(upbeat music) >> Welcome to VMworld 2021, a two day virtual event, hosted by the company which permanently changed data center operations last decade. My name is Dave Vellante, and you're watching theCUBE's coverage of VMworld 2021, where we want to know what VMware and its ecosystem have in store for the next 10 years and how your digital business can survive and thrive in the coming decade, and who better to give us a glimpse as to how that's being done both inside VMware and within its customer base, than Mike Hayes, who is the chief digital transformation officer at VMware. Mike, great to have you on the program. >> No Dave, thank you for having me, we appreciate you and all that you do for this great event. Thank you, sir. >> Oh, I appreciate that. So talk about, what's involved with your role as chief digital transformation officer. What's that all about? >> Yeah thank you for, many people, are chief digital transformation officer in a lot of different places, different things. Here at VMware I'm responsible for worldwide business operations and digital transformation of the firm. Just like first and foremost, we're focused on our customers and how our customers can improve their own business models, whether it's cost, flexibility, speed, imagining new things, that's what gets us really excited. And at the same time, we're transforming internally in order to bring ourselves into our exciting third chapter. >> Yeah, everybody wants to be a SAS company these days, VMware obviously is accelerating its move towards SAS. Maybe you could talk a little bit about your strategy for leading business operations as well as that transformation. >> Absolutely, I think there's a couple of things. And first of all, the most important thing in an organization is agility we have or transforming our own ability to transform. As we all know, everybody listening knows that markets don't sit still, they pivot quickly, and so the organizations that win aren't the organizations that prepare for tomorrow, but they prepare for the ability to change for tomorrow, and as the markets change, they stay ahead of that. So that's what we're doing at VMware and that's what we're really excited about our entire suite of products and services so that we can help organizations do the same. >> Yes so, if I could stay on this for a second, Mike, when you think about what you have to deal with there, and you're moving to that as a service subscription model, you got to the external factors, you mentioned you start with the customer, but you also have internal factors, right? Your salespeople might be used to one and done move on to the next one, more transactional, it's a whole different mindset, isn't it? >> It absolutely is, and so any organization as large as VMware is, should always be staring at itself and saying, how can we be more flexible? And so we just like everywhere else are looking at our foundational data, we're looking at our ERP systems, we're looking at our own internal processes to say, as we pivot to SAS, and the back office becomes closer to the front office. That's really where it's at, there's not a customer in the world that cares about any of their... Where they're buying from, the back offices from where they're buying from don't matter, what matters is that experience, it's that front layer, it's that first touch with the customer. We recognize that, and we're preparing for that, and I'm really excited about how it's going. >> Let's talk about some of the waves that you're riding here, the major trends that are driving digitally. I often call it the forced march to digital in 2020. It was like, we were just thrown into the fire. And it's just the way it was. If you weren't a digital business, you were out of business. And now people are kind of sitting back and saying okay, let's take those learnings, fill those gaps, and really set us on a course over the next decade. So what do you see as the major trends? What are the technologies that are enabling digital business and how are you applying them both in your own business and what you're seeing with your customers? >> We first of all I think what's important is to recognize that every organization needs the ability to scale. So what we're doing at VMware is simplifying our foundation. And so then as we 2x or 5x or 10x, our own business, we're multiplying off a much simpler base. And so as we drive our own transformation, our internal principles of like simplicity and clarity and accountability, and really streamlining is what VMware is doing. And that's what we're also not surprisingly recommending and helping our own customers with. And so that's what gets really exciting for us. I think that, one of the things that you're alluding to with this a forced march to digital which I totally agree with, is really, it is about experience and for us there are a couple of KPIs that are really interesting to us, and it should be for everybody, no surprise here, but the velocity that it takes for operations to go from an idea to a closure, from quote to cash, or from idea to implementation, whatever that front and back end words your own business uses are what's important, but how fast do you get through that? And so for us, we're imagining a touch less future. So no, are we there yet? Absolutely not. Is any organization? Very few are. And so how do we constantly say, ask ourselves what don't we need to be doing? When I walk into a room in a lot of places VMware or otherwise, and you say who's in charge of what we're not doing? That's where all the good ideas are, the good idea spaces, like what organizations aren't doing, so you have that culture of pulling awesome ideas to the front and saying, how do we just prioritize? The hardest thing Dave right now, is that there are so many shiny objects for all of our enterprises, for everybody that's listening. I think one of the hardest things is prioritizing and saying, how do we spend our resources in the smartest way possible, so that we are doing the things that will have the greatest impact for our customers. Something that we feel like we have a great plan for, and we're excited about the execution over the coming year. >> I wonder if you could comment on what you're seeing and just in terms of spending patterns. All throughout last year, we reported that CIO's expected budget contractions of around 5% relative to 2019, and what happened is in the second half, he really saw, companies had to respond to the cyber threats, they had to respond, of course to hybrid work, this whole digital march that we talked about, and it was actually pretty strong. Many people expected that a lot of the traditional companies that relied on data center and on-prem and HQ spend, were really going to get hit and they actually got through it okay. And meanwhile, the cloud is exploding, your cloud businesses exploding, security is exploding. What was interesting is, just this weekend, we published some data that suggested, that is not only continuing into 2021, but CIO's are expecting, more of this in 2022. So we used to have this sort of steady IT spend, refresh cycles, et cetera, but it seems like we're in a step function right now, in terms of investment, and it seems like CEOs are saying, if we don't lead this digital transformation, we're going to become toast. >> Absolutely Dave, yeah, the first thing you mentioned was budget. Let's remember budgets are a function of a company's focus on either short term goals or long-term goals. And so the organizations that are really smartest are thinking three, four, five years out and you're investing now, so that you can always really be high-performing in that 2, 3, 4 year window. Because any organization that mortgages it's future for this current year is not doing itself any favors. So the cycles that I'm seeing that are aligned exactly as you described, organizations are understanding, key leaders get that they need to invest. But the question is, how do you invest in the things that are classically thought of as maybe back office, or let me just say boring, just to be provocative. How do we choke out the boring stuff from a budget standpoint, and then really give a lot of oxygen and energy to the things that are fun and really transformative? And that's what we're seeing, and that's why we feel like our strategy is so great Dave, because we're part of that for the future, and as organizations think about freeing up capital so that they can invest in those fun things that really accelerate their own business models, that's what it's about. >> Now VMware of course has always had an amazing ecosystem, always been very proud of the value that you created, not just free for your own selves, but for your customers, and also your ecosystem partners. So as it relates to your digital transformation role Mike, we talked about customers, we talked about some of the internal stuff and operations. How does the ecosystem fit in? How do you collaborate with them? What kind of learnings do you get from them? How do you plug them into your digital platform if you will? >> Absolutely, I think the most important element you're drawing out, Dave, is the concept of trust. We have incredible partners, and without whom VMware's business and success that we enable in the world would be very limited. So we recognize that we all go through life with friends and partners, it's obviously not just true in business, I was a Navy Seal for 20 years and the most important thing is that foundational element. Now, what we do and what we're always trying to do is be as transparent and fast and helpful as we can. I think that in the partner world, anytime you can reach across the table more than halfway and with another organization, that's easy to intersect. If you're not willing to meet people in places more than halfway, there is no middle. So for us, what we're doing is constantly listening and getting feedback and saying, where can we improve? That's what's really awesome. Sandy Hogan is an incredible colleague of mine who runs our channel, and Sandy runs a board with 30 of our largest partners in the channel, and the first question that she always asks is, what can we be doing better? And that's for us the most important thing is listening. Just like you were in developing an individual product. What's important is product market fit, right? Does your product fit in the market, and then how do you get feedback from it? We apply that as an institution and an enterprise. >> Mike, you mentioned your experience in the military, thank you for your service, I wanted to ask you something about that. So I wrote a piece one time and talked about Frank Slootman, who is becoming a Silicon Valley icon, how he's going to apply his playbook at his new company, Bubba. And he wrote me back, he said, "Dave I learned in the military that, it's not a playbook. I am a situational leader and I learned that in the military." So my question to you is, what did you learn as a Navy Seal to deal with situations, especially in a condition like we are now, where there's a lot unknown. How do you apply that in today's world? >> Yeah Look, the there's the parallels between the Seals and VMware are perfect, right? Because all we're doing is quickly defining an outcome. What's the vision for the organization? What's the outcomes we'd want to achieve? That's the where we're going. Then there's the strategy, which is the how. How are we going to get there? How do you develop strategy? There are a hundred different ways to go achieve the vision, but how do we think about the different risks along the way? And like I said earlier, draw those risks out, so they're known risks. Then we can price them and size them and understand that for our strategy. And then how do we execute well and how do we get feedback throughout the whole thing? But you know Dave, the best thing I would say, the analogy from the Seals in the military, really is what you hit on. A lot of people say that they have a plan, but in the Seals the only plan that we had was for our plan to change, it's that concept I said earlier of transforming our ability to transform. So we go in on any given night with complicated missions and have a plan, but we knew that that plan was going to very quickly change, it's no different than what we're doing here at VMware, with our own customers in this technology market. >> It's a great lesson to apply Mike. I really appreciate you sharing that and appreciate you coming on the queue. >> Thank you for having me, it's such a pleasure. >> Really a pleasure was ours, and thank you for watching over. Keep it right there for more great content from Vmworld 2021, you're watching theCUBE. (upbeat music)

>> Announcer: Live from New York City It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> Hey welcome back everyone, this is theCUBE's coverage of CyberConnect 2017. Live here in New York City at the Grand Hyatt downtown on 42nd street. I'm John Furrier, my co-host Dave Vellante. This is Centrify's inaugural event that they're presenting and they're underwriting. It's the industry event between industry and government and really around the crisis of our generation which is cyber security and it's impact to the transformation to global society and our coverage here. Our next guest is Shira Rubinoff who is the President of SecureMySocial, which is really cutting edge human aspect of social engineering meets security. Primetech partners, Cybersecurity, IoT and an influencer but also doing some great work advising start-ups great participant in the community and certainly great to have you back on theCUBE. Thanks for joining us. >> Shira: Thank you, pleasure. >> So, you're in the front row. I saw you and Dave, I couldn't get a seat I was in the back of the bus here at the General Keith Alexanders keynote, among other great keynotes here. Really an inaugural event and inaugural events are great because it's the sign of the trends but also you know if they do a second even, it worked. Right, so you never know there's never going to be another event so an inaugural event means something. It means that the world has to the realization that the world is changed, the realities are here and that the old way isn't good enough. >> Shira: Yup. >> And you're in the middle of it. What's your thoughts? What's your reaction to the program? >> Well you know it's interesting, it also even goes back to the old technology days when you buy by brand. No ones going to fault you for buying the brand names. Everyone just went along with buying the trend, buying the brand. And as technology advanced itself as well we started seeing doing it the old way is just not going anywhere today. Especially with the millennials entering the workforce, how things are done, how people approach technology and security is very different. The human factors of information security is taking a front row today, in terms of security, in terms of the weakest link of the chain. Whether it being phishing, finding the entree into an organization through the human ... the weak link of the human, or in terms of tricking people for doing other things while they're downloading malware or even circumventing different technologies that are layered upon each other because there's just too many layers of security on each other and not making it easy for somebody to use the technology and keeping it strong. >> This year you bring up a good point about the human aspect of it. There's an old joke in IT where there's a fork with a cork in it and someone says why is that there? So they don't stick the fork in their eye. And that's a joke on the old system admin joke around human error, around updating. That's been around for a while, but now there's a whole other social engineering going on around the business of cyber attacks. Whether it's mafias or organized hacker units that do it for business, for profit to state governments where the social engineering around the human vulnerabilities are key. This isn't your area, it's your wheelhouse. What is the key thing that's happening? What should people be aware of? What's your analysis? >> Well I think people have to be careful of oversharing. I think there's many different entrees into finding, again when we talk about the human factors whether being government, whether being a technology company, whether being a seasuite, whether it being through social media. It's being trusted the wrong people, trusting the wrong sources, and just being open and not being over careful in checking your sources and making sure you're actually linking up whether it being on the LinkedIn. Also, I was talking to someone earlier that people were accepting LinkedIn invitations from non-trusted sources. And they seemed to look okay but again, a social engineering piece that comes in that allowed others in to actually see context and find a breech within an organization. Sometimes, somewhat like a government it can always be across all communities. >> So that's a very nuance point, lets take LinkedIn for example, mind if I picked on LinkedIn but Facebook I'm an oversharer so I'm probably being hacked 10 ways from Sunday but you can have whatever you want. But lets take LinkedIn as an example. A practitioner could say I work on the servers for Chase Bank and I handle the Apache whatever project. That's metadata that can be used against that person. He's putting it out there, he or she, for a job potentially to showcase their skills. Yet, the bad actors can use that and figure out what communities they're ... >> Exactly. >> And github their participants so it's a gesture signal point, that you ... Am I right, am I getting it right? >> Correct. Correct. And that's what some of the companies actually put allowances around what people are allowed to share on LinkedIn, however there's the double-edged sword because they're telling their employees do not overshare and say specifically what you're doing. The employee themselves are saying, hey I want to be open to recruiters to come find me because who knows what my next gig is. So they're going to over share what they're doing to show all the experience that they have so they're open to other job opportunities. >> This is a really interesting conflict, and again I'm torn because religiously I'm a big believer in the democratization of media and society but what you're talking about really is a counter against the democratization because that's based on sharing, which that's where open sources from and so this is going to be some sort of shift. >> Correct. Correct. Well, that also plays into the whole millennial shift. Of how it's approached through the workforce. Millennial generation share everything, everything is open. My whole life is opening itself up on social media. I want you to know what I'm having for breakfast because you might want to have it too. By the way, this is what I'm working on at work because you might find it interesting. Whether it being their boss or saying don't do this they're saying don't tell me what to do and I'm going to work from home half the time. It's millennial shift and we have to shift with it. It's going that route. >> So to what degree can we take bad human behavior out of the equation? Toiling, technology, maybe it's process education. >> Well I think it has to be many factors. You know, there has to be the education around it. There also has to be implementing the right technology. To warn users if they're doing things the wrong way. For example, my company SecureMySocial, we are a technology assisted self-monitoring company for allow for employers to give employees to self monitor across social media based on compliance organization real time warnings. So it would warn the employee if they the employee themselves would be doing something wrong. So implementing technologies of that sort whether being whatever the organization may be open to. So you have the education piece, you have the partnerships with the right technology companies, and you also have allowing the employees to have the right types of security around what they're doing themselves. Without being so involved in what they're doing because then they're going to have a big push back. So there's a very fine line you have to walk here. >> And the psychology is interesting you mention the millennials too, because that's their norm. >> Shira: Correct. And they want to be part of a tribe, right? >> Shira: Yes. >> So that the belonging aspect of social is becoming a norm. But now we have to have practices. So what do you, what's your vision of this? Because that probably won't stop, that's a behavior that will constantly be there. Is that going to come in a form of product? Solutions? A better identity? I mean ... >> Well it's going to come everywhere, if you look across all generations from the boomers, gen x, millennials. Things shift with the generations as it comes down the path. So certainly through technology is going to shift to, easy to use, no extra steps to download. As Centrify has, they want a one point to contact. They don't want to overlay technologies on technologies which is what I speak about a lot. My background is heavily in psychology and the human aspect. So make things as strong as they can be without cumbersome to the employee. You want them to use it, not break it, not go around it and not just throw it out the window. >> Gee, you're a great guest and music to our ears because as Dave knows, I've been on this rant for a long time. User experience is really about user expectations. And as expectations shift, that's kind of where the puck will be or whether you're skating through the puck or skating with the puck, as some people are. The question comes down to this young generation because General talked about this new cyber warfare but there's West Point, there's no Navy SEAL, and that's going to come from a gamer culture potentially or the younger generation, so I got to ask ya. Do you think that we're going to have a counter culture? Because in every revolution, take the 60's. We're the 50's parents now, right? We're the 50's generation, or are we? So I've been kind of speculating that I think we're on the cusp of a counter culture revolution. The summer of love of digital is coming. Or maybe not, what do you think? >> You know, I think it's very interesting the way it's shifting across generations. I think that the generation, our generation before us are trying to take this millennial generation and put them in a box and saying follow my rules or else you're out and the millennial generations like make me. So it's not going to happen that way. They're going to actually drive the force of how technology is going to be created and how the business world is actually going to react and act towards them and how things are going to flow after them. And just wait for the following generation, things are going to be a lot looser. >> So you think there's going to be some massive change being shifted from their expectations. >> Shira: Correct. Correct. Yes. >> Well, I feel like millennials are in for a great awakening because now they don't have a ton to lose. >> Shira: Yes. >> As they get older and accrue more wealth. >> John: Well millennials are generally lazy, right? (laughter) >> You've got to be careful when you say that. >> As my son would say, they're smart or they're lazy. >> They're the make me generation. >> Exactly >> Alright, fine. Be careful what you wish for. But is there a gamification involved. The psychology of getting humans to behave the way that you need them to behave in order to have good security practices. >> Yes, no I think that's a great question. I think that based on what the millennials are doing now and how the shift is happening through the gen x and millennials kind of intertwining the businesses and the way technology is created and moved forward. I think that it's going to somehow have to combine forces. I think there's going to have to be a little give and take. And I think as time progresses and things mature that it's going to be understood and it's going to be adapted by them and adopted by them, as well. >> So, talk a little bit more about your company. MySocial ... >> Shira: SecureMySocial, yes. >> What does it do? How does it help solve some of these issues? >> So SecureMySocial is just technology assisted self monitoring tool for employers to give employees to self monitor across social media, based on compliance and regulations of the organization. With real time warnings and auto-delete capabilities. Basically, the organization would buy it. Based on where a person would fall in the organization there will be specific rules set to apply to them. Whether it being group rule sets for C level people, marketing and the like, you don't want false positives. And they the people themselves would get a real time warning to their known device. But I will back track a little bit because most organizations, if not all today have certain criteria. What you can and can't do across social media. But the most of the problems, if not 98 or more percent of data loss or reputation happen outside of the office. It happens on lunch breaks, vacations, weekends. We can't monitor peoples personal accounts. So we're making the users themselves, they would get the real time warnings. There's nothing to download, nothing to install. They don't give over any personal information, yet they're protected and we're able to keep it across the whole thing. >> So it's an insurance policy for the employee saying, look here's a little notification because you know that if you say that drunk tweet, let's get real right or do something that's at a concert ... >> The CFO of Twitter mistakenly tweeted out the earnings of Twitter instead of doing a direct tweet. Things happen, mistakes happen. It's the human factors of it all. >> Dave: And your technology could have stopped that? >> We could have stopped it, we could have actually auto deleted it before it even went out. >> It's almost, I don't know if it's happening on the west coast, but around where I live there's all these ... There's speed signs going up. Tells you how fast you're going. >> It's like that angel on your shoulder saying, do you really want to do this? >> It might be 25 and you see it and you go, you're going too fast and it's flashing and you slow down, and it actually works. >> We use ways in California that's more ... >> It lets you know where the cops are. (John laughing) >> There's no cops! There's no cops around. >> I know that's the same, it's just more effective. You get there faster, you don't ... >> If you don't mind I'd like to ... >> It's this subliminal message, says hey whoa yo slow down. >> Like that angel on your shoulder tapping you on the shoulder letting you know. >> Like you said, it's the good angel. >> Now I just wanted to mention also a new venture actually launching at the end of the month. It's called Prime Tech Partners. We're an incubator here in New York City. Near the flat iron district. We're going to be launching the end of November. Focusing on augmented reality, cyber security, information security and e-commerce. Opening up to start-ups. And please check it out, Prime Tech Partners. >> Shira you did some great work, I got to ask you the question because start-ups are the canary in the coal mine. >> Shira: Yup. >> They'll tell you kind of what's happening, give you a barometer. What is going on in the start-up areas around security because there's now a range, diverse range opportunities from lock chain all the way to enterprise. >> Sheri: Sure. >> So, and everything in between. What's the chirping happening in the mines of the start-ups as they create new ventures. >> Well it's interesting because when you talk about what's out there we talk about almost like an umbrella. Sometimes people would put cyber security over the whole umbrella and then fit artificial intelligence, augmented reality, virtual reality, blockchain. Everything kind of falls under there. So, you know it's actually moving along with the system. There's a lot of artificial intelligences making a big play. IoT world, there's quite a bit of technology coming out there. All finding the whole problems and if you look at everything there's a lot of the human aspects of information security that they have to take into account when developing and when pushing it out because at the end of the day, it's all social engineering. It's the human factor, whatever you're creating. >> And we're seeing the same thing on theCUBE entries. We go to hundreds of shows a year. The trend is every part of the stack is impacted by this. >> Shira: Exactly. >> At the infrastructure low level, from multi factor authentication all the way up to Docker and Cooper and Eddies at the dev ops level, the app level. To wearables ... >> Well, wearables certainly. Right? Gaining some ones information. >> John: Geo information. >> Right. Well, here was an interesting ... I went into, I have a law firm that contacted me. They wanted me to some consulting for them. They implement this most beautiful, high-tech, gorgeous office. So I was in there talking to some of the partners and they were plugging in their new smart TV's and their smart fridges. Everything into their network. You don't have breech their network to get their information, we'll breech Sony! You breech into Sony, whatever whoever the manufacturer of the TV, the fridge, whatever it is. They're thinking IoT, well they can gain access into that law firm, gain information and just take all that information and utilize that. So there's so much thought to be put around even the IoT world, artificial intelligence. The human factor takes a step back. >> If it's a network device it can be hacked. >> Exactly. Yes. >> So is part of your mission just to make people aware of humans role in bad security practices? Is that a big part of this? >> Shira: Yes. >> This sort of shining a light on it. >> Yes, I think there's almost like a stop and pause. When you're creating a technology, whatever it is, and people are looking, Oh I'm going to make this stronger. I'm going to make this better, I'm going to make this faster. Oh here let me put another control over it, and here's another control, and by the way they have to go around this and do five things, we're going to have the best thing out there. They're not going to use it, they're going to break it and circumvent it. Stop, there's a person there. How are we going to make the person use this to the best capacity? How's it going to be strong without giving them all those extra layers? Anything you're doing, there's a person there. You got to stop and think and figure out how to utilize the best way. >> Shira, give us some predictions for next year, the end of the year, so predictions are coming. We had our meeting this week, or last week on our predictions, so we're going to put you in the hot seat. Your predictions for next year. Hot trends you expect to see. What are you expecting? What's your prediction for next year? Well, I think IoT is going to take a big forefront. Especially with the smarter cities, the smarter homes. As you're talking about the wearables. Artificial intelligence is going to kind of play into that as well, but I think the people are very excited about becoming let's quote unquote smart, no extra steps, right? When you have the no extra steps, remember you're opening yourself up for something, do it smart. But IoT is really expanding itself into every infrastructure whether it being utilizing, engineering. Whether it being cities itself, whether it being homes. And the wearables are also ... If you look at what's going on with Fitbit, then you have the next Apple and then there's something else every other day that you could put on yourself and you could get any information that you want. >> So people are connecting the IoT to the industrial side of their analog to digital. >> Exactly. Yes. Yes. And I think that's going to become a forefront in the next year. >> Right. What do you think of the event here, so far? >> I think the event is terrific. We've had some amazing speakers here and I think they're all highlighting the fact that we have to share expertise and really come together to bypass the problems that are out there and work as a unit, and certainly Centrify is doing a great job here. I'm very happy to be here. >> Great. Well, good luck with everything next year. Thanks for coming on theCUBE, we really appreciate it. >> Shira: Thank you. Happy to be here. That was commentary, great analysis. An opinion here on theCUBE, here at Centrify's event that they're underwriting for the industry as an industry event called CyberConnect presented by Centrify. I'm John Furrier with Dave Vellante, stay tuned for more live coverage here in New York City after this short break. (electronic music)

>> Announcer: Live from Washington, DC it's theCube covering .conf 2017 brought to you by Splunk. >> Welcome back here on theCube the flagship broadcast for Silicon Angle TV, glad to have you here at .conf 2017 along with Dave Vellante, John Walls. We are live in Washington, DC and balmy Washington, DC. It's like 88 here today, really hot. >> It's cooler here than it is in Boston, I here. >> Yeah, right, but we're not used to it this time of year. Brad Medairy now joins us he's an SVP at Booz Allen Hamilton and Brad, thank you for being with us. >> Dave: And another Redskins fan I heard. >> Another Redskins fan. >> It was a big night wasn't it? Sunday night, I mean we haven't had many of those in the last decade or so. >> Yeah, yeah, I became a Redskins fan in 1998 and unfortunately a little late after the three or four superbowls. >> John: That's a long dry spell, yeah. >> Are you guys Nats fans? >> Oh, huge Nats fan, I don't know, how about Brad, I don't want to speak for you. >> I've got a soft spot in my heart for the Nats, what's the story with that team? >> Well, it's just been post-season disappointment, but this year. >> This is the year. >> This is the year, although-- >> Hey, if the Redsox and the Cubs can do it. >> I hate to go down the path, but Geos worry me a little bit, but we can talk about it offline. >> Brad: Yeah, let's not talk about DC Sports. >> Three out of five outings now have not been very good, but anyway let's take care of what we can. Cyber, let's talk a little cyber here. I guess that's your expertise, so pretty calm, nothing going on these days, right? >> It's a boring field, you know? Boring field, yeah. >> A piece of cake. So you've got clients private sector, public sector, what's kind of the cross-pollination there? I mean, what are there mutual concerns, and what do you see from them in terms of common threats? >> Yeah, so at Booz Allen we support both federal and commercial clients, and we have a long history in cyber security kind of with deep roots in the defense and the intelligence community, and have been in the space for years. What's interesting is I kind of straddle both sides of the fence from a commercial and a federal perspective, and the commercial side, some of the major breaches really force a lot of these organizations to quickly get religion, and early on everything was very compliance driven and now it's much more proactive and the need to be much more both efficient and effective. The federal space is, I think in many cases, catching up, and so I've done a lot of work across .mil and there's been a lot of investment across .mil, and very secure, .gov, you know, is still probably a fast follower, and one of the things that we're doing is bringing a lot of commercial best practices into the government space and the government's quickly moving from a compliance-based approach to cyber security to much more proactive, proactive defense. >> Can you get, it's almost like a glacier sometimes, right, I mean there's a legacy mindset, in a way, that government does it's business, but I would assume that events over the past year or two have really prompted them along a little bit more. >> I mean there's definitely been some highly publicized events around breaches across .gov, and I think there's a lot of really progressive programs out there that are working to quickly you know, remediate a lot of these issues. One of the programs we're involved in is something called CDM that's run out of DHS, Continuous Diagnostic and Mitigation, and it's a program really designed to up-armor .gov, you know to increase situational awareness and provide much more proactive reporting so that you can get real-time information around events and postures of the network, so I think there's a lot of exciting activities and I think DHS and partnership with the federal agencies is really kind of spearheading that. >> So if we can just sort of lay out the situation in the commercial world and see how it compares to what's going on in gov. Product creep, right, there's dozens and dozens and dozens of products that have been installed, security teams are just sort of overwhelmed, overworked, response is too slow, I've seen data from, whatever, 190 days to 350 days, to identify an infiltration, nevermind remediate it, and so, it's a challenge, so what's happening in your world and how can you guys help? >> Yeah, you know it's funny, I love going out to the RSA conference and, you know, I watch a lot of folks in the space, walking around with a shopping cart and they meet all these great vendors and they have all these shiny pebbles and they walk away with the silver bullet, right, and so if they implement this tool or technology, they're done, right? And I think we all know, that's not the case, and so over the years I think that we've seen a lot of, a lot of organizations, both federal and commercial, try to solve a lot of the problems through, you know, new technology solutions, whether it's the next best intrusion detection, or if it's endpoint, you know, the rage now is EDR, MDR, and so, but the problem is at the end of the day, the adversaries live in the seams, and in the world that I grew up in focused a lot around counter-terrorism. We took a data-centric approach to finding advanced adversaries, and one of the reasons that the Booz Allen has strategically partnered with Splunk is we believe that, you know, in a data-centric approach to cyber, and Splunk as a platform allows us to quickly integrate data, independent of the tools because the other thing with these tool ecosystems is all these tools work really well within their own ecosystem, but as soon as you start to mix and match best of breed tools and capabilities, they tend to not play well together. And so we use Splunk as that integration hub to bring together the data that allows us to bring our advanced trade-craft and tech-craft around hunting, understanding of the adversaries to be able to fuse that data and do advanced detection and help our clients be a lot more proactive. >> So cyber foresight is the service that you lead with? >> Yeah, you know, one of the things, having a company that's been, Booz Allen I think now is 103 years old, with obvious deep roots in the federal government, and so we have a pedigree in defense and intelligence, and we have a lot of amazing analysts, a lot of amazing, what we call, tech-craft, and what we did was, this was many many years ago, and we're probably one of the best kept secrets in threat intelligence, but after maybe five or six years ago when you started to see a lot of the public breaches in the financial services industry, a lot of the financial service clients came to us and said, "Hey, Booz Allen, you guys understand the threat, you understand actors, you understand TTPs, help educate us around what these adversaries are doing. Why are they doing it, how are they doing it, and how can we get out in front of it?" So the question has always been, you know, how can we be more proactive? And so we started a capability that we, or we developed a capability called cyber foresight where we provided some of our human intelligence analysts and applied them to open-source data and we were providing threat intelligence as a service. And what's funny is today you see a lot of the cyber threat intelligence landscape is fairly crowded, when I talk to clients they affectionately refer to people that provide threat intelligence as beltway book reporters, which I love. (laughter) But for us, you know, we've lived in that space for so many years we have the analysts, the scale, the tradecraft, the tools, the technologies, and we feel that we're really well positioned to be able to provide clients with the insights. You know, early on when we were working heavily in the financial services sector, the biggest challenge a lot of our clients had in threat intelligence was, what do I do with it? Okay, so you're going to send me, what we call a Spot Report, and so hey we know this nation-state actor with this advanced set of TTPs is targeting my organization, so what, right? I'm the CISO, I'm the CIO, should I resign? Should I jump out the window? (laughter) What do I do? I know these guys are coming after me, how do I actually operationalize that? And so what we've spent a lot of time thinking about and investing in is how to operationalize threat intelligence, and when we started, you kind of think of it as a pitcher and a catcher, right? You know, so the threat intelligence provider throws those insights, but the receiver needs to be able to catch that information, be able to put it in context, process it, and then operationalize it, implement it within their enterprise to be able to stop those advanced threats. And so one of the reasons that we gravitated toward Splunk, Splunk is a platform, Splunk is becoming really, in our mind, one of the defacto repositories for IT and cyber data across our client space, so when you take that, all those insights that Splunk has around the cyber posture and the infrastructure of an enterprise, and you overlay the threat intelligence with that, it gives us the ability to be able to quickly operationalize that intelligence, and so what does that mean? So, you know, when a security operator is sitting at a console, they're drowning in data, and, you know, analysts, we've investigated tons of commercial breaches and in most cases what we see is the analyst, at some point, had a blinking red light on their screen that was an indicator of that particular breach. The problem is, how do you filter through the noise? That's a problem that this whole industry, it's a signal to noise ratio issue. >> So you guys bring humans to that equation, human intelligence meets analytics and machine intelligence, and your adversary has evolved, and I wonder if you can talk about that, it's gone from sort of hacktivists to organized crime and nation-states, so they've become much more sophisticated. How have the humans sort of evolved as well that your bridge to bear? >> Yeah, I mean certainly the bear to entry is lower, and so now we're seeing ransomware as a service, we're seeing attacks on industrial control systems, on IOT devices, you know, financial services now is extremely concerned about building control systems because if you can compromise and build a control system you can get into potentially laterally move into the enterprise network. And so our analysts now not only are traditional intelligence analysts that understand adversaries and TTPs, but they also need to be technologists, they need to have reverse engineering experience, they need to be malware analysts, they need to be able to look at attack factors in TTPs to be able to put all the stuff in context, and again it goes back to being able to operationalize this intelligence to get value out of it quickly. >> They need to have imaginations, right? I mean thinking like the bad guys, I guess. >> Yeah, I mean we spend a lot of time, we've started up a new capability called Dark Labs and it's our way to be able to unlock some of those folks that think like bad guys and be able to unleash them to look at the world through a different lens, and be able to help provide clients insights into attack factors, new TTPs, and it's fascinating to watch those teams work. >> How does social media come into play here? Or is that a problem at all, or is that a consideration for you at all? >> Well, you know, when we look at a lot of attacks, what's kind of interesting with the space now is you look at nation-state and nation-state activists and they have sophisticated TTPs. In general they don't have to use them. Nation-states haven't even pulled out their quote "good stuff" yet because right now, for the most part they go with low-hanging fruit, low-hanging fruit being-- >> Just pushing the door open, right? >> Yeah, I mean, why try to crash through the wall when you can just, you know, the door's not locked? And so, you know, when you talk about things like social media whether it's phishing, whether it's malware injected in images, or on Facebook, or Twitter, you know, the majority of tacts are either driven through people, or driven through just unpatched systems. And so, you know, it's kind of cliche, but it really starts with policies, training of the people in your organization, but then also putting some more proactive monitoring in place to be able to kind of start to detect some of those more advanced signatures for some of the stuff that's happening in social media. >> It's like having the best security system in the world, but you left your front door unlocked. >> That's right, that's right. >> So I wonder if, Brad, I don't know how much you can say, but I wonder if you could comment just generally, like you said, we haven't seen their best pitch yet, we had Robert Gates on, and when I was interviewing him he said, "You know, we have great offensive posture and security, but we have to be super careful how we use it because when it comes to critical infrastructure we have the most to lose." And when you think about the sort of aftermath of Stuxnet, when basically the Iranians said hey we can do this too, what's the general sort of philosophy inside the beltway around offense versus defense? >> You know, I think from, that's a great question. From an offensive cyber perspective I think where the industry is going is how do you take offensive tradecraft and apply it to defensive? And so by that I mean, think about we take folks that have experience thinking like a bad guy, but unleash them in a security operation center to do things like advanced hunting, and so what they'll do is take large sets of data and start doing hypothesis driven analytics where they'll be able to kind of think like a bad guy and then they'll have developers or techies next to them building different types of analytics to try to take their mind and put it into an analytic that you can run over a set of data to see, hey, is there an actor on your network performing like that? And so I think we see in the space now a lot of focus around hunting and red teaming, and I think that's kind of the industry's way of trying to take some of that offensive mentality, but then apply it on the defensive side. >> Dave: It just acts like kind of Navy Seal operations in security. >> Right, right, yeah. I mean the challenge is there's a finite set of people in the world that really, truly have that level of tradecraft so the question is, how do you actually deliver that at any level of scale that can make a difference across this broader industry. >> So it's the quantity of those skill sets, and they always say that the amazing thing, again I come back to Stuxnet, was that the code was perfect. >> Brad: Yeah. >> The antivirus guy said, "We've never seen anything like that where the code is just perfect." And you're saying it's just a quantity of skills that enables that, that's how you know it's nation-state, obviously, something like that. >> Yeah, I mean the level of expertise, the skill set, the time it take to be able to mature that tradecraft is many many years, and so I think that when we can crack the bubble of how we can take that expertise, deliver it in a defensive way to provide unique insights that, and do that at scale because just taking one of those folks into an organization doesn't help the whole, right? How can you actually kind of operationalize that to be able to deliver that treadecraft through things like analytics as a service, through manage, detection, and response, at scale so that one person can influence many many organizations at one time. >> And, just before we go, so cyber foresight is available today, it's something you're going to market with. >> Yeah, we just partnered with Splunk, it's available as a part of Splunk ES, it's an add-on, and it provides our analysts the ability to provide insights and be able to operationalize that within Splunk, we're super excited about it and it's been a great partnership with Splunk and their ES team. >> Dave: So you guys are going to market together on this one. >> We are partnered, we're going to market together, and delivering the best of our tradecraft and our intelligence analysts with their platform and product. >> Dave: Alright, good luck with it. >> Hey, thank you, thank you very much, guys. >> Good pair, that's for sure, yeah. Thank you, Brad, for being with us here, and Monday night, let's see how it goes, right? >> Yeah, I'm optimistic. >> Very good, alright. Coach Brad Medairy joining us with his rundown on what's happening at Booz Allen. Back with more here on theCube, you're watching live .conf 2017.