moments where we see progress we move forward and what I realized looking back at those episodes is all of those episodes have a code and something let's look at a few of those the first two episodes focused on the history of operating systems as a two-part episode part 1 and part 2 and there's lots of different ways we can talk about operating systems for these two episodes we started by talking about Windows and Mac OS and how these were two very powerful very popular operating systems but a lot of a lot of developers were frustrated with them they were closed you couldn't see inside you can see what it was doing and I the developer want to know what it's doing on my machine so we kind of had a little bit of a war one such developer who was very frustrated said I'm gonna go off and do my own thing my name is Linus this thing is Linux and I'm gonna rally all these other developers all these other people from all over the old to come together and build this new thing with me that is a code and moment in that case it was code and frustration it was a team of developers a world of developers literally old world of developers who said I'm frustrated I'm fed up I want something different and I'm gonna do something about it and what's really beautiful about frustration is it the sign of passion we're frustrated because we care because we care so much we love so deeply then we want to do something better next episode is the agile revolution this one was episode three now the agile revolution is a very very important moment in open-source and technology in general and this was in response to the way that we used to create products we used to give this huge stack of specs all these docs from the higher-ups and we'd take it and we go to our little corner and we lightly code and build and then a year with Pastor here's a pass a few years have passed and we'd finally burst forth with this new product and hope that users liked it and loved it and used it and I know something else will do that today it's okay no judgment now sometimes that worked and a lot of times it didn't but whether or not it actually worked it hurt it was painful these developers not enjoy this process so what happened a dozen developers got together and literally went off into their own and created something called the agile manifesto now this was another code and moment here it's code and anger these developers were so angry that they literally left civilization went off into a mountain to write the agile manifesto and what I love about this example is these developers did not work at the same company we're not on the same team they knew each other from different conferences and such but they really came from different survive and they agreed that they were so angry they were going to literally rewrite the way we created products next as an example DevOps tear down the wall this one is Episode four now this is a bit different because we're not talking about a piece of technology or even the way we code here we're talking about the way we work together the way that we collaborate and here we have our operations folks and our developers and we've created this new kind of weird place thing called DevOps and DevOps is interesting because we've gotten to a point where we have new tools new toys so that our developers can do a lot of the stuff that only the operations folks used to be able to do that thing that took days weeks months to set up I can do it with a slider it's kind of scary I can do it with a few buttons and here we have another code and moment and here that blink is fear for two reasons the operations focus is looking over the developer folks and thinking that was my job I used to be able to do that am I still valuable do I have a place in this future do I need to retrain there's also another fear which is those developers know what they're doing do they understand the security implications they appreciate how hard it is or something to scale and how to do that properly and I'm really interested in excited to see where we go with that where we take that emotion if we look at all of season one of the podcast we see that there's always a code and whether it's a code and frustration a code and anger or a code and fear it always boils down to code and feelings feelings are powerful in almost every single episode we see that that movement forward that progress is tied back to some type of Oshin and for a lot of us this is uncomfortable feelings make us feel weird and a lot of those YouTube commenters definitely do not like this whole feeling stuff don't be like those YouTube commenters there's one thing you take away from this whole talk let it be that don't be like these YouTube commenters feelings are incredibly powerful so the next time that you're working on a project you're having a conversation about a piece of software or a new piece of technology and you start to get it worked up you get angry you get frustrated maybe you get worried you get anxious you get scared I hope you recognize that feeling as a source of energy I hope you take that energy and you help us move forward I would take that to create the next inflection point that next step in the right direction feelings are your superpowers and I hope you use your powers for good thank you so much [Applause] please welcome jewel-box chief technology officer Sara Chipps [Music] Wow there's a lot of you out here how's it going I know there's a lot of you East Coasters here as well and I'm still catching up on that sleep so I hope you guys are having a great experience also my name is Sarah I'm here from New York I have been a software developer for 17 years it's longer than some of the people on stage today I've been alive big thanks to the folks at Red Hat for letting us come and tell you a little bit about jewel box so without further ado I'm gonna do exactly that okay so today we're gonna do a few things first I'm gonna tell you why we built jewel BOTS and why we think it's a really important technology I'm gonna show you some amazing magic and then we're gonna have one of the jewel bus experts come as a special guest and talk to you more about the deep technology behind what we're building so show hands in the audience who here was under 18 years old when they started coding it's hard for me to see you guys yep look around I'd have to say at least 50% of you have your hands up all right keep your hand up if you were under 15 when you started coding I think more hands up just what is it I don't know how that mouth works but awesome okay great yeah a little of I think about half of you half of you have your hands up that's really neat I've done a bunch of informal polls on the internet about this I found that probably about two-thirds of professional coders were under 18 when they started coding I myself was 11 I was a homeschooled kid so a little weird I'm part of the generation and some of you maybe as well is the reason we became coders is because we were lonely not because we made a lot of money so I was 11 this is before the internet was a thing and we had these things called BBS's and you would call up someone else's computer in your town and you would hang out with people and chat with them and play role-playing games with them it didn't have to be your town but if it wasn't your mom would yell at you for a long distance fees and I got really excited about computers and coding because of the community that I found online okay so this is sometimes the most controversial part of this presentation I promised you that they dominate our lives in many ways even if you don't even if you don't even know a 9 to 14 year old girl even if you just see them on the street sometimes they are deciding what you and I do on a regular basis hear me out for a second here so who here knows who this guy is okay you don't have to raise your hands but I think most people know who this guy is right so this guy used to be this guy and then teenage girls were like I think this guy has some talent to him I think that he's got a future and now he's a huge celebrity today what about this guy just got his first Oscar you know just kind of starting out well this guy used to be this guy and I'm proud to tell you that I am one of the many girls that discovered him and decided this guy has a future all right raise your hand if you listen to Taylor Swift just kidding I won't make you do it but awesome that's great so Taylor Swift we listen to Taylor Swift because these girls discovered Taylor Swift it wasn't a 35 year old that was like this Taylor Swift is pretty neat no one cares what we think but even bigger than that these huge unicorns that all of us some of us work for some of us wish we invented these were discovered by young teenage girls no one is checking to see what apps were using they're finding new communities in these thin in these platforms and saying this is how I want to commune with my friends things like Instagram snapchat and musically all start with this demographic and then we get our cues from them if you don't know what musically is I promise you ask your nearest 9 to 14 year old friend if you don't do that you'll hear about it in a few years but this demographic their futures are all at risk everyone here knows how much the field of software development is growing and how important technical literacy is to the future of our youth however just 18% of computer science graduates are girls just 19% of AP computer science test takers and just 15% of Google's tech force identify as female so we decided to do something about that we were inspired by platforms like MySpace and Geocities things like Neopets and minecraft all places where kids find something they love and they're like okay to make this better all I have to do is learn how to code I can totally do that and so we wanted to do that so we talked to 200 girls we went to schools we sat down with them and we were like what makes you tick what are you excited about and what we heard from them over and over again is their friends their friends and their community are pivotal to them and this time in their lives so when we started talking to them about a smart friendship bracelet that's when they started really freaking out so we built Jewel BOTS and Jewel BOTS has an active online community where girls can work together share code that they've built and learn from each other help each other troubleshoot sometimes the way they work is when you are near your friends your bracelets light up the same color and you can use them to send secret messages to each other and you can also code them so you can say things like when all my swimming friends are together in the same room all of our bracelets should go rainbow colors which is really fun you can even build games jewel BOTS started shipping about a year and a half ago about after a lot of work and we are about to ship our 12,000 jewel bot we're in 38 city sorry 38 countries and we're just getting started okay so now it's time for the magic and I have an important question does anyone here want to be my friend pick me all right someone today Gary oh I don't have many friends that's awesome I'm so glad that we'll be friends okay it's awesome so we just need to pair our jewel BA okay okay and in order to do that we're gonna hold the magic button in the middle down for two seconds so one locomotive two locomotive great and then we got a white flashing I'm gonna do yours again I did it wrong locomotive two locomotive it's we're adults we can't do it okay it's a good that are smart alright so now we get to pick our friendship color I'm gonna pick red hat red does that work for you sure okay great so now I just picked a red hat red and my jewel bot is saying alright Tim's jewel bot do you want to be my friend and imageable about it's like I'm thinking about it I think so okay now we're ready okay great so now we're red friends when we're together our bracelets are going to be red and I will send you a secret message when it's time for you to come out and trip and introduce the next guest awesome well thank you so much thank you tailor gun so glad we could be friends and if only people would start following me on Twitter it'd be a great day awesome alright so now you can see the not so technical part of jewel box they use bluetooth to sense when your friends are nearby so they would work in about a 30 meter hundred foot range but to tell you about the actual technology part I'm going to introduce is someone much more qualified than I am so Ellie is one of our jewel box ambassadors she's an amazing YouTube channel that I would please ask you to check out and subscribe she's le G Joel BOTS on YouTube she's an amazing coder and I'm really excited to introduce you today to Ellie Galloway come on out Ellie [Applause] hello my name is le gallais I'm gonna show you how I got coding and then show you some coding in action I first started coding at a6 when my dad helped me code a game soon after I program form a code for Minecraft then my dad had shown me jo bot I keep coding because it helps people for instance for instance you could code auto crack to make it a lot smarter so it can help make people stay run faster but what about something more serious what if you could help answer 911 calls and give alerts before we start I have three main steps to share with you I often use these steps to encoding my jaw bot and continue to use some of these now step one read the instructions and in other words this means for Jabba to memorize the colors and positions a way to memorize these because it's tricky is to remember all the colors and positions you O type will be capital and remember that the positions are either short for north west south west north east and south east step to learn the basic codes when it comes to coding you need to work your way up step 3 discover feel free to discover once you mastered everything now let's get to coding let's use or let's first use combining lights so under void loop I'm going to put LED turn on single s/w and blue and before we make sure that this works we got to put LED LED okay now let's type this again LED dot turn on single now let's do SW green now we have our first sketch so let's explain what this means led LED is a function that to control the LED lights LED turn on single SW blue tells that SW light to turn blue and green flashes so quickly with the blue it creates aqua now let's do another code lets you i'm going to use a more advanced command to make a custom color using RGB let's use a soft pink using 255 105 and 180 now let's type this in the button press function so let's do LED led LED dot set light and now we can do let's do position 3 255 105 and 180 now let's explain what this means the first one stands for the position the three others stand for red green and blue our GPS can only go up to 255 but there are 256 levels but if you count the first one as zero then get 255 so let's first before we move on let's show how this works so this is it before and now let's turn it on to see how our aqua turned out now let's see how our RGB light turned out so we are looking for a soft pink so let's see how it looks think about how much the code you write can help people all around the world these are ideas are just the beginning of opening a new world in technology a fresh start is right around the corner I hope this helped you learn a little bit about coding and even made you want to try it out for yourself thank you [Applause] alright alright alright I need your help for a second guys alright one second really really fascinating we're short on time today is Ellie's 11th birthday and I think we should give her the biggest present that she's gonna get today and it's something none of us have experienced and that is thousands of people saying happy birthday Elliott wants so when I say three can I get a happy birthday Elly one two three happy birthday Elly great job that's the best part of my job okay so those are that's two of us we're just getting started this numbers out Dana would almost shipped 12,000 jewel BOTS and what I'm really excited to tell you about is that 44% of our users don't just play with their jewel bots they code them and they're coding C do you even code C I don't know that you do but we have 8 to 14 year olds coding C for their jewel box we also have hundreds of events where kids come and they learn how to code for the first time here's how you can help we're open source so check out our github get involved our communities online you can see the different features that people's are asking for we're also doing events all over the world a lot of people are hosting them at their companies if you're interested in doing so reach out to us thank you so much for coming and learning about jewel box today enjoy the rest of your summit [Music] ladies and gentlemen please welcome hacker femme au founder Femi who Bois de Kunz [Music] good afternoon red hat summit 2018 i'm femi holiday combs founder of hacker femme Oh I started coding when I was 8 when I was 9 I set up South London raspberry jam through crowdfunding to share my passion for coding with other young people who might not otherwise be exposed to tech since then I've run hundreds of coding and robot workshops across the UK and globally in 2017 I was awarded an inaugural legacy Diana award by their Royal Highnesses Prince William and Prince Harry my service and community we welcome young people who have autism or like me tract syndrome because coding linked me up to a wider community of like-minded people and I'm trying to do the same for those who might also benefit from this I also deliver workshops to corporate companies and public organizations whilst feeding back ideas and resources into my community work we like to cascade our knowledge and experience to other young coders so that they can benefit too we're learning new tech every day we're starting to use github to document and manage our coding projects we've no dread we're using the terminal and beginning to really appreciate Linux as we explore cybersecurity and blockchain it's been quite a journey from South London to the world-famous Tate Modern museum to Bangladesh to this my first trip to the States and soon to China where I hope to translate my microwave workshops into Mandarin on this journey I'm noticed it is increasingly important for young coders to have collaborative and community led initiatives and enterprise and career ready skills so my vision now is to run monthly meetups and in collaboration with business partners help a hundred young disadvantaged people to get jobs in the digital services in fact out of all the lessons I've learned from teaching young coders they all have one thing in common the power of open source and the importance of developing community and today I want to talk about three of those lessons the value of reaching out and collaborating the importance of partnering event price and the ability to self organize and persist which translated into English means having a can-do attitude getting stuff done when you reach out when you show curiosity you realize you're not alone in this diverse community no matter who you are and where you're from from coding with minecraft to meeting other young people with jams I found there are people like me doing things I like doing I get to connect with them that's where open-source comes to the fourth second the open source community is so vast then it crosses continents it's so immersed perspectives that it can take you to amazing places out of space even that's my code running on the International Space Station's Columbus module let's take a lesson and playing was an audio representation for the frequencies recorded in space my team developed Python code to measure and store frequency readings from the space station and that was down linked back to earth to my email box Thomas who's 10 developed an audio file using audacity and importing it back into Python how cool is that Trulli collaboration can take you places you never thought possible because that's how the community works when you throw a dilemma a problem a tip the open source community comes back with answers when you give the community gives back tenfold that's how open source expands but in that vast starscape how do you know what to focus on there are so many problems to solve where do I start your world enterprice enterprise software is very good at solving problems what's the big problem how about helping the next generation be ready for the future I want to do more for the young coding community so I'm developing entrepreneurial business links to get that done this is a way to promote pathways to deal with future business problems whether in FinTech healthcare or supply chains a meeting the skill shortage it is a case for emerging in it's a case for investing in emerging communities and young change enablers throwing a wider net equates to being fully inclusive with a good representation of diversity you know under the shadow of the iconic show back in London there are pockets of deprivation where young people can't even get a job in a supermarket many of them are interested in tech in some way so my goal for the next three years is to encourage young people to become an active part of the coding community with open source we have the keys to unlock the potential for future innovation and technological development with young coders we have the people who have to face these problems working on them now troubleshooting being creative connecting with each other finding a community discovering their strengths along the way for me after running workshops in the community for a number of years when I returned from introducing coding to young street kids in Bangladesh I realized I had skills and experience so I set up my business hacker Famicom my first monetized fehmi's coding boot camp at Rice London Barclays Bank it was a sellout and a few weeks later shows my second I haven't looked back since but it works the opposite way - all the money raised enable me to buy robots for my community events and I was able to cascade my end price knowledge across to other young coders - when you focus on business problems you get active enthusiastic support from enterprise and then you can take on anything the support is great and we have tons of ideas but what does it really take to execute on those ideas to get things done can-do attitudes what open source needs you've seen it all this week we're all explorers ideator z' thinkers and doers open source needs people who can make the ideas happen get out there and see them through like I did setting up Safford and raspberry jam as an inclusive space to collaborate and learn together and that that led to organizing the young coders conference this was about organizing our own two-day event for our partners in industry to show they value young people and wanted to invest in our growth it doesn't stop there oh nice now I'm setting up monthly coding meetups and looking at ways to help other young people to access job opportunities in end price and digital services the underlying ethos remains the same in all I do promoting young people with the desire to explore collaborative problem-solving when coding digital making and building enterprise you fled having the confidence to define our journey and pathways always being inclusive always encouraging innovation and creativity being doers does more than get projects done makes us a pioneering force in the community dreaming and doing is how we will make exponential leaps my generation is standing on the shoulders of giants you the open-source pioneers and the technology you will built so I'd love to hear about your experiences who brought you into the open-source community who taught you as we go to upscale our efforts we encounter difficulties have you and how did you overcome them please do come to talk to me I'll be in the open-source stories booth both today and tomorrow giving workshops or visit the Red Hat page of my website hack Famicom I really value your insights in conclusion I'd like I'd like to ask you to challenge yourself you can do this by supporting young coders find the crowdfunding campaign kick-start their ideas into reality I'm proof that it works it's so awesome to be an active part of the next exponential leap together thank you [Applause] so unbelievable huh you know he reminds me of be at that age not even close and I can tell you I've spent a lot of time with Femi and his mom grace I mean what you see is what you get I mean he's incredibly passionate committed and all that stuff he's doing that long list of things he's doing he's going to do so hopefully today you get a sense of what's coming in the next generation the amazing things that people are doing with collaboration I'd also like to thank in addition to femi I'd like to thank Sauron Sarah and Ellie for equally compelling talks around the open source stories and again as I mentioned before any one of you can have an open source story that can be up here inspiring others and that's really our goal in telling these stories and giving voice to the things that you've seen today absolutely extraordinary things are happening out there and I encourage you to take every advantage you can hear this week and as is our theme for the summit please keep exploring thank you very much [Applause] [Music]