>> Announcer: Live from New York City It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> Hey welcome back everyone, this is theCUBE's coverage of CyberConnect 2017. Live here in New York City at the Grand Hyatt downtown on 42nd street. I'm John Furrier, my co-host Dave Vellante. This is Centrify's inaugural event that they're presenting and they're underwriting. It's the industry event between industry and government and really around the crisis of our generation which is cyber security and it's impact to the transformation to global society and our coverage here. Our next guest is Shira Rubinoff who is the President of SecureMySocial, which is really cutting edge human aspect of social engineering meets security. Primetech partners, Cybersecurity, IoT and an influencer but also doing some great work advising start-ups great participant in the community and certainly great to have you back on theCUBE. Thanks for joining us. >> Shira: Thank you, pleasure. >> So, you're in the front row. I saw you and Dave, I couldn't get a seat I was in the back of the bus here at the General Keith Alexanders keynote, among other great keynotes here. Really an inaugural event and inaugural events are great because it's the sign of the trends but also you know if they do a second even, it worked. Right, so you never know there's never going to be another event so an inaugural event means something. It means that the world has to the realization that the world is changed, the realities are here and that the old way isn't good enough. >> Shira: Yup. >> And you're in the middle of it. What's your thoughts? What's your reaction to the program? >> Well you know it's interesting, it also even goes back to the old technology days when you buy by brand. No ones going to fault you for buying the brand names. Everyone just went along with buying the trend, buying the brand. And as technology advanced itself as well we started seeing doing it the old way is just not going anywhere today. Especially with the millennials entering the workforce, how things are done, how people approach technology and security is very different. The human factors of information security is taking a front row today, in terms of security, in terms of the weakest link of the chain. Whether it being phishing, finding the entree into an organization through the human ... the weak link of the human, or in terms of tricking people for doing other things while they're downloading malware or even circumventing different technologies that are layered upon each other because there's just too many layers of security on each other and not making it easy for somebody to use the technology and keeping it strong. >> This year you bring up a good point about the human aspect of it. There's an old joke in IT where there's a fork with a cork in it and someone says why is that there? So they don't stick the fork in their eye. And that's a joke on the old system admin joke around human error, around updating. That's been around for a while, but now there's a whole other social engineering going on around the business of cyber attacks. Whether it's mafias or organized hacker units that do it for business, for profit to state governments where the social engineering around the human vulnerabilities are key. This isn't your area, it's your wheelhouse. What is the key thing that's happening? What should people be aware of? What's your analysis? >> Well I think people have to be careful of oversharing. I think there's many different entrees into finding, again when we talk about the human factors whether being government, whether being a technology company, whether being a seasuite, whether it being through social media. It's being trusted the wrong people, trusting the wrong sources, and just being open and not being over careful in checking your sources and making sure you're actually linking up whether it being on the LinkedIn. Also, I was talking to someone earlier that people were accepting LinkedIn invitations from non-trusted sources. And they seemed to look okay but again, a social engineering piece that comes in that allowed others in to actually see context and find a breech within an organization. Sometimes, somewhat like a government it can always be across all communities. >> So that's a very nuance point, lets take LinkedIn for example, mind if I picked on LinkedIn but Facebook I'm an oversharer so I'm probably being hacked 10 ways from Sunday but you can have whatever you want. But lets take LinkedIn as an example. A practitioner could say I work on the servers for Chase Bank and I handle the Apache whatever project. That's metadata that can be used against that person. He's putting it out there, he or she, for a job potentially to showcase their skills. Yet, the bad actors can use that and figure out what communities they're ... >> Exactly. >> And github their participants so it's a gesture signal point, that you ... Am I right, am I getting it right? >> Correct. Correct. And that's what some of the companies actually put allowances around what people are allowed to share on LinkedIn, however there's the double-edged sword because they're telling their employees do not overshare and say specifically what you're doing. The employee themselves are saying, hey I want to be open to recruiters to come find me because who knows what my next gig is. So they're going to over share what they're doing to show all the experience that they have so they're open to other job opportunities. >> This is a really interesting conflict, and again I'm torn because religiously I'm a big believer in the democratization of media and society but what you're talking about really is a counter against the democratization because that's based on sharing, which that's where open sources from and so this is going to be some sort of shift. >> Correct. Correct. Well, that also plays into the whole millennial shift. Of how it's approached through the workforce. Millennial generation share everything, everything is open. My whole life is opening itself up on social media. I want you to know what I'm having for breakfast because you might want to have it too. By the way, this is what I'm working on at work because you might find it interesting. Whether it being their boss or saying don't do this they're saying don't tell me what to do and I'm going to work from home half the time. It's millennial shift and we have to shift with it. It's going that route. >> So to what degree can we take bad human behavior out of the equation? Toiling, technology, maybe it's process education. >> Well I think it has to be many factors. You know, there has to be the education around it. There also has to be implementing the right technology. To warn users if they're doing things the wrong way. For example, my company SecureMySocial, we are a technology assisted self-monitoring company for allow for employers to give employees to self monitor across social media based on compliance organization real time warnings. So it would warn the employee if they the employee themselves would be doing something wrong. So implementing technologies of that sort whether being whatever the organization may be open to. So you have the education piece, you have the partnerships with the right technology companies, and you also have allowing the employees to have the right types of security around what they're doing themselves. Without being so involved in what they're doing because then they're going to have a big push back. So there's a very fine line you have to walk here. >> And the psychology is interesting you mention the millennials too, because that's their norm. >> Shira: Correct. And they want to be part of a tribe, right? >> Shira: Yes. >> So that the belonging aspect of social is becoming a norm. But now we have to have practices. So what do you, what's your vision of this? Because that probably won't stop, that's a behavior that will constantly be there. Is that going to come in a form of product? Solutions? A better identity? I mean ... >> Well it's going to come everywhere, if you look across all generations from the boomers, gen x, millennials. Things shift with the generations as it comes down the path. So certainly through technology is going to shift to, easy to use, no extra steps to download. As Centrify has, they want a one point to contact. They don't want to overlay technologies on technologies which is what I speak about a lot. My background is heavily in psychology and the human aspect. So make things as strong as they can be without cumbersome to the employee. You want them to use it, not break it, not go around it and not just throw it out the window. >> Gee, you're a great guest and music to our ears because as Dave knows, I've been on this rant for a long time. User experience is really about user expectations. And as expectations shift, that's kind of where the puck will be or whether you're skating through the puck or skating with the puck, as some people are. The question comes down to this young generation because General talked about this new cyber warfare but there's West Point, there's no Navy SEAL, and that's going to come from a gamer culture potentially or the younger generation, so I got to ask ya. Do you think that we're going to have a counter culture? Because in every revolution, take the 60's. We're the 50's parents now, right? We're the 50's generation, or are we? So I've been kind of speculating that I think we're on the cusp of a counter culture revolution. The summer of love of digital is coming. Or maybe not, what do you think? >> You know, I think it's very interesting the way it's shifting across generations. I think that the generation, our generation before us are trying to take this millennial generation and put them in a box and saying follow my rules or else you're out and the millennial generations like make me. So it's not going to happen that way. They're going to actually drive the force of how technology is going to be created and how the business world is actually going to react and act towards them and how things are going to flow after them. And just wait for the following generation, things are going to be a lot looser. >> So you think there's going to be some massive change being shifted from their expectations. >> Shira: Correct. Correct. Yes. >> Well, I feel like millennials are in for a great awakening because now they don't have a ton to lose. >> Shira: Yes. >> As they get older and accrue more wealth. >> John: Well millennials are generally lazy, right? (laughter) >> You've got to be careful when you say that. >> As my son would say, they're smart or they're lazy. >> They're the make me generation. >> Exactly >> Alright, fine. Be careful what you wish for. But is there a gamification involved. The psychology of getting humans to behave the way that you need them to behave in order to have good security practices. >> Yes, no I think that's a great question. I think that based on what the millennials are doing now and how the shift is happening through the gen x and millennials kind of intertwining the businesses and the way technology is created and moved forward. I think that it's going to somehow have to combine forces. I think there's going to have to be a little give and take. And I think as time progresses and things mature that it's going to be understood and it's going to be adapted by them and adopted by them, as well. >> So, talk a little bit more about your company. MySocial ... >> Shira: SecureMySocial, yes. >> What does it do? How does it help solve some of these issues? >> So SecureMySocial is just technology assisted self monitoring tool for employers to give employees to self monitor across social media, based on compliance and regulations of the organization. With real time warnings and auto-delete capabilities. Basically, the organization would buy it. Based on where a person would fall in the organization there will be specific rules set to apply to them. Whether it being group rule sets for C level people, marketing and the like, you don't want false positives. And they the people themselves would get a real time warning to their known device. But I will back track a little bit because most organizations, if not all today have certain criteria. What you can and can't do across social media. But the most of the problems, if not 98 or more percent of data loss or reputation happen outside of the office. It happens on lunch breaks, vacations, weekends. We can't monitor peoples personal accounts. So we're making the users themselves, they would get the real time warnings. There's nothing to download, nothing to install. They don't give over any personal information, yet they're protected and we're able to keep it across the whole thing. >> So it's an insurance policy for the employee saying, look here's a little notification because you know that if you say that drunk tweet, let's get real right or do something that's at a concert ... >> The CFO of Twitter mistakenly tweeted out the earnings of Twitter instead of doing a direct tweet. Things happen, mistakes happen. It's the human factors of it all. >> Dave: And your technology could have stopped that? >> We could have stopped it, we could have actually auto deleted it before it even went out. >> It's almost, I don't know if it's happening on the west coast, but around where I live there's all these ... There's speed signs going up. Tells you how fast you're going. >> It's like that angel on your shoulder saying, do you really want to do this? >> It might be 25 and you see it and you go, you're going too fast and it's flashing and you slow down, and it actually works. >> We use ways in California that's more ... >> It lets you know where the cops are. (John laughing) >> There's no cops! There's no cops around. >> I know that's the same, it's just more effective. You get there faster, you don't ... >> If you don't mind I'd like to ... >> It's this subliminal message, says hey whoa yo slow down. >> Like that angel on your shoulder tapping you on the shoulder letting you know. >> Like you said, it's the good angel. >> Now I just wanted to mention also a new venture actually launching at the end of the month. It's called Prime Tech Partners. We're an incubator here in New York City. Near the flat iron district. We're going to be launching the end of November. Focusing on augmented reality, cyber security, information security and e-commerce. Opening up to start-ups. And please check it out, Prime Tech Partners. >> Shira you did some great work, I got to ask you the question because start-ups are the canary in the coal mine. >> Shira: Yup. >> They'll tell you kind of what's happening, give you a barometer. What is going on in the start-up areas around security because there's now a range, diverse range opportunities from lock chain all the way to enterprise. >> Sheri: Sure. >> So, and everything in between. What's the chirping happening in the mines of the start-ups as they create new ventures. >> Well it's interesting because when you talk about what's out there we talk about almost like an umbrella. Sometimes people would put cyber security over the whole umbrella and then fit artificial intelligence, augmented reality, virtual reality, blockchain. Everything kind of falls under there. So, you know it's actually moving along with the system. There's a lot of artificial intelligences making a big play. IoT world, there's quite a bit of technology coming out there. All finding the whole problems and if you look at everything there's a lot of the human aspects of information security that they have to take into account when developing and when pushing it out because at the end of the day, it's all social engineering. It's the human factor, whatever you're creating. >> And we're seeing the same thing on theCUBE entries. We go to hundreds of shows a year. The trend is every part of the stack is impacted by this. >> Shira: Exactly. >> At the infrastructure low level, from multi factor authentication all the way up to Docker and Cooper and Eddies at the dev ops level, the app level. To wearables ... >> Well, wearables certainly. Right? Gaining some ones information. >> John: Geo information. >> Right. Well, here was an interesting ... I went into, I have a law firm that contacted me. They wanted me to some consulting for them. They implement this most beautiful, high-tech, gorgeous office. So I was in there talking to some of the partners and they were plugging in their new smart TV's and their smart fridges. Everything into their network. You don't have breech their network to get their information, we'll breech Sony! You breech into Sony, whatever whoever the manufacturer of the TV, the fridge, whatever it is. They're thinking IoT, well they can gain access into that law firm, gain information and just take all that information and utilize that. So there's so much thought to be put around even the IoT world, artificial intelligence. The human factor takes a step back. >> If it's a network device it can be hacked. >> Exactly. Yes. >> So is part of your mission just to make people aware of humans role in bad security practices? Is that a big part of this? >> Shira: Yes. >> This sort of shining a light on it. >> Yes, I think there's almost like a stop and pause. When you're creating a technology, whatever it is, and people are looking, Oh I'm going to make this stronger. I'm going to make this better, I'm going to make this faster. Oh here let me put another control over it, and here's another control, and by the way they have to go around this and do five things, we're going to have the best thing out there. They're not going to use it, they're going to break it and circumvent it. Stop, there's a person there. How are we going to make the person use this to the best capacity? How's it going to be strong without giving them all those extra layers? Anything you're doing, there's a person there. You got to stop and think and figure out how to utilize the best way. >> Shira, give us some predictions for next year, the end of the year, so predictions are coming. We had our meeting this week, or last week on our predictions, so we're going to put you in the hot seat. Your predictions for next year. Hot trends you expect to see. What are you expecting? What's your prediction for next year? Well, I think IoT is going to take a big forefront. Especially with the smarter cities, the smarter homes. As you're talking about the wearables. Artificial intelligence is going to kind of play into that as well, but I think the people are very excited about becoming let's quote unquote smart, no extra steps, right? When you have the no extra steps, remember you're opening yourself up for something, do it smart. But IoT is really expanding itself into every infrastructure whether it being utilizing, engineering. Whether it being cities itself, whether it being homes. And the wearables are also ... If you look at what's going on with Fitbit, then you have the next Apple and then there's something else every other day that you could put on yourself and you could get any information that you want. >> So people are connecting the IoT to the industrial side of their analog to digital. >> Exactly. Yes. Yes. And I think that's going to become a forefront in the next year. >> Right. What do you think of the event here, so far? >> I think the event is terrific. We've had some amazing speakers here and I think they're all highlighting the fact that we have to share expertise and really come together to bypass the problems that are out there and work as a unit, and certainly Centrify is doing a great job here. I'm very happy to be here. >> Great. Well, good luck with everything next year. Thanks for coming on theCUBE, we really appreciate it. >> Shira: Thank you. Happy to be here. That was commentary, great analysis. An opinion here on theCUBE, here at Centrify's event that they're underwriting for the industry as an industry event called CyberConnect presented by Centrify. I'm John Furrier with Dave Vellante, stay tuned for more live coverage here in New York City after this short break. (electronic music)