>> We're back at the ARIA Las Vegas. We're covering CrowdStrike's Fal.Con 22. First one since 2019. Dave Vellante and Dave Nicholson on theCUBE. Adam Meyers is here, he is the Senior Vice President of Intelligence at CrowdStrike. Adam, thanks for coming to theCUBE. >> Thanks for having me. >> Interesting times, isn't it? You're very welcome. Senior Vice President of Intelligence, tell us what your role is. >> So I run all of our intelligence offerings. All of our analysts, we have a couple hundred analysts that work at CrowdStrike tracking threat actors. There's 185 threat actors that we track today. We're constantly adding more of them and it requires us to really have that visibility and understand how they operate so that we can inform our other products: our XDR, our Cloud Workload Protections and really integrate all of this around the threat actor. >> So it's that threat hunting capability that CrowdStrike has. That's what you're sort of... >> Well, so think of it this way. When we launched the company 11 years ago yesterday, what we wanted to do was to tell customers, to tell people that, well, you don't have a malware problem, you have an adversary problem. There are humans that are out there conducting these attacks, and if you know who they are what they're up to, how they operate then you're better positioned to defend against them. And so that's really at the core, what CrowdStrike started with and all of our products are powered by intelligence. All of our services are our OverWatch and our Falcon complete, all powered by intelligence because we want to know who the threat actors are and what they're doing so we can stop them. >> So for instance like you can stop known malware. A lot of companies can stop known malware, but you also can stop unknown malware. And I infer that the intelligence is part of that equation, is that right? >> Absolutely. That that's the outcome. That's the output of the intelligence but I could also tell you who these threat actors are, where they're operating out of, show you pictures of some of them, that's the threat intel. We are tracking down to the individual persona in many cases, these various threats whether they be Chinese nation state, Russian threat actors, Iran, North Korea, we track as I said, quite a few of these threats. And over time, we develop a really robust deep knowledge about who they are and how they operate. >> Okay. And we're going to get into some of that, the big four and cyber. But before we do, I want to ask you about the eCrime index stats, the ECX you guys call it a little side joke for all your nerds out there. Maybe you could explain that Adam >> Assembly humor. >> Yeah right, right. So, but, what is that index? You guys, how often do you publish it? What are you learning from that? >> Yeah, so it was modeled off of the Dow Jones industrial average. So if you look at the Dow Jones it's a composite index that was started in the late 1800s. And they took a couple of different companies that were the industrial component of the economy back then, right. Textiles and railroads and coal and steel and things like that. And they use that to approximate the overall health of the economy. So if you take these different stocks together, swizzle 'em together, and figure out some sort of number you could say, look, it's up. The economy's doing good. It's down, not doing so good. So after World War II, everybody was exuberant and positive about the end of the war. The DGI goes up, the oil crisis in the seventies goes down, COVID hits goes up, sorry, goes down. And then everybody realizes that they can use Amazon still and they can still get the things they need goes back up with the eCrime index. We took that approach to say what is the health of the underground economy? When you read about any of these ransomware attacks or data extortion attacks there are criminal groups that are working together in order to get things spammed out or to buy credentials and things like that. And so what the eCrime index does is it takes 24 different observables, right? The price of a ransom, the number of ransom attacks, the fluctuation in cryptocurrency, how much stolen material is being sold for on the underground. And we're constantly computing this number to understand is the eCrime ecosystem healthy? Is it thriving or is it under pressure? And that lets us understand what's going on in the world and kind of contextualize it. Give an example, Microsoft on patch Tuesday releases 56 vulnerabilities. 11 of them are critical. Well guess what? After hack Tuesday. So after patch Tuesday is hack Wednesday. And so all of those 11 vulnerabilities are exploitable. And now you have threat actors that have a whole new array of weapons that they can deploy and bring to bear against their victims after that patch Tuesday. So that's hack Wednesday. Conversely we'll get something like the colonial pipeline. Colonial pipeline attack May of 21, I think it was, comes out and all of the various underground forums where these ransomware operators are doing their business. They freak out because they don't want law enforcement. President Biden is talking about them and he's putting pressure on them. They don't want this ransomware component of what they're doing to bring law enforcement, bring heat on them. So they deplatform them. They kick 'em off. And when they do that, the ransomware stops being as much of a factor at that point in time. And the eCrime index goes down. So we can look at holidays, and right around Thanksgiving, which is coming up pretty soon, it's going to go up because there's so much online commerce with cyber Monday and such, right? You're going to see this increase in online activity; eCrime actors want to take advantage of that. When Christmas comes, they take vacation too; they're going to spend time with their families, so it goes back down and it stays down till around the end of the Russian Orthodox Christmas, which you can probably extrapolate why that is. And then it goes back up. So as it's fluctuating, it gives us the ability to really just start tracking what that economy looks like. >> Realtime indicator of that crypto. >> I mean, you talked about, talked about hack Wednesday, and before that you mentioned, you know, the big four, and I think you said 185 threat actors that you're tracking, is 180, is number 185 on that list? Somebody living in their basement in their mom's basement or are the resources necessary to get on that list? Such that it's like, no, no, no, no. this is very, very organized, large groups of people. Hollywood would have you believe that it's guy with a laptop, hack Wednesday, (Dave Nicholson mimics keyboard clacking noises) and everything done. >> Right. >> Are there individuals who are doing things like that or are these typically very well organized? >> That's a great question. And I think it's an important one to ask and it's both it tends to be more, the bigger groups. There are some one-off ones where it's one or two people. Sometimes they get big. Sometimes they get small. One of the big challenges. Have you heard of ransomware as a service? >> Of course. Oh my God. Any knucklehead can be a ransomwarist. >> Exactly. So we don't track those knuckleheads as much unless they get onto our radar somehow, they're conducting a lot of operations against our customers or something like that. But what we do track is that ransomware as a service platform because the affiliates, the people that are using it they come, they go and, you know, it could be they're only there for a period of time. Sometimes they move between different ransomware services, right? They'll use the one that's most useful for them that that week or that month, they're getting the best rate because it's rev sharing. They get a percentage that platform gets percentage of the ransom. So, you know, they negotiate a better deal. They might move to a different ransomware platform. So that's really hard to track. And it's also, you know, I think more important for us to understand the platform and the technology that is being used than the individual that's doing it. >> Yeah. Makes sense. Alright, let's talk about the big four. China, Iran, North Korea, and Russia. Tell us about, you know, how you monitor these folks. Are there different signatures for each? Can you actually tell, you know based on the hack who's behind it? >> So yeah, it starts off, you know motivation is a huge factor. China conducts espionage, they do it for diplomatic purposes. They do it for military and political purposes. And they do it for economic espionage. All of these things map to known policies that they put out, the Five Year Plan, the Made in China 2025, the Belt and Road Initiative, it's all part of their efforts to become a regional and ultimately a global hegemon. >> They're not stealing nickels and dimes. >> No they're stealing intellectual property. They're stealing trade secrets. They're stealing negotiation points. When there's, you know a high speed rail or something like that. And they use a set of tools and they have a set of behaviors and they have a set of infrastructure and a set of targets that as we look at all of these things together we can derive who they are by motivation and the longer we observe them, the more data we get, the more we can get that attribution. I could tell you that there's X number of Chinese threat groups that we track under Panda, right? And they're associated with the Ministry of State Security. There's a whole other set. That's too associated with the People's Liberation Army Strategic Support Force. So, I mean, these are big operations. They're intelligence agencies that are operating out of China. Iran has a different set of targets. They have a different set of motives. They go after North American and Israeli businesses right now that's kind of their main operation. And they're doing something called hack and lock and leak. With a lock and leak, what they're doing is they're deploying ransomware. They don't care about getting a ransom payment. They're just doing it to disrupt the target. And then they're leaking information that they steal during that operation that brings embarrassment. It brings compliance, regulatory, legal impact for that particular entity. So it's disruptive >> The chaos creators that's.. >> Well, you know I think they're trying to create a they're trying to really impact the legitimacy of some of these targets and the trust that their customers and their partners and people have in them. And that is psychological warfare in a certain way. And it, you know is really part of their broader initiative. Look at some of the other things that they've done they've hacked into like the missile defense system in Israel, and they've turned on the sirens, right? Those are all things that they're doing for a specific purpose, and that's not China, right? Like as you start to look at this stuff, you can start to really understand what they're up to. Russia very much been busy targeting NATO and NATO countries and Ukraine. Obviously the conflict that started in February has been a huge focus for these threat actors. And then as we look at North Korea, totally different. They're doing, there was a major crypto attack today. They're going after these crypto platforms, they're going after DeFi platforms. They're going after all of this stuff that most people don't even understand and they're stealing the crypto currency and they're using it for revenue generation. These nuclear weapons don't pay for themselves, their research and development don't pay for themselves. And so they're using that cyber operation to either steal money or steal intelligence. >> They need the cash. Yeah. >> Yeah. And they also do economic targeting because Kim Jong Un had said back in 2016 that they need to improve the lives of North Koreans. They have this national economic development strategy. And that means that they need, you know, I think only 30% of North Korea has access to reliable power. So having access to clean energy sources and renewable energy sources, that's important to keep the people happy and stop them from rising up against the regime. So that's the type of economic espionage that they're conducting. >> Well, those are the big four. If there were big five or six, I would presume US and some Western European countries would be on there. Do you track, I mean, where United States obviously has you know, people that are capable of this we're out doing our thing, and- >> So I think- >> That defense or offense, where do we sit in this matrix? >> Well, I think the big five would probably include eCrime. We also track India, Pakistan. We track actors out of Columbia, out of Turkey, out of Syria. So there's a whole, you know this problem is getting worse over time. It's proliferating. And I think COVID was also, you know a driver there because so many of these countries couldn't move human assets around because everything was getting locked down. As machine learning and artificial intelligence and all of this makes its way into the cameras at border and transfer points, it's hard to get a human asset through there. And so cyber is a very attractive, cheap and deniable form of espionage and gives them operational capabilities, not, you know and to your question about US and other kind of five I friendly type countries we have not seen them targeting our customers. So we focus on the threats that target our customers. >> Right. >> And so, you know, if we were to find them at a customer environment sure. But you know, when you look at some of the public reporting that's out there, the malware that's associated with them is focused on, you know, real bad people, and it's, it's physically like crypted to their hard drive. So unless you have sensor on, you know, an Iranian or some other laptop that might be target or something like that. >> Well, like Stuxnet did. >> Yeah. >> Right so. >> You won't see it. Right. See, so yeah. >> Well Symantec saw it but way back when right? Back in the day. >> Well, I mean, if you want to go down that route I think it actually came from a company in the region that was doing the IR and they were working with Symantec. >> Oh, okay. So, okay. So it was a local >> Yeah. I think Crisis, I think was the company that first identified it. And then they worked with Symantec. >> It Was, they found it, I guess, a logic controller. I forget what it was. >> It was a long time ago, so I might not have that completely right. >> But it was a seminal moment in the industry. >> Oh. And it was a seminal moment for Iran because you know, that I think caused them to get into cyber operations. Right. When they realized that something like that could happen that bolstered, you know there was a lot of underground hacking forums in Iran. And, you know, after Stuxnet, we started seeing that those hackers were dropping their hacker names and they were starting businesses. They were starting to try to go after government contracts. And they were starting to build training offensive programs, things like that because, you know they realized that this is an opportunity there. >> Yeah. We were talking earlier about this with Shawn and, you know, in the nuclear war, you know the Cold War days, you had the mutually assured destruction. It's not as black and white in the cyber world. Right. Cause as, as Robert Gates told me, you know a few years ago, we have a lot more to lose. So we have to be somewhat, as the United States, careful as to how much of an offensive posture we take. >> Well here's a secret. So I have a background on political science. So mutually assured destruction, I think is a deterrent strategy where you have two kind of two, two entities that like they will destroy each other if they so they're disinclined to go down that route. >> Right. >> With cyber I really don't like that mutually assured destruction >> That doesn't fit right. >> I think it's deterrents by denial. Right? So raising the cost, if they were to conduct a cyber operation, raising that cost that they don't want to do it, they don't want to incur the impact of that. Right. And think about this in terms of a lot of people are asking about would China invade Taiwan. And so as you look at the cost that that would have on the Chinese military, the POA, the POA Navy et cetera, you know, that's that deterrents by denial, trying to, trying to make the costs so high that they don't want to do it. And I think that's a better fit for cyber to try to figure out how can we raise the cost to the adversary if they operate against our customers against our enterprises and that they'll go someplace else and do something else. >> Well, that's a retaliatory strike, isn't it? I mean, is that what you're saying? >> No, definitely not. >> It's more of reducing their return on investment essentially. >> Yeah. >> And incenting them- disincening them to do X and sending them off somewhere else. >> Right. And threat actors, whether they be criminals or nation states, you know, Bruce Lee had this great quote that was "be like water", right? Like take the path of least resistance, like water will. Threat actors do that too. So, I mean, unless you're super high value target that they absolutely have to get into by any means necessary, then if you become too hard of a target, they're going to move on to somebody that's a little easier. >> Makes sense. Awesome. Really appreciate your, I could, we'd love to have you back. >> Anytime. >> Go deeper. Adam Myers. We're here at Fal.Con 22, Dave Vellante, Dave Nicholson. We'll be right back right after this short break. (bouncy music plays)

>>And welcome back to the cubes coverage of a, of us. Reinforc here in Boston, Massachusetts. I'm John furrier. We're here for a great interview on the next generation topic of state of industrial security. We have two great guests, Tim Jefferson, senior vice president data network and application security at Barracuda. And Cenon Aron vice president of zero trust engineering at Barracuda. Gentlemen. Thanks for coming on the queue. Talk about industrial security. >>Yeah, thanks for having us. >>So one of the, one of the big things that's going on, obviously you got zero trust. You've got trusted, trusted software supply chain challenges. You've got hardware mattering more than ever. You've got software driving everything, and all this is talking about industrial, you know, critical infrastructure. We saw the oil pipeline had a hack and ransomware attack, and that's just constant barrage of threats in the industrial area. And all the data is pointing to that. This area is gonna be fast growth machine learning's kicking in automation is coming in. You see a huge topic, huge growth trend. What is the big story going on here? >>Yeah, I think at a high level, you know, we did a survey and saw that, you know, over 95% of the organizations are experiencing, you know, security challenges in this space. So, you know, the blast radius in the, of the, the interface that this creates so many different devices and things and objects that are getting network connected now create a huge challenge for security teams to kind of get their arms around that. >>Yeah. And I can add that, you know, majority of these incidents that, that these organizations suffer lead to significant downtime, right? And we're talking about operational technology here, you know, lives depend on, on these technologies, right? Our, our wellbeing everyday wellbeing depend on those. So, so that is a key driver of initiatives and projects to secure industrial IOT and operational technologies in, in these businesses. >>Well, it's great to have both of you guys on, you know, Tim, you know, you had a background at AWS and sit on your startup, founder, soldier, coming to Barracuda, both very experienced, seeing the ways before in this industry. And I'd like to, if you don't mind talk about three areas, remote access, which we've seen in huge demand with, with the pandemic and the out, coming out with the hybrid and certainly industrial, that's a big part of it. And then secondly, that the trend of clear commitment from enterprises to have in a public cloud component, and then finally the secure access edge, you know, with SAS business models, securing these things, these are the three hot areas let's go into the first one, remote access. Why is this important? It seems that this is the top priority for having immediate attention on what's the big challenge here? Is it the most unsecure? Is it the most important? What, why is this relevant? >>So now I'll let you jump in there. >>Yeah, sure. Happy to. I mean, if you think about it, especially now, we've been through a, a pandemic shelter in place cycle for almost two years. It, it becomes essentially a business continuity matter, right? You do need remote access. We also seen a tremendous shift in hiring the best talent, wherever they are, right. Onboarding them and bringing the talent into, into, into, into businesses that have maybe a lot more distributed environments than traditionally. So you have to account for remote access in every part of everyday life, including industrial technologies, you need remote support, right? You need vendors that might be overseas providing you, you know, guidance and support for these technologies. So remote support is every part of life. Whether you work from home, you work on your, on the go, or you are getting support from a vendor that happens to be in Germany, you know, teleporting into your environment in Hawaii. You know, all these things are essentially critical parts of everyday life. Now >>Talk about ZT and a zero trust network access is a, this is a major component for companies. Obviously, you know, it's a position taking trust and verifies. One other approach, zero trust is saying, Hey, I don't trust you. Take us through why that's important. Why is zero trust network access important in this area? >>Yeah. I mean, I could say that traditionally remote access, if you think about infancy of the internet in the nineties, right? It was all about encryption in, in transit, right? You were all about internet was vastly clear text, right? We didn't have even SSL TLS, widely distributed and, and available. So when VPNs first came out, it was more about preventing sniffing, clear tech clear text information from, from, from the network, right? It was more about securing the, the transport, but now that kind of created a, a big security control gap, which implicitly trusted user users, once they are teleported into a remote network, right? That's the essence of having a remote access session you're brought from wherever you are into an internal network. They implicitly trust you that simply breakdown over time because you are able to compromise end points relatively easily using browser exploits. >>You know, so, so for supply chain issues, water hole attacks, and leverage the existing VPN tunnels to laterally move into the organization from within the network, you literally move in further and further and further down, you know, down the network, right? So the VPN needed a, a significant innovation. It was meant to be securing packets and transit. It was all about an encryption layer, but it had an implicit trust problem with zero trust. We turn it into an explicit trust problem, right? Explicit trust concept, ideally. Right? So you are, who do you say you are? And you are authorized to access only to things that you need to access to get the work done. >>So you're talking about granular levels versus the one time database look up you're in >>That's right. >>Tim, talk about the OT it side of this equation of industrial, because it, you know, is IP based, networking, OT have been purpose built, you know, maybe some proprietary technology yeah. That connects to the internet internet, but it's mainly been secure. Those have come together over the years and now with no perimeter security, how is this world evolving? Because there's gonna be more cloud there, be more machine learning, more hybrid on premise, that's going on almost a reset if you will. I mean, is it a reset? What's the, what's the situation. >>Yeah. I think, you know, in typical human behavior, you know, there's a lot of over rotation going on. You know, historically a lot of security controls are all concentrated in a data center. You know, a lot of enterprises had very large sophisticated well-established security stacks in a data center. And as those applications kind of broke down and, and got rearchitected for the cloud, they got more modular, they got more distributed that centralized security stack became an anti pattern. So now this kind of over rotation, Hey, let's take this stack and, and put it up in the cloud. You know, so there's lots of names for this secure access, service edge, you know, secure service edge. But in the end, you know, you're taking your controls and, and migrating them into the cloud. And, you know, I think ultimately this creates a great opportunity to embrace some of security, best practices that were difficult to do in some of the legacy architectures, which is being able to push your controls as far out to the edge as possible. >>And the interesting thing about OT and OT now is just how far out the edge is, right? So instead of being, you know, historically it was the branch or user edge, remote access edge, you know, Syon mentioned that you, you have technologies that can VPN or bring those identities into those networks, but now you have all these things, you know, partners, devices. So it's the thing, edge device edge, the user edge. So a lot more fidelity and awareness around who users are. Cause in parallel, a lot of the IDP and I IBM's platforms have really matured. So marrying those concepts of this, this lot of maturity around identity management yeah. With device in and behavior management into a common security framework is really exciting. But of course it's very nascent. So people are, it's a difficult time getting your arms around >>That. It's funny. We were joking about the edge. We just watching the web telescope photos come in the deep space, the deep edge. So the edge is continuing to be pushed out. Totally see that. And in fact, you know, one of the things we're gonna, we're gonna talk about this survey that you guys had done by an independent firm has a lot of great data. I want to unpack that, but one of the things that was mentioned in there, and I'll get, I wanna get your both reaction to this is that virtually all organizations are committing to the public cloud. Okay. I think it was like 96% or so was the stat. And if you combine in that, the fact that the edge is expanding, the cloud model is evolving at the edge. So for instance, a building, there's a lot behind it. You know, how far does it go? So we don't and, and what is the topology because the topology seem to change too. So there's this growth and change where we need cloud operations, DevOps at, at the edge and the security, but it's changing. It's not pure cloud, but it's cloud. It has to be compatible. What's your reaction to that, Tim? I mean, this is, this is a big part of the growth of industrial. >>Yeah. I think, you know, if you think about, there's kind of two exciting developments that I would think of, you know, obviously there's this increase to the surface area, the tax surface areas, people realize, you know, it's not just laptops and devices and, and people that you're trying to secure, but now they're, you know, refrigerators and, you know, robots and manufacturing floors that, you know, could be compromised, have their firmware updated or, you know, be ransomware. So this a huge kind of increase in surface area. But a lot of those, you know, industrial devices, weren't built around the concept with network security. So kind of bolting on, on thinking through how can you secure who and what ultimately has access to those, to those devices and things. And where is the control framework? So to your point, the control framework now is typically migrated now into public cloud. >>These are custom applications, highly distributed, highly available, very modular. And then, you know, so how do you, you know, collect the telemetry or control information from these things. And then, you know, it creates secure connections back into these, these control applications, which again, are now migrated to public cloud. So you have this challenge, you know, how do you secure? We were talking about this last time we discussed, right. So how do you secure the infrastructure that I've, I've built in deploying now, this control application and in public cloud, and then connect in with this, this physical presence that I have with these, you know, industrial devices and taking telemetry and control information from those devices and bringing it back into the management. And this kind marries again, back into the remote axis that Sunan was mentioning now with this increase awareness around the efficacy of ransomware, we are, you know, we're definitely seeing attackers going after the management frameworks, which become very vulnerable, you know, and they're, they're typically just unprotected web applications. So once you get control of the management framework, regardless of where it's hosted, you can start moving laterally and, and causing some damage. >>Yeah. That seems to be the common thread. So no talk about, what's your reaction to that because, you know, zero trust, if it's evolving and changing, you, you gotta have zero trust you. I didn't even know it's out there and then it gets connected. How do you solve that problem? Cuz you know, there's a lot of surface area that's evolving all the OT stuff and the new, it, what's the, what's the perspective and posture that the clients your clients are having and customers. Well, >>I, I think they're having this conversation about further mobilizing identity, right? We did start with, you know, user identity that become kind of the first foundational building block for any kind of zero trust implementation. You work with, you know, some sort of SSO identity provider, you get your, you sync with your user directories, you have a single social truth for all your users. >>You authenticate them through an identity provider. However that didn't quite cut it for industrial OT and OT environments. So you see like we have the concept of hardware machines, machine identities now become an important construct, right? The, the legacy notion of being able to put controls and, and, and, and rules based on network constructs doesn't really scale anymore. Right? So you need to have this concept of another abstraction layer of identity that belongs to a service that belongs to an application that belongs to a user that belongs to a piece of hardware. Right. And then you can, yeah. And then you can build a lot more, of course, scalable controls that basically understand the, the trust relation between these identities and enforce that rather than trying to say this internal network can talk to this other internal network through a, through a network circuit. No, those things are really, are not scalable in this new distributed landscape that we live in today. So identity is basically going to operationalize zero trust and a lot more secure access going forward. >>And that's why we're seeing the sassy growth. Right. That's a main piece of it. Is that what you, what you're seeing too? I mean, that seems to be the, the approach >>I think like >>Go >>Ahead to, yeah. I think like, you know, sassy to me is really about, you know, migrating and moving your security infrastructure to the cloud edge, you know, as we talked to the cloud, you know, and then, you know, do you funnel all ingress and egress traffic through this, you know, which is potentially an anti pattern, right? You don't wanna create, you know, some brittle constraint around who and what has access. So again, a security best practices, instead of doing all your enforcement in one place, you can distribute and push your controls out as far to the edge. So a lot of SASI now is really around centralizing policy management, which is the big be one of the big benefits is instead of having all these separate management plans, which always difficult to be very federated policy, right? You can consolidate your policy and then decide mechanism wise how you're gonna instrument those controls at the edge. >>So I think that's the, the real promise of, of the, the sassy movement and the, I think the other big piece, which you kind of touched on earlier is around analytics, right? So it creates an opportunity to collect a whole bunch of telemetry from devices and things, behavior consumption, which is, which is a big, common, best practice around once you have SA based tools that you can instrument in a lot of visibility and how users and devices are behaving in being operated. And to Syon point, you can marry that in with their identity. Yeah. Right. And then you can start building models around what normal behavior is and, you know, with very fine grain control, you can, you know, these types of analytics can discover things that humans just can't discover, you know, anomalous behavior, any kind of indicators are compromised. And those can be, you know, dynamic policy blockers. >>And I think sun's point about what he was talking about, talks about the, the perimeters no longer secure. So you gotta go to the new way to do that. Totally, totally relevant. I love that point. Let me ask you guys a question on the, on the macro, if you don't mind, how concerned are you guys on the current threat landscape in the geopolitical situation in terms of the impact on industrial IOT in this area? >>So I'll let you go first. Yeah. >>I mean, it's, it's definitely significantly concerning, especially if now with the new sanctions, there's at least two more countries being, you know, let's say restricted to participate in the global economic, you know, Mar marketplace, right? So if you look at North Korea as a pattern, since they've been isolated, they've been sanctioned for a long time. They actually double down on rents somewhere to even fund state operations. Right? So now that you have, you know, BES be San Russia being heavily sanctioned due to due to their due, due to their activities, we can envision more increase in ransomware and, you know, sponsoring state activities through illegal gains, through compromising, you know, pipelines and, you know, industrial, you know, op operations and, and seeking large payouts. So, so I think the more they will, they're ized they're pushed out from the, from the global marketplace. There will be a lot more aggression towards critical infrastructure. >>Oh yeah. I think it's gonna ignite more action off the books, so to speak as we've seen. Yeah. We've >>Seen, you know, another point there is, you know, Barracuda also runs a, a backup, you know, product. We do a, a purpose built backup appliance and a cloud to cloud backup. And, you know, we've been running this service for over a decade. And historically the, the amount of ransomware escalations that we got were very slow, you know, is whenever we had a significant one, helping our customers recover from them, you know, you know, once a month, but over the last 18 months, this is routine now for us, this is something we deal with on a daily basis. And it's becoming very common. You know, it's, it's been a well established, you know, easily monetized route to market for the bad guys. And, and it's being very common now for people to compromise management planes, you know, they use account takeover. And the first thing they're doing is, is breaking into management planes, looking at control frameworks. And then first thing they'll do is delete, you know, of course the backups, which this sort of highlights the vulnerability that we try to talk to our customers about, you know, and this affects industrial too, is the first thing you have to do is among other things, is, is protect your management planes. Yeah. And putting really fine grain mechanisms like zero trust is, is a great, >>Yeah. How, how good is backup, Tim, if you gets deleted first is like no backup. There it is. So, yeah. Yeah. Air gaping. >>I mean, obviously that's kinda a best practice when you're bad guys, like go in and delete all the backups. So, >>And all the air gaps get in control of everything. Let me ask you about the, the survey pointed out that there's a lot of security incidents happening. You guys pointed that out and discussed a little bit of it. We also talked about in the survey, you know, the threat vectors and the threat landscape, the common ones, ransomware was one of them. The area that I liked, what that was interesting was the, the area that talked about how organizations are investing in security and particularly around this, can you guys share your thoughts on how you see the, the market, your customers and, and the industry investing? What are they investing in? What stage are they in when it comes to IOT and OT, industrial IOT and OT security, do they do audits? Are they too busy? I mean, what's the state of their investment thesis progress of, of, of how they're investing in industrial IOT? >>Yeah. Our, our view is, you know, we have a next generation product line. We call, you know, our next, our cloud chain firewalls. And we have a form factor that sports industrial use cases we call secure connectors. So it's interesting that if you, what we learned from that business is a tremendous amount of bespoke efforts at this point, which is sort of indicative of a, of a nascent market still, which is related to another piece of information I thought was really interested in the survey that I think it was 93% of the, the participants, the enterprises had a failed OT initiative, you know, that, you know, people tried to do these things and didn't get off the ground. And then once we see build, you know, strong momentum, you know, like we have a, a large luxury car manufacturer that uses our secure connectors on the, on the robots, on the floor. >>So well established manufacturing environments, you know, building very sophisticated control frameworks and, and security controls. And, but again, a very bespoke effort, you know, they have very specific set of controls and specific set of use cases around it. So it kind of reminds me of the late nineties, early two thousands of people trying to figure out, you know, networking and the blast radi and networking and, and customers, and now, and a lot of SI are, are invested in this building, you know, fast growing practices around helping their customers build more robust controls in, in helping them manage those environments. So, yeah, I, I think that the market is still fairly nascent >>From what we seeing, right. But there are some encouraging, you know, data that shows that at least helpful of the organizations are actively pursuing. There's an initiative in place for OT and a, you know, industrial IOT security projects in place, right. They're dedicating time and resources and budget for this. And, and in, in regards to industries, verticals and, and geographies oil and gas, you know, is, is ahead of the curve more than 50% responded to have the project completed, which I guess colonial pipeline was the, you know, the call to arms that, that, that was the big, big, you know, industrial, I guess, incident that triggered a lot of these projects to be accelerating and, and, you know, coming to the finish line as far as geographies go DACA, which is Germany, Austria, Switzerland, and of course, north America, which happens to be the industrial powerhouses of, of the world. Well, APAC, you know, also included, but they're a bit behind the curve, which is, you know, that part is a bit concerning, but encouragingly, you know, Western Europe and north America is ahead of these, you know, projects. A lot of them are near completion or, or they're in the middle of some sort of an, you know, industrial IOT security project right >>Now. I'm glad you brought the colonial pipeline one and, and oil and gas was the catalyst. Again, a lot of, Hey, scared that better than, than me kinda attitude, better invest. So I gotta ask you that, that supports Tim's point about the management plane. And I believe on that hack or ransomware, it wasn't actually control of the pipeline. It was control over the management billing, and then they shut down the pipeline cuz they were afraid it was gonna move over. So it wasn't actually the critical infrastructure itself to your point, Tim. >>Yeah. It's hardly over the critical infrastructure, by the way, you always go through the management plane, right. It's such an easier lying effort to compromise because it runs on an endpoint it's standard endpoint. Right? All this control software will, will be easier to get to rather than the industrial hardware itself. >>Yeah. It's it's, it's interesting. Just don't make a control software at the endpoint, put it zero trust. So down that was a great point. Oh guys. So really appreciate the time and the insight and, and the white paper's called NETEC it's on the Barracuda. Netex industrial security in 2022. It's on the barracuda.com website Barracuda network guys. So let's talk about the read force event hasn't been around for a while cuz of the pandemic we're back in person what's changed in 2019 a ton it's like security years is not dog years anymore. It's probably dog times too. Right. So, so a lot's gone on where are we right now as an industry relative to the security cybersecurity. Could you guys summarize kind of the, the high order bit on where we are today in 2022 versus 2019? >>Yeah, I think, you know, if you look at the awareness around how to secure infrastructure in applications that are built in public cloud in AWS, it's, you know, exponentially better than it was. I think I remember when you and I met in 2018 at one of these conferences, you know, there were still a lot of concerns, whether, you know, IAS was safe, you know, and I think the amount of innovation that's gone on and then the amount of education and awareness around how to consume, you know, public cloud resources is amazing. And you know, I think that's facilitated a lot of the fast growth we've seen, you know, the consistent, fast growth that we've seen across all these platforms >>Say that what's your reaction to the, >>I think the shared responsibility model is well understood, you know, and, and, and, and we can see a lot more implementation around, you know, CSBM, you know, continuously auditing the configurations in these cloud environments become a, a standard table stake, you know, investment from every stage of any business, right? Whether from early state startups, all the way to, you know, public companies. So I think it's very well understood and, and the, and the investment has been steady and robust when it comes to cloud security. We've been busy, you know, you know, helping our customers and AWS Azure environments and, and others. So I, I think it's well understood. And, and, and we are on a very optimistic note actually in a good place when it comes to public cloud. >>Yeah. A lot of great momentum, a lot of scale and data act out there. People sharing data, shared responsibility. Tim is in, thank you for sharing your insights here in this cube segment coverage of reinforce here in Boston. Appreciate it. >>All right. Thanks for having >>Us. Thank you. >>Okay, everyone. Thanks for watching the we're here at the reinforced conference. AWS, Amazon web services reinforced. It's a security focused conference. I'm John furier host of the cube. We'd right back with more coverage after the short break.

>>From around the globe. It's the cube with digital coverage, a BizOps manifesto unveiled brought to you by biz ops coalition. >>Hey, welcome back everybody. Jeff Frick here with the cube. Welcome back to our ongoing coverage of the biz ops manifesto. Unveil. Something has been in the works for a little while. Today's the formal unveiling, and we're excited to have three of the core founding members of the manifesto authors of the manifesto. If you will, uh, joining us again, we've had them all on individually. Now we're going to have a great power panel. First up. We're gonna have Mitt Kirsten returning he's the founder and CEO of Tasktop mic. Good to see you again. Where are you dialing in from? >>Great to see you again, Jeff I'm dialing from Vancouver, >>We're Canada, Vancouver, Canada. One of my favorite cities in the whole wide world. Also we've got Tom Davenport come in from across the country. He's a distinguished professor and author from Babson college, Tom. Great to see you. And I think you said you're at a fun, exotic place on the East coast >>Realm of Memphis shoes. That's on Cape Cod. >>Great to see you again and also joining surge Lucio. He is the VP and general manager enterprise software division at Broadcom surge. Great to see you again, where are you coming in from? >>Uh, from Boston right next to Cape Cod. >>Terrific. So welcome back, everybody again. Congratulations on this day. I know it's been a lot of work to get here for this unveil, but let's just jump into it. The biz ops manifesto, what was the initial reason to do this? And how did you decide to do it in a kind of a coalition, a way bringing together a group of people versus just making it an internal company, uh, initiative that, you know, you can do better stuff within your own company, surge, why don't we start with you? >>Yeah, so, so I think we were at a really critical juncture, right? Many, um, large enterprises are basically struggling with their digital transformation. Um, in fact, um, many recognized that, uh, the, the business side, it collaboration has been, uh, one of the major impediments, uh, to drive that kind of transformation. That, and if we look at the industry today, many people are, whether we're talking about vendors or, um, you know, system integrators, consulting firms are talking about the same kind of concepts, but using very different language. And so we believe that bringing all these different players together, um, as part of the coalition and formalizing, uh, basically the core principles and values in a BizOps manifesto, we can really start to F could have a much bigger movement where we can all talk about kind of the same concepts and we can really start to provide, could have a much better support for large organizations to, to transform. Uh, so whether it is technology or services or, um, or training, I think that that's really the value of bringing all of these players together, right. >>And mic to you. Why did you get involved in this, in this effort? >>So I've been closely involved the agile movement since it started two decades with that manifesto. And I think we got a lot of improvement at the team level, and I think that was just no. Did we really need to improve at the business level? Every company is trying to become a software innovator, trying to make sure that they can pivot quickly and the changing market economy and what everyone's dealing with in terms of needing to deliver value to customers sooner. However, agile practices have really focused on these metrics, these measures and understanding processes that help teams be productive. Those things now need to be elevated to the business as a whole. And that just hasn't happened. Uh, organizations are actually failing because they're measuring activities and how they're becoming more agile, how teams are functioning, not how much quickly they're delivering value to the customer. So we need to now move past that. And that's exactly what the manifesto provides. Right, >>Right, right. And Tom, to you, you've been covering tech for a very long time. You've been looking at really hard challenges and a lot of work around analytics and data and data evolution. So there's a definitely a data angle here. I wonder if you could kind of share your perspective of what you got excited to, uh, to sign onto this manifesto. >>Sure. Well, I have, you know, for the past 15 or 20 years, I've been focusing on data and analytics and AI, but before that I was a process management guy and a knowledge management guy. And in general, I think, you know, we've just kind of optimize that to narrow a level, whether you're talking about agile or dev ops or ML ops, any of these kinds of ops oriented movements, we're making individual project, um, performance and productivity better, but we're not changing the business, uh, effectively enough. And that's the thing that appealed to me about the biz ops idea, that we're finally creating a closer connection between what we do with technology and how it changes the business and provides value to it. >>Great. Uh, surge back to you, right? I mean, people have been talking about digital transformation for a long time and it's been, you know, kind of trucking along and then covert hit and it was instant Lightswitch. Everyone's working from home. You've got a lot more reliance on your digital tools, digital communication, uh, both within your customer base and your partner base, but also then your employees when you're, if you could share how that really pushed this all along. Right? Because now suddenly the acceleration of digital transformation is higher. Even more importantly, you got much more critical decisions to make into what you do next. So kind of your portfolio management of projects has been elevated significantly when maybe revenues are down, uh, and you really have to, uh, to prioritize and get it right. >>Yeah. Maybe I'll just start by quoting Satina Nello basically recently said that they're speeding the two years of digital preservation just last two months in any many ways. That's true. Um, but yet when we look at large enterprises, they're still struggling with a kind of a changes in culture. They really need to drive to be able to disrupt themselves. And not surprisingly, you know, when we look at certain parts of the industry, you know, we see some things which are very disturbing, right? So about 40% of the personal loans today are being, uh, origin data it's by fintechs, uh, of a like of Sophie or, uh, or a lending club, right? Not to a traditional brick and mortar for BEC. And so the, well, there is kind of a much more of an appetite and it's a, it's more of a survival type of driver these days. >>Uh, the reality is that's in order for these large enterprises to truly transform and engage on this digital transformation, they need to start to really align the business nightie, you know, in many ways and make cover. Does agile really emerge from the core desire to truly improve software predictability between which we've really missed is all the way we start to aligning the software predictability to business predictability, and to be able to have continual sleep continuous improvement and measurement of business outcomes. So by aligning that of these, uh, discuss inward metrics, that's, it is typically being using to business outcomes. We think we can start to really ELP, uh, different stakeholders within the organization to collaborate. So I think there is more than ever. There's an imperative to acts now. Um, and, and resolves, I think is kind of the right approach to drive that kind of transformation. Right. >>I want to follow up on the culture comment, uh, with you, Tom, because you've talked before about kind of process flow and process flow throughout a whore and an organization. And, you know, we talk about people process and tech all the time. And I think the tech is the easy part compared to actually changing the people the way they think. And then the actual processes that they put in place. It's a much more difficult issue than just the tech issue to get this digital transformation in your organization. >>Yeah. You know, I've always found that the soft stuff about, you know, the culture of a behavior, the values is the hard stuff to change and more and more, we, we realized that to be successful with any kind of digital transformation you have to change people's behaviors and attitudes. Um, we haven't made as much progress in that area as we might have. I mean, I've done some surveys suggesting that most organizations still don't have data driven cultures. And in many cases there is a lower percentage of companies that say they have that then, um, did a few years ago. So we're kind of moving in the wrong direction, which means I think that we have to start explicitly addressing that, um, cultural, behavioral dimension and not just assuming that it will happen if we, if we build system, if we build it, they won't necessarily come. Right. >>Right. So I want to go to you Nick. Cause you know, we're talking about workflows and flow, um, and, and you've written about flow both in terms of, um, you know, moving things along a process and trying to find bottlenecks, identify bottlenecks, which is now even more important again, when these decisions are much more critical. Cause you have a lot less, uh, wiggle room in tough times, but you also talked about flow from the culture side and the people side. So I wonder if you can just share your thoughts on, you know, using flow as a way to think about things, to get the answers better. >>Yeah, absolutely. And I'll refer back to what Tom has said. If you're optimized, you need to optimize your system. You need to optimize how you innovate and how you deliver value to the business and the customer. Now, what we've noticed in the data, since that we've learned from customers, value streams, enterprise organizations, value streams, is that when it's taking six months at the end to deliver that value with the flow is that slow. You've got a bunch of unhappy developers, unhappy customers when you're innovating half so high performing organizations, we can measure third and 10 float time and dates. All of a sudden that feedback loop, the satisfaction your developer's measurably goes up. So not only do you have people context, switching glass, you're delivering so much more value to customers at a lower cost because you've optimized for flow rather than optimizing for these other approximate tricks that we use, which is how efficient is my agile team. How quickly can we deploy software? Those are important, but they do not provide the value of agility of fast learning of adaptability to the business. And that's exactly what the biz ops manifesto pushes your organization to do. You need to put in place this new operating model that's based on flow on the delivery of business value and on bringing value to market much more quickly than you were before. Right. >>I love that. And I'm going back to you, Tom, on that to follow up. Cause I think, I don't think people think enough about how they prioritize what they're optimizing for. Cause you know, if you're optimizing for a versus B, you know, you can have a very different product that you kick out and let you know. My favorite example is with Clayton Christianson and innovator's dilemma talking about the three inch hard drive. If you optimize it for power, you know, is one thing, if you optimize it for vibration is another thing and sure enough, you know, they missed it on the poem because it was the, it was the game console, which, which drove that whole business. So when you, when you're talking to customers and we think we hear it with cloud all the time, people optimizing for cost efficiency, instead of thinking about it as an innovation tool, how do you help them kind of rethink and really, you know, force them to, to look at the, at the prioritization and make sure they're prioritizing on the right thing is make just said, what are you optimizing for? >>Oh yeah. Um, you have one of the most important aspects of any decision or, um, attempt to resolve a problem in an organization is the framing process. And, um, you know, it's, it's a difficult aspect of the decision to frame it correctly in the first place. Um, there, it's not a technology issue. In many cases, it's largely a human issue, but if you frame that decision or that problem incorrectly to narrowly say, or you frame it as an either or situation where you could actually have some of both, um, it, it's very difficult for the, um, process to work out correctly. So in many cases that I think we need to think more at the beginning about how we bring this issue or this decision in the best way possible before we charge off and build a system to support it. You know, um, it's worth that extra time to think, think carefully about how the decision has been structured, right >>Surgery. I want to go back to you and talk about the human factors because as we just discussed, you can put it in great technology, but if the culture doesn't adopt it and people don't feel good about it, you know, it's not going to be successful and that's going to reflect poorly on the technology, even if it had nothing to do with it. And you know, when you look at the, the, the core values, uh, of the Bezos manifesto, you know, a big one is trust and collaboration, you know, learn, respond and pivot. I wonder if you can share your thoughts on, on trying to get that cultural shift, uh, so that you can have success with the people or excuse me, with the technology in the process and helping customers, you know, take this more trustworthy and kind of proactive, uh, position. >>So I think, I think at the ground level, it truly starts with the realization that we're all different. We come from different backgrounds. Um, oftentimes we tend to blame the data. It's not uncommon my experiments that we spend the first 30 minutes of any kind of one hour conversation to debate the validity of the data. Um, and so, um, one of the first kind of, uh, probably manifestations that we've had or revelations as we start to engage with our customers is spike, just exposing, uh, high-fidelity data sets to different stakeholders from their different lens. We start to enable these different stakeholders to not debate the data. That's really collaborate to find a solution. So in many ways, when, when, when we think about kind of the types of changes we're trying to, to truly affect around data driven decision making, it's all about bringing the data in context, in the context that is relevant and understandable for, for different stakeholders, whether we're talking about an operator or develop for a business analyst. >>So that's, that's the first thing. The second layer I think, is really to provide context to what people are doing in their specific cycle. And so I think one of the best examples I have is if you start to be able to align business KPI, whether you are counting, you know, sales per hour, or the engagements of your users on your mobile applications, whatever it is, you can start to connect that PKI to the business KPI, to the KPIs that developers might be looking at, whether it is the number of defects or a velocity or whatever, you know, metrics that they are used to to actually track you start to, to be able to actually contextualize in what we are the effecting, basically a metric that is really relevant in which we see is that DC is a much more systematic way to approach the transformation than say, you know, some organizations kind of creating, uh, some of these new products or services or initiatives, um, to, to drive engagements, right? >>So if you look at zoom, for instance, zoom giving away a it service to, uh, to education, he's all about, I mean, there's obviously a marketing aspect in therapists. It's fundamentally about trying to drive also the engagement of their own teams. And because now they're doing something for good and the organizations are trying to do that, but you only can do this kind of things in a limited way. And so you really want to start to rethink how you connect to, everybody's kind of a business objective fruit data, and now you start to get people to stare at the same data from their own lens and collaborate on all the data. Right, >>Right. That's a good, uh, Tom, I want to go back to you. You've been studying it for a long time, writing lots of books and getting into it. Um, why now, you know, what w why now are we finally aligning business objectives with, with it objectives? You know, why didn't this happen before? And, you know, what are the factors that are making now the time for this, this, this move with the, uh, with the biz ops? >>Well, and much of the past, it was sort of a back office related activity. And, you know, it was important for, um, uh, producing your paychecks and, uh, um, capturing the customer orders, but the business wasn't built around it now, every organization needs to be a software business, a data business, a digital business, the auntie has been raised considerably. And if you aren't making that connection between your business objectives and the technology that supports it, you run a pretty big risk of, you know, going out of business or losing out to competitors. Totally. So, um, and, uh, even if you're in a, an industry that hasn't historically been terribly, um, technology oriented customer expectations flow from, uh, you know, the digital native, um, companies that they work with to basically every industry. So you're compared against the best in the world. So we don't really have the luxury anymore of screwing up our it projects or building things that don't really work for the business. Um, it's mission critical that we do that well. Um, almost every time, I just want to follow up by that, Tom, >>In terms of the, you've talked extensively about kind of these evolutions of data and analytics from artismal stage to the big data stage, the data economy stage, the AI driven stage and what I find diff interesting that all those stages, you always put a start date. You never put an end date. Um, so you know, is the, is the big data I'm just going to use that generically a moment in time finally here, where we're, you know, off mahogany row with the data scientists, but actually can start to see the promise of delivering the right insight to the right person at the right time to make that decision. >>Well, I think it is true that in general, these previous stages never seemed to go away. The, um, the artisinal stuff is still being done, but we would like for less than less of it to be artisinal, we can't really afford for everything to be artisinal anymore. It's too labor and time consuming to do things that way. So we shift more and more of it to be done through automation and B to be done with a higher level of productivity. And, um, you know, at some point maybe we reached the stage where we don't do anything artisanally anymore. I'm not sure we're there yet, but, you know, we are, we are making progress. Right, >>Right. And Mick, back to you in terms of looking at agile, cause you're, you're such a, a student of agile when, when you look at the opportunity with ops, um, and taking the lessons from agile, you know, what's been the inhibitor to stop this in the past. And what are you so excited about? You know, taking this approach will enable. >>Yeah. I think both Sergeant Tom hit on this is that in agile what's happened is that we've been measuring tiny subsets of the value stream, right? We need to elevate the data's there. Developers are working on these tools that delivering features that the foundations for, for great culture are there. I spent two decades as a developer. And when I was really happy is when I was able to deliver value to customers, the quicker I was able to do that the fewer impediments are in my way, that quicker was deployed and running in the cloud, the happier I was, and that's exactly what's happening. If we can just get the right data, uh, elevated to the business, not just to the agile teams, but really these values of ours are to make sure that you've got these data driven decisions with meaningful data that's oriented around delivering value to customers. Not only these legacies that Tom touched on, which has cost center metrics from an ITK, from where, for it being a cost center and something that provided email and then back office systems. So we need to rapidly shift to those new, meaningful metrics that are customized business centric and make sure that every development the organization is focused on those as well as the business itself, that we're measuring value and that we're helping that value flow without interruptions. >>I love that mic. Cause if you don't measure it, you can't improve on it and you gotta, but you gotta be measuring the right thing. So gentlemen, uh, thank you again for, for your time. Congratulations on the, uh, on the unveil of the biz ops manifesto and together this coalition >>Of, of, uh, industry experts to get behind this. And, you know, there's probably never been a more important time than now to make sure that your prioritization is in the right spot and you're not wasting resources where you're not going to get the ROI. So, uh, congratulations again. And thank you for sharing your thoughts with us here on the cube. Alright, so we had surge, Tom and Mick I'm. Jeff, you're watching the cube, it's a biz ops manifesto and unveil. Thanks for watching. We'll see you next time >>From around the globe. It's the cube with digital coverage of BizOps manifesto, unveiled brought to you by biz ops coalition and welcome back Friday, Jeff Frick here with the cube we're in our Palo Alto studios. And we'd like to welcome you back to our continuing coverage of biz ops manifesto, unveil exciting day to really, uh, kind of bring this out into public. There's been a little bit of conversation, but today's really the official unveiling and we're excited to have our next guest to share a little bit more information on it. He's Patrick tickle. He's a chief product officer for planned view. Patrick. Great to see you. Yeah, it's great to be here. Thanks for the invite. So why the biz ops manifesto, why the biz optical edition now when you guys have been at it, it's relatively mature marketplace businesses. Good. What was missing? Why, why this, uh, why this coalition? >>Yeah, so, you know, again, why is, why is biz ops important and why is this something I'm, you know, I'm so excited about, but I think companies as well, right. Well, you know, in some ways or another, this is a topic that I've been talking to, you know, the market and our customers about for a long time. And it's, you know, I really applaud, you know, this whole movement, right. And, um, in resonates with me, because I think one of the fundamental flaws, frankly, of the way we've talked about technology and business literally for decades, uh, has been this idea of, uh, alignment. Those who know me, I occasionally get off on this little rant about the word alignment, right. But to me, the word alignment is, is actually indicative of the, of the, of the flaw in a lot of our organizations and biz ops is really, I think now trying to catalyze and expose that flaw. >>Right. Because, you know, I always say that, you know, you know, alignment implies silos, right. Instantaneously, as soon as you say there's alignment, there's, there's obviously somebody who's got a direction and other people that have to line up and that, that kind of siloed, uh, nature of organizations. And then frankly, the passive nature of it. Right. I think so many technology organizations are like, look, the business has the strategy you guys need to align. Right. And, and, you know, as a product leader, right. That's where I've been my whole career. Right. I can tell you that I never sit around. I almost never use the word alignment. Right. I mean, whether I never sit down and say, you know, the product management team has to get aligned with Deb, right. Or the dev team has to get aligned with the delivery and ops teams. I mean, what I say is, you know, are we on strategy, right? >>Like we've, we have a strategy as a, as a full end to end value stream. Right. And that there's no silos. And I mean, look, every on any given day we got to get better. Right. But the context, the context we operate is not about alignment. Right. It's about being on strategy. And I think I've talked to customers a lot about that, but when I first read the manifesto, I was like, Oh yeah, this is exactly. This is breaking down. Maybe trying to eliminate the word alignment, you know, from a lot of our organizations, because we literally start thinking about one strategy and how we go from strategy to delivery and have it be our strategy, not someone else's that we're all aligning to it. And it's a great way to catalyze that conversation. That I've, it's been in my mind for years, to be honest. Right. >>So, so much to unpack there. One of the things obviously, uh, stealing a lot from, from dev ops and the dev ops manifesto from 20 years ago. And as I look through some of the principles and I looked through some of the values, which are, you know, really nicely laid out here, you know, satisfy customers, do continuous delivery, uh, measure, output against real results. Um, the ones that, that jumps out though is really about, you know, change, change, right? Requirements should change frequently. They do change frequently, but I'm curious to get your take from a, from a software development point, it's easy to kind of understand, right. We're making this widget and our competitors, beta widget plus X, and now we need to change our plans and make sure that the plus X gets added to the plan. Maybe it wasn't in the plan, but you talked a lot about product strategy. So in this kind of continuous delivery world, how does that meld with, I'm actually trying to set a strategy, which implies the direction for a little bit further out on the horizon and to stay on that while at the same time, you're kind of doing this real time continual adjustments. Cause you're not working off a giant PRD or MRD anymore. >>Yeah, yeah, totally. Yeah. You know, one of the terms, you know, that we use internally a lot and even with my customers, our customers is we talked about this idea of rewiring, right. And I think, you know, it's kind of a, now an analogy for transformation. And I think a lot of us have to rewire the way we think about things. Right. And I think at Planview where we have a lot of customers who live in that, you know, who operationalize that traditional PPM world. Right. And are shifting to agile and transforming that rewire is super important. And, and to your point, right, it's, you've just, you've got to embrace this idea of, you know, just iterative getting better every day and iterating, iterating, iterating as to building annual plans or, you know, I get customers occasionally who asked me for two or three year roadmap. >>Right. And I literally looked at them and I go, there's no, there's no scenario where I can build a two or three year roadmap. Right. You, you, you think you want that, but that's not, that's not the way we run. Right. And I will tell you the biggest thing that for us, you know, that I think is matched the planning, uh, you know, patents is a word I like to use a lot. So the thing that we've like, uh, that we've done from a planning perspective, I think is matched impedance to continuous delivery is instituting the whole program, implement, you know, the program, increment planning, capabilities and methodologies, um, in the scaled agile world. Right. And over the last 18 months to two years, we really have now, you know, instrumented our company across three value streams. You know, we do quarterly PI program increment 10 week planning, you know, and that becomes, that becomes the Terra firma of how we plant. >>Right. And it's, what are we doing for the next 10 weeks? And we iterate within those 10 weeks, but we also know that 10 weeks from now, we're going to, we're going to adjust iterate again. Right. And that shifting of that planning model, you know, to being as cross-functional is that as that big room planning kind of model is, um, and also, uh, you know, on that shorter increment, when you get those two things in place, all sudden the impedance really starts to match up, uh, with continuous delivery and it changes, it changes the way you plan and it changes the way you work. Right? >>Yeah. Their thing. Right. So obviously a lot of these things are kind of process driven, both within the values, as well as the principles, but there's a whole lot, really about culture. And I just want to highlight a couple of the values, right? We already talked about business outcomes, um, trust and collaboration, uh, data driven decisions, and then learn, respond and pivot. Right. A lot of those are cultural as much as they are process. So again, is it the, is it the need to really kind of just put them down on paper and you know, I can't help, but think of, you know, the hammering up the, uh, the thing in the Lutheran church with their, with their manifesto, is it just good to get it down on paper? Because when you read these things, you're like, well, of course we should trust people. And of course we need an environment of collaboration and of course we want data driven decisions, but as we all know saying it and living, it are two very, very different things. >>Yeah. Good question. I mean, I think there's a lot of ways you bring that to life you're right. And just hanging up, you know, I think we've all been through the hanging up posters around your office, which these days, right. Unless you're going to hang a poster and everybody's home office. Right. You can't even, you can't even fake it that you think that might work. Right. So, um, you know, you really, I think we've attacked that in a variety of ways. Right. And you definitely have to, you know, you've got to make the shift to a team centric culture, right. Empowered teams, you know, that's a big deal. Right. You know, a lot of, a lot of the people that, you know, we lived in a world of quote unquote, where we were lived in a deep resource management world for a long, long time. >>And right. A lot of our customers still do that, but you know, kind of moving to that team centric world is, uh, is really important and core the trust. Um, I think training is super important, right. We've, you know, we've internally, right. We've trained hundreds employees over the last a year and a half on the fundamentals really of safe. Right. Not necessarily, you know, we've had, we've had teams delivering in scrum and the continuous delivery for, you know, for years, but the scaling aspect of it, uh, is where we've done a lot of training and investment. Um, and then, you know, I think, uh, leadership has to be bought in. Right. You know? And so when we pie plan, you know, myself and Cameron and the other members of our leadership, you know, we're NPI planning, you know, for, for four days. Right. I mean, it's, it's, you've got to walk the walk, you know, from top to bottom and you've got to train on the context. Right. And then you, and then, and, and then once you get through a few cycles where you've done a pivot, right. Or you brought a new team in, and it just works, it becomes kind of this virtuous circle where he'll go, man, this really works so much better than what we used to do. Right. >>Right. The other really key principle to this whole thing is, is aligning, you know, the business leaders and the business prioritization, um, so that you can get to good outcomes with the development and the delivery. Right. And we, we know again, and kind of classic dev ops to get the dev and the production people together. So they can, you know, quickly ship code that works. Um, but adding the business person on there really puts, puts a little extra responsibility that they, they understand the value of a particular feature or particular priority. Uh, they, they can make the, the, the trade offs and that they kind of understand the effort involved too. So, you know, bringing them into this continuous again, kind of this continuous development process, um, to make sure that things are better aligned and really better prioritize. Cause ultimately, you know, we don't live in an infinite resources situation and people got to make trade offs. They got to make decisions as to what goes and what doesn't go in for everything that goes. Right. I always say you pick one thing. Okay. That's 99 other things that couldn't go. So it's really important to have, you know, this, you said alignment of the business priorities as well as, you know, the execution within, within the development. >>Yeah. I think that, you know, uh, you know, I think it was probably close to two years ago. Forester started talking about the age of the customer, right. That, that was like their big theme at the time. Right. And I think to me what that, the age of the customer actually translates to and Mick, Mick and I are both big fans of this whole idea of the project and product shift, mixed book, you know, it was a great piece on a, you're talking about, you know, as part of the manifesto is one of the authors as well, but this shift from project to product, right? Like the age of the customer, in my opinion, the, the embodiment of that is the shift to a product mentality. Right. And, and the product mentality in my opinion, is what brings the business and technology teams together, right? >>Once you, once you're focused on a customer experience is delivered through a product or a service. That's when I that's, when I started to go with the alignment problem goes away, right. Because if you look at software companies, right, I mean, we run product management models yeah. With software development teams, customer success teams, right. That, you know, the software component of these products that people are building is obviously becoming bigger and bigger, you know, in an, in many ways, right. More and more organizations are trying to model themselves over as operationally like software companies. Right. Um, they obviously have lots of other components in their business than just software, but I think that whole model of customer experience equaling product, and then the software component of product, the product is the essence of what changes that alignment equation and brings business and teams together because all of a sudden, everyone knows what the customer's experiencing. Right. And, and that, that, that makes a lot of things very clear, very quickly. >>Right. I'm just curious how far along this was as a process before, before COBIT hit, right. Because serendipitous, whatever. Right. But the sudden, you know, light switch moment, everybody had to go work from home and in March 15th compared to now we're in October and this is going to be going on for a while. And it is a new normal and whatever that whatever's going to look like a year from now, or two years from now is TBD, you know, had you guys already started on this journey cause again, to sit down and actually declare this coalition and declare this manifesto is a lot different than just trying to do better within your own organization. >>Yeah. So we had started, uh, you know, w we definitely had started independently, you know, some, some, you know, I think people in the community know that, uh, we, we came together with a company called lean kit a handful of years ago, and I give John Terry actually one of the founders LeanKit immense credit for, you know, kind of spearheading our cultural change and not, and not because of, we were just gonna be, you know, bringing agile solutions to our customers, but because, you know, he believed that it was going to be a fundamentally better way for us to work. Right. And we kind of, you know, we started with John and built, you know, out of concentric circles of momentum and, and we've gotten to the place where now it's just part of who we are, but, but I do think that, you know, COVID has, you know, um, I think pre COVID a lot of companies, you know, would, would adopt, you know, the would adopt digital slash agile transformation. >>Um, traditional industries may have done it as a reaction to disruption. Right. You know, and in many cases, the disruption to these traditional industries was, I would say a product oriented company, right. That probably had a larger software component, and that disruption caused a competitive issue, uh, or a customer issue that caused companies and tried to respond by transforming. I think COVID, you know, all of a sudden flatten that out, right. We literally all got disrupted. Right. And so all of a sudden, every one of us is dealing with some degree of market uncertainty, customer uncertainty, uh, and also, you know, none of us were insulated from the need to be able to pivot faster, deliver incrementally, you know, and operate in a different, completely more agile way, uh, you know, post COVID. Right. Yeah. That's great. >>So again, a very, very, very timely, you know, a little bit of serendipity, a little bit of planning. And, you know, as, as with all important things, there's always a little bit of lock in, uh, and a lot of hard work involved. So a really interesting thank you for, for your leadership, Patrick. And, you know, it really makes a statement. I think when you have a bunch of leaderships across an industry coming together and putting their name on a piece of paper, uh, that's aligned around us some principles and some values, which again, if you read them who wouldn't want to get behind these, but if it takes, you know, something a little bit more formal, uh, to kind of move the ball down the field, and then I totally get it and a really great work. Thanks for, uh, thanks for doing it. >>Oh, absolutely. No. Like I said, the first time I read it, I was like, yep. Like you said, this is all, it's all makes complete sense, but just documenting it and saying it and talking about it moves the needle. I'll tell you as a company, you gotta, we're pushing really hard on, uh, you know, on our own internal strategy on diversity and inclusion. Right. And, and like, once we wrote the words down about what, you know, what we aspire to be from a diversity and inclusion perspective, it's the same thing. Everybody reads the words that goes, why wouldn't we do this? Right. But until you write it down and kind of have again, a manifesto or a Terra firma of what you're trying to accomplish, you know, then you can rally behind it. Right. As opposed to it being something that's, everybody's got their own version of the flavor. Right. And I think it's a very analogous, you know, kind of, uh, initiative. Right. And, uh, and it's happening, both of those things right. Are happening across the industry these days. Right. >>And measure it too. Right. And measure it, measure, measure, measure, get a baseline. Even if you don't like to measure, even if you don't like what the, even if you can argue against the math, behind the measurement, measure it. And at least you can measure it again and you can, and you've got some type of a comp and that is really the only way to, to move it forward. We're Patrick really enjoyed the conversation. Thanks for, uh, for taking a few minutes out of your day. >>It's great to be here. It's an awesome movement and we're glad to be a part of it. >>All right. Thanks. And if you want to check out the biz ops, Manifesta go to biz ops, manifesto.org, read it. You might want to sign it. It's there for you. And thanks for tuning in on this segment will continuing coverage of the biz op manifesto unveil you're on the cube. I'm Jeff, thanks for watching >>From around the globe. It's the cube with digital coverage of biz ops manifesto unveiled brought to you by biz ops coalition. >>Hey, welcome back, everybody Jeffrey here with the cube. We're coming to you from our Palo Alto studios. And welcome back to this event is the biz ops manifesto unveiling. So the biz ops manifesto and the biz ops coalition had been around for a little while, but today's the big day. That's kind of the big public unveiling, or we're excited to have some of the foundational people that, you know, have put their, put their name on the dotted, if you will, to support this initiative and talk about why that initiative is so important. And so the next guest we're excited to have is dr. Mick Kirsten. He is the founder and CEO of Tasktop mic. Great to see you coming in from Vancouver, Canada, I think, right? Yes. Great to be here, Jeff. Thank you. Absolutely. I hope your air is a little better out there. I know you had some of the worst air of all of us, a couple, a couple of weeks back. So hopefully things are, uh, are getting a little better and we get those fires under control. Yeah. >>Things have cleared up now. So yeah, it's good. It's good to be close to the U S and it's going to have the Arabic cleaner as well. >>Absolutely. So let's, let's jump into it. So you you've been an innovation guy forever starting way back in the day and Xerox park. I was so excited to do an event at Xerox park for the first time last year. I mean, that, that to me represents along with bell labs and, and some other, you know, kind of foundational innovation and technology centers, that's gotta be one of the greatest ones. So I just wonder if you could share some perspective of getting your start there at Xerox park, you know, some of the lessons you learned and what you've been able to kind of carry forward from those days. >>Yeah. I was fortunate to join Xerox park in the computer science lab there at a fairly early point in my career, and to be working on open source programming languages. So back then in the computer science lab, where some of the inventions around programming around software development games, such as object programming, and a lot of what we had around really modern programming levels constructs, those were the teams I had the fortunate of working with, and really our goal was. And of course, there's, as, as you noticed, there's just this DNA of innovation and excitement and innovation in the water. And really it was the model that was all about changing the way that we work was looking at for how we can make it 10 times easier to white coat. But this is back in 99. And we were looking at new ways of expressing, especially business concerns, especially ways of enabling people who are wanting to innovate for their business to express those concerns in code and make that 10 times easier than what that would take. >>So we create a new open source programming language, and we saw some benefits, but not quite quite what we expected. I then went and actually joined Charles Stephanie, that former to fucking from Microsoft who was responsible for, he actually got Microsoft word as a sparking into Microsoft and into the hands of bill Gates and that company that was behind the whole office suite and his vision. And then when I was trying to execute with, working for him was to make PowerPoint like a programming language to make everything completely visual. And I realized none of this was really working, that there was something else, fundamentally wrong programming languages, or new ways of building software. Like let's try and do with Charles around intentional programming. That was not enough. >>That was not enough. So, you know, the agile movement got started about 20 years ago, and we've seen the rise of dev ops and really this kind of embracing of, of, of sprints and, you know, getting away from MRDs and PRDs and these massive definitions of what we're going to build and long build cycles to this iterative process. And this has been going on for a little while. So what was still wrong? What was still missing? Why the biz ops coalition, why the biz ops manifesto? >>Yeah, so I basically think we nailed some of the things that the program language levels of teams can have effective languages deployed to soften to the cloud easily now, right? And at the kind of process and collaboration and planning level agile two decades, decades ago was formed. We were adopting and all the, all the teams I was involved with and it's really become a self problem. So agile tools, agile teams, agile ways of planning, uh, are now very mature. And the whole challenge is when organizations try to scale that. And so what I realized is that the way that agile was scaling across teams and really scaling from the technology part of the organization to the business was just completely flawed. The agile teams had one set of doing things, one set of metrics, one set of tools. And the way that the business was working was planning was investing in technology was just completely disconnected and using a whole different set of measures. Pretty >>Interesting. Cause I think it's pretty clear from the software development teams in terms of what they're trying to deliver. Cause they've got a feature set, right. And they've got bugs and it's easy to, it's easy to see what they deliver, but it sounds like what you're really honing in on is this disconnect on the business side, in terms of, you know, is it the right investment? You know, are we getting the right business ROI on this investment? Was that the right feature? Should we be building another feature or should we building a completely different product set? So it sounds like it's really a core piece of this is to get the right measurement tools, the right measurement data sets so that you can make the right decisions in terms of what you're investing, you know, limited resources. You can't, nobody has unlimited resources. And ultimately you have to decide what to do, which means you're also deciding what not to do. And it sounds like that's a really big piece of this, of this whole effort. >>Yeah. Jeff, that's exactly it, which is the way that the agile team measures their own way of working is very different from the way that you measure business outcomes. The business outcomes are in terms of how happy your customers are, but are you innovating fast enough to keep up with the pace of a rapidly changing economy, roughly changing market. And those are, those are all around the customer. And so what I learned on this long journey of supporting many organizations transformations and having them try to apply those principles of agile and dev ops, that those are not enough, those measures technical practices, uh, those measured sort of technical excellence of bringing code to the market. They don't actually measure business outcomes. And so I realized that it really was much more around having these entwined flow metrics that are customer centric and business centric and market centric where we need it to go. Right. >>So I want to shift gears a little bit and talk about your book because you're also a bestselling author from project to product and, and, and you, you brought up this concept in your book called the flow framework. And it's really interesting to me cause I know, you know, flow on one hand is kind of a workflow and a process flow and, and you know, that's how things get done and, and, and embrace the flow. On the other hand, you know, everyone now in, in a little higher level existential way is trying to get into the flow right into the workflow and, you know, not be interrupted and get into a state where you're kind of at your highest productivity, you know, kind of your highest comfort, which flow are you talking about in your book? Or is it a little bit of both? >>That's a great question. It's not one I get asked very often cause to me it's absolutely both. So that the thing that we want to get, that we've learned how to master individual flow, that there's this beautiful book by me, how you teaches me how he does a beautiful Ted talk by him as well about how we can take control of our own flow. So my question with the book with question replies, how can we bring that to entire teams and really entire organizations? How can we have everyone contributing to a customer outcome? And this is really what if you go to the biz ops manifesto, it says, I focus on outcomes on using data to drive whether we're delivering those outcomes rather than a focus on proxy metrics, such as, how quickly did we implement this feature? No, it's really how much value did the customer go to the future? >>And how quickly did you learn and how quickly did you use that data to drive to that next outcome? Really that with companies like Netflix and Amazon have mastered, how do we get that to every large organization, every it organization and make everyone be a software innovator. So it's to bring that, that concept of flow to these end to end value streams. And the fascinating thing is we've actually seen the data. We've been able to study a lot of value streams. We see when flow increases, when organizations deliver value to a customer faster, developers actually become more happy. So things like that and point out promoter scores, rise, and we've got empirical data for this. So that the beautiful thing to me is that we've actually been able to combine these two things and see the results and the data that you increase flow to the customer. Your developers are more, >>I love it. I love it, right, because we're all more, we're all happier when we're in the flow and we're all more productive when we're in the flow. So I, that is a great melding of, of two concepts, but let's jump into the, into the manifesto itself a little bit. And you know, I love that you took this approach really of having kind of four key values and then he gets 12 key principles. And I just want to read a couple of these values because when you read them, it sounds pretty brain dead. Right? Of course. Right. Of course you should focus on business outcomes. Of course you should have trust and collaboration. Of course you should have database decision making processes and not just intuition or, you know, whoever's the loudest person in the room, uh, and to learn and respond and pivot. But what's the value of actually just putting them on a piece of paper, because again, this is not this, these are all good, positive things, right? When somebody reads these to you or tells you these are sticks it on the wall, of course. But unfortunately of course isn't always enough. >>No. And I think what's happened is some of these core principles originally from the agile manifesto in two decades ago, uh, the whole dev ops movement of the last decade of flow feedback and continue learning has been key. But a lot of organizations, especially the ones undergoing digital transformations have actually gone a very different way, right? The way that they measure value, uh, in technology and innovation is through costs for many organizations. The way that they actually are looking at that they're moving to cloud is actually as a reduction in cost. Whereas the right way of looking at moving to cloud is how much more quickly can we get to the value to the customer? How quickly can we learn from that? And how quickly can we drive the next business outcome? So really the key thing is, is to move away from those old ways of doing things of funding projects and cost centers, to actually funding and investing in outcomes and measuring outcomes through these flow metrics, which in the end are your fast feedback and how quickly you're innovating for your customer. >>So these things do seem very obvious when you look at them. But the key thing is what you need to stop doing to focus on these. You need to actually have accurate realtime data of how much value you fund to the customer every week, every month, every quarter. And if you don't have that, your decisions are not driven on data. If you don't know what your bottleneck is. And this is something that in decades of manufacturing, a car manufacturers, other manufacturers, master, they always know where the bottom back in their production processes. You ask a random CIO when a global 500 company where their bottleneck is, and you won't get a clear answer because there's not that level of understanding. So have to actually follow these principles. You need to know exactly where you fall. And I guess because that's, what's making your developers miserable and frustrated, then having them context, which I'm trash. So the approach here is important and we have to stop doing these other things, >>Right? There's so much there to unpack. I love it. You know, especially the cloud conversation because so many people look at it wrong as, as, as a cost saving a device, as opposed to an innovation driver and they get stuck, they get stuck in the literal. And I, you know, I think at the same thing, always about Moore's law, right? You know, there's a lot of interesting real tech around Moore's law and the increasing power of microprocessors, but the real power, I think in Moore's laws is the attitudinal change in terms of working in a world where you know that you've got all this power and what you build and design. I think it's funny to your, your comment on the flow and the bottleneck, right? Cause, cause we know manufacturing, as soon as you fix one bottleneck, you move to your next one, right? You always move to your next point of failure. So if you're not fixing those things, you know, you're not, you're not increasing that speed down the line, unless you can identify where that bottleneck is or no matter how many improvements you make to the rest of the process, it's still going to get hung up on that one spot. >>That's exactly it. And you also make it sound so simple, but again, if you don't have the data driven visibility of where the bottom line is, and these bottlenecks are adjusted to say, it's just whack-a-mole right. So we need to understand is the bottleneck because our security reviews are taking too long and stopping us from getting value for the customer. If it's that automate that process. And then you move on to the next bottleneck, which might actually be that deploying yourself into the cloud was taking too long. But if you don't take that approach of going flow first, rather than again, that sort of cost reduction. First, you have to think of that approach of customer centricity and you only focused on optimizing costs. Your costs will increase and your flow will slow down. And this is just one of these fascinating things. Whereas if you focus on getting back to the customer and reducing your cycles on getting value, your flow time from six months to two weeks or two, one week or two event, as we see with, with tech giants, you actually can both lower your costs and get much more value that for us to get that learning loop going. >>So I think I've seen all of these cloud deployments and one of the things that's happened that delivered almost no value because there was such big bottlenecks upfront in the process and actually the hosting and the AP testing was not even possible with all of those inefficiencies. So that's why going float for us rather than costs where we started our project versus silky. >>I love that. And, and, and, and it, it begs repeating to that right within the subscription economy, you know, you're on the hook to deliver value every single month because they're paying you every single month. So if you're not on top of how you're delivering value, you're going to get sideways because it's not like, you know, they pay a big down payment and a small maintenance fee every month, but once you're in a subscription relationship, you know, you have to constantly be delivering value and upgrading that value because you're constantly taking money from the customer. So it's such a different kind of relationship than kind of the classic, you know, big bang with a maintenance agreement on the back end really important. Yeah. >>And I think in terms of industry shifts that that's it that's, what's catalyzed. This interesting shift is in this SAS and subscription economy. If you're not delivering more and more value to your customers, someone else's and they're winning the business, not you. So one way we know is to delight our customers with great user experiences. Well, that really is based on how many features you delivered or how much, how big, how many quality improvements or scalar performance improvements you delivered. So the problem is, and this is what the business manifesto, as well as the full frame of touch on is if you can't measure how much value you delivered to a customer, what are you measuring? You just backed again, measuring costs and that's not a measure of value. So we have to shift quickly away from measuring cost to measuring value, to survive in the subscription economy. >>We could go for days and days and days. I want to shift gears a little bit into data and, and, and a data driven, um, decision making a data driven organization cause right day has been talked about for a long time, the huge big data meme with, with Hadoop over, over several years and, and data warehouses and data lakes and data oceans and data swamps, and can go on and on and on. It's not that easy to do, right? And at the same time, the proliferation of data is growing exponentially. We're just around the corner from, from IOT and 5g. So now the accumulation of data at machine scale, again, this is going to overwhelm and one of the really interesting principles, uh, that I wanted to call out and get your take right, is today's organizations generate more data than humans can process. So informed decisions must be augmented by machine learning and artificial intelligence. I wonder if you can, again, you've got some great historical perspective, um, reflect on how hard it is to get the right data, to get the data in the right context, and then to deliver it to the decision makers and then trust the decision makers to actually make the data and move that down. You know, it's kind of this democratization process into more and more people and more and more frontline jobs making more and more of these little decisions every day. >>Yeah. I definitely think the front parts of what you said are where the promises of big data have completely fallen on their face into the swamps as, as you mentioned, because if you don't have the data in the right format, you've cannot connect collected at the right way. You want that way, the right way you can't use human or machine learning effectively. And there've been the number of data warehouses in a typical enterprise organization. And the sheer investment is tremendous, but the amount of intelligence being extracted from those is, is, is a very big problem. So the key thing that I've noticed is that if you can model your value streams, so yes, you understand how you're innovating, how you're measuring the delivery of value and how long that takes. What is your time to value these metrics like full time? You can actually use both the intelligence that you've got around the table and push that down as well, as far as getting to the organization, but you can actually start using that those models to understand and find patterns and detect bottlenecks that might be surprising, right? >>Well, you can detect interesting bottlenecks when you shift to work from home. We detected all sorts of interesting bottlenecks in our own organization that were not intuitive to me that had to do with, you know, more senior people being overloaded and creating bottlenecks where they didn't exist. Whereas we thought we were actually an organization that was very good at working from home because of our open source roots. So that data is highly complex. Software value streams are extremely complicated. And the only way to really get the proper analyst and data is to model it properly and then to leverage these machine learning and AI techniques that we have. But that front part of what you said is where organizations are just extremely immature in what I've seen, where they've got data from all their tools, but not modeled in the right way. Right, right. >>Right. Well, all right. So before I let you go, you know, let's say you get a business leader, he buys in, he reads the manifesto, he signs on the dotted line and he says, Mick, how do I get started? I want to be more aligned with, with the development teams. You know, I'm in a very competitive space. We need to be putting out new software features and engaging with our customers. I want to be more data-driven how do I get started? Well, you know, what's the biggest inhibitor for most people to get started and get some early wins, which we know is always the key to success in any kind of a new initiative. >>Right? So I think you can reach out to us through the website, uh, there's the manifesto, but the key thing is just to get you set up it's to get started and to get the key wins. So take a probably value stream that's mission critical. It could be your new mobile and web experiences or, or part of your cloud modernization platform or your analytics pipeline, but take that and actually apply these principles to it and measure the end to end flow of value. Make sure you have a value metric that everyone is on the same page on the people, on the development teams, the people in leadership all the way up to the CEO. And one of the, what I encourage you to start is actually that content flow time, right? That is the number one metric. That is how you measure it, whether you're getting the benefit of your cloud modernization, that is the one metric that Adrian Cockcroft. When the people I respect tremendously put into his cloud for CEOs, the metric, the one, the one way to measure innovation. So basically take these principles, deploy them on one product value stream, measure, sentiment, flow time, and then you'll actually be well on your path to transforming and to applying the concepts of agile and dev ops all the way to, to the business, to the way >>You're offering model. >>Well, Mick really great tips, really fun to catch up. I look forward to a time when we can actually sit across the table and, and get into this. Cause I just, I just love the perspective and, you know, you're very fortunate to have that foundational, that foundational base coming from Xerox park and they get, you know, it's, it's a very magical place with a magical history. So to, to incorporate that into, continue to spread that well, uh, you know, good for you through the book and through your company. So thanks for sharing your insight with us today. >>Thanks so much for having me, Jeff. >>All right. And go to the biz ops manifesto.org, read it, check it out. If you want to sign it, sign it. They'd love to have you do it. Stay with us for continuing coverage of the unveiling of the business manifesto on the cube. I'm Jeff. Rick. Thanks for watching. See you next time >>From around the globe. It's the cube with digital coverage of biz ops manifesto unveiled brought to you by biz ops coalition. >>Hey, welcome back everybody. Jeff Frick here with the cube come due from our Palo Alto studios today for a big, big reveal. We're excited to be here. It's the biz ops manifesto unveiling a thing's been in the works for awhile and we're excited to have our next guest. One of the, really the powers behind this whole effort. And he's joining us from Boston it's surge, Lucio, the vice president, and general manager enterprise software division at Broadcom surge. Great to see you. >>Hi, good to see you, Jeff. Glad to be here. >>So you've been in this business for a very long time. You've seen a lot of changes in technology. What is the biz ops manifesto? What is this coalition all about? Why do we need this today and in 2020? >>Yeah. So, so I've been in this business for close to 25 years, right? So about 20 years ago, the agile manifesto was created. And the goal of the agile manifesto was really to address the uncertainty around software development and the inability to predict the efforts to build software. And, uh, if you, if you roll that kind of 20 years later, and if you look at the current state of the industry, uh, the product, the project management Institute, estimates that we're wasting about a million dollars, every 20 seconds in digital transformation initiatives that do not deliver on business results. In fact, we were recently served a third of the, uh, a number of executives in partnership with Harvard business review and 77% of those executives think that one of the key challenges that they have is really at the collaboration between business and it, and that that's been kind of a case for, uh, almost 20 years now. >>Um, so the, the, the key challenge we're faced with is really that we need a new approach and many of the players in the industry, including ourselves, I've been using different terms, right? Some are being, are talking about value stream management. Some are talking about software delivery management. If you look at the site, reliability engineering movement, in many ways, it embodies a lot of these kind of concepts and principles. So we believed that it became really imperative for us to crystallize around, could have one concept. And so in many ways, the, uh, the BizOps concept and the business manifesto are bringing together a number of ideas, which have been emerging in the last five years or so, and, and defining the key values and principles to finally help these organizations truly transform and become digital businesses. And so the hope is that by joining our forces and defining public key principles and values, we can help the industry, uh, not just, uh, by, you know, providing them with support, but also, uh, tools and consulting that is required for them to truly achieve the kind of transformation that everybody's seeking. >>Right, right. So COVID now we're six months into it, approximately seven months into it. Um, a lot of pain, a lot of bad stuff still happening. We've got a ways to go, but one of the things that on the positive side, right, and you've seen all the memes and social media is, is a driver of digital transformation and a driver of change. Cause we had this light switch moment in the middle of March and there was no more planning. There was no more conversation. You've suddenly got remote workforces, everybody's working from home and you got to go, right. So the reliance on these tools increases dramatically, but I'm curious, you know, kind of short of, of the beginnings of this effort in short of kind of COVID, which, you know, came along unexpectedly. I mean, what were those inhibitors because we've been making software for a very long time, right? The software development community has, has adopted kind of rapid change and, and iterative, uh, delivery and, and sprints, what was holding back the connection with the business side to make sure that those investments were properly aligned with outcomes. >>Well, so, so you have to understand that it is, is kind of a its own silos. And traditionally it has been treated as a cost center within large organizations and not as a value center. And so as a result could have a traditional dynamic between it and the business is basically one of a kind of supplier up to kind of a business. Um, and you know, if you, if you go back to, uh, I think you'll unmask a few years ago, um, basically at this concept of the machines to build the machines and you went as far as saying that, uh, the machines or the production line is actually the product. So, um, meaning that the core of the innovation is really about, uh, building, could it be engine to deliver on the value? And so in many ways, you know, we have missed on this shift from, um, kind of it becoming this kind of value center within the enterprises. >>And, and he talks about culture. Now, culture is a, is a sum total of beavers. And the reality is that if you look at it, especially in the last decade, uh, we've agile with dev ops with, um, I bring infrastructures, uh, it's, it's way more volatile today than it was 10 years ago. And so the, when you start to look at the velocity of the data, the volume of data, the variety of data to analyze this system, um, it's, it's very challenging for it to actually even understand and optimize its own processes, let alone, um, to actually include business as sort of an integral part of kind of a delivery chain. And so it's both kind of a combination of, of culture, um, which is required as well as tools, right? To be able to start to bring together all these data together, and then given the volume variety of philosophy of the data, uh, we have to apply some core technologies, which have only really, truly emerged in the last five to 10 years around machine learning and analytics. And so it's really kind of a combination of those freaks, which are coming together today to really help organizations kind of get to the next level. Right, >>Right. So let's talk about the manifesto. Let's talk about, uh, the coalition, uh, the BizOps coalition. I just liked that you put down these really simple, you know, kind of straightforward core values. You guys have four core values that you're highlighting, you know, business outcomes, over individual projects and outputs, trust, and collaboration, oversight, load teams, and organizations, data driven decisions, what you just talked about, uh, you know, over opinions and judgment and learned, respond and pivot. I mean, surgery sounds like pretty basic stuff, right? I mean, aren't, isn't everyone working to these values already. And I think he touched on it on culture, right? Trust and collaboration, data driven decisions. I mean, these are fundamental ways that people must run their business today, or the person that's across the street, that's doing it. It's going to knock them out right off their blog. >>Yeah. So that's very true. But, uh, so I'll, I'll mention in our survey, we did, uh, I think about six months ago and it was in partnership with, uh, with, uh, an industry analyst and we serve at a, again, a number of it executives to understand how many we're tracking business outcomes I'm going to do with the software executives. It executives we're tracking business outcomes. And the, there were less than 15% of these executives were actually tracking the outcomes of a software delivery. And you see that every day. Right? So in my own teams, for instance, we've been adopting a lot of these core principles in the last year or so, and we've uncovered that 16% of our resources were basically aligned around initiatives, which are not strategic for us. Um, I take, you know, another example, for instance, one of our customers in the, uh, in the airline industry and Harvard, for instance, that a number of, uh, um, that they had software issues that led to people searching for flights and not returning any kind of availability. >>And yet, um, you know, the, it teams, whether it's operations, software environments were completely oblivious to that because they were completely blindsided to it. And so the connectivity between kind of the inwards metrics that RT is using, whether it's database time, cycle time, or whatever metric we use in it are typically completely divorced from the business metrics. And so at its core, it's really about starting to align the business metrics with what the, the software delivery chain, right? This, uh, the system, which is really a core differentiator for these organizations. It's about connecting those two things and, and starting to, um, infuse some of the agile culture and principles. Um, that's emerged from the software side into the business side. Um, of course the lean movement and other movements have started to change some of these dynamic on the, on the business side. And so I think this, this is the moment where we are starting to see kind of the imperative to transform. Now, you know, Covina obviously has been a key driver for that. The, um, the technology is right to start to be able to weave data together and really kind of, uh, also the cultural shifts, uh, Prue agile through dev ops through, uh, the SRE movement, uh frulein um, business transformation, all these things are coming together and that are really creating kind of the conditions for the BizOps manifesto to exist. >>So, uh, Clayton Christianson, great, uh, Harvard professor innovator's dilemma might still my all time favorite business books, you know, talks about how difficult it is for incumbents to react to, to disruptive change, right? Because they're always working on incremental change because that's what their customers are asking for. And there's a good ROI when you talk about, you know, companies not measuring the right thing. I mean, clearly it has some portion of their budget that has to go to keeping the lights on, right. That that's always the case, but hopefully that's an, an ever decreasing percentage of their total activity. So, you know, what should people be measuring? I mean, what are kind of the new metrics, um, in, in biz ops that drive people to be looking at the right things, measuring the right things and subsequently making the right decisions, investment decisions on whether they should do, you know, move project a along or project B. >>So there, there are only two things, right? So, so I think what you're talking about is portfolio management, investment management, right. And, um, which, which is a key challenge, right? Um, in my own experience, right? Uh, driving strategy or a large scale kind of software organization for years, um, it's very difficult to even get kind of a base data as to who is doing what, uh, um, I mean, some of our largest customers we're engaged with right now are simply trying to get a very simple answer, which is how many people do I have and that specific initiative at any point in time, and just tracking that information is extremely difficult. So, and again, back to a product project management Institute, um, there, they have estimated that on average, it organizations have anywhere between 10 to 20% of their resources focused on initiatives, which are not strategically aligned. >>So, so that's one dimensional portfolio management. I think the key aspect though, that we are, we're really keen on is really around kind of the alignment of a business metrics to the it metrics. Um, so I'll use kind of two simple examples, right? And my background is around quality and I've always believed that the fitness for purpose is really kind of a key, um, uh, philosophy if you will. And so if you start to think about quality as fitness for purpose, you start to look at it from a customer point of view, right. And fitness for purpose for a core banking application or mobile application are different, right? So the definition of a business value that you're trying to achieve is different. Um, and so the, and yeah, if you look at our, it, operations are operating there, we're using kind of a same type of, uh, kind of inward metrics, uh, like a database off time or a cycle time, or what is my point of velocity, right? >>And so the challenge really is this inward facing metrics that it is using, which are divorced from ultimately the outcome. And so, you know, if I'm, if I'm trying to build a poor banking application, my core metric is likely going to be uptight, right? If I'm trying to build a mobile application or maybe your social, a mobile app, it's probably going to be engagement. And so what you want is for everybody across it, to look at these metric and what are the metrics within the software delivery chain, which ultimately contribute to that business metric. And some cases cycle time may be completely irrelevant, right? Again, my core banking app, maybe I don't care about cycle time. And so it's really about aligning those metrics and be able to start to, um, Charles you mentioned, uh, around the, the, um, uh, around the disruption that we see is, or the investors is the dilemma now is really around the fact that many it organizations are essentially applying the same approaches of, for innovation, like for basically scrap work, then they would apply to kind of over more traditional projects. And so, you know, there's been a lot of talk about two-speed it, and yes, it exists, but in reality are really organizations, um, truly differentiating, um, all of the operate, their, their projects and products based on the outcomes that they're trying to achieve. And this is really where BizOps is trying to affect. >>I love that, you know, again, it doesn't seem like brain surgery, but focus on the outcomes, right. And it's horses for courses, as you said, this project, you know, what you're measuring and how you define success, isn't necessarily the same as, as on this other project. So let's talk about some of the principles we talked about the values, but, you know, I think it's interesting that, that, that the BizOps coalition, you know, just basically took the time to write these things down and they don't seem all that super insightful, but I guess you just got to get them down and have them on paper and have them in front of your face. But I want to talk about, you know, one of the key ones, which you just talked about, which is changing requirements, right. And working in a dynamic situation, which is really what's driven, you know, this, the software to change in software development, because, you know, if you're in a game app and your competitor comes out with a new blue sword, you got to come out with a new blue sword. >>So whether you had that on your Kanban wall or not. So it's, it's really this embracing of the speed of change and, and, and, and making that, you know, the rule, not the exception. I think that's a phenomenal one. And the other one you talked about is data, right? And that today's organizations generate more data than humans can process. So informed decisions must be generated by machine learning and AI, and, you know, in the, the big data thing with Hadoop, you know, started years ago, but we are seeing more and more that people are finally figuring it out, that it's not just big data, and it's not even generic machine learning or artificial intelligence, but it's applying those particular data sets and that particular types of algorithms to a specific problem, to your point, to try to actually reach an objective, whether that's, you know, increasing the, your average ticket or, you know, increasing your checkout rate with, with, with shopping carts that don't get left behind in these types of things. So it's a really different way to think about the world in the good old days, probably when you got started, when we had big, giant, you know, MRDs and PRDs and sat down and coded for two years and came out with a product release and hopefully not too many patches subsequently to that. >>It's interesting. Right. Um, again, back to one of these surveys that we did with, uh, with about 600, the ITA executives, and, uh, and, and we, we purposely designed those questions to be pretty open. Um, and, and one of them was really wrong requirements and, uh, and it was really a wrong, uh, kind of what do you, what is the best approach? What is your preferred approach towards requirements? And if I were to remember correctly, over 80% of the it executives set that the best approach they'll prefer to approach these core requirements to be completely defined before software development starts, let me pause there we're 20 years after the agile manifesto, right? And for 80% of these idea executives to basically claim that the best approach is for requirements to be fully baked before salt, before software development starts, basically shows that we still have a very major issue. >>And again, our hypothesis in working with many organizations is that the key challenge is really the boundary between business and it, which is still very much contract based. If you look at the business side, they basically are expecting for it deliver on time on budget, right. But what is the incentive for it to actually delivering on the business outcomes, right? How often is it measured on the business outcomes and not on an SLA or on a budget type criteria? And so that's really the fundamental shift that we need to, we really need to drive up as an industry. Um, and you know, we, we talk about kind of this, this imperative for organizations to operate that's one, and back to the, the, um, you know, various Doris dilemna the key difference between these larger organization is, is really kind of, uh, if you look at the amount of capital investment that they can put into pretty much anything, why are they losing compared to, um, you know, startups? What, why is it that, uh, more than 40% of, uh, personal loans today or issued not by your traditional brick and mortar banks, but by, um, startups? Well, the reason, yes, it's the traditional culture of doing incremental changes and not disrupting ourselves, which Christiansen covered the length, but it's also the inability to really fundamentally change kind of a dynamic picture. We can business it and, and, and partner right. To, to deliver on a specific business outcome. >>All right. I love that. That's a great, that's a great summary. And in fact, getting ready for this interview, I saw you mentioning another thing where, you know, the, the problem with the agile development is that you're actually now getting more silos. Cause you have all these autonomous people working, you know, kind of independently. So it's even a harder challenge for, for the business leaders to, to, as you said, to know, what's actually going on, but, but certainly I w I want to close, um, and talk about the coalition. Um, so clearly these are all great concepts. These are concepts you want to apply to your business every day. Why the coalition, why, you know, take these concepts out to a broader audience, including either your, your competition and the broader industry to say, Hey, we, as a group need to put a stamp of approval on these concepts, these values, these principles. >>So first I think we, we want, um, everybody to realize that we are all talking about the same things, the same concepts. I think we were all from our own different vantage point, realizing that things after change, and again, back to, you know, whether it's value stream management or site reliability engineering, or biz ops, we're all kind of using slightly different languages. Um, and so I think one of the important aspects of BizOps is for us, all of us, whether we're talking about, you know, consulting agile transformation experts, uh, whether we're talking about vendors, right, provides kind of tools and technologies or these large enterprises to transform for all of us to basically have kind of a reference that lets us speak around kind of, um, in a much more consistent way. The second aspect is for, to me is for, um, DS concepts to start to be embraced, not just by us or trying, or, you know, vendors, um, system integrators, consulting firms, educators, thought leaders, but also for some of our old customers to start to become evangelists of their own in the industry. >>So we, our, our objective with the coalition needs to be pretty, pretty broad. Um, and our hope is by, by starting to basically educate, um, our, our joint customers or partners, that we can start to really foster these behaviors and start to really change some of dynamics. So we're very pleased at if you look at, uh, some of the companies which have joined the, the, the, the manifesto. Um, so we have vendors such as desktop or advance, or, um, uh, PagerDuty for instance, or even planned view, uh, one of my direct competitors, um, but also thought leaders like Tom Davenport or, uh, or cap Gemini or, um, um, smaller firms like, uh, business agility, institutes, or agility elf. Um, and so our goal really is to start to bring together, uh, fall years, people would have been LP, large organizations, do digital transformation vendors. We're providing the technologies that many of these organizations use to deliver on this digital preservation and for all of us to start to provide the kind of, uh, education support and tools that the industry needs. Yeah, >>That's great surge. And, uh, you know, congratulations to you and the team. I know this has been going on for a while, putting all this together, getting people to sign onto the manifesto, putting the coalition together, and finally today getting to unveil it to the world in, in a little bit more of a public, uh, opportunity. So again, you know, really good values, really simple principles, something that, that, uh, shouldn't have to be written down, but it's nice cause it is, and now you can print it out and stick it on your wall. So thank you for, uh, for sharing this story and again, congrats to you and the team. >>Thank you. Thanks, Jeff. Appreciate it. >>Oh, my pleasure. Alrighty, surge. If you want to learn more about the BizOps manifest to go to biz ops manifesto.org, read it and you can sign it and you can stay here for more coverage. I'm the cube of the biz ops manifesto unveiled. Thanks for watching. See you next >>From around the globe. It's the cube with digital coverage of this ops manifesto unveiled brought to you by bill. >>Hey, welcome back, everybody Jeffrey here with the cube. Welcome back to our ongoing coverage of the biz ops manifesto unveiling. It's been in the works for awhile, but today's the day that it actually kind of come out to the, to the public. And we're excited to have a real industry luminary here to talk about what's going on, why this is important and share his perspective. And we're happy to have from Cape Cod, I believe is Tom Davenport. He is a distinguished author and professor at Babson college. We could go on, he's got a lot of great titles and, and really illuminary in the area of big data and analytics Thomas. Great to see you. >>Thanks Jeff. Happy to be here with you. >>Great. So let's just jump into it, you know, and getting ready for this. I came across your LinkedIn posts. I think you did earlier this summer in June and right off the bat, the first sentence just grabbed my attention. I'm always interested in new attempts to address longterm issues, uh, in how technology works within businesses, biz ops. What did you see in biz ops, uh, that, that kind of addresses one of these really big longterm problems? >>Well, yeah, but the longterm problem is that we've had a poor connection between business people and it people between business objectives and the, it solutions that address them. This has been going on, I think since the beginning of information technology and sadly it hasn't gone away. And so biz ops is a new attempt to deal with that issue with, you know, a new framework, eventually a broad set of solutions that increase the likelihood that we'll actually solve a business problem with an it capability. >>Right. You know, it's interesting to compare it with like dev ops, which I think a lot of people are probably familiar with, which was, you know, built around, uh, agile software development and a theory that we want to embrace change that that changes. Okay. Uh, and we want to be able to iterate quickly and incorporate that. And that's been happening in the software world for, for 20 plus years. What's taken so long to get that to the business side, because as the pace of change has changed on the software side, you know, that's a strategic issue in terms of execution on the business side that they need now to change priorities. And, you know, there's no PRDs and MRDs and big, giant strategic plans that sit on the shelf for five years. That's just not the way business works anymore. It took a long time to get here. >>Yeah, it did. And you know, there have been previous attempts to make a better connection between business and it, there was the so called alignment framework that a couple of friends of mine from Boston university developed, I think more than 20 years ago, but you know, now we have better technology for creating that linkage. And the, you know, the idea of kind of ops oriented frameworks is pretty pervasive now. So I think it's time for another serious attempt at it. Right. >>And do you think doing it this way, right. With the, with the biz ops coalition, you know, getting a collection of, of, of kind of likeminded individuals and companies together, and actually even having a manifesto, which we're making this declarative statement of, of principles and values, you think that's what it takes to kind of drive this kind of beyond the experiment and actually, you know, get it done and really start to see some results in, in, uh, in production in the field. >>I think certainly, um, no one vendor organization can pull this off single handedly. It does require a number of organizations collaborating and working together. So I think our coalition is a good idea and a manifesto is just a good way to kind of lay out what you see as the key principles of the idea. And that makes it much easier for everybody to understand and act on. >>I think it's just, it's really interesting having, you know, having them written down on paper and having it just be so clearly articulated both in terms of the, of the values as well as, as the, uh, the principles and the values, you know, business outcomes matter trust and collaboration, data driven decisions, which is the number three or four, and then learn, respond and pivot. It doesn't seem like those should have to be spelled out so clearly, but, but obviously it helps to have them there. You can stick them on the wall and kind of remember what your priorities are, but you're the data guy. You're the analytics guy, uh, and a big piece of this is data and analytics and moving to data-driven decisions. And principle number seven says, you know, today's organizations generate more data than humans can process and informed decisions can be augmented by machine learning and artificial intelligence right up your alley. You know, you've talked a number of times on kind of the mini stages of analytics. Um, and how has that's evolved over, over time, you know, as you think of analytics and machine learning, driving decisions beyond supporting decisions, but actually starting to make decisions in machine time. What's that, what's that thing for you? What does that make you, you know, start to think, wow, this is, this is going to be pretty significant. >>Yeah. Well, you know, this has been a longterm interest of mine. Um, the last generation of AI, I was very interested in expert systems. And then, um, I think, uh, more than 10 years ago, I wrote an article about automated decision-making using what was available then, which was rule-based approaches. Um, but you know, this addresses an issue that we've always had with analytics and AI. Um, you know, we, we tended to refer to those things as providing decision support. The problem is that if the decision maker didn't want their support, didn't want to use them in order to make a decision, they didn't provide any value. And so the nice thing about automating decisions, um, with now contemporary AI tools is that we can ensure that data and analytics get brought into the decision without any possible disconnection. Now, I think humans still have something to add here, and we often will need to examine how that decision is being made and maybe even have the ability to override it. But in general, I think at least for, you know, repetitive tactical decisions, um, involving a lot of data, we want most of those, I think to be at least recommended if not totally made by an algorithm or an AI based system, and that I believe would add to the quality and the precision and the accuracy of decisions and in most organizations, >>No, I think, I think you just answered my next question before I, before Hey, asked it, you know, we had dr. Robert Gates on a former secretary of defense on a few years back, and we were talking about machines and machines making decisions. And he said at that time, you know, the only weapon systems, uh, that actually had an automated trigger on it were on the North Korea and South Korea border. Um, everything else, as you said, had to go through a sub person before the final decision was made. And my question is, you know, what are kind of the attributes of the decision that enable us to more easily automated? And then how do you see that kind of morphing over time, both as the data to support that as well as our comfort level, um, enables us to turn more and more actual decisions over to the machine? >>Well, yeah, it's suggested we need, um, data and, um, the data that we have to kind of train our models has to be high quality and current. And we, we need to know the outcomes of that data. You know, um, most machine learning models, at least in business are supervised. And that means we need to have labeled outcomes in the, in the training data. But I, you know, um, the pandemic that we're living through is a good illustration of the fact that, that the data also have to be reflective of current reality. And, you know, one of the things that we're finding out quite frequently these days is that, um, the data that we have do not reflect, you know, what it's like to do business in a pandemic. Um, I wrote a little piece about this recently with Jeff cam at wake forest university, we called it data science quarantined, and we interviewed with somebody who said, you know, it's amazing what eight weeks of zeros will do to your demand forecast. We just don't really know what happens in a pandemic. Um, our models maybe have to be put on the shelf for a little while and until we can develop some new ones or we can get some other guidelines into making decisions. So I think that's one of the key things with automated decision making. We have to make sure that the data from the past and that's all we have of course, is a good guide to, you know, what's happening in the present and the future as far as we understand it. Yeah. >>I used to joke when we started this calendar year 2020, it was finally the year that we know everything with the benefit of hindsight, but it turned out 20, 20 a year. We found out we actually know nothing and everything thought we knew, but I wanna, I wanna follow up on that because you know, it did suddenly change everything, right? We got this light switch moment. Everybody's working from home now we're many, many months into it, and it's going to continue for a while. I saw your interview with Bernard Marr and you had a really interesting comment that now we have to deal with this change. We don't have a lot of data and you talked about hold fold or double down. And, and I can't think of a more, you know, kind of appropriate metaphor for driving the value of the BizOps when now your whole portfolio strategy, um, these to really be questioned and, and, you know, you have to be really, uh, well, uh, executing on what you are, holding, what you're folding and what you're doubling down with this completely new environment. >>Well, yeah, and I hope I did this in the interview. I would like to say that I came up with that term, but it actually came from a friend of mine. Who's a senior executive at Genpact. And, um, I, um, used it mostly to talk about AI and AI applications, but I think you could, you could use it much more broadly to talk about your entire sort of portfolio of digital projects. You need to think about, well, um, given some constraints on resources and a difficult economy for a while, which of our projects do we want to keep going on pretty much the way we were and which ones are not that necessary anymore? You see a lot of that in AI, because we had so many pilots, somebody told me, you know, we've got more pilots around here than O'Hare airport and AI. Um, and then, but the ones that involve double down they're even more important to you. They are, you know, a lot of organizations have found this out in the pandemic, on digital projects. It's more and more important for customers to be able to interact with you, um, digitally. And so you certainly wouldn't want to, um, cancel those projects or put them on hold. So you double down on them and get them done faster and better. >>Right, right. Uh, another, another thing that came up in my research that you quoted, um, was, was from Jeff Bezos, talking about the great bulk of what we do is quietly, but meaningfully improving core operations. You know, I think that is so core to this concept of not AI and machine learning and kind of the general sense, which, which gets way too much buzz, but really applied right. Applied to a specific problem. And that's where you start to see the value. And, you know, the, the BizOps, uh, manifesto is, is, is calling it out in this particular process. But I'd love to get your perspective as you know, you speak generally about this topic all the time, but how people should really be thinking about where are the applications where I can apply this technology to get direct business value. >>Yeah, well, you know, even talking about automated decisions, um, uh, the kind of once in a lifetime decisions, uh, the ones that, um, ag Lafley, the former CEO of Procter and gamble used to call the big swing decisions. You only get a few of those. He said in your tenure as CEO, those are probably not going to be the ones that you're automating in part because, um, you don't have much data about them. You're only making them a few times and in part, because, um, they really require that big picture thinking and the ability to kind of anticipate the future, that the best human decision makers, um, have. Um, but, um, in general, I think where they are, the projects that are working well are, you know, when I call the low hanging fruit ones, the, some people even report to it referred to it as boring AI. >>So, you know, sucking data out of a contract in order to compare it to a bill of lading for what arrived at your supply chain companies can save or make a lot of money with that kind of comparison. It's not the most exciting thing, but AI, as you suggested is really good at those narrow kinds of tasks. It's not so good at the, at the really big moonshots, like curing cancer or, you know, figuring out well what's the best stock or bond under all circumstances or even autonomous vehicles. Um, we, we made some great progress in that area, but everybody seems to agree that they're not going to be perfect for quite a while. And we really don't want to be driving around on them very much unless they're, you know, good and all kinds of weather and with all kinds of pedestrian traffic and you know, that sort of thing, right? That's funny you bring up contract management. >>I had a buddy years ago, they had a startup around contract management and was like, and this was way before we had the compute power today and cloud proliferation. I said, you know, how, how can you possibly build software around contract management? It's language, it's legal, ease. It's very specific. And he's like, Jeff, we just need to know where's the contract. And when does it expire? And who's the signatory. And he built a business on those, you know, very simple little facts that weren't being covered because their contracts contractor in people's drawers and files and homes, and Lord only knows. So it's really interesting, as you said, these kind of low hanging fruit opportunities where you can extract a lot of business value without trying to, you know, boil the ocean. >>Yeah. I mean, if you're Amazon, um, uh, Jeff Bezos thinks it's important to have some kind of billion dollar projects. And he even says it's important to have a billion dollar failure or two every year. But I think most organizations probably are better off being a little less aggressive and, you know, sticking to, um, what AI has been doing for a long time, which is, you know, making smarter decisions based on, based on data. >>Right? So Tom, I want to shift gears one more time before, before we let you go on on kind of a new topic for you, not really new, but you know, not, not a, the vast majority of, of your publications and that's the new way to work, you know, as, as the pandemic hit in mid March, right. And we had this light switch moment, everybody had to work from home and it was, you know, kind of crisis and get everybody set up. Well, you know, now we're five months, six months, seven months. A number of companies have said that people are not going to be going back to work for a while. And so we're going to continue on this for a while. And then even when it's not what it is now, it's not going to be what it was before. So, you know, I wonder, and I know you, you, uh, you teased, you're working on a new book, you know, some of your thoughts on, you know, kind of this new way to work and, and the human factors in this new, this new kind of reality that we're kind of evolving into, I guess. >>Yeah. I missed was an interest of mine. I think, um, back in the nineties, I wrote an article called, um, a coauthored, an article called two cheers for the virtual office. And, you know, it was just starting to emerge. Then some people were very excited about it. Some people were skeptical and, uh, we said two cheers rather than three cheers because clearly there's some shortcomings. And, you know, I keep seeing these pop up. It's great that we can work from our homes. It's great that we can accomplish most of what we need to do with a digital interface, but, um, you know, things like innovation and creativity and certainly, um, uh, a good, um, happy social life kind of requires some face to face contact every now and then. And so I, you know, I think we'll go back to an environment where there is some of that. >>Um, we'll have, um, times when people convene in one place so they can get to know each other face to face and learn from each other that way. And most of the time, I think it's a huge waste of people's time to commute into the office every day and to jump on airplanes, to, to, um, give every little, um, uh, sales call or give every little presentation. Uh, we just have to really narrow down what are the circumstances where face to face contact really matters. And when can we get by with, with digital, you know, I think one of the things in my current work I'm finding is that even when you have AI based decision making, you really need a good platform in which that all takes place. So in addition to these virtual platforms, we need to develop platforms that kind of structure the workflow for us and tell us what we should be doing next, then make automated decisions when necessary. And I think that ultimately is a big part of biz ops as well. It's not just the intelligence of an AI system, but it's the flow of work that kind of keeps things moving smoothly throughout your organization. >>Yeah. I think such, such a huge opportunity as you just said, cause I forget the stats on how often we're interrupted with notifications between email texts, Slack, a sauna, Salesforce, the list goes on and on. So, you know, to put an AI layer between the person and all these systems that are begging for attention, and you've written a book on the attention economy, which is a whole nother topic, we'll say for another day, you know, it really begs, it really begs for some assistance because you know, you just can't get him picked, you know, every two minutes and really get quality work done. It's just not, it's just not realistic. And you know what? I don't think that's a feature that we're looking for. I agree. Totally. Alright, Tom. Well, thank you so much for your time. Really enjoyed the conversation. I gotta dig into the library. It's very long. So I might start at the attention economy. I haven't read that one in to me. I think that's the fascinating thing in which we're living. So thank you for your time and, uh, great to see you. >>My pleasure, Jeff. Great to be here. >>All right. Take care. Alright. He's Tom I'm Jeff. You are watching the continuing coverage of the biz ops manifesto and Vale. Thanks for watching the cube. We'll see you next time.

>>From around the globe. It's the cube with digital coverage, a BizOps manifesto unveiled brought to you by biz ops coalition. >>Hey, welcome back everybody. Jeff Frick here with the cube. Welcome back to our ongoing coverage of the biz ops manifesto. Unveil. Something has been in the works for a little while. Today's the formal unveiling, and we're excited to have three of the core of founding members of the manifesto authors of the manifesto. If you will, uh, joining us again, we've had them all on individually. Now we're going to have a great power panel first up. We're gab Mitt, Kirsten returning he's the founder and CEO of Tasktop mic. Good to see you again. Where are you dialing in from? >>Great to see you again, Jeff I'm dialing from Vancouver, >>We're Canada, Vancouver, Canada. One of my favorite cities in the whole wide world. Also we've got Tom Davenport come in from across the country. He's a distinguished professor and author from Babson college, Tom. Great to see you. And I think you said you're at a fun, exotic place on the East coast >>Realm of Memphis shoe sits on Cape Cod. >>Great to see you again and also joining surge Lucio. He is the VP and general manager enterprise software division at Broadcom surge. Great to see you again, where are you coming in from? >>Uh, from Boston right next to kickoff. >>Terrific. So welcome back, everybody again. Congratulations on this day. I know it's, it's been a lot of work to get here for this unveil, but let's just jump into it. The biz ops manifesto, what was the initial reason to do this? And how did you decide to do it in a kind of a coalition, a way bringing together a group of people versus just making it an internal company, uh, initiative that, you know, you can do better stuff within your own company, surge, why don't we start with you? >>Yeah, so, so I think we were at a really critical juncture, right? Many, um, large enterprises are basically struggling with their digital transformation. Um, in fact, um, many recognize that, uh, the, the business side, it collaboration has been, uh, one of the major impediments, uh, to drive that kind of transformation. And if we look at the industry today, many people are, whether we're talking about vendors or, um, you know, system integrators, consulting firms are talking about the same kind of concepts, but using very different language. And so we believe that bringing all these different players together, um, as part of the coalition and formalizing, uh, basically the core principles and values in a BizOps manifesto, we can really start to F could have a much bigger movement where we can all talk about kind of the same concepts and we can really start to provide, could have a much better support for large organizations to transform. Uh, so whether it is technology or services or, um, we're training, I think that that's really the value of bringing all of these players together, right. >>And Nick to you, why did you get involved in this, in this effort? >>So Ben close and follow the agile movement since it started two decades ago with that manifesto. >>And I think we got a lot of improvement at the team level, and I think as satisfies noted, uh, we really need to improve at the business level. Every company is trying to become a software innovator, uh, trying to make sure that they can adapt quickly and the changing market economy and what everyone's dealing with in terms of needing to deliver the customer sooner. However, agile practices have really focused on these metrics, these measures and understanding processes that help teams be productive. Those things now need to be elevated to the business as a whole. And that just hasn't happened. Uh, organizations are actually failing because they're measuring activities and how they're becoming more agile, how teams are functioning, not how much quickly they're delivering value to the customer. So we need to now move past that. And that's exactly what the that's manifested provides. Right, >>Right, right. And Tom, to you, you've been covering tech for a very long time. You've been looking at really hard challenges and a lot of work around analytics and data and data evolution. So there's a definitely a data angle here. I wonder if you could kind of share your perspective of what you got excited to, uh, to sign onto this manifesto. >>Sure. Well, I have, you know, for the past 15 or 20 years, I've been focusing on data and analytics and AI, but before that I was a process management guy and a knowledge management guy. And in general, I think, you know, we've just kind of optimized that to narrow a level, whether you're talking about agile or dev ops or ML ops, any of these kinds of ops oriented movements, we're making individual project, um, performance and productivity better, but we're not changing the business, uh, effectively enough. And that's the thing that appealed to me about the biz ops idea that we're finally creating a closer connection between what we do with technology and how it changes the business and provides value to it. >>Great. Uh, surge back to you, right? I mean, people have been talking about digital transformation for a long time and it's been, you know, kind of trucking along and then covert hit and it was instant lights, which everyone's working from home. You've got a lot more reliance on your digital tools, digital communication, uh, both within your customer base and your partner base, but also then your employees when you're, if you could share how that really pushed this all along. Right? Because now suddenly the acceleration of digital transformation is higher. Even more importantly, you got much more critical decisions to make into what you do next. So kind of your portfolio management of projects has been elevated significantly when maybe revenues are down, uh, and you really have to, uh, to prioritize and get it right. >>Yeah. Maybe I'll just start by quoting Satina Nello basically recently said that they're speeding the two years of digital preservation just last two months in any many ways. That's true. Um, but, but yet when we look at large enterprises, they're >>Still struggling with the kind of a changes in culture that they really need to drive to be able to disrupt themselves. And not surprisingly, you know, when we look at certain parts of the industry, you know, we see some things which are very disturbing, right? So about 40% of the personal loans today, or being, uh, origin data it's by fintechs, uh, of a like of Sophie or, uh, or a lending club, right? Not to a traditional brick and mortar for BEC. And so the, well, there is kind of a much more of an appetite and it's a, it's more of a survival type of driver these days. Uh, the reality is that's in order for these large enterprises to truly transform and engage with this digital transformation, they need to start to really align the business. And it, you know, in many ways, uh, make covered that agile really emerged from the core desire to truly improve software predictability between which we've really missed is all that we, we start to aligning the software predictability to business predictability and to be able to have continual sleep continuous improvement and measurement of business outcomes. So by aligning kind of these, uh, kind of inward metrics, that's, it is typically being using to business outcomes. We think we can start to really ELP different stakeholders within the organization to collaborate. So I think there is more than ever. There's an imperative to act now. Um, and, and resolves, I think is kind of the right approach to drive that transformation. Right. >>I want to follow up on the culture comment, uh, with Utah, because you've talked before about kind of process flow and process flow throughout a whore and an organization. And, you know, we talk about people process and tech all the time. And I think the tech is the easy part compared to actually changing the people the way they think. And then the actual processes that they put in place. It's a much more difficult issue than just the tech issue to get this digital transformation in your organization. >>Yeah. You know, I've always found that the soft stuff about, you know, the culture of the behavior, the values is the hard stuff to change and more and more, we, we realized that to be successful with any kind of digital transformation you have to change people's behaviors and attitudes. Um, we haven't made as much progress in that area as we might have. I mean, I've done some surveys suggesting that, um, most organizations still don't have data-driven cultures. And in many cases there is a lower percentage of companies that say they have that then, um, did a few years ago. So we're kind of moving in the wrong direction, which means I think that we have to start explicitly addressing that, um, cultural, behavioral dimension and not just assuming that it will happen if we, if we build a system, >>If we build it, they won't necessarily come. Right. >>Right. So I want to go to, to you Nick cause you know, we're talking about workflows and flow, um, and, and you've written about flow both in terms of, um, you know, moving things along a process and trying to find bottlenecks, identify bottlenecks, which is now even more important again, when these decisions are much more critical. Cause you have a lot less, uh, wiggle room in tough times, but you also talked about flow from the culture side and the people side. So I wonder if you can just share your thoughts on, you know, using flow as a way to think about things, to get the answers better. >>Yeah, absolutely. And I'll refer back to what Tom has said. If you're optimized, you need to optimize your system. You need to optimize how you innovate and how you deliver value to the business and the customer. Now, what we've noticed in the data, since that we've learned from customers, value streams, enterprise organizations, value streams, is that when it's taking six months at the end to deliver that value with the flow is that slow. You've got a bunch of unhappy developers, unhappy customers when you're innovating house. So high performing organizations we can measure at antenna flow time and dates. All of a sudden that feedback loop, the satisfaction, your developers measurably, it goes up. So not only do you have people context, switching glass, you're delivering so much more value to customers at a lower cost because you've optimized for flow rather than optimizing for these, these other approximate tricks that we use, which is how efficient is my adult team. How quickly can we deploy software? Those are important, but they do not provide the value of agility of fast learning of adaptability to the business. And that's exactly what the biz ops manifesto pushes your organization to do. You need to put in place this new operating model that's based on flow on the delivery of business value and on bringing value to market much more quickly than you were before. Right. >>I love that. And I'm gonna back to you Tom, on that to follow up. Cause I think, I don't think people think enough about how they prioritize what they're optimizing for, because you know, if you're optimizing for a versus B, you know, you can have a very different product that, that you kick out. And, you know, my favorite example is with Clayton Christianson and innovator's dilemma talking about the three inch hard drive, if you optimize it for power, you know, is one thing, if you optimize it for vibration is another thing and sure enough, you know, they missed it on the poem because it was the, it was the game console, which, which drove that whole business. So when you're talking to customers and we think we hear it with cloud all the time, people optimizing for a cost efficiency, instead of thinking about it as an innovation tool, how do you help them kind of rethink and really, you know, force them to, to look at the, at the prioritization and make sure they're prioritizing on the right thing is make just that, what are you optimizing for? >>Oh yeah. Um, you have one of the most important aspects of any decision or attempt to resolve a problem in an organization is the framing process. And, um, you know, it's, it's a difficult aspect to have the decision to confirm it correctly in the first place. Um, there, it's not a technology issue. In many cases, it's largely a human issue, but if you frame >>That decision or that problem incorrectly to narrowly say, or you frame it as an either or situation where you could actually have some of both, um, it, it's very difficult for the, um, process to work out correctly. So in many cases, I think we need to think more at the beginning about how we bring this issue or this decision in the best way possible before we charge off and build a system to support it. You know, um, it's worth that extra time to think, think carefully about how the decision has been structured. Right, >>Sir, I want to go back to you and talk about the human factors because as we just discussed, you can put it in great technology, but if the culture doesn't adopt it and people don't feel good about it, you know, it's not going to be successful and that's going to reflect poorly on the technology, even if that had nothing to do with it. And you know, when you look at the, the, the, the core values, uh, of the Bezos manifesto, you know, a big one is trust and collaboration, you know, learn, respond, and pivot. Wonder if you can share your thoughts on, on trying to get that cultural shift, uh, so that you can have success with the people, or excuse me, with the technology in the process and helping customers, you know, take this more trustworthy and kind of proactive, uh, position. >>So I think, I think at the ground level, it truly starts with the realization that we're all different. We come from different backgrounds. Uh, oftentimes we tend to blame the data. It's not uncommon my experiments that we spend the first 30 minutes of any kind of one hour conversation to debate the validity of the data. Um, and so, um, one of the first kind of, uh, probably manifestations that we've had or revelations as we start to engage with our customers is spoke just exposing, uh, high-fidelity data sets to different stakeholders from their different lens. We start to enable these different stakeholders to not debate the data. That's really collaborate to find a solution. So in many ways, when, when, when we think about kind of the types of changes we're trying to, to truly affect around data driven decision making, he told about bringing the data in context and the context that is relevant and understandable for, for different stakeholders, whether we're talking about an operator or develop for a business analyst. >>So that's, that's the first thing. The second layer I think, is really to provide context to what people are doing in their specific silo. And so I think one of the best examples I have is if you start to be able to align business KPI, whether you are counting, you know, sales per hour, or the engagements of your users on your mobile applications, whatever it is, you can start to connect that PKI to business KPI, to the KPIs that developers might be looking at, whether it is all the number of defects or velocity or whatever over your metrics that you're used to, to actually track you start to be able to actually contextualize in what we are, the effecting, basically a metric of that that is really relevant. And then what we see is that this is a much more systematic way to approach the transformation than say, you know, some organizations kind of creating some of these new products or services or initiatives, um, to, to drive engagements, right? >>So if you look at zoom, for instance, zoom giving away a it service to, uh, to education, he's all about, I mean, there's obviously a marketing aspect in there, but it's, it's fundamentally about trying to drive also the engagement of their own teams. And because now they're doing something for good and many organizations are trying to do that, but you only can do this kind of things in the limited way. And so you really want to start to rethink how you connect to, everybody's kind of a business objective fruit data, and now you start to get people to stare at the same data from their own lens and collaborate on all the data. Right, >>Right. That's a good, uh, Tom, I want to go back to you. You've been studying it for a long time, writing lots of books and getting into it. Um, why now, you know, what, why, why now are we finally aligning business objectives with, with it objectives? You know, why didn't this happen before? And, you know, what are the factors that are making now the time for this, this, this move with the, uh, with the biz ops? >>Well, and much of a past, it was sort of a back office related activity. And, you know, it was important for, um, uh, producing your paychecks and, uh, capturing the customer orders, but the business wasn't built around it now, every organization needs to be a software business, a data business, a digital business, the auntie has been raised considerably. And if you aren't making that connection between your business objectives and the technology that supports it, you run a pretty big risk of, you know, going out of business or losing out to competitors. Totally. So, um, and even if you're in, uh, an industry that hasn't historically been terribly, um, technology oriented customer expectations flow from, uh, you know, the digital native, um, companies that they work with to basically every industry. So you're compared against the best in the world. So we don't really have the luxury anymore of screwing up our it projects or building things that don't really work for the business. Um, it's mission critical that we do that well. Um, almost every time, I just want to fall by that, Tom, >>In terms of the, you've talked extensively about kind of these evolutions of data and analytics from artismal stage to the big data stage, the data economy stage, the AI driven stage and what I find diff interesting that all those stages, you always put a start date, you never put an end date. Um, so you know, is the, is the big data I'm just going to use that generically a moment in time finally here where we're, you know, off mahogany row with the data scientists, but actually can start to see the promise of delivering the right insight to the right person at the right time to make that decision. >>Well, I think it is true that in general, these previous stages never seemed to go away. The, um, the artisinal stuff is still being done, but we would like for less and less of it to be artisinal, we can't really afford for everything to be artisinal anymore. It's too labor and, and time consuming to do things that way. So we shift more and more of it to be done through automation and B to be done with a higher level of productivity. And, um, you know, at some point maybe we reached the stage where we don't do anything artisanally anymore. I'm not sure we're there yet, but we are, we are making progress. Right. >>Right. And Mick, back to you in terms of looking at agile, cause you're, you're such a student of agile. When, when you look at the opportunity with biz ops and taking the lessons from agile, you know, what's been the inhibitor to stop this in the past. And what are you so excited about? You know, taking this approach will enable. >>Yeah. I think both search and Tom hit on this is that in agile what's happened is that we've been measuring tiny subsets of the value stream, right? We need to elevate the data's there. Developers are working on these tools that delivering features that the foundations for for great culture are there. I spent two decades as a developer. And when I was really happy is when I was able to deliver value to customers, the quicker I was able to do that the fewer impediments are in my way, that quicker was deployed and running in the cloud, the happier I was, and that's exactly what's happening. If we can just get the right data, uh, elevated to the business, not just to the agile teams, but really this, these values of ours are to make sure that you've got these data driven decisions with meaningful data that's oriented around delivering value to customers. Not only these legacies that Tom touched on, which has cost center metrics. So when, from where for it being a cost center and something that provided email and then back office systems. So we need to rapidly shift to those new, meaningful metrics that are customized business centric and make sure that every development the organization is focused on those as well as the business itself, that we're measuring value. And that will help you that value flow without interruptions. >>I love that mic. Cause if you don't measure it, you can't improve on it and you gotta, but you gotta be measuring the right thing. So gentlemen, uh, thank you again for, for your time. Uh, congratulations on the, uh, on the unveil of the biz ops manifesto and bringing together this coalition, uh, of, of, uh, industry experts to get behind this. And, you know, there's probably never been a more important time than now to make sure that your prioritization is in the right spot and you're not wasting resources where you're not going to get the ROI. So, uh, congratulations again. And thank you for sharing your thoughts with us here on the cube. >>Thank you. >>Alright, so we had surge Tom and Mick I'm. Jeff, you're watching the cube. It's a biz ops manifesto unveil. Thanks for watching. We'll see you next time >>From around the globe. It's the cube with digital coverage of biz ops manifesto unveiled brought to you by biz ops coalition. >>Hey, welcome back. Variety. Jeff Frick here with the cube. We're in our Palo Alto studios, and we'd like to welcome you back to our continuing coverage of biz ops manifesto unveil some exciting day to really, uh, kind of bring this out into public. There's been a little bit of conversation, but today's really the official unveiling and we're excited to have our next guest is share a little bit more information on it. He's Patrick tickle. He's a chief product officer for planned view. Patrick. Great to see you. >>Yeah, it's great to be here. Thanks for the invite. So why >>The biz ops manifesto, why the biz ops coalition now when you guys have been at it, it's relatively mature marketplace businesses. Good. What was missing? Why, why this, why this coalition? >>Yeah. So, you know, again, why is, why is biz ops important and why is this something that I'm, you know, I'm so excited about, but I think companies as well, right? Well, no, in some ways or another, this is a topic that I've been talking to the market and our customers about for a long time. And it's, you know, I really applaud this whole movement. Right. And, um, it resonates with me because I think one of the fundamental flaws, frankly, of the way we have talked about technology and business literally for decades, uh, has been this idea of, uh, alignment. Those who know me, I occasionally get off on this little rant about the word alignment, right. But to me, the word alignment is, is actually indicative of the, of the, of the flaw in a lot of our organizations and biz ops is really, I think now trying to catalyze and expose that flaw. >>Right. Because, you know, I always say that, you know, you know, alignment implies silos, right. Instantaneously, as soon as you say there's alignment, there's, there's obviously somebody who's got a direction and other people that have to line up and that kind of siloed, uh, nature of organizations then frankly, the passive nature of it. Right. I think so many technology organizations are like, look, the business has the strategy you guys need to align. Right. And, and, you know, as a product leader, right. That's where I've been my whole career. Right. I can tell you that I never sit around. I almost never use the word alignment. Right. I mean, whether, you know, I never sit down and say, you know, the product management team has to get aligned with dev, right. Or the dev team has to get aligned with the delivery and ops teams. I mean, what I say is, you know, are we on strategy, right? >>Like we've, we have a strategy as a, as a full end to end value stream. Right. And that there's no silos. And I mean, look, every on any given day we got to get better. Right. But the context, the context we operate is not about alignment. Right. It's about being on strategy. And I think I've talked to customers a lot about that, but when I first read the manifesto, I was like, Oh yeah, this is exactly. This is breaking down. Maybe trying to eliminate the word alignment, you know, from a lot of our organizations, because we literally start thinking about one strategy and how we go from strategy to delivery and have it be our strategy, not someone else's that we're all aligning to. And I, and it's a great way to catalyze that conversation that I've, it's been in my mind for years, to be honest. Right. >>So, so much to unpack there. One of the things obviously, uh, stealing a lot from, from dev ops and the dev ops manifesto from 20 years ago. And, and as I look through some of the principles and I looked through some of the values, which are, you know, really nicely laid out here, you know, satisfy customer, do continuous delivery, uh, measure, output against real results. Um, the ones that, that jumps out though is really about, you know, change, change, right? Requirements should change frequently. They do change frequently, but I'm curious to get your take from a, from a software development point, it's easy to kind of understand, right. We're making this widget and our competitors, beta widget plus X, and now we need to change our plans and make sure that the plus X gets added to the plan. Maybe it wasn't in the plan, but you talked a lot about product strategy. So in this kind of continuous delivery world, how does that meld with, I'm actually trying to set a strategy, which implies the direction for a little bit further out on the horizon and to stay on that while at the same time, you're kind of doing this real time continual adjustments because you're not working off a giant PRD or MRD anymore. >>Yeah, yeah, totally. Yeah. You know, one of the terms, you know, that we use internally a lot and even with my customers, our customers is we talk about this idea of rewiring, right. And I think, you know, it's kind of a, now an analogy for transformation. And I think a lot of us have to rewire the way we think about things. Right. And I think at Planview where we have a lot of customers who live in that, you know, who operationalize that traditional PPM world. Right. And are shifting to agile and transforming that rewire is super important. And, and to your point, right, it's, you've just, you've got to embrace this idea of, you know, just iterative getting better every day and iterating, iterating, iterating as opposed to building annual plans or, you know, I get customers occasionally who asked me for two or three year roadmap. >>Right. And I literally looked at them and I go, there's no, there's no scenario where I can build a two or three year roadmap. Right. You, you, you think you want that, but that's not, that's not the way we run. Right. And I will tell you the biggest thing that for us, you know, that I think is matched the planning, uh, you know, patents is a word I like to use a lot. So the thing that we've like, uh, that we've done from a planning perspective, I think is matched impedance to continuous delivery is instituting the whole program, implement, you know, the program, increment planning, capabilities, and methodologies, um, in the scaled agile world. Right. And over the last 18 months to two years, we really have now, you know, instrumented our company across three value streams. You know, we do quarterly PI program increment 10 week planning, you know, and that becomes, that becomes the Terra firma of how we plan. >>Right. And it's, what are we doing for the next 10 weeks? And we iterate within those 10 weeks, but we also know that 10 weeks from now, we're gonna, we're gonna adjust iterate again. Right. And that shifting of that planning model to, you know, to being as cross-functional is that as that big room planning kind of model is, um, and also, uh, you know, on that shorter increment, when you get those two things in place, also the impedance really starts to match up, uh, with continuous delivery and it changes, it changes the way you plan and it changes the way you work. Right? >>Yeah. Their thing. Right. So obviously a lot of these things are kind of process driven, both within the values, as well as the principles, but there's a whole lot, really about culture. And I just want to highlight a couple of the values, right? We already talked about business outcomes, um, trust and collaboration, uh, data driven decisions, and then learn, respond and pivot. Right. A lot of those are cultural as much as they are process. So again, is it the, is it the need to really kind of just put them down on paper and, you know, I can't help, but think of, you know, the hammer and up the, a, the thing in the Lutheran church with it, with their manifesto, is it just good to get it down on paper? Because when you read these things, you're like, well, of course we should trust people. And of course we need an environment of collaboration and of course we want data driven decisions, but as we all know saying it and living, it are two very, very different things. >>Yeah. Good question. I mean, I think there's a lot of ways to bring that to life you're right. And just hanging up, you know, I think we've all been through the hanging up posters around your office, which these days, right. Unless you're going to hang a poster in everybody's home office. Right. You can't even, you can't even fake it that you think that might work. Right. So, um, you know, you really, I think we've attacked that in a variety of ways. Right. And you definitely have to, you know, you've got to make the shift to a team centric culture, right. Empowered teams, you know, that's a big deal. Right. You know, a lot of, a lot of the people that, you know, we lived in a world of quote, unquote work. We lived in a deep resource management world for a long, long time, and right. >>A lot of our customers still do that, but, you know, kind of moving to that team centric world is, uh, is really important and core to the trust. Um, I think training is super important, right. I mean, we've, you know, we've internally, right. We've trained hundreds employees over the last a year and a half on the fundamentals really of safe. Right. Not necessarily, you know, we've had, we've had teams delivering in scrum and the continuous delivery for, you know, for years, but the scaling aspect of it, uh, is where we've done a lot of training investment. Um, and then, you know, I think a leadership has to be bought in. Right. You know? And so when we pie plan, you know, myself and Cameron and the other members of our leadership, you know, we're NPI planning, you know, for, for four days. Right. I mean, it's, it's, you've got to walk the walk, you know, from top to bottom and you've got to train on the context. Right. And then you, and then, and, and then once you get through a few cycles where you've done a pivot, right. Or you brought a new team in, and it just works, it becomes kind of this virtuous circle where he'll go, man, this really works so much better than what we used to do. Right. >>Right. The other really key principle to this whole thing is, is aligning, you know, the business leaders and the business prioritization, um, so that you can get to good outcomes with the development and the delivery. Right. And we know again, and kind of classic dev ops to get the dev and the production people together. So they can, you know, quickly ship code that works. Um, but adding the business person on there really puts, puts a little extra responsibility that they, they understand the value of a particular feature or particular priority. Uh, they, they can make the, the, the trade offs and that they kind of understand the effort involved too. So, you know, bringing them into this continuous again, kind of this continuous development process, um, to make sure that things are better aligned and really better prioritize. Cause ultimately, you know, we don't live in an infinite resources situation and people gotta make trade offs. They gotta make decisions as to what goes and what doesn't go in for everything that goes. Right. I always say you pick one thing. Okay. That's 99 other things that couldn't go. So it's really important to have, you know, this, you said alignment of the business priorities as well as, you know, the execution within, within the development. >>Yeah. I think that, you know, uh, you know, I think it was probably close to two years ago. Forester started talking about the age of the customer, right. That, that was like their big theme at the time. Right. And I think to me what that, the age of the customer actually translates to and Mick, Mick and I are both big fans of this whole idea of the project, the product shift, mixed book, you know, it was a great piece on a, you're talking to Mick, you know, as part of the manifesto is one of the authors as well, but this shift from project to product, right? Like the age of the customer, in my opinion, the, the, the embodiment of that is the shift to a product mentality. Right. And, and the product mentality in my opinion, is what brings the business and technology teams together, right? >>Once you, once you're focused on a customer experience, that's delivered through a product or a service that's when I that's, when I started to go with the alignment problem goes away, right. Because if you look at software companies, right, I mean, we run product management models, you know, with software development teams, customer success teams, right. That, you know, the software component of these products that people are building is obviously becoming bigger and bigger, you know, in an, in many ways, right. More and more organizations are trying to model themselves over as operationally like software companies. Right. Um, they obviously have lots of other components in their business than just software, but I think that whole model of customer experience equaling product, and then the software component of product, the product is the essence of what changes that alignment equation and brings business and teams together because all of a sudden, everyone knows what the customer's experiencing. Right. And, and that, that, that makes a lot of things very clear, very quickly. >>Right. I'm just curious how far along this was as a process before, before covert hit, right. Because serendipitous, whatever. Right. But th the sudden, you know, light switch moment, everybody had to go work from home and in March 15th compared to now, we're in October, and this is going to be going on for a while, and it is a new normal and whatever that whatever's going to look like a year from now, or two years from now is TBD, you know, had you guys already started on this journey cause again, to sit down and actually declare this coalition and declare this manifesto is a lot different than just trying to do better within your own organization. >>Yeah. So we had started, uh, you know, w we definitely had started independently, you know, some, some, you know, I think people in the community know that, uh, we, we came together with a company called lean kit a handful of years ago, and I give John Terry actually one of the founders leaned to immense credit for, you know, kind of spearheading our cultural change and not, and not because of, we were just going to be, you know, bringing agile solutions to our customers, but because, you know, he believed that it was going to be a fundamentally better way for us to work. Right. And we kind of, you know, when we started with John and built, you know, out of concentric circles of momentum and, and we've gotten to the place where now it's just part of who we are, but, but I do think that, you know, COVID has, you know, um, I think pre COVID a lot of companies, you know, would, would adopt, you know, the, you would adopt digital slash agile transformation. >>Um, traditional industries may have done it as a reaction to disruption. Right. You know, and in many cases, the disruption to these traditional industries was, I would say a product oriented company, right. That probably had a larger software component, and that disruption caused a competitive issue or a customer issue that caused companies and tried to respond by transforming. I think COVID, you know, all of a sudden flatten that out, right. We literally all got disrupted. Right. And, and so all of a sudden, every one of us is dealing with some degree of market uncertainty, customer uncertainty, uh, and also know none of us were insulated from the need to be able to pivot faster, deliver incrementally, you know, and operate in a different, completely more agile way, uh, you know, post COVID. Right. Yeah. That's great. >>So again, a very, very, very timely, you know, a little bit of serendipity, a little bit of, of planning. And, you know, as, as with all important things, there's always a little bit of luck and a lot of hard work involved. So a really interesting thank you for, for your leadership, Patrick. And, you know, it really makes a statement. I think when you have a bunch of leaderships across an industry coming together and putting their name on a piece of paper, uh, that's aligned around us some principles and some values, which again, if you read them who wouldn't want to get behind these, but if it takes, you know, something a little bit more formal, uh, to kind of move the ball down the field, and then I totally get it and a really great work. Thanks for, uh, thanks for doing it. >>Oh, absolutely. No. Like I said, the first time I read it, I was like, yeah, like you said, this is all, this all makes complete sense, but just documenting it and saying it and talking about it moves the needle. I'll tell you as a company, you gotta, we're pushing really hard on, uh, you know, on our own internal strategy on diversity inclusion. Right? And, and like, once we wrote the words down about what, you know, what we aspire to be from a diversity and inclusion perspective, it's the same thing. Everybody reads the words and goes, why wouldn't we do this? Right. But until you write it down and kind of have again, a manifesto or a Terrafirma of what you're trying to accomplish, you know, then you can rally behind it. Right. As opposed to it being something that's, everybody's got their own version of the flavor. Right. And I think it's a very analogous, you know, kind of, uh, initiative, right. And, uh, and this happening, both of those things, right. Are happening across the industry these days. Right. >>And measure it too. Right. And measure it, measure, measure, measure, get a baseline. Even if you don't like to measure, even if you don't like what the, even if you can argue against the math, behind the measurement, measure it, and at least you can measure it again and you can, and you've got some type of a comp and that is really the only way to, to move it forward. Well, Patrick really enjoyed the conversation. Thanks for, uh, for taking a few minutes out of your day. >>It's great to be here. It's an awesome movement and we're glad >>That'd be part of it. All right. Thanks. And if you want to check out the biz ops, Manifesta go to biz ops, manifesto.org, read it. You might want to sign it. It's there for you. And thanks for tuning in on this segment will continuing coverage of the biz op manifesto unveil here on the cube. I'm Jeff, thanks for watching >>From around the globe. It's the cube with digital coverage of biz ops manifesto unveiled brought to you by biz ops coalition. >>Hey, welcome back, everybody Jeffrey here with the cube. We're coming to you from our Palo Alto studios. And welcome back to this event is the biz ops manifesto unveiling. So the biz ops manifesto and the biz ops coalition had been around for a little while, but today's the big day. That's kind of the big public unveiling or excited to have some of the foundational people that, you know, have put their, put their name on the dotted, if you will, to support this initiative and talk about why that initiative is so important. And so the next guest we're excited to have is dr. Mick Kirsten. He is the founder and CEO of Tasktop mic. Great to see you coming in from Vancouver, Canada, I think, right? Yes. Thank you. Absolutely. I hope your air is a little better out there. I know you had some of the worst air of all of us, a couple, a couple of weeks back. So hopefully things are, uh, are getting a little better and we get those fires under control. Yeah. >>Things have cleared up now. So yeah, it's good. It's good to be close to the U S and it's going to have the Arabic cleaner as well. >>Absolutely. So let's, let's jump into it. So you you've been an innovation guy forever starting way back in the day and Xerox park. I was so excited to do an event at Xerox park for the first time last year. I mean, that, that to me represents along with bell labs and, and some other, you know, kind of foundational innovation and technology centers, that's gotta be one of the greatest ones. So I just wonder if you could share some perspective of getting your start there at Xerox park, you know, some of the lessons you learned and what you've been able to kind of carry forward from those days. >>Yeah. I was fortunate to join Xerox park in the computer science lab there at a very early point in my career, and to be working on open source programming languages. So back then in the computer science lab, where some of the inventions around programming around software development teams, such as object oriented programming, and a lot of what we had around really modern programming levels constructs, those were the teams I have the fortune of working with, and really our goal was. And of course there's as, as you know, uh, there's just this DNA of innovation and excitement and innovation in the water. And really it was the model back then was all about changing the way that we work, uh, was looking at for how we could make it 10 times easier to write code. But this is back in 99. And we were looking at new ways of expressing, especially business concerns, especially ways of enabling people who are, who want to innovate for their business to express those concerns in code and make that 10 times easier than what that would take. >>So we create a new open source programming language, and we saw some benefits, but not quite quite what we expected. I then went and actually joined Charles Stephanie, that former to fucking Microsoft who was responsible for, he actually got Microsoft word as a spark and into Microsoft and into the hands of bill Gates on that company. I was behind the whole office suite and his vision. And then when I was trying to execute with, working for him was to make PowerPoint like a programming language, make everything completely visual. And I realized none of this was really working in that there was something else, fundamentally wrong programming languages, or new ways of building software. Like let's try and do with Charles around intentional programming. That was not enough. >>That was not enough. So, you know, the agile movement got started about 20 years ago, and we've seen the rise of dev ops and really this kind of embracing of, of, of sprints and, you know, getting away from MRDs and PRDs and these massive definitions of what we're going to build and long build cycles to this iterative process. And this has been going on for a little while. So what was still wrong? What was still missing? Why the BizOps coalition, why the biz ops manifesto? >>Yeah, so I basically think we nailed some of the things that the program language levels of teams can have effective languages deployed soften to the cloud easily now, right? And at the kind of process and collaboration and planning level agile two decades, decades ago was formed. We were adopting and all the, all the teams I was involved with and it's really become a self problem. So agile tools, agile teams, agile ways of planning, uh, are now very mature. And the whole challenge is when organizations try to scale that. And so what I realized is that the way that agile was scaling across teams and really scaling from the technology part of organization to the business was just completely flawed. The agile teams had one set of doing things, one set of metrics, one set of tools. And the way that the business was working was planning was investing in technology was just completely disconnected and using a whole different set of advisors. >>Interesting. Cause I think it's pretty clear from the software development teams in terms of what they're trying to deliver. Cause they've got a feature set, right. And they've got bugs and it's easy to, it's easy to see what they deliver, but it sounds like what you're really honing in on is this disconnect on the business side, in terms of, you know, is it the right investment? You know, are we getting the right business ROI on this investment? Was that the right feature? Should we be building another feature or should we building a completely different product set? So it sounds like it's really a core piece of this is to get the right measurement tools, the right measurement data sets so that you can make the right decisions in terms of what you're investing, you know, limited resources. You can't, no one has unlimited resources and ultimately have to decide what to do, which means you're also deciding what not to do. And it sounds like that's a really big piece of this, of this whole effort. >>Yeah. Jeff, that's exactly it, which is the way that the agile team measures their own way of working is very different from the way that you measure business outcomes. The business outcomes are in terms of how happy your customers are, but are you innovating fast enough to keep up with the pace of a rapidly changing economy, rapidly changing market. And those are, those are all around the customer. And so what I learned on this long journey of supporting many organizations transformations and having them try to apply those principles of agile and dev ops, that those are not enough, those measures technical practices, those measured sort of technical excellence of bringing code to the market. They don't actually measure business outcomes. And so I realized that it really was much more around having these entwined flow metrics that are customer centric and business centric and market centric where we need it to go. Right. >>So I want to shift gears a little bit and talk about your book because you're also a bestselling author, a project, a product, and, and, and you, you brought up this concept in your book called the flow framework. And it's really interesting to me cause I know, you know, flow on one hand is kind of a workflow and a process flow and, and you know, that's how things get done and, and, and embrace the flow. On the other hand, you know, everyone now in, in a little higher level existential way is trying to get into the flow right into the workflow and, you know, not be interrupted and get into a state where you're kind of at your highest productivity, you know, kind of your highest comfort, which flow are you talking about in your book or is it a little bit about, >>Well, that's a great question. It's not what I get asked very often. Just to me, it's absolutely both. So that the thing that we want to get to, we've learned how to master individual flow. That is this beautiful book by me, how he teaches me how he does a beautiful Ted talk by him as well about how we can take control of our own flow. So my question with the book with project replies, how can we bring that to entire teams and really entire organizations? How can we have everyone contributing to a customer outcome? And this is really what if you go to the biz ops manifesto, it says, I focus on outcomes on using data to drive whether we're delivering those outcomes rather than a focus on proxy metrics, such as, how quickly did we implement this feature? No, it's really how much value did the customer go to the feature and how quickly did you learn and how quickly did you use that data to drive to that next outcome? >>Really that with companies like Netflix and Amazon have mastered, how do we get that to every large organization, every it organization and make everyone be a software innovator. So it's to bring that co that concept of flow to these entwined value streams. And the fascinating thing is we've actually seen the data. We've been able to study a lot of value streams. We see when flow increases, when organizations deliver value to a customer faster, developers actually become more happy. So things like the employee net promoter scores rise, and we've got empirical data for this. So the beautiful thing to me is that we've actually been able to combine these two things and see the results in the data that you increase flow to the customer. Your developers are more happy. >>I love it, right, because we're all more, we're all happier when we're in the flow and we're all more productive when we're in the flow. So I, that is a great melding of, of two concepts, but let's jump into the, into the manifesto itself a little bit. And, you know, I love that, you know, took this approach really of having kind of four key values and then he gets 12 key principles. And I just want to read a couple of these values because when you read them, it sounds pretty brain dead. Right? Of course. Right. Of course you should focus on business outcomes. Of course you should have trust and collaboration. Of course you should have database decision making processes and not just intuition or, you know, whoever's the loudest person in the room, uh, and to learn and respond and pivot. But what's the value of actually just putting them on a piece of paper, because again, this is not this, these are all good, positive things, right? When somebody reads these to you or tells you these are sticks it on the wall, of course. But unfortunately of course isn't always enough. >>No. And I think what's happened is some of these core principles originally from the agile manifesto two decades ago, uh, the whole dev ops movement of the last decade of flow feedback and continue learning has been key. But a lot of organizations, especially the ones that are undergoing digital transformations have actually gone a very different way, right? The way that they measure value in technology and innovation is through costs for many organizations. The way that they actually are looking at that they're moving to cloud is actually as a reduction in cost. Whereas the right way of looking at moving to cloud is how much more quickly can we get to the value to the customer? How quickly can we learn from that? And how quickly can we drive the next business outcome? So really the key thing is, is to move away from those old ways of doing things, a funny projects and cost centers, uh, to actually funding and investing in outcomes and measuring outcomes through these flow metrics, which in the end are your fast feedback and how quickly you're innovating for your customer. >>So these things do seem, you know, very obvious when you look at them. But the key thing is what you need to stop doing to focus on these. You need to actually have accurate realtime data of how much value your phone to the customer every week, every month, every quarter. And if you don't have that, your decisions are not driven on data. If you don't know what your boggling like is, and this is something that in decades of manufacturing, a car manufacturers, other manufacturers, master, they always know where the bottom back in their production processes. You ask a random CIO when a global 500 company where their bottleneck is, and you won't get a clear answer because there's not that level of understanding. So let's, you actually follow these principles. You need to know exactly where you fall. And I guess because that's, what's making your developers miserable and frustrated around having them context, which on thrash. So it, the approach here is important and we have to stop doing these other things, >>Right? There's so much there to unpack. I love it. You know, especially the cloud conversation, because so many people look at it wrong as, as, as a cost saving device, as opposed to an innovation driver and they get stuck, they get stuck in the literal and the, and you know, I think at the same thing, always about Moore's law, right? You know, there's a lot of interesting real tech around Moore's law and the increasing power of microprocessors, but the real power, I think in Moore's laws is the attitudinal change in terms of working in a world where you know that you've got all this power and what you build and design. I think it's funny to your, your comment on the flow and the bottleneck, right? Cause, cause we know manufacturing, as soon as you fix one bottleneck, you move to your next one, right? You always move to your next point of failure. So if you're not fixing those things, you know, you're not, you're not increasing that speed down the line, unless you can identify where that bottleneck is or no matter how many improvements you make to the rest of the process, it's still going to get hung up on that one spot. >>That's exactly it. And you also make it sound so simple, but again, if you don't have the data driven visibility of where that bottom line is, and these bottlenecks are adjusted to say defense just whack them. All right. So we need to understand is the bottleneck because our security reviews are taking too long and stopping us from getting value for the customer. If it's that automate that process. And then you move on to the next bottleneck, which might actually be that deploying yourself into the cloud. It's taking too long. But if you don't take that approach of going flow first, rather than again, that sort of cost reduction. First, you have to think of the approach of customer centricity and you only focused on optimizing costs. Your costs will increase and your flow will slow down. And this is just one of these fascinating things. >>Whereas if you focus on getting closer to the customer and reducing your cycles out on getting value, your flow time from six months to two weeks or two, one week or two event, as we see with the tech giants, you actually can both lower your costs and get much more value for us to get that learning loop going. So I think I've, I've seen all these cloud deployments and one of the things happened that delivered almost no value because there was such big bottlenecks upfront in the process and actually the hosting and the AP testing was not even possible with all of those inefficiencies. So that's why going float us rather than costs when we started our project versus silky. >>I love that. And, and, and, and it, it begs repeating to that right within the subscription economy, you know, you're on the hook to deliver value every single month because they're paying you every single month. So if you're not on top of how you're delivering value, you're going to get sideways because it's not like they pay a big down payment and a small maintenance fee every month. But once you're in a subscription relationship, you know, you have to constantly be delivering value and upgrading that value because you're constantly taking money from the customer. So it's such a different kind of relationship than kind of the classic, you know, big bang with a maintenance agreement on the back end really important. Yeah. >>And I think in terms of industry shifts that that's, it that's, what's catalyzed. This industry shift is in this SAS and subscription economy. If you're not delivering more and more value to your customers, someone else's, and they're winning the business, not you. So, one way we know is to delight our customers with great user experience as well. That really is based on how many features you delivered or how much, how much, how many quality improvements or scalar performance improvements we delivered. So the problem is, and this is what the business manifesto, as well as the flow frame of touch on is if you can't measure how much value you deliver to a customer, what are you measuring? You just backed again, measuring costs, and that's not a measure of value. So we have to shift quickly away from measuring costs to measuring value, to survive. And in the subscription economy, >>We could go for days and days and days. I want to shift gears a little bit into data and, and a data driven decision making a data driven organization cause right day has been talked about for a long time, the huge big data meme with, with Hadoop over, over several years and, and data warehouses and data lakes and data oceans and data swamps. And you can go on and on and on. It's not that easy to do, right? And at the same time, the proliferation of data is growing exponentially. We're just around the corner from, from IOT and five G. So now the accumulation of data at machine scale, again, is this gonna overwhelm? And one of the really interesting principles, uh, that I wanted to call out and get your take right, is today's organizations generate more data than humans can process. So informed decisions must be augmented by machine learning and artificial intelligence. I wonder if you can, again, you've got some great historical perspective, um, reflect on how hard it is to get the right data, to get the data in the right context, and then to deliver it to the decision makers and then trust the decision makers to actually make the data and move that down. You know, it's kind of this democratization process into more and more people and more and more frontline jobs making more and more of these little decisions every day. >>Yeah. I definitely think the front parts of what you said are where the promises of big data have completely fallen on their face into the swamps as, as you mentioned, because if you don't have the data in the right format, you've cannot connect, collected that the right way you want it, that way, the right way you can't use human or machine learning on it effectively. And there've been the number of data where, how has this in a typical enterprise organization and the sheer investment is tremendous, but the amount of intelligence being extracted from those is, is, is a very big problem. So the key thing that I've noticed is that if you can model your value streams, so you actually understand how you're innovating, how you're measuring the delivery of value and how long that takes, what is your time to value through these metrics like full time? >>You can actually use both the intelligence that you've got around the table and push that down as well, as far as getting to the organization, but you can actually start using that those models to understand and find patterns and detect bottlenecks that might be surprising, right? Well, you can detect interesting bottlenecks when you shift to work from home. We detected all sorts of interesting bottlenecks in our own organization that were not intuitive to me that have to do with, you know, more senior people being overloaded and creating bottlenecks where they didn't exist. Whereas we thought we were actually an organization that was very good at working from home because of our open source roots. So the data is highly complex. Software value streams are extremely complicated. And the only way to really get the proper analysts and data is to model it properly and then to leverage these machine learning and AI techniques that we have. But that front part of what you said is where organizations are just extremely immature in what I've seen, where they've got data from all their tools, but not modeled in the right way. Right, right. >>Right. Well, all right. So before I let you go, you know, let's say you get a business leader. He, he buys in, he reads the manifesto, he signs on the dotted line and he says, Mick, how do I get started? I want to be more aligned with the, with the development teams. I know I'm in a very competitive space. We need to be putting out new software features and engage with our customers. I want to be more data-driven how do I get started? Well, you know, what's the biggest inhibitor for most people to get started and get some early wins, which we know is always the key to success in any kind of a new initiative. >>Right? So I think you can reach out to us through the website, uh, for the manifesto. But the key thing is just, it's definitely set up it's to get started and to get the key wins. So take a product value stream. That's mission critical if it'd be on your mobile and web experiences or part of your cloud modernization platform where your analytics pipeline, but take that and actually apply these principles to it and measure the end to end flow of value. Make sure you have a value metric that everyone is on the same page on, but the people on the development teams that people in leadership all the way up to the CEO, and one of the, where I encourage you to start is actually that end to end flow time, right? That is the number one metric. That is how you measure it, whether you're getting the benefit of your cloud modernization, that is the one metric that when the people I respect tremendously put into his cloud for CEOs, the metric, the one, the one way to measure innovation. So basically take these principles, deploy them on one product value stream measure, Antonin flow time, uh, and then you'll actually be well on your path to transforming and to applying the concepts of agile and dev ops all the way to, to the, to the way >>You're offering model. >>Well, Mick really great tips, really fun to catch up. I look forward to a time when we can actually sit across the table and, and get into this. Cause I just, I just love the perspective and, you know, you're very fortunate to have that foundational, that foundational base coming from Xerox park and they get, you know, it's, it's a very magical place with a magical history. So to, to incorporate that into, continue to spread that well, uh, you know, good for you through the book and through your company. So thanks for sharing your insight with us today. >>Thanks so much for having me, Jeff. Absolutely. >>All right. And go to the biz ops manifesto.org, read it, check it out. If you want to sign it, sign it. They'd love to have you do it. Stay with us for continuing coverage of the unveiling of the business manifesto on the cube. I'm Jeff. Rick. Thanks for watching. See you next time >>From around the globe. It's the cube with digital coverage, a biz ops manifesto unveiled brought to you by biz ops coalition. >>Hey, welcome back. You're ready. Jeff Frick here with the cube for our ongoing coverage of the big unveil. It's the biz ops manifesto manifesto unveil. And we're going to start that again from the top three And a Festo >>Five, four, three, two. >>Hey, welcome back everybody. Jeff Frick here with the cube come to you from our Palo Alto studios today for a big, big reveal. We're excited to be here. It's the biz ops manifesto unveiling a thing's been in the works for a while and we're excited to have our next guest. One of the, really the powers behind this whole effort. And he's joining us from Boston it's surge, Lucio, the vice president, and general manager enterprise software division at Broadcom surge. Great to see you. >>Hi, good to see you, Jeff. Glad to be here. >>Absolutely. So you've been in this business for a very long time. You've seen a lot of changes in technology. What is the biz ops manifesto? What is this coalition all about? Why do we need this today and in 2020? >>Yeah. So, so I've been in this business for close to 25 years, right? So about 20 years ago, the agile manifesto was created. And the goal of the agile manifesto was really to address the uncertainty around software development and the inability to predict the efforts to build software. And, uh, if you, if you roll that kind of 20 years later, and if you look at the current state of the industry of the product, the project management Institute, estimates that we're wasting about a million dollars, every 20 seconds in digital transformation initiatives that do not deliver on business results. In fact, we were recently served a third of the, a, a number of executives in partnership with Harvard >>Business review and 77% of those executives think that one of the key challenges that they have is really the collaboration between business and it, and that that's been kind of a case for, uh, almost 20 years now. Um, so the, the, the key challenge that we're faced with is really that we need a new approach. And many of the players in the industry, including ourselves have been using different terms, right? Some are being, are talking about value stream management. Some are talking about software delivery management. If you look at the site, reliability engineering movement, in many ways, it embodies a lot of these kind of concepts and principles. So we believed that it became really imperative for us to crystallize around, could have one concept. And so in many ways, the, a, the BizOps concept and the BizOps manifesto are bringing together a number of ideas, which has been emerging in the last five years or so, and, and defining the key values and principles to finally help these organizations truly transform and become digital businesses. And so the hope is that by joining our forces and defining public key principles and values, we can help the industry, uh, not just, uh, by, you know, providing them with support, but also tools and consulting that is required for them to truly achieve the kind of transformation that everybody's taking. >>Right. Right. So COVID now we're six months into it, approximately seven months into it. Um, a lot of pain, a lot of bad stuff still happening. We've got a ways to go, but one of the things that on the positive side, right, and you've seen all the memes and social media is, is a driver of digital transformation and a driver of change. Cause we had this light switch moment in the middle of March, and there was no more planning. There was no more conversation. You've suddenly got remote workforces, everybody's working from home and you got to go, right. So the reliance on these tools increases dramatically, but I'm curious, you know, kind of short of, of the beginnings of this effort in short of kind of COVID, which, you know, came along unexpectedly. I mean, what were those inhibitors because we've been making software for a very long time, right? The software development community has, has adopted kind of rapid change and, and iterative, uh, delivery and, and sprints, what was holding back the connection with the business side to make sure that those investments were properly aligned with outcomes. >>Well, so, so you have to understand that it is, is kind of a its own silos. And traditionally it has been treated as a cost center within large organizations and not as a value center. And so as a result, kind of a, the traditional dynamic between it and the business is basically one of a kind of supplier up to kind of a business. Um, and you know, if you go back to, uh, I think you'll unmask a few years ago, um, basically at this concept of the machines to build the machines and you went as far as saying that, uh, the, the machines or the production line is actually the product. So, uh, meaning that the core of the innovation is really about, uh, building, could it be engine to deliver on the value? And so in many ways, you know, we, we have missed on this shift from, um, kind of it becoming this kind of value center within the enterprises and end. >>He talks about culture. Now, culture is a, is a sum total of behaviors. And the reality is that if you look at it, especially in the last decade, uh, we've agile with dev ops with, um, I bring infrastructures, uh, it's, it's way more volatile today than it was 10 years ago. And so the, when you start to look at the velocity of the data, the volume of data, the variety of data to analyze the system, um, it's, it's very challenging for it to actually even understand and optimize its own processes, let alone, um, to actually include business as sort of an integral part of kind of a delivery chain. And so it's both kind of a combination of, of culture, um, which is required, uh, as well as tools, right? To be able to start to bring together all these data together, and then given the volume of variety of philosophy of the data. Uh, we have to apply some core technologies, which have only really, truly emerged in the last five to 10 years around machine learning and analytics. And so it's really kind of a combination of those freaks, which are coming together today, truly out organizations kind of get to the next level. Right, >>Right. So let's talk about the manifesto. Let's talk about, uh, the coalition, uh, the BizOps coalition. I just liked that you put down these really simple, you know, kind of straightforward core values. You guys have four core values that you're highlighting, you know, business outcomes, over individual projects and outputs, trust, and collaboration, oversight, load teams, and organizations, data driven decisions, what you just talked about, uh, you know, over opinions and judgment and learned, respond and pivot. I mean, surgery sounds like pretty basic stuff, right? I mean, aren't, isn't everyone working to these values already. And I think he touched on it on culture, right? Trust and collaboration, data driven decisions. I mean, these are fundamental ways that people must run their business today, or the person that's across the street, that's doing it. It's going to knock them out right off their block. >>Yeah. So that's very true. But, uh, so I'll, I'll mention an hour survey. We did, uh, I think about six months ago and it was in partnership with, uh, with, uh, an industry analyst and we serve at a, again, a number of it executives to understand only we're tracking business outcomes. I'm going to get the software executives, it executives we're tracking business outcomes. And the, there were less than 15% of these executives were actually tracking the outcomes of the software delivery. And you see that every day. Right? So in my own teams, for instance, we've been adopting a lot of these core principles in the last year or so, and we've uncovered that 16% of our resources were basically aligned around initiatives, which are not strategic for us. Um, I take another example, for instance, one of our customers in the, uh, in the airline industry and Harvard, for instance, that a number of, uh, um, that they had software issues that led to people searching for flights and not returning any kind of availability. >>And yet, um, you know, the it teams, whether it's operation software environments were completely oblivious to that because they were completely blindsided to it. And so the connectivity between kind of the inwards metrics that RT is using, whether it's database time, cycle time, or whatever metric we use in it are typically completely divorced from the business metrics. And so at its core, it's really about starting to align the business metrics with the, the, the software delivery chain, right? This, uh, the system, which is really a core differentiator for these organizations. It's about connecting those two things and starting to, um, infuse some of the agile culture and principles. Um, that's emerged from the software side into the business side. Um, of course the lean movement and other movements have started to change some of these dynamics on the business side. And so I think this, this is the moment where we are starting to see kind of the imperative to transform. Now, you know, Covina obviously has been a key driver for that. The, um, the technology is right to start to be able to weave data together and really kind of, uh, also the cultural shifts, uh, Prue agile through dev ops through, uh, the SRE movement, uh frulein um, business transformation, all these things are coming together and that are really creating kind of the conditions for the BizOps manifestor to exist, >>Uh, Clayton Christianson, great, uh, Harvard professor innovator's dilemma might steal my all time. Favorite business books, you know, talks about how difficult it is for incumbents to react to, to disruptive change, right? Because they're always working on incremental change cause that's what their customers are asking for. And there's a good ROI when you talk about, you know, companies not measuring the right thing. I mean, clearly it has some portion of their budget that has to go to keeping the lights on, right. That that's always the case, but hopefully that's an ever decreasing percentage of their total activity. So, you know, what should people be measuring? I mean, what are kind of the new metrics, um, in, in biz ops that drive people to be looking at the right things, measuring the right things and subsequently making the right decisions, investment decisions on whether they should do, you know, move project a along or project B. >>So there, there are only two things, right? So, so I think what you're talking about is portfolio management, investment management, right. And, um, which, which is a key challenge, right? Um, in my own experience, right? Uh, driving strategy or a large scale kind of software organization for years, um, it's very difficult to even get kind of a base data as to who is doing what, uh, um, I mean, some of our largest customers we're engaged with right now are simply trying to get a very simple answer, which is how many people do I have and that specific initiative at any point in time and just tracking that information is extremely difficult. So, and, and again, back to a product project management Institute, um, they're, they've estimated that on average, it organizations have anywhere between 10 to 20% of their resources focused on initiatives, which are not strategically aligned. >>So that's one dimension on portfolio management. I think the key aspect though, that we are really keen on is really around kind of the alignment of a business metrics to the it metrics. Um, so I'll use kind of two simple examples, right? And my background is around quality. And so I've always believed that fitness for purpose is really kind of a key, um, uh, philosophy if you will. And so if you start to think about quality as fitness for purpose, you start to look at it from a customer point of view, right. And fitness for purpose for core banking application or mobile application are different, right? So the definition of a business value that you're trying to achieve is different. Um, and so the, and yet, if you look at our, it, operations are operating, they were using kind of a same type of, uh, kind of inward metrics, uh, like a database of time or a cycle time, or what is my point of velocity, right? >>And, uh, and so the challenge really is this inward facing metrics that it is using, which are divorced from ultimately the outcome. And so, you know, if I'm, if I'm trying to build a poor banking application, my core metric is likely going to be uptime, right? If I'm trying to build a mobile application or maybe your social mobile app, it's probably going to be engagement. And so what you want is for everybody across it, to look at these metric, and what's hard, the metrics within the software delivery chain, which ultimately contribute to that business metric and some cases cycle time may be completely irrelevant, right? Again, my core banking app, maybe I don't care about cycle time. And so it's really about aligning those metrics and be able to start to differentiate, um, the key challenges you mentioned, uh, around the, the, um, uh, around the disruption that we see is, or the investors is the dilemma now is really around the fact that many it organizations are essentially applying the same approaches of, for innovation, right, for basically scrap work, then they would apply to kind of over more traditional projects. And so, you know, there's been a lot of talk about two-speed it, and yes, it exists, but in reality are really organizations, um, truly differentiating, um, all of the operate, their, their projects and products based on the outcomes that they're trying to achieve. And this is really where BizOps is trying to affect. >>I love that, you know, again, it doesn't seem like brain surgery, but focus on the outcomes, right. And it's horses for courses, as you said, this project, you know, what you're measuring and how you define success, isn't necessarily the same as, as on this other project. So let's talk about some of the principles we've talked about the values, but, you know, I think it's interesting that, that, that the BizOps coalition, you know, just basically took the time to write these things down and they don't seem all that, uh, super insightful, but I guess you just gotta get them down and have them on paper and have them in front of your face. But I want to talk about, you know, one of the key ones, which you just talked about, which is changing requirements, right. And working in a dynamic situation, which is really what's driven, you know, this, the software to change in software development, because, you know, if you're in a game app and your competitor comes out with a new blue sword, you've got to come out with a new blue sword. >>So whether you had that on your Kanban wall or not. So it's, it's really this embracing of the speed of change and, and, and, and making that, you know, the rule, not the exception. I think that's a phenomenal one. And the other one you talked about is data, right? And that today's organizations generate more data than humans can process. So informed decisions must be generated by machine learning and AI, and, you know, in the, the big data thing with Hadoop, you know, started years ago, but we are seeing more and more that people are finally figuring it out, that it's not just big data, and it's not even generic machine learning or artificial intelligence, but it's applying those particular data sets and that particular types of algorithms to a specific problem, to your point, to try to actually reach an objective, whether that's, you know, increasing the, your average ticket or, you know, increasing your checkout rate with, with, with shopping carts that don't get left behind and these types of things. So it's a really different way to think about the world in the good old days, probably when you got started, when we had big, giant, you know, MRDs and PRDs and sat down and coded for two years and came out with a product release and hopefully not too many patches subsequently to that. >>It's interesting. Right. Um, again, back to one of these surveys that we did with, uh, with about 600, the ITA executives, and, uh, and, and we, we purposely designed those questions to be pretty open. Um, and, and one of them was really role requirements and, uh, and it was really a wrong kind of what do you, what is the best approach? What is your preferred approach towards requirements? And if I remember correctly over 80% of the it executives set that the best approach they'll prefer to approach is for requirements to be completely defined before software development starts. Let me pause there where 20 years after the agile manifesto, right? And for 80% of these idea executives to basically claim that the best approach is for requirements to be fully baked before salt, before software development starts, basically shows that we still have a very major issue. >>And again, our hypothesis in working with many organizations is that the key challenge is really the boundary between business and it, which is still very much contract based. If you look at the business side, they basically are expecting for it deliver on time on budget, right. But what is the incentive for it to actually delivering all the business outcomes, right? How often is it measured on the business outcomes and not on an SLA or on a budget type criteria. And so that, that's really the fundamental shift that we need to, we really need to drive up as an industry. Um, and you know, we, we talk about kind of this, this imperative for organizations to operate that's one, and back to the innovator's dilemma. The key difference between these larger organization is, is really kind of a, if you look at the amount of capital investment that they can put into pretty much anything, why are they losing compared to, um, you know, startups? What, why is it that, uh, more than 40% of, uh, personal loans today or issued not by your traditional brick and mortar banks, but by, um, startups? Well, the reason, yes, it's the traditional culture of doing incremental changes and not disrupting ourselves, which Christiansen covered at length, but it's also the inability to really fundamentally change kind of a dynamic picture. We can business it and, and, and partner right. To, to deliver on a specific business outcome. Right. >>I love that. That's a great, that's a great summary. And in fact, getting ready for this interview, I saw you mentioning another thing where, you know, the, the problem with the agile development is that you're actually now getting more silos because you have all these autonomous people working, you know, kind of independently. So it's even a harder challenge for, for the business leaders to, to, to, as you said, to know, what's actually going on, but, but certainly I w I want to close, um, and talk about the coalition. Um, so clearly these are all great concepts. These are concepts you want to apply to your business every day. Why the coalition, why, you know, take these concepts out to a broader audience, including your, your competition and, and the broader industry to say, Hey, we, as a group need to put a stamp of approval on these concepts, values, these principles. >>So, first I think we, we want, um, everybody to realize that we are all talking about the same things, the same concepts. I think we were all from our own different vantage point, realizing that, um, things after change, and again, back to, you know, whether it's value stream management or site reliability engineering, or biz ops, we're all kind of using slightly different languages. Um, and so I think one of the important aspects of BizOps is for us, all of us, whether we're talking about, you know, consulting agile transformation experts, uh, whether we're talking about vendors, right, provides kind of tools and technologies, or these large enterprises to transform for all of us to basically have kind of a reference that lets us speak around kind of, um, in a much more consistent way. The second aspect is for, to me is for, um, these concepts to start to be embraced, not just by us or trying, or, you know, vendors, um, system integrators, consulting firms, educators, thought leaders, but also for some of our old customers to start to become evangelists of their own in the industry. >>So we, our, our objective with the coalition needs to be pretty, pretty broad. Um, and our hope is by, by starting to basically educate, um, our, our joint customers or partners, that we can start to really foster these behaviors and start to really change, uh, some of dynamics. So we're very pleased at if you look at, uh, some of the companies which have joined the, the, the, the manifesto. Um, so we have vendors and suggest desktop or advance, or, um, uh, PagerDuty for instance, or even planned view, uh, one of my direct competitors, um, but also thought leaders like Tom Davenport or, uh, or cap Gemini or, um, um, smaller firms like, uh, business agility, institutes, or agility elf. Um, and so our, our goal really is to start to bring together, uh, thought leaders, people who have been LP, larger organizations do digital transformation vendors, were providing the technologies that many of these organizations use to deliver on these digital preservation and for all of us to start to provide the kind of, uh, education support and tools that the industry needs. Yeah, >>That's great surge. And, uh, you know, congratulations to you and the team. I know this has been going on for a while, putting all this together, getting people to sign onto the manifesto, putting the coalition together, and finally today getting to unveil it to the world in a little bit more of a public, uh, opportunity. So again, you know, really good values, really simple principles, something that, that, uh, shouldn't have to be written down, but it's nice cause it is, and now you can print it out and stick it on your wall. So thank you for, uh, for sharing this story. And again, congrats to you and the team. Thank you. Appreciate it. My pleasure. Alrighty, surge. If you want to learn more about the biz ops, Manifesta go to biz ops manifesto.org, read it, and you can sign it and you can stay here for more coverage. I'm the cube of the biz ops manifesto unveiled. Thanks for watching. See you next time >>From around the globe. It's the cube with digital coverage of this ops manifesto unveiled and brought to you by >>This obstacle volition. Hey, welcome back, everybody Jeffrey here with the cube. Welcome back to our ongoing coverage of the biz ops manifesto unveiling. It's been in the works for awhile, but today's the day that it actually kind of come out to the, to the public. And we're excited to have a real industry luminary here to talk about what's going on, why this is important and share his perspective. And we're happy to have from Cape Cod, I believe is Tom Davenport. He's a distinguished author and professor at Babson college. We could go on, he's got a lot of great titles and, and really illuminary in the area of big data and analytics Thomas. Great to see you. >>Thanks Jeff. Happy to be here with you. >>Great. So let's just jump into it, you know, and getting ready for this. I came across your LinkedIn posts. I think you did earlier this summer in June and right off the bat, the first sentence just grabbed my attention. I'm always interested in new attempts to address longterm issues, uh, in how technology works within businesses, biz ops. What did you see in biz ops, uh, that, that kind of addresses one of these really big longterm problems? >>Well, yeah, but the longterm problem is that we've had a poor connection between business people and it people between business objectives and the, it solutions that address them. This has been going on, I think since the beginning of information technology and sadly it hasn't gone away. And so biz ops is a new attempt to deal with that issue with a, you know, a new framework, eventually a broad set of solutions that increase the likelihood that will actually solve a business problem with an it capability. >>Right. You know, it's interesting to compare it with like dev ops, which I think a lot of people are probably familiar with, which was, you know, built around, uh, agile software development and a theory that we want to embrace change that that changes. Okay. And we want to be able to iterate quickly and incorporate that. And that's been happening in the software world for, for 20 plus years. What's taken so long to get that to the business side, because as the pace of change has changed on the software side, you know, that's a strategic issue in terms of execution, the business side that they need now to change priorities. And, you know, there's no PRDs and MRDs and big, giant strategic plans that sit on the shelf for five years. That's just not the way business works anymore. It took a long time to get here. >>Yeah, it did. And, you know, there had been previous attempts to make a better connection between business and it, there was the so called strategic alignment framework that a couple of friends of mine from Boston university developed, I think more than 20 years ago, but you know, now we have better technology for creating that linkage. And the, you know, the idea of kind of ops oriented frameworks is pretty pervasive now. So I think it's time for another serious attempt at it. >>And do you think doing it this way, right. With the, with the BizOps coalition, you know, getting a collection of, of, of kind of likeminded individuals and companies together, and actually even having a manifesto, which we're making this declarative statement of, of principles and values, you think that's what it takes to kind of drive this kind of beyond the experiment and actually, you know, get it done and really start to see some results in, in, uh, in production in the field. >>I think certainly no one vendor organization can pull this off single handedly. It does require a number of organizations collaborating and working together. So I think our coalition is a good idea and a manifesto is just a good way to kind of lay out what you see as the key principles of the idea. And that makes it much easier for everybody to understand and act on. >>I, I think it's just, it's really interesting having, you know, having them written down on paper and having it just be so clearly articulated both in terms of the, of the values as well as, as the, uh, the principles and the values, you know, business outcomes matter trust and collaboration, data-driven decisions, which is the number three of four, and then learn, respond and pivot. It doesn't seem like those should have to be spelled out so clearly, but, but obviously it helps to have them there. You can stick them on the wall and kind of remember what your priorities are, but you're the data guy. You're the analytics guy, uh, and a big piece of this is data and analytics and moving to data driven decisions. And principle number seven says, you know, today's organizations generate more data than humans can process and informed decisions can be augmented by machine learning and artificial intelligence right up your alley. You know, you've talked a number of times on kind of the mini stages of analytics. Um, and how has that evolved over over time, you know, as you think of analytics and machine learning, driving decisions beyond supporting decisions, but actually starting to make decisions in machine time. What's that, what's that thing for you? What does that make you, you know, start to think, wow, this is this going to be pretty significant. >>Yeah. Well, you know, this has been a longterm interest of mine. Um, the last generation of AI, I was very interested in expert systems. And then, um, I think, uh, more than 10 years ago, I wrote an article about automated decision-making using what was available then, which was rule-based approaches. Um, but you know, this addresses an issue that we've always had with analytics and AI. Um, you know, we, we tended to refer to those things as providing decision support, but the problem is that if the decision maker didn't want their support, didn't want to use them in order to make a decision, they didn't provide any value. And so the nice thing about automating decisions, um, with now contemporary AI tools is that we can ensure that data and analytics get brought into the decision without any possible disconnection. Now, I think humans still have something to add here, and we often will need to examine how that decision is being made and maybe even have the ability to override it. But in general, I think at least for, you know, repetitive tactical decisions, um, involving a lot of data, we want most of those, I think to be at least, um, recommended if not totally made by an algorithm or an AI based system. And that I believe would add to, um, the quality and the precision and the accuracy of decisions and in most organizations, >>No, I think, I think you just answered my next question before I, before I asked it, you know, we had dr. Robert Gates on the former secretary of defense on a few years back, and we were talking about machines and machines making decisions. And he said at that time, you know, the only weapon systems, uh, that actually had an automated trigger on it were on the North Korea and South Korea border. Um, everything else, as you said, had to go through a sub person before the final decision was made. And my question is, you know, what are kind of the attributes of the decision that enable us to more easily automated? And then how do you see that kind of morphing over time, both as the data to support that as well as our comfort level, um, enables us to turn more and more actual decisions over to the machine? >>Well, yeah, as I suggested we need, um, data and the data that we have to kind of train our models has to be high quality and current, and we need to know the outcomes of that data. You know, um, most machine learning models, at least in business are supervised. And that means we need to have labeled outcomes in the, in the training data. But I, you know, um, the pandemic that we're living through is a good illustration of the fact that, that the data also have to be reflective of current reality. And, you know, one of the things that we're finding out quite frequently these days is that, um, the data that we have do not reflect, you know, what it's like to do business in a pandemic. Um, I wrote a little piece about this recently with Jeff cam at wake forest university, we call it data science quarantined, and we interviewed with somebody who said, you know, it's amazing what eight weeks of zeros will do to your demand forecast. We just don't really know what happens in a pandemic. Um, our models maybe have to be put on the shelf for a little while and until we can develop some new ones or we can get some other guidelines into making decisions. So I think that's one of the key things with automated decision making. We have to make sure that the data from the past and that's all we have of course, is a good guide to, you know, what's happening in the present and the future as far as we understand it. >>Yeah. I used to joke when we started this calendar year 2020, it was finally the year that we know everything with the benefit of hindsight, but I turned down 20, 20 a year. We found out we actually know nothing and everything and thought we knew, but I want to, I want to follow up on that because you know, it did suddenly change everything, right? We've got this light switch moment. Everybody's working from home now we're many, many months into it, and it's going to continue for a while. I saw your interview with Bernard Marr and you had a really interesting comment that now we have to deal with this change. We don't have a lot of data and you talked about hold fold or double down. And, and I can't think of a more, you know, kind of appropriate metaphor for driving the value of the biz ops when now your whole portfolio strategy, um, these to really be questioned and, and, you know, you have to be really, uh, well, uh, executing on what you are, holding, what you're folding and what you're doubling down with this completely new environment. >>Well, yeah, and I hope I did this in the interview. I would like to say that I came up with that term, but it actually came from a friend of mine. Who's a senior executive at Genpact. And, um, I, um, used it mostly to talk about AI and AI applications, but I think you could, you could use it much more broadly to talk about your entire sort of portfolio of digital projects. You need to think about, well, um, given some constraints on resources and a difficult economy for a while, which of our projects do we want to keep going on pretty much the way we were and which ones are not that necessary anymore? You see a lot of that in AI, because we had so many pilots, somebody told me, you know, we've got more pilots around here than O'Hare airport and, and AI. Um, and then, but the ones that involve doubled down, they're even more important to you. They are, you know, a lot of organizations have found this out, um, in the pandemic on digital projects, it's more and more important for customers to be able to interact with you, um, digitally. And so you certainly wouldn't want to cancel those projects or put them on hold. So you double down on them and get them done faster and better. Right, >>Right. Uh, another, another thing that came up in my research that, that you quoted, um, was, was from Jeff Bezos, talking about the great bulk of what we do is quietly, but meaningfully improving core operations. You know, I think that is so core to this concept of not AI and machine learning and kind of the general sense, which, which gets way too much buzz, but really applied right. Applied to a specific problem. And that's where you start to see the value. And, you know, the, the BizOps, uh, manifesto is, is, is calling it out in this particular process. But I'd love to get your perspective as you know, you speak generally about this topic all the time, but how people should really be thinking about where are the applications where I can apply this technology to get direct business value. >>Yeah, well, you know, even talking about automated decisions, um, uh, the kind of once in a lifetime decisions, uh, the ones that, um, ag Lafley, the former CEO of Procter and gamble used to call the big swing decisions. You only get a few of those. He said in your tenure as CEO, those are probably not going to be the ones that you're automating in part because, um, you don't have much data about them. You're only making them a few times and in part, because, um, they really require that big picture thinking and the ability to kind of anticipate the future, that the best human decision makers, um, have. Um, but, um, in general, I think where they, I, the projects that are working well are, you know, what I call the low hanging fruit ones, the, some people even report to it referred to it as boring AI. >>So, you know, sucking data out of a contract in order to compare it to a bill of lading for what arrived at your supply chain companies can save or make a lot of money with that kind of comparison. It's not the most exciting thing, but AI, as you suggested is really good at those narrow kinds of tasks. It's not so good at the, at the really big moonshots, like curing cancer or, you know, figuring out well what's the best stock or bond under all or even autonomous vehicles. Um, we, we made some great progress in that area, but everybody seems to agree that they're not going to be perfect for quite a while, and we really don't want to be driving around on, um, and then very much unless they're, you know, good and all kinds of weather and with all kinds of pedestrian traffic and you know, that sort of thing, right? >>That's funny you bring up contract management. I had a buddy years ago, they had a startup around contract management and I've like, and this was way before we had the compute power today and cloud proliferation. I said, you know, how can you possibly build software around contract management? It's language, it's legal, ease. It's very specific. And he's like, Jeff, we just need to know where's the contract. And when does it expire? And who's the signatory. And he built a business on those, you know, very simple little facts that weren't being covered because their contracts are in people's drawers and files and homes. And Lord only knows. So it's really interesting, as you said, these kind of low hanging fruit opportunities where you can extract a lot of business value without trying to, you know, boil the ocean. >>Yeah. I mean, if you're Amazon, um, uh, Jeff Bezos thinks it's important to have some kind of billion dollar project. And he even says it's important to have a billion dollar failure or two every year. But I think most organizations probably are better off being a little less aggressive and, you know, sticking to, um, what AI has been doing for a long time, which is, you know, making smarter decisions based on, based on data. >>Right? So Tom, I want to shift gears one more time before, before we let you go on, on kind of a new topic for you, not really new, but you know, not, not a, the vast majority of, of your publications and that's the new way to work, you know, as, as the pandemic hit in mid March, right. And we had this light switch moment, everybody had to work from home and it was, you know, kind of crisis and get everybody set up. Well, you know, now we're five months, six months, seven months. A number of companies have said that people are not going to be going back to work for a while. And so we're going to continue on this for a while. And then even when it's not what it is now, it's not going to be what it was before. So, you know, I wonder, and I know you, you, uh, you teased, you're working on a new book, you know, some of your thoughts on, you know, kind of this new way to work and, and, and the human factors in this new, this new kind of reality that we're kind of evolving into, I guess. >>Yeah. I missed was an interest of mine. I think, um, back in the nineties, I wrote an article called, um, a coauthored, an article called two cheers for the virtual office. And, you know, it was just starting to emerge. Then some people were very excited about it. Some people were skeptical and, uh, we said two cheers rather than three cheers because clearly there's some shortcomings. And, you know, I keep seeing these pop up. It's great that we can work from our homes. It's great that we can, most of what we need to do with a digital interface, but, um, you know, things like innovation and creativity, and certainly, um, uh, a good, um, happy social life kind of requires some face to face contact every now and then. And so I, you know, I think we'll go back to an environment where there is some of that. >>Um, we'll have, um, times when people convene in one place so they can get to know each other face to face and learn from each other that way. And most of the time, I think it's a huge waste of people's time to commute into the office every day and to jump on airplanes, to, to, um, give every little, um, uh, sales call or give every little presentation. Uh, we just have to really narrow down what are the circumstances where face to face contact really matters. And when can we get by with digital? You know, I think one of the things in my current work I'm finding is that even when you have AI based decision making, you really need a good platform in which that all takes place. So in addition to these virtual platforms, we need to develop platforms that kind of structure the workflow for us and tell us what we should be doing next, then make automated decisions when necessary. And I think that ultimately is a big part of biz ops as well. It's not just the intelligence of an AI system, but it's the flow of work that kind of keeps things moving smoothly throughout your organization. >>I think such, such a huge opportunity as you just said, cause I forget the stats on how often we're interrupted with notifications between email texts, Slack, a sauna, Salesforce, the list goes on and on. So, you know, to put an AI layer between the person and all these systems that are begging for attention, you've written a book on the attention economy, which is a whole nother topic, we'll say for another day, you know, it, it really begs, it really begs for some assistance because you know, you just can't get him picked, you know, every two minutes and really get quality work done. It's just not, it's just not realistic. And you know what? I don't think that's a feature that we're looking for. >>I agree. Totally >>Tom. Well, thank you so much for your time. Really enjoyed the conversation. I got to dig into the library. It's very long. So I might start at the attention economy. I haven't read that one. And to me, I think that's the fascinating thing in which we're living. So thank you for your time and, uh, great to see you. >>My pleasure, Jeff. Great to be here. >>All right. He's Tom I'm Jeff. You are watching the continuing coverage of the biz ops manifesto and Vail. Thanks for watching the cube. We'll see you next time.

>>from around the globe. It's the Cube with digital coverage of biz ops Manifesto unveiled. Brought to you by biz ops Coalition. Hey, welcome back your body, Jeffrey here with the Cube. Welcome back to our ongoing coverage of the busy ops manifesto unveiling its been in the works for a while. But today is the day that it actually kind of come out to the to the public. And we're excited to have a real industry luminary here to talk about what's going on, Why this is important and share his perspective. And we're happy to have from Cape Cod, I believe, is Tom Davenport. He is a distinguished author on professor at Babson College. We could go on. He's got a lot of great titles and and really illuminate airy in the area of big data and analytics. Thomas, great to see you. >>Thanks, Jeff. Happy to be here with you. Great. >>So let's just jump into it, you know, and getting ready for this. I came across your LinkedIn post. I think you did earlier this summer in June and right off the bat, the first sentence just grabbed my attention. I'm always interested in new attempts to address long term issues, Uh, in how technology works within businesses. Biz ops. What did you see in biz ops? That that kind of addresses one of these really big long term problems? >>Well, yeah. The long term problem is that we've had a poor connection between business people and I t people between business objectives and the i t. Solutions that address them. This has been going on, I think, since the beginning of information technology, and sadly, it hasn't gone away. And so busy ops is new attempt to deal with that issue with a, you know, a new framework. Eventually a broad set of solutions that increase the likelihood that will actually solve a business problem with a nightie capability. >>Right. You know, it's interesting to compare it with, like, Dev ops, which I think a lot of people are probably familiar with, which was, you know, built around a agile software development and the theory that we want to embrace change that that changes okay on. We wanna be able to iterate quickly and incorporate that, and that's been happening in the software world for for 20 plus years. What's taking so long to get that to the business side because the pace of change is change on the software side. You know, that's a strategic issue in terms of execution on the business side that they need now to change priorities. And, you know, there's no P R D S and M R. D s and big giant strategic plans that sit on the shelf for five years. That's just not the way business works anymore. Took a long time to get here. >>Yeah, it did. And, you know, there have been previous attempts to make a better connection between business and i t. There was the so called strategic alignment framework that a couple of friends of mine from Boston University developed, I think more than 20 years ago. But, you know, now we have better technology for creating that linkage. And the, you know, the idea of kind of ops oriented frameworks is pretty pervasive now. So I think it's, um you know, time for another serious attempt at it, right? >>And do you think doing it this way right with the bizarre coalition, you know, getting a collection of of kind of like minded individuals and companies together and actually even having a manifesto which were making this declarative statement of principles and values. You think that's what it takes to kind of drive this, you know, kind of beyond the experiment and actually, you know, get it done and really start to see some results in, in in production in the field. >>Well, you know, the manifesto approach worked for Karl Marx and communism. So maybe it'll work. Here is Well, now, I think certainly no one vendor organization can pull this off single handedly. It does require a number of organizations collaborating and working together. So I think a coalition is a good idea, and a manifesto is just a good way to kind of lay out. What you see is the key principles of the idea, and that makes it much easier for everybody. Toe I understand and act on. >>Yeah, I I think it's just it's really interesting having you know, having them written down on paper and having it just be so clearly articulated both in terms of the of the values as well as as the the principles and and the values, you know, business outcomes, matter, trust and collaboration, data driven decisions, which is the number three or four and then learn responded Pivot, It doesn't seem like those should have to be spelled out so clearly, but obviously it helps to have them there. You can stick them on the wall and kind of remember what your priorities are. But you're the data guy. You're the analytics guy. Uh, and a big piece of this is data analytics and moving to data driven decisions. And principle number seven says, you know, today's organizations generate more data than humans can process. And informed decisions can be augmented by machine learning and artificial intelligence right up your alley. You know, you've talked a number of times on kind of the many stages of analytics Onda how that's evolved over over time. You know, it is you think of analytics and machine learning driving decisions beyond supporting decisions, but actually starting to make decisions in machine time. What's that? What's that think for you? What does that make you? You know, start to think Wow, this is this is gonna be pretty significant. >>Yeah, well, you know, this has been a long term interest of mine. Um, the last generation of a I I was very interested in expert systems. And then e think more than 10 years ago I wrote an article about automated decision making using, um, what was available then, which is rule based approaches. But, you know, this address is an issue that we've always had with analytics and ai. Um, you know, we tended Thio refer to those things as providing decision support. The problem is that if the decision maker didn't want their support, didn't want to use them in order to make a decision, they didn't provide any value. And so the nice thing about automating decisions with now contemporary ai tools is that we can ensure that data and analytics get brought into the decision without any possible disconnection. Now, I think humans still have something to add here, and we often will need to examine how that decision is being made and maybe even have the ability to override it. But in general, I think, at least for, you know, repetitive tactical decisions, um, involving a lot of data. We want most of those I think, to be at least, um, recommended, if not totally made by analgesic rhythm or an AI based system, and that I believe would add to the quality and the precision and the accuracy of decisions in in most organizations. >>You know, I think I think you just answered my next question before I before I asked it. You know, we had Dr Robert Gates on the former secretary of Defense on a few years back, and we were talking about machines and machines making decisions, and he said at that time, you know, the only weapon systems that actually had an automated trigger on it, We're on the North Korea and South Korea border. Everything else, as you said, had to go through some person before the final decision was made. And my question is, you know what are kind of the attributes of the decision that enable us to more easily automated? And then how do you see that kind of morphing over time both as the data to support that as well as our comfort level, Um, enables us to turn Maura Maura actual decisions over to the machine? >>Well, yeah, I suggested we need data and the data that we have to kind of train our models has to be high quality and current, and we need to know the outcomes of that data. You know, most machine learning models, at least in business, are supervised, and that means we need tohave labeled outcomes in the in the training data. But, you know, the pandemic that we're living through is a good illustration of the fact that the the data also have to be reflective of current reality. And, you know, one of the things that we're finding out quite frequently these days is that the data that we have do not reflect. You know what it's like to do business in it. Pandemic it. I wrote a little piece about this recently with Jeff Cam at Wake Forest University. We call it Data Science quarantined, and we interviewed somebody who said, You know, it's amazing what eight weeks of zeros will do to your demand forecast. We just don't really know what happens in a pandemic. Our models may be have to be put on the shelf for a little while and until we can develop some new ones or we can get some other guidelines into making decisions. So I think that's one of the key things with automated decision making. We have toe, make sure that the data from the past and you know, that's all we have, of course, is a good guide toe. You know what's happening in the present and and the future as far as we understand it. >>Yeah, I used to joke when we started this calendar year 2020 is finally the year that we know everything with the benefit of hindsight. But it turned out 2020 the year we found out we actually know nothing and everything way. But I wanna I wanna follow up on that because, you know, it did suddenly change everything, right? We got this light switch moment. Everybody's working from home now. We're many, many months into it, and it's going to continue for a while. I saw your interview with Bernard Marr and you had a really interesting comment that now we have to deal with this change. We don't have a lot of data and you talked about hold, fold or double down and and I can't think of, um or, you know, kind of appropriate metaphor for driving the value of the biz ops. When now your whole portfolio strategy, um, needs to really be questioned. And, you know, You have to be really well, executing on what you are holding, what you're folding and what you're doubling down with this completely new environment. >>Well, yeah, And I hope I did this in the interview. I would like to say that I came up with that term, but it actually came from a friend of mine who's a senior executive at gen. Packed. And I used it mostly to talk about AI and AI applications, but I think you could You could use it much more broadly to talk about your entire sort of portfolio of digital projects you need to think about. Well, um, given some constraints on resource is and a difficulty economy for a while. Which of our projects do we wanna keep going on Pretty much the way we were And which ones, um, are not that necessary anymore. You see a lot of that in a I because we had so many pilots, somebody for me, you know, we've got more pilots around here, then O'Hare airport in a I, um and then the the ones that involve double down there, even mawr Important to you, they are, you know, a lot of organizations have found this out in the pandemic on digital projects, it's more and more important for customers to be ableto interact with you, um, digitally. And so you certainly wouldn't want toe cancel those projects or put them on hold. So you double down on them, get them done faster and better. >>Another. Another thing that came up in my research that that you quoted, um, was was from Jeff. Bezos is talking about the great bulk of what we do is quietly but meaning fleeing, improving core operations. You know, I think that is so core to this concept of not AI and machine learning and kind of the general sense, which which gets way too much buzz but really applied, applied to a specific problem. And that's where you start to see the value and, you know, the biz ops. Uh, manifesto is calling it out in this particular process, but I just love to get your perspective. As you know, you speak generally about this topic all the time, but how people should really be thinking about where the applications where I can apply this technology to get direct business value. >>Yeah, well, you know, even talking about automated decisions? Uh, the kind of once in a lifetime decisions, uh, the ones that a g laugh Li, the former CEO of Proctor and Gamble, used to call the big swing decisions. You only get a few of those, he said. In your tenure as CEO, those air probably not going to be the ones that you're automating in part because you don't have much data about them. You're only making them a few times, and in part because they really require that big picture thinking and the ability to kind of anticipate the future that the best human decision makers have. Um, but in general, I think where they I the projects that are working well are you know what I call the low hanging fruit ones? The some people even report to refer to it as boring A I so you know, sucking data out of a contract in order to compare it Thio bill of lading for what arrived at your supply chain. Companies can save or make a lot of money with that kind of comparison. It's not the most exciting thing, but a I, as you suggest, is really good at those narrow kinds of tasks. Um, it's not so good at the at the really big Moonshots like curing cancer or, you know, figuring out well, what's the best stock or bond under all circumstances or even autonomous vehicles. We made some great progress in that area, but everybody seems to agree that they're not going to be perfect for quite a while. And we really don't wanna be driving around on, um in that very much, unless they're, you know, good and all kinds of weather and with all kinds of pedestrian traffic. And you know that sort of thing, right? >>That's funny. Bring up contract management. I had a buddy years ago. They had a startup around contract management, and I'm like, and this was way before we had the compute power today and and cloud proliferation. I said, You know how How could you possibly built off around contract management? It's language. It's legalese. It's very specific. He's like Jeff. We just need to know where's the contract and when does it expire? And who's a signatory? And he built a business on those you know, very simple little facts that weren't being covered because their contracts from People's drawers and files and homes, and Lord only knows So it's really interesting, as you said, these kind of low hanging fruit opportunities where you could extract a lot of business value without trying to, you know, boil the ocean. >>Yeah, I mean, if you're Amazon, Jeff Bezos thinks it's important toe have some kind of billion dollar projects, and he even says it's important to have a billion dollar failure or two every year. But I think most organizations probably are better off being a little less aggressive and, you know, sticking to what a I has been doing for a long time, which is, you know, making smarter decisions based on based on data. >>Right? So, Tom, I want to shift gears one more time before before you let Ugo on on kind of a new topic for you, not really new, but you know, not not the vast majority of your publications. And that's the new way toe work, you know, as as the pandemic hit in mid March, right? And we had this light switch moment. Everybody had to work from home, and it was, you know, kind of crisis and get everybody set up well you know, Now we're five months, six months, seven months. A number of companies have said that people are not gonna be going back to work for a while. And so we're going to continue on this for a while, and then even when it's not what it is now, it's not gonna be what it was before. So, you know, I wonder and I know you, you tease. You're working on a a new book, you know, some of your thoughts on, you know, kind of this new way. Uh, toe work and and and the human factors in this new, this new kind of reality that we're kind of evolving into, I guess. >>Yeah, This was an interest of mine. I think back in the nineties, I wrote an article called Ah Co authored an article called Two Cheers for the Virtual Office. And, you know, it was just starting to emerge. Then some people were very excited about it. Some people were skeptical and we said to cheers rather than three cheers because clearly there's some shortcomings and, you know, I keep seeing these pop up. It's great that we can work from our homes. It's great that we can accomplish most of what we need to do with a digital interface. But you know, things like innovation and creativity and certainly a a good, um, happy social life kind of requires some face to face contact every now and then. And so you know, I think we'll go back to an environment where there is some of that. We'll have, um, time when people convene in one place so they can get to know each other face to face and learn from each other that way. And most of the time, I think it's a huge waste of people's time to commute into the office every day and toe jump on airplanes. Thio, Thio give every little mhm, uh, sales call or give every little presentation. We just have to really narrow down. What are the circumstances, where face to face contact really matters and when can we get by with digital? You know, I think one of the things in my current work I'm finding is that even when you have a I based decision making, you really need a good platform in which that all takes place. So in addition to these virtual platforms, We need to develop platforms that kind of structure the workflow for us and tell us what we should be doing next and make automated decisions when necessary. And I think that ultimately is a big part of biz ops as well. It's not just the intelligence oven, a isis some, but it's the flow of work that kind of keeps things moving smoothly throughout your organization. Yeah, >>I think such such a huge opportunity as you just said, because I forget the stats on how often were interrupted with notifications between email text, slack asana, salesforce The list goes on on and on. So, you know, t put an AI layer between the person and all these systems that are begging for attention. And you've written a you know, a book on the attention economy, which is a whole nother topic will say for another day. You know, it really begs. It really begs for some assistance because, you know, you just can't get him picked, you know, every two minutes and really get quality work done. It's just not it's just not realistic. And you know what? I don't think that's the future that we're looking for. >>Great totally alright, >>Tom. Well, thank you so much for your time. Really enjoyed the conversation. I gotta dig into the library. It's very long song. I might started the attention economy. I haven't read that one in to me. I think that's the fascinating thing in which we're living. So thank you for your time. And, uh, great to see you. >>My pleasure, Jeff. Great to be here. >>All right, take care. Alright. He's Tom. I'm Jeff. You are watching the continuing coverage of the biz ops manifesto. Unveil. Thanks for watching. The Cube will see you next time.

>>thank you very much for this opportunity to talk about Stamp with a bio design program, which is entrepreneurship education for the medical devices. My name is Julia Key Can. Oh, I am Japanese. I have seen the United States since two doesn't want on the more than half of my life after graduating from medical school is in the United States. I hope I can contribute to make them be reached between Japan that you were saying right I did the research in the period of medical devices with a patient all over the world today is my batteries met their country finished medication stamp of the city. Yeah, North Korea academia, but also a wrong. We in the industry sectors sometimes tried to generate new product which can generate revenue from their own research outward, it is explained by three steps. The first one is the debut river, which is the harbor Wrong research output to the idea which can be product eventually. That they are hard, though, is the best body, which is a hot Arboria. From idea to commercial for the other one is that we see which is a harder to make a martial hold up to become a big are revenue generating products for the academia that passed the heart is a critical on the essential to make a research output to the idea. Yeah, they're two different kind of squash for the developing process in the health care innovation, Why's bio and by all the farmer under the other one is medical device regarding the disciplining method is maybe in mechanical engineering. Electrical engineering on the medical under surgical by Obama is mainly chemical engineering, computer science, biology and genetics. However, very important difference off these to be the innovation process. Medic is suitable on these digital innovation and by Obama, is suitable discovery process needs. Yeah, in general transformation of medical research between the aroma academia output to the commercial product in the medical field is called bench to bed. It means from basically such to critical applications. But it is your bio on the path. Yeah, translation. Medical research for medical devices is better. Bench on back to bed, which means quicker Amit needs to bench on back to Greek application. The difference off the process is the same as the difference off the commercialization. Yeah, our goal is to innovate the newer devices for patient over the war. Yeah, yeah, there are two process to do innovation. One is technology push type of innovation. The other one is news, full type of innovation. Ignore the push stop Innovation is coming from research laboratory. It is suitable for the farm on the bios. Happy type of innovation. New, useful or used driven type of type of innovation is suitable for medical devices. Either Take this topic of innovation or useful type of innovation. It is important to have Mini's. We should think about what? It's waas Yeah, in 2001 stop for the Cube, API has started to stop with Bio Design program, which is on entrepreneurship education for medical devices. Our mission is educated on empowering helps technology, no based innovators on the reading, the transition to a barrier to remain a big innovation ecosystem. Our vision is to be a global leader in advancing Hearst technology innovation to improve lives everywhere. There are three steps in our process. Off innovation, identify invent on England. Yeah, yeah. The most important step is the cluster, which is I didn't buy. I didn't buy a well characterized needs is the Vienna off a grating vision. Most of the value off medical device development is due to Iraq Obina unmet needs. So we focused in this gated by creates the most are the mosque to find on the Civic on appropriate. Yeah, our barrels on the student Hickory World in March, disparate 19 that ideally include individual, which are background in many thing engineering on business. Yeah, how to find our needs. Small team will go to the hospital or clinic or environment to offer them the healthcare providers with naive eyes. The team focused. You look to keep all the um, it needs not technology. This method is senior CTO. It's a rocket car approach which can be applied all that design, thinking the team will generate at least 200 needs from economic needs. Next stick to identify Pace is to select the best. Amit Knees were used for different aspect, which can about it the nominees. These background current existing solutions market size on the stakeholders. Once we pick up ur madness from 200 nominees, they can move to the invention pates. Finally, they can't be the solution many people tend to invent on at the beginning base without carefree evaluating its unmet knees to result in a better tend to pouring love. Their whole idea, even amid NIS, is not what this is. Why most of the medical device innovation fail due to the lack off unmet needs. To avoid this Peter Hall, our approach is identify good needs. First on invention is the sex to generate the idea wrong. Unmet knees. We will use seven Rules off race Tony B B zero before judgment encourage wild ideas built on the ideas off. Others. Go Conte. One conversation time. Stay focused on the topic. The brainstorming is like association game. Somebody's idea can stimulate the others ideas. After generating many ideas, the next step is sleeping of idea whether use five different Dustin to embody the ideas. Intellectual property regulatory. Remember National Business Model on technology How, after this election step, we can have the best solution with system it needs, and finally team will go to the implementation pace. This place is more business oriented mothers. The strategy off business implementations on the business planning. Yeah, yeah, students want more than 50 starting up are spinning off from by design program. Let me show one example This is a case of just reputations. If patient your chest pain, most of that patient go to family doctor and trust. The first are probably Dr before the patient to General Securities. General Card, obviously for the patient Director, Geologist, Director, API geologist will make a reservation. Horta uses it. Test patient will come to the clinic people for devices in machine on his chest. Well, what? Two days? Right? That patient will visit clinic to put all the whole decency After a few days off. Analysis patient Come back to Dr to hear the result Each step in his money to pay. This is a minute, Knees. This is a rough sketch off the solutions. The product name is die. A patch on it can save about $620. Part maybe outpatient right here. >>Yeah, yeah. Life is stressful. We all depend on our heart with life source of our incredible machine. The body, however, sometimes are hard Need to check up. Perhaps you felt dizzy heart racing or know someone who has had a serious heart problem The old fashioned monitors that used to get from most doctors or bulky And you can't wear them exercising or in the shower. If appropriate for you, sudden life will provide you the eye rhythm. Zero patch to buy five inch band aid like patch would. You can apply to your chest in the comfort of your own home or in the gym. It will monitor your heart rate for up to 14 days. You never have to come into a doctor's office as you mail back. Patched us shortly after you were receiving. Easy to understand report of your heart activity, along with recommendations from a heart specialists to understand the next steps in your heart. Health sudden life bringing heart monitoring to you. >>This is from the TV broadcasting become Ah, this is a core value we can stamping on his breast. He has a connotation of the decent died. Now the company names Iris is in the public market cap off. This company is more than six billion di parts is replacing grasp all or that you see the examination. However, our main product is huge. The product lifecycle Very divisive, recent being it's. But if we can educate the human decision oil because people can build with other people beyond space and yeah, young broader stop on by design education is now runs the media single on Japan. He doesn't 15 PBS probably star visited Stamp of the diversity and Bang. He announced that Japan, by design, will runs with vampires. That problem? Yeah, Japan Barzan program has started a University of Tokyo Osaka University and we've asked corroborating with Japanese government on Japanese medical device Industry s and change it to that. Yeah, this year that it's batch off Japan better than parachute on. So far more than five. Starting up as being that's all. Thank you very much for your application.

>> From the SiliconANGLE Media office in Boston, Massachusetts, it's the cube. Now, here's your host, Dave Vellante. >> Hello everyone and welcome to this week's Wikibon cube insights powered by ETR. In this breaking analysis ahead of the RSA conference, we want to update you on the cyber security sector. This year's event is underlined by coronavirus fears, IBM has pulled out of the event and cited the epidemic as the reason and it's also brings to the front the sale of RSA by Dell to STG partners and private equity firm. Now in our last security drill down, we cited several mega trends in the security sector. These included the ever escalating sophistication of the attacker, the increased risk from the data economy, the expanded attack surface with the huge number of IP addresses that are that are exploding out there, and the lack of skills and the number of cyber tools that are coming to the market. Now, as you know, in these segments, we'd like to share insights from the cube. And I want you to listen to two American statesman and what they said, on The Cube. Here's general Keith Alexander, who's the former director of the NSA, along with Dr. Robert Gates, who's the former director of the CIA and former Secretary of Defense, play the clip. >> When you think about threats, you think about nation states, so you can go to Iran, Russia, China, North Korea, and then you think about criminal threats, and all the things like ransomware. Some of the nation state actors are also criminals at night, so they can use nation state tools and my concern about all the evolution of cyber threats is that the attacks are getting more destructive. >> I think cyber and the risks associated with cyber, and IT need to be a regular part of every board's agenda. >> So you hear General Alexander really underscore the danger, as well, Dr. Gates is articulating what we've said many times on the cube that cyber security is a board level agenda item. Now, the comments from both of these individuals represent what I would consider tailwinds for cyber technology companies. Now we're going to drill into some of those today. But it's not all frictionless. There are headwinds to in this market space, cloud migration, the shift from north south south to East West network traffic, its pressure traditional appliance based perimeter security solutions, increase complexity and lack of skills and other macro factors, including questions on ROI. CFO saying, hey, we spend all this cash, why aren't we more secure? Now, I want you to hear from two chief information security officers officers on both the challenges that they face and how they're dealing with them. Roll the clip. >> Lack of talent, I mean, we're starving for talent. Cybersecurity is the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have and in that lack of talent Cecil's are starving. >> I think that the public cloud offers us a really interesting opportunity to reinvent security right. So if you think about all of the technologies and processes and many of which are manual over the years, I think we have an opportunity to leverage automation to make our work easier in some ways. >> Now I featured Brian Lozada and Katie Jenkins before and breaking analysis segments, and you can hear it from the cyber leaders, we lack the talent, and cloud computing and automation are areas we're pursuing. So this challenges security companies to respond. But at the end of the day, companies have no no choice. In other words, organizations buying security solutions, the sophistication of the attacker is very high and the answer to my CFO and ROI is fear based. If you don't do this, you might lose billions in market cap. Now, I want you to take a listen to these cubilam talking about the attacker of sophistication and the importance of communication skills in order to fund cyber initiatives, really to keep up with the bad guys, please play the clip. >> The adversary is talented and they're patient, they're well funded okay, that's that's where it starts. And so, you know why why bring an interpreter to a host when there's already one there right? Why write all this complicated software distribution when I can just use yours. And so that's that's where the play the game starts. And and the most advanced threats aren't leaving footprints because the footprints already there, you know, they'll get on a machine and behaviorally they'll check the cash to see what's hot. And what's hot in the cash means that behaviorally, it's a fast they can go they're not cutting a new trail most of the time, right? So living off the land is not only the tools that they're using the automation, your automation they're using against you, but it's also behavioral. >> That's why the most the most important talent or skill that a security professional needs is communication skills. If you can't articulate technical risk into a business risk to fund your program, it's, you know, it's very hard for you to actually be successful in security. >> Now, the really insidious thing about what TK Keanini just said is the attackers are living off the land, meaning they're using your tools and your behaviors to sneak around your data unnoticed. And so as Brian Lozada said, as a security Pro, you need to be a great communicator in order to get the funding that you need to compete with the bad guys. Which brings me to the RSA conference. This is why you as a security practitioner attend, you want to learn more, you want to obtain new skills, you want to bring back ideas to the organization. Now one of the things I did to prepare for this segment is to read the RSA conference content agenda, which was co authored by Britta Glade and I read numerous blogs and articles about what to expect at the event and from all that I put together this word cloud, which conveys some of the key themes that I would expect you're going to hear at the shows. Look at skills jump right out, just like Brian was saying, the human element is going to be a big deal this year. IoT and the IT OT schism, everyone's talking about the Olympics, and seeing that as a watershed event for cyber, how to apply machine learning and AI is a big theme, as is cloud with containers and server less. phishing, zero trust and frameworks, framework for privacy, frameworks for governance and compliance, the 2020 election and weaponizing social media with deep fakes, and expect to hear a lot about the challenges of securing 5G networks, open source risks, supply chain risks, and of course, the need for automation. And it's no surprise there's going to be a lot of talk about cyber technology, the products and of course, the companies that sell them. So let's get into the market and unpack some of the ETR spending data and drill into some of these companies. The first chart I want to show you is spending on cyber relative to other initiatives. What this chart shows is the spending on cyber security highlighted in the green in relation to other sectors in the ETR taxonomy. Notice the blue dot. It shows the change in spending expected in 2020 versus 2019. Now, two points here. First, is that despite the top of my narrative that we always hear, the reality is that other initiatives compete for budget and you just can't keep throwing cash at the security problem. As I've said before, we spend like .014% percent of our global GDP on cyber, so we barely scratched the surface. The second point is there's there's there's a solid year on year growth quite high at 12% for a sector that's estimated at 100 to 150 billion dollars worldwide, according to many sources. Now let's take a look at some of the players in this space, who are going to be presenting at the RSA conference. You might remember to my 2020 predictions in that breaking analysis I focused on two ETR metrics, Net Score, which is a measure of spending velocity and Market Share, which measures pervasiveness in the data set. And I anointed nine security players as four star players. These were Microsoft, Cisco, Palo Alto Networks, Splunk, Proofpoint, Fortinet, Oka, Cyber Ark and CrowdStrike. What we're showing here is an update of that data with the January survey data. My four star companies were defined as those in the cyber security sector that demonstrate in both net scores or spending momentum, that's the left hand chart and market share or pervasiveness on the right hand chart. Within the top 22 companies, why did I pick 22? Well, seemed like a solid number and it fit nicely in the screen and allowed more folks. So a few takeaways here. One is that there are a lot of cyber security companies in the green from the standpoint of net score. Number two is that Fortinet and Cisco fell off the four star list because of their net scores. While still holding reasonably well, they dropped somewhat. Also, some other companies like Verona's and Vera code and Carbon Black jumped up on the net score rankings, but Cisco and Fortinet are still showing some strength in the market overall, I'ma talk about that. Cisco security businesses up 9% in the quarter, and Fortinet is breaking away from Palo Alto Networks from a valuation perspective, which I'm going to drill into a bit. So we're going to give Cisco and Fortinet two stars this survey period. But look at Zscaler. They made the cut this time their net score or spending momentum jumped from 38% last quarter to nearly 45% in the January survey, with a sizable shared in at 123. So we've added Zscaler to the four star list, they have momentum, and we're going to continue to watch that quarterly horse race. Now, I'd be remiss if I didn't point out that Microsoft continues to get stronger and stronger in many sectors including cyber. So that's something to really pay attention to. Okay, I want to talk about the valuations a bit. Valuations of cyber security space are really interesting and for reasons we've discussed before the market's hot right now, some people think it's overvalued, but I think the space is going to continue to perform quite well, relative to other areas and tech. Why do I say that? Because cyber continues to be a big priority for organizations, the software and annual recurring revenue contribution ARR continues to grow, M&A is going to continue to be robust in my view, which is going to fuel valuations. So Let's look at some of the public companies within cyber. What I've compiled in this chart is eight public companies that were cited as four star or two star firms, as I defined earlier, now ranked this by market value. In the columns, we show the market cap and trailing 12 month revenue in billions, the revenue multiple and the annual revenue growth. And I've highlighted Palo Alto Networks and Fortinet because I want to drill into those two firms, as there's a valuation divergence going on between those two names, and I'll come back to that in just a minute. But first, I want to make a few points about this data. Number one is there's definitely a proportional relationship between the growth rate and the revenue multiple or premium being paid for these companies. Generally growth ranges between one and a half to three times the revenue multiple being paid. CrowdStrike for example has a 39 x revenue multiple and is growing at 110%, so they're at the high end of that range with a growth at 2.8 times their revenue multiple today. Second, and related, as you can see a wide range of revenue multiples based on these growth rates with CrowdStrike, Okta and now Zscaler as the standouts in this regard. And I have to call at Splunk as well. They're both large, and they have high growth, although they are moving beyond, you know, security, they're going into adjacencies and big data analytics, but you you have to love the performance of Splunk. The third point is this is a lucrative market. You have several companies with valuations in the double digit billions, and many with multi billion dollar market values. Cyber chaos means cash for many of these companies, and, of course for their investors. Now, Palo Alto throw some of these ratios out of whack, ie, why the lower revenue multiple with that type of growth, and it's because they've had some execution issues lately. And this annual growth rate is really not the best reflection of the stock price today. That's really being driven by quarterly growth rates and less robust management guidance. So why don't we look into that a bit. What this chart shows is the one year relative stock prices of Palo Alto Networks in the blue and compared to Fortinet in the red. Look at the divergence in the two stocks, look at they traded in a range and then you saw the split when Palo Alto missed its quarter last year. So let me share what I think is happening. First, Palo Alto has been a very solid performance since an IPO in 2012. It's delivered more than four Rex returns to shareholders over that period. Now, what they're trying to do is cloud proof their business. They're trying to transition more to an AR model, and rely less on appliance centric firewalls, and firewalls are core part of the business and that has underperformed expectations lately. And you just take Legacy Tech and Cloud Wash and Cloud native competitors like Zscaler are taking advantage of this and setting the narrative there. Now Palo Alto Network has also had some very tough compares in 2019 relative to 2018, that should somewhat abate this year. Also, Palo Alto has said some execution issues during this transition, especially related to sales and sales incentives and aligning that with this new world of cloud. And finally, Palo Alto was in the process of digesting some acquisitions like Twistlock, PureSec and some others over the past year, and that could be a distraction. Fortinet on the other hand, is benefiting from a large portfolio refresh is capitalizing on the momentum that that's bringing, in fact, all the companies I listed you know, they may be undervalued despite, of all the company sorry that I listed Fortinet may be undervalued despite the drop off from the four star list that I mentioned earlier. Fortinet is one of those companies with a large solution set that can cover a lot of market space. And where Fortinet faces similar headwinds as Palo Alto, it seems to be executing better on the cloud transition. Now the last thing I want to share on this topic is some data from the ETR regression testing. What ETR does is their data scientists run regression models and fit a linear equation to determine whether Wall Street earnings consensus estimates are consistent with the ETR spending data, they started trying to line those up and see what the divergence is. What this chart shows is the results of that regression analysis for both Fortinet and Palo Alto. And you can see the ETR spending data suggests that both companies could outperform somewhat expectations. Now, I wouldn't run and buy the stock based on this data as there's a lot more to the story, but let's watch the earnings and see how this plays out. All right, I want to make a few comments about the sale of the RSA asset. EMC bought RSA for around the same number, roughly $2 billion that SDG is paying Dell. So I'm obviously not impressed with the return that RSA has delivered since 2006. The interesting takeaway is that Dell is choosing liquidity over the RSA cyber security asset. So it says to me that their ability to pay down debt is much more important to Dell and their go forward plan. Remember, for every $5 billion that Dell pays down in gross debt, it dropped 25 cents to EPS. This is important for Dell to get back to investment grade debt, which will further lower its cost. It's a lever that Dell can turn. Now and also in thinking about this, it's interesting that VMware, which the member is acquiring security assets like crazy and most recently purchased carbon black, and they're building out a Security Division, they obviously didn't paw on the table fighting to roll RSA into that division. You know maybe they did in the financial value of the cash to Dell was greater than the value of the RSA customers, the RSA product portfolio and of course, the RSA conference. But my guess is Gelsinger and VMware didn't want the legacy tech. Gelsinger said many times that security is broken, it's his mission to fix it or die trying. So I would bet that he and VMware didn't see RSA as a path to fixing security, it's more likely that they saw it as a non strategic shrinking asset that they didn't want any part of. Now for the record, and I'm even won't bother showing you the the data but RSA and the ETR data set is an unimpressive player in cyber security, their market share or pervasiveness is middle of the pack, so it's okay but their net score spending velocities in the red, and it's in the bottom 20th percentile of the data set. But it is a known brand, certainly within cyber. It's got a great conference and it's been it's probably better that a PE company owns them than being a misfit toy inside of Dell. All right, it's time to summarize, as we've been stressing in our breaking analysis segments and on the cube, the adversaries are very capable. And we should expect continued escalation. Venture capital is going to keep pouring into startups and that's going to lead to more fragmentation. But the market is going to remain right for M&A With valuations on the rise. The battle continues for best of breed tools from upstarts like CrowdStrike and Okta and Zscaler versus sweets from big players like Cisco, Palo Alto Networks and Fortinet. Growth is going to continue to drive valuations. And so let's keep our eyes on the cloud, remains disruptive and for some provides momentum for others provides friction. Security practitioners will continue to be well paid because there's a skill shortage and that's not going away despite the push toward automation. Got in talk about machine intelligence but AI and ML those tools, there are two edged sword as bad actors are leveraging installed infrastructure, both tools and behaviors to so called live off the land, upping the stakes in the arms race. Okay, this is Dave Vellante for Wikibon's CUBE Insights powered by ETR. Thanks for watching this breaking analysis. Remember, these episodes are all available as podcasted Spotfire or wherever you listen. Connect with me at david.vellante at siliconangle.com, or comment on my LinkedIn. I'm @dvellante on Twitter. Thanks for watching everybody. We'll see you next time. (upbeat music).

>>from Las Vegas. It's the Q covering. Next work. 2019 America's Do You buy Juniper Networks? Come back already. Jeffrey here with the Cube were in Las Vegas at Caesar's at the Juniper. Next work event. About 1000 people kind of going over a lot of new cool things. 400 gigs. Who knew that was coming out of new information for me? But that's not what we're here today. We're here for the fourth installment of around the Cube unpacking. I were happy to have all the winners of the three previous rounds here at the same place. We don't have to do it over the phone s so we're happy to have him. Let's jump into it. So winner of Round one was Bob Friday. He is the VP and CTO at Missed the Juniper Company. Bob, Great to see you. Good to be back. Absolutely. All the way from Seattle. Sharna Parky. She's a VP applied scientist at Tech CEO could see Sharna and, uh, from Google. We know a lot of a I happen to Google. Rajan's chef. He is the V p ay ay >>product management on Google. Welcome. Thank you, Christy. Here >>All right, so let's jump into it. So just warm everybody up and we'll start with you. Bob, What are some When you're talking to someone at a cocktail party Friday night talking to your mom And they say, What is a I What >>do you >>give him? A Zen examples of where a eyes of packing our lives today? >>Well, I think we all know the examples of the south driving car, you know? Aye, aye. Starting to help our health care industry being diagnosed cancer for me. Personally, I had kind of a weird experience last week at a retail technology event where basically had these new digital mirrors doing facial recognition. Right? And basically, you start to have little mirrors were gonna be a skeevy start guessing. Hey, you have a beard, you have some glasses, and they start calling >>me old. So this is kind >>of very personal. I have a something for >>you, Camille, but eh? I go walking >>down a mall with a bunch of mirrors, calling me old. >>That's a little Illinois. Did it bring you out like a cane or a walker? You know, you start getting some advertising's >>that were like Okay, you guys, this is a little bit over the top. >>Alright, Charlotte, what about you? What's your favorite example? Share with people? >>Yeah, E think one of my favorite examples of a I is, um, kind of accessible in on your phone where the photos you take on an iPhone. The photos you put in Google photos, they're automatically detecting the faces and their labeling them for you. They're like, Here's selfies. Here's your family. Here's your Children. And you know, that's the most successful one of the ones that I think people don't really think about a lot or things like getting loan applications right. We actually have a I deciding whether or not we get loans. And that one is is probably the most interesting one to be right now. >>Roger. So I think the father's example is probably my favorite as well. And what's interesting to me is that really a I is actually not about the Yeah, it's about the user experience that you can create as a result of a I. What's cool about Google photos is that and my entire family uses Google photos and they don't even know actually that the underlying in some of the most powerful a I in the world. But what they know is they confined every picture of our kids on the beach whenever they whenever they want to. Or, you know, we had a great example where we were with our kids. Every time they like something in the store, we take a picture of it, Um, and we can look up toy and actually find everything that they've taken picture. >>It's interesting because I think most people don't even know the power that they have. Because if you search for beach in your Google photos or you search for, uh, I was looking for an old bug picture from my high school there it came right up until you kind of explore. You know, it's pretty tricky, Raja, you know, I think a lot of conversation about A They always focus the general purpose general purpose, general purpose machines and robots and computers. But people don't really talk about the applied A that's happening all around. Why do you think that? >>So it's a good question. There's there's a lot more talk about kind of general purpose, but the reality of where this has an impact right now is, though, are those specific use cases. And so, for example, things like personalizing customer interaction or, ah, spotting trends that did that you wouldn't have spotted for turning unstructured data like documents into structure data. That's where a eyes actually having an impact right now. And I think it really boils down to getting to the right use cases where a I right? >>Sharon, I want ask you. You know, there's a lot of conversation. Always has A I replace people or is it an augmentation for people? And we had Gary Kasparov on a couple years ago, and he talked about, you know, it was the combination if he plus the computer made the best chess player, but that quickly went away. Now the computer is actually better than Garry Kasparov. Plus the computer. How should people think about a I as an augmentation tool versus a replacement tool? And is it just gonna be specific to the application? And how do you kind of think about those? >>Yeah, I would say >>that any application where you're making life and death decisions where you're making financial decisions that disadvantage people anything where you know you've got u A. V s and you're deciding whether or not to actually dropped the bomb like you need a human in the loop. If you're trying to change the words that you are using to get a different group of people to apply for jobs, you need a human in the loop because it turns out that for the example of beach, you type sheep into your phone and you might get just a field, a green field and a I doesn't know that, uh, you know, if it's always seen sheep in a field that when the sheep aren't there, that that isn't a sheep like it doesn't have that kind of recognition to it. So anything were we making decisions about parole or financial? Anything like that needs to have human in the loop because those types of decisions are changing fundamentally the way we live. >>Great. So shift gears. The team are Jeff Saunders. Okay, team, your mind may have been the liquid on my bell, so I'll be more active on the bell. Sorry about that. Everyone's even. We're starting a zero again, so I want to shift gears and talk about data sets. Um Bob, you're up on stage. Demo ing some some of your technology, the Miss Technology and really, you know, it's interesting combination of data sets A I and its current form needs a lot of data again. Kind of the classic Chihuahua on blue buried and photos. You got to run a lot of them through. How do you think about data sets? In terms of having the right data in a complete data set to drive an algorithm >>E. I think we all know data sets with one The tipping points for a I to become more real right along with cloud computing storage. But data is really one of the key points of making a I really write my example on stage was wine, right? Great wine starts a great grape street. Aye, aye. Starts a great data for us personally. L s t M is an example in our networking space where we have data for the last three months from our customers and rule using the last 30 days really trained these l s t m algorithms to really get that tsunami detection the point where we don't have false positives. >>How much of the training is done. Once you once you've gone through the data a couple times in a just versus when you first started, you're not really sure how it's gonna shake out in the algorithm. >>Yeah. So in our case right now, right, training happens every night. So every night, we're basically retraining those models, basically, to be able to predict if there's gonna be an anomaly or network, you know? And this is really an example. Where you looking all these other cat image thinks this is where these neural networks there really were one of the transformational things that really moved a I into the reality calling. And it's starting to impact all our different energy. Whether it's text imaging in the networking world is an example where even a I and deep learnings ruling starting to impact our networking customers. >>Sure, I want to go to you. What do you do if you don't have a big data set? You don't have a lot of pictures of chihuahuas and blackberries, and I want to apply some machine intelligence to the problem. >>I mean, so you need to have the right data set. You know, Big is a relative term on, and it depends on what you're using it for, right? So you can have a massive amount of data that represents solar flares, and then you're trying to detect some anomaly, right? If you train and I what normal is based upon a massive amount of data and you don't have enough examples of that anomaly you're trying to detect, then it's never going to say there's an anomaly there, so you actually need to over sample. You have to create a population of data that allows you to detect images you can't say, Um oh, >>I'm going to reflect in my data set the percentage of black women >>in Seattle, which is something below 6% and say it's fair. It's not right. You have to be able thio over sample things that you need, and in some ways you can get this through surveys. You can get it through, um, actually going to different sources. But you have to boot, strap it in some way, and then you have to refresh it, because if you leave that data set static like Bob mentioned like you, people are changing the way they do attacks and networks all the time, and so you may have been able to find the one yesterday. But today it's a completely different ball game >>project to you, which comes first, the chicken or the egg. You start with the data, and I say this is a ripe opportunity to apply some. Aye, aye. Or do you have some May I objectives that you want to achieve? And I got to go out and find the >>data. So I actually think what starts where it starts is the business problem you're trying to solve. And then from there, you need to have the right data. What's interesting about this is that you can actually have starting points. And so, for example, there's techniques around transfer, learning where you're able to take an an algorithm that's already been trained on a bunch of data and training a little bit further with with your data on DSO, we've seen that such that people that may have, for example, only 100 images of something, but they could use a model that's trained on millions of images and only use those 100 thio create something that's actually quite accurate. >>So that's a great segue. Wait, give me a ring on now. And it's a great Segway into talking about applying on one algorithm that was built around one data set and then applying it to a different data set. Is that appropriate? Is that correct? Is air you risking all kinds of interesting problems by taking that and applying it here, especially in light of when people are gonna go to outweigh the marketplace, is because I've got a date. A scientist. I couldn't go get one in the marketplace and apply to my data. How should people be careful not to make >>a bad decision based on that? So I think it really depends. And it depends on the type of machine learning that you're doing and what type of data you're talking about. So, for example, with images, they're they're they're well known techniques to be able to do this, but with other things, there aren't really and so it really depends. But then the other inter, the other really important thing is that no matter what at the end, you need to test and generate based on your based on your data sets and on based on sample data to see if it's accurate or not, and then that's gonna guide everything. Ultimately, >>Sharon has got to go to you. You brought up something in the preliminary rounds and about open A I and kind of this. We can't have this black box where stuff goes into the algorithm. That stuff comes out and we're not sure what the result was. Sounds really important. Is that Is that even plausible? Is it feasible? This is crazy statistics, Crazy math. You talked about the business objective that someone's trying to achieve. I go to the data scientist. Here's my data. You're telling this is the output. How kind of where's the line between the Lehman and the business person and the hard core data science to bring together the knowledge of Here's what's making the algorithm say this. >>Yeah, there's a lot of names for this, whether it's explainable. Aye, aye. Or interpret a belay. I are opening the black box. Things like that. Um, the algorithms that you use determine whether or not they're inspect herbal. Um, and the deeper your neural network gets, the harder it is to inspect, actually. Right. So, to your point, every time you take an aye aye and you use it in a different scenario than what it was built for. For example, um, there is a police precinct in New York that had a facial recognition software, and, uh, victim said, Oh, it looked like this actor. This person looked like Bill Cosby or something like that, and you were never supposed to take an image of an actor and put it in there to find people that look like them. But that's how people were using it. So the Russians point yes, like it. You can transfer learning to other a eyes, but it's actually the humans that are using it in ways that are unintended that we have to be more careful about, right? Um, even if you're a, I is explainable, and somebody tries to use it in a way that it was never intended to be used. The risk is much higher >>now. I think maybe I had, You know, if you look at Marvis kind of what we're building for the networking community Ah, good examples. When Marvis tries to do estimate your throughput right, your Internet throughput. That's what we usually call decision tree algorithm. And that's a very interpretive algorithm. and we predict low throughput. We know how we got to that answer, right? We know what features God, is there? No. But when we're doing something like a NAMI detection, that's a neural network. That black box it tells us yes, there's a problem. There's some anomaly, but that doesn't know what caused the anomaly. But that's a case where we actually used neural networks, actually find the anomie, and then we're using something else to find the root cause, eh? So it really depends on the use case and where the night you're going to use an interpreter of model or a neural network which is more of a black box model. T tell her you've got a cat or you've got a problem >>somewhere. So, Bob, that's really interested. So can you not unpacking? Neural network is just the nature of the way that the communication and the data flows and the inferences are made that you can't go in and unpack it, that you have to have the >>separate kind of process too. Get to the root cause. >>Yeah, assigned is always hard to say. Never. But inherently s neural networks are very complicated. Saito set of weights, right? It's basically usually a supervised training model, and we're feeding a bunch of data and trying to train it to detect a certain features, sir, an output. But that is where they're powerful, right? And that's why they basically doing such good, Because they are mimicking the brain, right? That neural network is a very complex thing. Can't like your brain, right? We really don't understand how your brain works right now when you have a problem, it's really trialling there. We try to figure out >>right going right. So I want to stay with you, bought for a minute. So what about when you change what you're optimizing? Four? So you just said you're optimizing for throughput of the network. You're looking for problems. Now, let's just say it's, uh, into the end of the quarter. Some other reason we're not. You're changing your changing what you're optimizing for, Can you? You have to write separate algorithm. Can you have dynamic movement inside that algorithm? How do you approach a problem? Because you're not always optimizing for the same things, depending on the market conditions. >>Yeah, I mean, I think a good example, you know, again, with Marvis is really with what we call reinforcement. Learning right in reinforcement. Learning is a model we use for, like, radio resource management. And there were really trying to optimize for the user experience in trying to balance the reward, the models trying to reward whether or not we have a good balance between the network and the user. Right, that reward could be changed. So that algorithm is basically reinforcement. You can finally change hell that Algren works by changing the reward you give the algorithm >>great. Um, Rajan back to you. A couple of huge things that have come into into play in the marketplace and get your take one is open source, you know, kind of. What's the impact of open source generally on the availability, desire and more applications and then to cloud and soon to be edge? You know, the current next stop. How do you guys incorporate that opportunity? How does it change what you can do? How does it open up the lens of >>a I Yeah, I think open source is really important because I think one thing that's interesting about a I is that it's a very nascent field and the more that there's open source, the more that people could build on top of each other and be able to utilize what what others others have done. And it's similar to how we've seen open source impact operating systems, the Internet, things like things like that with Cloud. I think one of the big things with cloud is now you have the processing power and the ability to access lots of data to be able to t create these thes networks. And so the capacity for data and the capacity for compute is much higher. Edge is gonna be a very important thing, especially going into next few years. You're seeing Maur things incorporated on the edge and one exciting development is around Federated learning where you can train on the edge and then combine some of those aspects into a cloud side model. And so that I think will actually make EJ even more powerful. >>But it's got to be so dynamic, right? Because the fundamental problem used to always be the move, the computer, the data or the date of the computer. Well, now you've got on these edge devices. You've got Tanya data right sensor data all kinds of machining data. You've got potentially nasty hostile conditions. You're not in a nice, pristine data center where the environmental conditions are in the connective ity issues. So when you think about that problem yet, there's still great information. There you got latent issues. Some I might have to be processed close to home. How do you incorporate that age old thing of the speed of light to still break the break up? The problem to give you a step up? Well, we see a lot >>of customers do is they do a lot of training on the cloud, but then inference on the on the edge. And so that way they're able to create the model that they want. But then they get fast response time by moving the model to the edge. The other thing is that, like you said, lots of data is coming into the edge. So one way to do it is to efficiently move that to the cloud. But the other way to do is filter. And to try to figure out what data you want to send to the clouds that you can create the next days. >>Shawna, back to you let's shift gears into ethics. This pesky, pesky issue that's not not a technological issue at all, but right. We see it often, especially in tech. Just cause you should just cause you can doesn't mean that you should. Um so and this is not a stem issue, right? There's a lot of different things that happened. So how should people be thinking about ethics? How should they incorporate ethics? Um, how should they make sure that they've got kind of a, you know, a standard kind of overlooking kind of what they're doing? The decisions are being made. >>Yeah, One of the more approachable ways that I have found to explain this is with behavioral science methodologies. So ethics is a massive field of study, and not everyone shares the same ethics. However, if you try and bring it closer to behavior change because every product that we're building is seeking to change of behavior. We need to ask questions like, What is the gap between the person's intention and the goal we have for them? Would they choose that goal for themselves or not? If they wouldn't, then you have an ethical problem, right? And this this can be true of the intention, goal gap or the intention action up. We can see when we regulated for cigarettes. What? We can't just make it look cool without telling them what the cigarettes are doing to them, right so we can apply the same principles moving forward. And they're pretty accessible without having to know. Oh, this philosopher and that philosopher in this ethicist said these things, it can be pretty human. The challenge with this is that most people building these algorithms are not. They're not trained in this way of thinking, and especially when you're working at a start up right, you don't have access to massive teams of people to guide you down this journey, so you need to build it in from the beginning, and you need to be open and based upon principles. Um, and it's going to touch every component. It should touch your data, your algorithm, the people that you're using to build the product. If you only have white men building the product, you have a problem you need to pull in other people. Otherwise, there are just blind spots that you are not going to think of in order to still that product for a wider audience, but it seems like >>they were on such a razor sharp edge. Right with Coca Cola wants you to buy Coca Cola and they show ads for Coca Cola, and they appeal to your let's all sing together on the hillside and be one right. But it feels like with a I that that is now you can cheat. Right now you can use behavioral biases that are hardwired into my brain is a biological creature against me. And so where is where is the fine line between just trying to get you to buy Coke? Which somewhat argues Probably Justus Bad is Jule cause you get diabetes and all these other issues, but that's acceptable. But cigarettes are not. And now we're seeing this stuff on Facebook with, you know, they're coming out. So >>we know that this is that and Coke isn't just selling Coke anymore. They're also selling vitamin water so they're they're play isn't to have a single product that you can purchase, but it is to have a suite of products that if you weren't that coke, you can buy it. But if you want that vitamin water you can have that >>shouldn't get vitamin water and a smile that only comes with the coat. Five. You want to jump in? >>I think we're going to see ethics really break into two different discussions, right? I mean, ethics is already, like human behavior that you're already doing right, doing bad behavior, like discriminatory hiring, training, that behavior. And today I is gonna be wrong. It's wrong in the human world is gonna be wrong in the eye world. I think the other component to this ethics discussion is really round privacy and data. It's like that mirror example, right? No. Who gave that mirror the right to basically tell me I'm old and actually do something with that data right now. Is that my data? Or is that the mirrors data that basically recognized me and basically did something with it? Right. You know, that's the Facebook. For example. When I get the email, tell me, look at that picture and someone's take me in the pictures Like, where was that? Where did that come from? Right? >>What? I'm curious about to fall upon that as social norms change. We talked about it a little bit for we turn the cameras on, right? It used to be okay. Toe have no black people drinking out of a fountain or coming in the side door of a restaurant. Not that long ago, right in the 60. So if someone had built an algorithm, then that would have incorporated probably that social norm. But social norms change. So how should we, you know, kind of try to stay ahead of that or at least go back reflectively after the fact and say kind of back to the black box, That's no longer acceptable. We need to tweak this. I >>would have said in that example, that was wrong. 50 years ago. >>Okay, it was wrong. But if you ask somebody in Alabama, you know, at the University of Alabama, Matt Department who have been born Red born, bred in that culture as well, they probably would have not necessarily agreed. But so generally, though, again, assuming things change, how should we make sure to go back and make sure that we're not again carrying four things that are no longer the right thing to do? >>Well, I think I mean, as I said, I think you know what? What we know is wrong, you know is gonna be wrong in the eye world. I think the more subtle thing is when we start relying on these Aye. Aye. To make decisions like no shit in my car, hit the pedestrian or save my life. You know, those are tough decisions to let a machine take off or your balls decision. Right when we start letting the machines Or is it okay for Marvis to give this D I ps preference over other people, right? You know, those type of decisions are kind of the ethical decision, you know, whether right or wrong, the human world, I think the same thing will apply in the eye world. I do think it will start to see more regulation. Just like we see regulation happen in our hiring. No, that regulation is going to be applied into our A I >>right solutions. We're gonna come back to regulation a minute. But, Roger, I want to follow up with you in your earlier session. You you made an interesting comment. You said, you know, 10% is clearly, you know, good. 10% is clearly bad, but it's a soft, squishy middle at 80% that aren't necessarily super clear, good or bad. So how should people, you know, kind of make judgments in this this big gray area in the middle? >>Yeah, and I think that is the toughest part. And so the approach that we've taken is to set us set out a set of AI ai principles on DDE. What we did is actually wrote down seven things that we will that we think I should do and four things that we should not do that we will not do. And we now have to actually look at everything that we're doing against those Aye aye principles. And so part of that is coming up with that governance process because ultimately it boils down to doing this over and over, seeing lots of cases and figuring out what what you should do and so that governments process is something we're doing. But I think it's something that every company is going to need to do. >>Sharon, I want to come back to you, so we'll shift gears to talk a little bit about about law. We've all seen Zuckerberg, unfortunately for him has been, you know, stuck in these congressional hearings over and over and over again. A little bit of a deer in a headlight. You made an interesting comment on your prior show that he's almost like he's asking for regulation. You know, he stumbled into some really big Harry nasty areas that were never necessarily intended when they launched Facebook out of his dorm room many, many moons ago. So what is the role of the law? Because the other thing that we've seen, unfortunately, a lot of those hearings is a lot of our elected officials are way, way, way behind there, still printing their e mails, right? So what is the role of the law? How should we think about it? What shall we What should we invite from fromthe law to help sort some of this stuff out? >>I think as an individual, right, I would like for each company not to make up their own set of principles. I would like to have a shared set of principles that were following the challenge. Right, is that with between governments, that's impossible. China is never gonna come up with same regulations that we will. They have a different privacy standards than we D'oh. Um, but we are seeing locally like the state of Washington has created a future of work task force. And they're coming into the private sector and asking companies like text you and like Google and Microsoft to actually advise them on what should we be regulating? We don't know. We're not the technologists, but they know how to regulate. And they know how to move policies through the government. What will find us if we don't advise regulators on what we should be regulating? They're going to regulate it in some way, just like they regulated the tobacco industry. Just like they regulated. Sort of, um, monopolies that tech is big enough. Now there is enough money in it now that it will be regularly. So we need to start advising them on what we should regulate because just like Mark, he said. While everyone else was doing it, my competitors were doing it. So if you >>don't want me to do it, make us all stop. What >>can I do? A negative bell and that would not for you, but for Mark's responsibly. That's crazy. So So bob old man at the mall. It's actually a little bit more codified right, There's GDP are which came through May of last year and now the newness to California Extra Gatorade, California Consumer Protection Act, which goes into effect January 1. And you know it's interesting is that the hardest part of the implementation of that I think I haven't implemented it is the right to be for gotten because, as we all know, computers, air, really good recording information and cloud. It's recorded everywhere. There's no there there. So when these types of regulations, how does that impact? Aye, aye, because if I've got an algorithm built on a data set in in person, you know, item number 472 decides they want to be forgotten How that too I deal with that. >>Well, I mean, I think with Facebook, I can see that as I think. I suspect Mark knows what's right and wrong. He's just kicking ball down tires like >>I want you guys. >>It's your problem, you know. Please tell me what to do. I see a ice kind of like any other new technology, you know, it could be abused and used in the wrong waste. I think legally we have a constitution that protects our rights. And I think we're going to see the lawyers treat a I just like any other constitutional things and people who are building products using a I just like me build medical products or other products and actually harmful people. You're gonna have to make sure that you're a I product does not harm people. You're a product does not include no promote discriminatory results. So I >>think we're going >>to see our constitutional thing is going applied A I just like we've seen other technologies work. >>And it's gonna create jobs because of that, right? Because >>it will be a whole new set of lawyers >>the holdings of lawyers and testers, even because otherwise of an individual company is saying. But we tested. It >>works. Trust us. Like, how are you gonna get the independent third party verification of that? So we're gonna start to see a whole terrorist proliferation of that type of fields that never had to exist before. >>Yeah, one of my favorite doctor room. A child. Grief from a center. If you don't follow her on Twitter Follower. She's fantastic and a great lady. So I want to stick with you for a minute, Bob, because the next topic is autonomous. And Rahman up on the keynote this morning, talked about missed and and really, this kind of shifting workload of fixing things into an autonomous set up where the system now is, is finding problems, diagnosing problems, fixing problems up to, I think, he said, even generating return authorizations for broken gear, which is amazing. But autonomy opens up all kinds of crazy, scary things. Robert Gates, we interviewed said, You know, the only guns that are that are autonomous in the entire U. S. Military are the ones on the border of North Korea. Every single other one has to run through a person when you think about autonomy and when you can actually grant this this a I the autonomy of the agency toe act. What are some of the things to think about in the word of the things to keep from just doing something bad, really, really fast and efficiently? >>Yeah. I mean, I think that what we discussed, right? I mean, I think Pakal purposes we're far, you know, there is a tipping point. I think eventually we will get to the CP 30 Terminator day where we actually build something is on par with the human. But for the purposes right now, we're really looking at tools that we're going to help businesses, doctors, self driving cars and those tools are gonna be used by our customers to basically allow them to do more productive things with their time. You know, whether it's doctor that's using a tool to actually use a I to predict help bank better predictions. They're still gonna be a human involved, you know, And what Romney talked about this morning and networking is really allowing our I T customers focus more on their business problems where they don't have to spend their time finding bad hard were bad software and making better experiences for the people. They're actually trying to serve >>right, trying to get your take on on autonomy because because it's a different level of trust that we're giving to the machine when we actually let it do things based on its own. But >>there's there's a lot that goes into this decision of whether or not to allow autonomy. There's an example I read. There's a book that just came out. Oh, what's the title? You look like a thing. And I love you. It was a book named by an A I, um if you want to learn a lot about a I, um and you don't know much about it, Get it? It's really funny. Um, so in there there is in China. Ah, factory where the Aye Aye. Is optimizing um, output of cockroaches now they just They want more cockroaches now. Why do they want that? They want to grind them up and put them in a lotion. It's one of their secret ingredients now. It depends on what parameters you allow that I to change, right? If you decide Thio let the way I flood the container, and then the cockroaches get out through the vents and then they get to the kitchen to get food, and then they reproduce the parameters in which you let them be autonomous. Over is the challenge. So when we're working with very narrow Ai ai, when use hell the Aye. Aye. You can change these three things and you can't just change anything. Then it's a lot easier to make that autonomous decision. Um and then the last part of it is that you want to know what is the results of a negative outcome, right? There was the result of a positive outcome. And are those results something that we can take actually? >>Right, Right. Roger, don't give you the last word on the time. Because kind of the next order of step is where that machines actually write their own algorithms, right? They start to write their own code, so they kind of take this next order of thought and agency, if you will. How do you guys think about that? You guys are way out ahead in the space, you have huge data set. You got great technology. Got tensorflow. When will the machines start writing their own A their own out rhythms? Well, and actually >>it's already starting there that, you know, for example, we have we have a product called Google Cloud. Ottawa. Mel Village basically takes in a data set, and then we find the best model to be able to match that data set. And so things like that that that are there already, but it's still very nascent. There's a lot more than that that can happen. And I think ultimately with with how it's used I think part of it is you have to start. Always look at the downside of automation. And what is what is the downside of a bad decision, whether it's the wrong algorithm that you create or a bad decision in that model? And so if the downside is really big, that's where you need to start to apply Human in the loop. And so, for example, in medicine. Hey, I could do amazing things to detect diseases, but you would want a doctor in the loop to be able to actually diagnose. And so you need tohave have that place in many situations to make sure that it's being applied well. >>But is that just today? Or is that tomorrow? Because, you know, with with exponential growth and and as fast as these things are growing, will there be a day where you don't necessarily need maybe need the doctor to communicate the news? Maybe there's some second order impacts in terms of how you deal with the family and, you know, kind of pros and cons of treatment options that are more emotional than necessarily mechanical, because it seems like eventually that the doctor has a role. But it isn't necessarily in accurately diagnosing a problem. >>I think >>I think for some things, absolutely over time the algorithms will get better and better, and you can rely on them and trust them more and more. But again, I think you have to look at the downside consequence that if there's a bad decision, what happens and how is that compared to what happens today? And so that's really where, where that is. So, for example, self driving cars, we will get to the point where cars are driving by themselves. There will be accidents, but the accident rate is gonna be much lower than what's there with humans today, and so that will get there. But it will take time. >>And there was a day when will be illegal for you to drive. You have manslaughter, right? >>I I believe absolutely there will be in and and I don't think it's that far off. Actually, >>wait for the day when I have my car take me up to Northern California with me. Sleepy. I've only lived that long. >>That's right. And work while you're while you're sleeping, right? Well, I want to thank everybody Aton for being on this panel. This has been super fun and these air really big issues. So I want to give you the final word will just give everyone kind of a final say and I just want to throw out their Mars law. People talk about Moore's law all the time. But tomorrow's law, which Gardner stolen made into the hype cycle, you know, is that we tend to overestimate in the short term, which is why you get the hype cycle and we turn. Tend to underestimate, in the long term the impacts of technology. So I just want it is you look forward in the future won't put a year number on it, you know, kind of. How do you see this rolling out? What do you excited about? What are you scared about? What should we be thinking about? We'll start with you, Bob. >>Yeah, you know, for me and, you know, the day of the terminus Heathrow. I don't know if it's 100 years or 1000 years. That day is coming. We will eventually build something that's in part of the human. I think the mission about the book, you know, you look like a thing and I love >>you. >>Type of thing that was written by someone who tried to train a I to basically pick up lines. Right? Cheesy pickup lines. Yeah, I'm not for sure. I'm gonna trust a I to help me in my pickup lines yet. You know I love you. Look at your thing. I love you. I don't know if they work. >>Yeah, but who would? Who would have guessed online dating is is what it is if you had asked, you know, 15 years ago. But I >>think yes, I think overall, yes, we will see the Terminator Cp through It was probably not in our lifetime, but it is in the future somewhere. A. I is definitely gonna be on par with the Internet cell phone, radio. It's gonna be a technology that's gonna be accelerating if you look where technology's been over last. Is this amazing to watch how fast things have changed in our lifetime alone, right? Yeah, we're just on this curve of technology accelerations. This in the >>exponential curves China. >>Yeah, I think the thing I'm most excited about for a I right now is the addition of creativity to a lot of our jobs. So ah, lot of we build an augmented writing product. And what we do is we look at the words that have happened in the world and their outcomes. And we tell you what words have impacted people in the past. Now, with that information, when you augment humans in that way, they get to be more creative. They get to use language that have never been used before. To communicate an idea. You can do this with any field you can do with composition of music. You can if you can have access as an individual, thio the data of a bunch of cultures the way that we evolved can change. So I'm most excited about that. I think I'm most concerned currently about the products that we're building Thio Give a I to people that don't understand how to use it or how to make sure they're making an ethical decision. So it is extremely easy right now to go on the Internet to build a model on a data set. And I'm not a specialist in data, right? And so I have no idea if I'm adding bias in or not, um and so it's It's an interesting time because we're in that middle area. Um, and >>it's getting loud, all right, Roger will throw with you before we have to cut out, or we're not gonna be able to hear anything. So I actually start every presentation out with a picture of the Mosaic browser, because what's interesting is I think that's where >>a eyes today compared to kind of weather when the Internet was around 1994 >>were just starting to see how a I can actually impact the average person. As a result, there's a lot of hype, but what I'm actually finding is that 70% of the company's I talked to the first question is, Why should I be using this? And what benefit does it give me? Why 70% ask you why? Yeah, and and what's interesting with that is that I think people are still trying to figure out what is this stuff good for? But to your point about the long >>run, and we underestimate the longer I think that every company out there and every product will be fundamentally transformed by eye over the course of the next decade, and it's actually gonna have a bigger impact on the Internet itself. And so that's really what we have to look forward to. >>All right again. Thank you everybody for participating. There was a ton of fun. Hope you had fun. And I look at the score sheet here. We've got Bob coming in and the bronze at 15 points. Rajan, it's 17 in our gold medal winner for the silver Bell. Is Sharna at 20 points. Again. Thank you. Uh, thank you so much and look forward to our next conversation. Thank Jeffrey Ake signing out from Caesar's Juniper. Next word unpacking. I Thanks for watching.

>> Announcer: From Miami Beach, Florida, it's theCUBE, covering Acronis Global Cyber Summit 2019, brought to you by Acronis. >> Okay, welcome back, everyone. It's theCUBE's two days of coverage here in Miami Beach at the Fountainebleau Hotel for the Acronis Global Cyber Summit 2019. I'm John Furrier, your host, James Slaby, the director of cyber protection for Acronis is here on theCUBE. Thanks for coming in, it's great to see you. >> John, great to be here, thanks. >> So, we talked on the day one reception that we had. We were having a chat about the cyber protection positioning, and how the confluence of data protection is emerging in this new modernization of the enterprise. >> Sure. >> Sports teams are out there, it's obvious pick customers, so it's happening. >> Absolutely, it's something that the analyst community has been talking about for years. And certainly, I think people in the data protection space, on the vendor side, in the cyber security space, have been seeing it coming. I think there's been a little bit of weariness of it on the end user side, particularly if you look at the large enterprise space where you've got fairly large teams and they're specialized. You've got the security folks on one side, data protection IT operations on the other, and often different budgets, they don't necessarily like each other, or talk to each other a whole lot, sometimes competing agendas. But frankly the way the world is going with the kind of explosion in data, the fact that data's growing five times faster than IT staffing is able to grow, and with this explosion in the threat environment, not just cyber criminals though they've gotten a lot cleverer in recent years, much more industrial in their methods, basically I like to compare them to Salesforce, but evil, right? So, they've industrialized their production methods, >> And they're causing disruption. They are disrupting the continuity of a business by hijacking their data before there is ransomware or zero-day malware, it's here, it's happening all the time. >> Yeah, and it's not just the criminals now. You have state actors involved. North Korea basically runs itself as a criminal enterprise these days to fund the regime because of economic sanctions. And they're very well-funded, they're very expert, and with tools like ransomware and cryptojacking at their disposal, they're sustaining themselves. So, between the threats on all sides, and the explosion in data, the operation side of the house, and the security side of the house really have to come together. It's not a luxury that frankly small to medium businesses have ever had. You typically have much smaller staffs. It's one, two, maybe three people handling all of that. So, in some respects that convergence is going to be a welcome simplification of life to them. >> What's interesting to me and I want to get your thoughts and reaction to this is that with the Cloud computing, and this new modern era of compute power and software defined stuff, you're seeing categories that used to be niche white spaced categories become full-blown important areas. I'll give you an example. Network management turned into observability. Configuration management's now automation. So, at the plumbing level infrastructure when they start to see stuff emerge that was once a feature and now important. Data protection involves a cyber protection. Again, it's elevating an importance because the game's changing, but it's still the same. It's data protection, but data's everywhere, but cyber's the driver. This is an interesting dynamic, and I think you pointed that out, again, on our first night, it's highlighted there. Are all the analysts seeing it this way? And because we're seeing, observability, what is observability? It's network management on steroids. So, this new modern architecture of an enterprise is our thinking like a system, and cyber protection is a new, I guess category. Well, it's not really a new category, it's data protection or cyber threats and cyber things. >> I think it's a useful coinage to capture in a couple of words, this convergence of classic data protection disaster recovery kind of functionality with cyber security. I do see the analyst community having anticipated the trend by a couple of years, Forrester with their zero trust model is a slightly different perspective on it, but ultimately it puts data at the center of everything. You've got to protect data, you've got to protect people from stealing it, you've got to defend against people tampering with it. And once you start putting data at the center of your world, then all those functions whether they're classic IT operations functions, or what we historically associate with cyber security, it doesn't make a whole lot of difference. The challenge is to find ways to achieve those basic functions in a way that is managing the complexity, you've got an explosion of data sources, an explosion of data volume, here comes the Internet of things, here comes 5G wireless, suddenly everyone's going to be storing 10 terabytes of data on their smart phones. So, you've got a lot more data in a lot more places to defend against. And the bad guys are coming up with increasingly sophisticated new ways to get at it. So, looking at it as data first, and I think what our MSP and VAR partners, and what their customers are asking for are ways to help us manage that process in a way that's simpler to manage, that's cheaper, and can defend against these kind of new more sophisticated threats. >> More threats, the complexity is increasing, data's increasing, the costs are increasing, and it all revolves around the digital business as data, and the Red Sox and the sports teams encapsulate that because their product's on the field, but also they have a business to run, they got fans to serve, their consumers, it's a digital business model, it's a data. >> Yeah, they look sort of like extreme examples today. Our business doesn't need our F1, our Formula One partners to capture the racetrack data from a rocket ship with a 1,000 sensors in it, and real time telemetry, but that's only looks extreme today. We're not very far away from having to handle that kind of data in real time in our business. So, in the same way that the Red Sox are capturing all kinds of video information and analytics, and analyzing the performance of their players, we're going to be doing similar kinds of data collection and processing on business information in just a few short years. So, it's useful to have leading edge partners like that, but the rest of us aren't really far behind-- >> Well, I think the platform play is very interesting. You guys put a lot of work into that. Obviously you can't do that overnight. Many years have gone into that. Having an open ecosystem is key. You mentioned VARs and partners earlier, this is a big part of the business model of Acronis, and so that's ultimately the true test of a product because the channel is a very efficient business mechanism. >> Yes. (laughs) >> If it works and it's profitable, and creates happy customers, their customers are happy, they keep their customers. They're a very tough crowd too as well. What are your partners in VARs and ISVs, what's in demand of them from their customers? Because they're selling your product as a solution, putting servers to run, but they have customers too, and they're looking for them to be a player and serve them well. What are they hearing? What's their customer customer? >> Yeah, you're right, they're absolutely, our partners are our key source of intel on what the buyers ultimately want. And again your typical buyer, let's say it's a small or medium business for argument's sake here, is confronting the fact that there's a giant labor shortage in cyber security talent at the moment. So, in two years there'll be 3 1/2 million cyber security job vacancies worldwide. I tell young people I know that are coming out of high school or college, go into cyber security, there going to be a lot of work there in the coming years. This is advice I just gave to my nephew. And they can't compete for the existing talent that's out there. If you're a great cyber security talent, you're going to want to work for a managed service provider where you're constantly facing new challenges, new customers, new technologies, it's the great Petri dish to learn and hone your craft, and move up in the world or maybe you go into the large enterprise space, cyber protection staff there where the pay is a little bit better. It's very tough for an SMB to compete with that. They just can't find, retain, or pay the talent that they need to keep their own data secure. So, that's a huge one just from-- >> And they're also under a lot of pressure because the way these supply chain relationships work is I could have the best security on the planet, but if you're my business partner and you don't have good data hygiene, my data's exposed through you because we're working together. Listen, this is a really dynamic. >> Yeah, and it's kind of an interesting, it's a bit of ancillary topic here I think, but just a tax on elements of the supply chain like managed service providers themselves as something that has raised its head. So, as a buyer, you have to evaluate whether your provider is taking appropriate steps to protect themselves because if they can't do that, then you will be someone who's intimately connected with them that will be vulnerable to the same evils that befall them. >> I hear that a lot from people that are selling security, and, or data protection to customers is that there's now requirements in the sales process to do it, and I don't want to say audit, that's not the right word, the word we're looking for, but inspection of how the data's being handled. Obviously, you've got GDPR out there which is a whole 'nother animal, but this is now a real criteria so, IMSP, I have to build that out myself. Is this where they are using you guys? This is where there seems to be a dynamic where you guys are doing well, certainly ransomware's been a big part of it too. >> So, they have a couple of challenges, our partners do. One is beating that customer requirement to protect me, make sure you've got the expertise that I can't retain to provide security for my data, do it in a way that's cheap, do it that it will grow as my data volumes are growing, and automate it wherever possible, right. I do not want to have to worry about this stuff. The MSPs have both technical and business challenges themselves. From the technical side their problems are similar to the customer's. They need any solution they have to be simple, they need it to be cheap, automation is super important to them, and they need to keep ahead of the security gap. From a business perspective you've got additional challenges like, how do I grow my individual, my average revenue per user? How do I offer additional services that are going to increase my traction with them so that I can reproduce churns, that I want to be stickier, right? How do I get hooks into my existing billing and provisioning kind of systems? So, the customer has a range of challenges that are reflected mainly in technical terms in the service provider, but the service provider has their own businesses sectors that are unique. And this is in part how things like Acronis Cyber Protect at cyber infrastructure, and the opening up of Acronis Cyber Platform so that their ISVs and the providers of the tools that they're using can get tighter integration into the infrastructure that they-- >> You guys are now just open APIs, just opening up the API's developer network and then the customer portal, big news here at the show. >> Yes, yup! >> You guys were holding back from us, well, now you've got it covered, but this speaks to the ecosystem. Now, I got to ask you about the competition, the industry, RSA, these big conferences, buzzword bingo goes on all the time, hype is like, I got this, I'm throwing a platform. >> What's your favorite game? >> I wouldn't be surprised if cyber protection, cyber protect is a category as it emerged people start whitewashing. We've got a platform, so, people are talking the platform game. What is hype and reality? Take us through unpacking your opinion where the hype and reality, because customers are trying to squint through the noise, and look at the hype versus the reality. How do you distinguish between what's real and what's not? >> Well, I would say a useful starting point is, allow me to toot Acronis's horn here with what we have rolled out with Acronis Cyber Protect. So, it starts with our classic value proposition which is backup and disaster recovery. The next step is something that we got into the market with several years ago which is anti-malware that is buttressed by machine learning and artificial intelligence. So, the goal here is not just to be able to identify, and stop known threats by their signatures, the classic antivirus approach given the increasing sophistication of malware developers, you have to be able to identify stuff by the way it behaves. So, even if you've never seen it before you have to be able to say, that looks suspicious, I've got to stop that, and do it in a way that's smart enough that you're not halting up innocent processes that might be doing something that vaguely looks suspicious, right? You've got to stop the real threats and minimize the false positives, right. Now add to that things like health and performance monitoring. So, the capability from the exact same console to monitor the health of your hardware, including being able to predict drive failure rates, again, with the help of artificial intelligence to the point where given that half your hard drives are going to fail in five years, we can predict within 98% accuracy when a hard drive is going to fail, and that's a giant way to head off a big data loss is move that data before the hard drive fails, but also monitor the performance of your network, your applications, your operating system, as well as hardware performance. >> It's an end to end holistic view of data. >> Yeah, it's something that you might be able to do with multiple tools and maybe cruder tools, like the smart capability for drive analysis has been around for a while, but the name hasn't aged well. Health monitoring, remote desktop, right. So, the ability, really important to an MSP to reach out and troubleshoot issues on a remote desktop including things like managing their windows defender environment, so that you're making sure that the end user isn't violating your security policies because they think it might improve their performance a little to shut off some features of Windows Defender, right? Where I think it really gets interesting is in capabilities like vulnerability assessment. So, the ability to scan an endpoint and figure out which revisions of their operating system, their traditional productivity applications, all their third party applications, where they are relative to the patches that are out there to close known vulnerabilities to malware threats. And then based on that proceed to patch management where you figure out a sensible, scalable, manageable way to install patches on all those devices across your organization which is part of the daily grind for operations people, frankly. So, giving them all of those tools in one place with a single interface, oh, by the way let's throw in URL filtering, another capability that really will keep your users out of a lot of trouble, keep them from visiting sites where malware loves to lurk, because where pirated software and these kind of things, places you shouldn't go that people tend to go, and invite the evils of the world. So, imagine all these things on a single pane of glass that you need one organization with one training regimen to operate, and suddenly you see the kind of efficiencies that you're going to generate as a service provider in terms of lowering your own costs, automating a lot of the functions that you previously had to do manually, and so on. Sorry, I had to finish that, sorry. >> No problem, that's a huge-- >> That's the rest of the story on cyber protection. >> Well, this highlights to me what I think is a very comprehensive offering. You guys have comprehensive storing. You have infrastructure, a platform, and then a set of services, that's deep, deep bench of technology. >> Well, there's a lot of innovation in there as well. So, this was something that had never occurred to me that fortunately occurred to our RND people which is the notion of why don't we start scanning our backup images instead of relying on endpoint scans. So, we've got a recent image backup, why don't we scan our copy of it? We can do the vulnerability assessment, the patch management of it, and, oh, by the way, that means that we can do things like if you've got custom applications that maybe sometimes don't play nice with newer revs of the OS or patches, you can actually test that offline. Do those upgrades, install those patches, run the application, if it doesn't work, if it gives you performance problems, or functionality problems, you know not to roll those patches out across your environment. And those are kind of clever things that, oh, by the way, oh, this is the burden and potential conflicts of scans on the endpoints. So, again, I-- >> That shows the benefit of the ISV market too, as more stuff comes on, the benefits of the collective ecosystem getting right back into the customer-- >> And it works a couple of ways. So, some of my independent software vendors are going to integrate functionality from Cyber Protect into their products in a way that is sort of invisible. They'll be Acronis inside, but their customers won't necessarily know it. It also means that MSPs and the vendors that serve them with a variety of tools can more tightly integrate their functionality with Cyber Protect at the core of the managed service providers offering, and provide value to both sides of that equation as well. >> You guys have great validations platform, solutions, robust ecosystem, now you'll bring out the developers, so congratulations. James, thanks for coming on, and sharing the insight, it's appreciated. >> John, thanks so much, this was great. >> All right, Cube coverage here in Miami Beach for the Acronis Global Cyber Summit 2019. I'm John Furrier, stay with us for more day two coverage after this short break. (upbeat music)

>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019. Brought to you by Amazon Web service is and its ecosystem partners. >> Well, welcome back. Everyone's Cube Live coverage here in Boston, Massachusetts, for AWS. Reinforce Amazon Web sources. First inaugural conference around security. It's not Osama. It's a branded event. Big time ecosystem developing. We have returning here. Cube Alumni Bill Jeff for VP of strategy and the partnerships that Iron Net Cyber Security Company. Welcome back. Thanks. General Keith Alexander, who was on a week and 1/2 ago. And it was public sector summit. Good to see you. Good >> to see you. Thanks for >> having my back, but I want to get into some of the Iran cyber communities. We had General Qi 1000. He was the original commander of the division. So important discussions that have around that. But don't get your take on the event. You guys, you're building a business. The minute cyber involved in public sector. This is commercial private partnership. Public relations coming together. Yeah. Your models are sharing so bringing public and private together important. >> Now that's exactly right. And it's really great to be here with eight of us were really close partner of AWS is we'll work with them our entire back in today. Runs on AWS really need opportunity. Get into the ecosystem, meet some of the folks that are working that we might work with my partner but to deliver a great product, right? And you're seeing a lot of people move to cloud, right? And so you know some of the big announcement that are happening here today. We're willing. We're looking to partner up with eight of us and be a first time provider for some key new Proactiv elves. AWS is launching in their own platform here today. So that's a really neat thing for us to be partnered up with this thing. Awesome organization. I'm doing some of >> the focus areas around reinforcing your party with Amazon shares for specifics. >> Yes. So I don't know whether they announced this capability where they're doing the announcement yesterday or today. So I forget which one so I'll leave that leave that leave that once pursued peace out. But the main thing is, they're announcing couple of new technology plays way our launch party with them on the civility place. So we're gonna be able to do what we were only wanted to do on Prem. We're gonna be able to do in the cloud with AWS in the cloud formation so that we'll deliver the same kind of guy that would deliver on prime customers inside their own cloud environments and their hybrid environment. So it's a it's a it's a sea change for us. The company, a sea change for a is delivering that new capability to their customers and really be able to defend a cloud network the way you would nonpregnant game changer >> described that value, if you would. >> Well, so you know, one of the key things about about a non pregnant where you could do you could look at all the flows coming past you. You look at all the data, look at in real time and develop behavior. Lana looks over. That's what we're doing our own prime customers today in the cloud with his world who looked a lox, right? And now, with the weight of your capability, we're gonna be able to integrate that and do a lot Maur the way we would in a in a in a normal sort of on Prem environment. So you really did love that. Really? Capability of scale >> Wagon is always killed. The predictive analytics, our visibility and what you could do. And too late. Exactly. Right. You guys solve that with this. What are some of the challenges that you see in cloud security that are different than on premise? Because that's the sea, So conversation we've been hearing. Sure, I know on premise. I didn't do it on premises for awhile. What's the difference between the challenge sets, the challenges and the opportunities they provide? >> Well, the opportunities air really neat, right? Because you've got that even they have a shared responsibility model, which is a little different than you officially have it. When it's on Prem, it's all yours essential. You own that responsibility and it is what it is in the cloud. Its share responsible to cloud provider the data holder. Right? But what's really cool about the cloud is you could deliver some really interesting Is that scale you do patch updates simultaneously, all your all your back end all your clients systems, even if depending how your provisioning cloud service is, you could deliver that update in real time. You have to worry about. I got to go to individual systems and update them, and some are updated. Summer passed. Some aren't right. Your servers are packed simultaneously. You take him down, you're bringing back up and they're ready to go, right? That's a really capability that for a sigh. So you're delivering this thing at scale. It's awesome now, So the challenge is right. It's a new environment so that you haven't dealt with before. A lot of times you feel the hybrid environment governed both an on Prem in sanitation and class sensation. Those have to talkto one another, right? And you might think about Well, how do I secure those those connections right now? And I think about spending money over here when I got all seduced to spend up here in the cloud. And that's gonna be a hard thing precisely to figure out, too. And so there are some challenges, but the great thing is, you got a whole ecosystem. Providers were one of them here in the AWS ecosystem. There are a lot here today, and you've got eight of us as a part of self who wants to make sure that they're super secure, but so are yours. Because if you have a problem in their cloud, that's a challenge. Them to market this other people. You talk about >> your story because your way interviews A couple weeks ago, you made a comment. I'm a recovering lawyer, kind of. You know, we all laughed, but you really start out in law, right? >> How did you end up here? Yeah, well, the truth is, I grew up sort of a technology or myself. My first computer is a trash 80 a trs 80 color computer. RadioShack four k of RAM on board, right. We only >> a true TRS 80. Only when I know what you're saying. That >> it was a beautiful system, right? Way stored with sword programs on cassette tapes. Right? And when we operated from four Keita 16 k way were the talk of the Rainbow Computer Club in Santa Monica, California Game changer. It was a game here for 16. Warning in with 60 give onboard. Ram. I mean, this is this is what you gonna do. And so you know, I went from that and I in >> trouble or something, you got to go to law school like you're right >> I mean, you know, look, I mean, you know it. So my dad, that was a chemist, right? So he loved computers, love science. But he also had an unrequited political boners body. He grew up in East Africa, Tanzania. It was always thought that he might be a minister in government. The Socialist came to power. They they had to leave you at the end of the day. And he came to the states and doing chemistry, which is course studies. But he still loved politics. So he raised at NPR. So when I went to college, I studied political science. But I paid my way through college doing computer support, life sciences department at the last moment. And I ran 10 based. He came on climate through ceilings and pulled network cable do punch down blocks, a little bit of fibrous placing. So, you know, I was still a murderer >> writing software in the scythe. >> One major, major air. And that was when when the web first came out and we had links. Don't you remember? That was a text based browser, right? And I remember looking to see him like this is terrible. Who would use http slash I'm going back to go for gophers. Awesome. Well, turns out I was totally wrong about Mosaic and Netscape. After that, it was It was it was all hands on >> deck. You got a great career. Been involved a lot in the confluence of policy politics and tech, which is actually perfect skill set for the challenge we're dealing. So I gotta ask you, what are some of the most important conversations that should be on the table right now? Because there's been a lot of conversations going on around from this technology. I has been around for many decades. This has been a policy problem. It's been a societal problem. But now this really focus on acute focus on a lot of key things. What are some of the most important things that you think should be on the table for techies? For policymakers, for business people, for lawmakers? >> One. I think we've got to figure out how to get really technology knowledge into the hands of policymakers. Right. You see, you watch the Facebook hearings on Capitol Hill. I mean, it was a joke. It was concerning right? I mean, anybody with a technology background to be concerned about what they saw there, and it's not the lawmakers fault. I mean, you know, we've got to empower them with that. And so we got to take technologist, threw it out, how to get them to talk policy and get them up on the hill and in the administration talking to folks, right? And one of the big outcomes, I think, has to come out of that conversation. What do we do about national level cybersecurity, Right, because we assume today that it's the rule. The private sector provides cyber security for their own companies, but in no other circumstance to expect that when it's a nation state attacker, wait. We don't expect Target or Wal Mart or any other company. J. P. Morgan have surface to air missiles on the roofs of their warehouses or their buildings to Vegas Russian bear bombers. Why, that's the job of the government. But when it comes to cyberspace, we expect Private Cummings defending us everything from a script kiddie in his basement to the criminal hacker in Eastern Europe to the nation state, whether Russia, China, Iran or North Korea and these nation states have virtually a limited resource. Your armies did >> sophisticated RND technology, and it's powerful exactly like a nuclear weaponry kind of impact for digital. >> Exactly. And how can we expect prices comes to defend themselves? It's not. It's not a fair fight. And so the government has to have some role. The questions? What role? How did that consist with our values, our principles, right? And how do we ensure that the Internet remains free and open, while still is sure that the president is not is not hampered in doing its job out there. And I love this top way talk about >> a lot, sometimes the future of warfare. Yeah, and that's really what we're talking about. You go back to Stuxnet, which opened Pandora's box 2016 election hack where you had, you know, the Russians trying to control the mean control, the narrative. As you pointed out, that that one video we did control the belief system you control population without firing a shot. 20 twenties gonna be really interesting. And now you see the U. S. Retaliate to Iran in cyberspace, right? Allegedly. And I was saying that we had a conversation with Robert Gates a couple years ago and I asked him. I said, Should we be Maur taking more of an offensive posture? And he said, Well, we have more to lose than the other guys Glasshouse problem? Yeah, What are your thoughts on? >> Look, certainly we rely intimately, inherently on the cyber infrastructure that that sort of is at the core of our economy at the core of the world economy. Increasingly, today, that being said, because it's so important to us all the more reason why we can't let attacks go Unresponded to write. And so if you're being attacked in cyberspace, you have to respond at some level because if you don't, you'll just keep getting punched. It's like the kid on the playground, right? If the bully keeps punching him and nobody does anything, not not the not the school administration, not the kid himself. Well, then the boy's gonna keep doing what he's doing. And so it's not surprising that were being tested by Iran by North Korea, by Russia by China, and they're getting more more aggressive because when we don't punch back, that's gonna happen. Now we don't have to punch back in cyberspace, right? A common sort of fetish about Cyrus is a >> response to the issue is gonna respond to the bully in this case, your eggs. Exactly. Playground Exactly. We'll talk about the Iran. >> So So if I If I if I can't Yeah, the response could be Hey, we could do this. Let them know you could Yes. And it's a your move >> ate well, And this is the key is that it's not just responding, right. So Bob Gates or told you we can't we talk about what we're doing. And even in the latest series of alleged responses to Iran, the reason we keep saying alleged is the U. S has not publicly acknowledged it, but the word has gotten out. Well, of course, it's not a particularly effective deterrence if you do something, but nobody knows you did it right. You gotta let it out that you did it. And frankly, you gotta own it and say, Hey, look, that guy punch me, I punch it back in the teeth. So you better not come after me, right? We don't do that in part because these cables grew up in the intelligence community at N S. A and the like, and we're very sensitive about that But the truth is, you have to know about your highest and capabilities. You could talk about your abilities. You could say, Here are my red lines. If you cross him, I'm gonna punch you back. If you do that, then by the way, you've gotta punch back. They'll let red lines be crossed and then not respond. And then you're gonna talk about some level of capabilities. It can't all be secret. Can't all be classified. Where >> are we in this debate? Me first. Well, you're referring to the Thursday online attack against the intelligence Iranian intelligence community for the tanker and the drone strike that they got together. Drone take down for an arm in our surveillance drones. >> But where are we >> in this debate of having this conversation where the government should protect and serve its people? And that's the role. Because if a army rolled in fiscal army dropped on the shores of Manhattan, I don't think Citibank would be sending their people out the fight. Right? Right. So, like, this is really happening. >> Where are we >> on this? Like, is it just sitting there on the >> table? What's happening? What's amazing about it? Hi. This was getting it going well, that that's a Q. What's been amazing? It's been happening since 2012 2011 right? We know about the Las Vegas Sands attack right by Iran. We know about North Korea's. We know about all these. They're going on here in the United States against private sector companies, not against the government. And there's largely been no response. Now we've seen Congress get more active. Congress just last year passed to pass legislation that gave Cyber command the authority on the president's surgery defenses orders to take action against Russia, Iran, North Korea and China. If certain cyber has happened, that's a good thing, right to give it. I'll be giving the clear authority right, and it appears the president willing to make some steps in that direction, So that's a positive step. Now, on the back end, though, you talk about what we do to harden ourselves, if that's gonna happen, right, and the government isn't ready today to defend the nation, even though the Constitution is about providing for the common defense, and we know that the part of defense for long. For a long time since Secretary Panetta has said that it is our mission to defend the nation, right? But we know they're not fully doing that. How do they empower private sector defense and one of keys That has got to be Look, if you're the intelligence community or the U. S. Government, you're Clinton. Tremendous sense of Dad about what you're seeing in foreign space about what the enemy is doing, what they're preparing for. You have got to share that in real time at machine speed with industry. And if you're not doing that and you're still count on industry to be the first line defense, well, then you're not empowered. That defense. And if you're on a pair of the defense, how do you spend them to defend themselves against the nation? State threats? That's a real cry. So >> much tighter public private relationship. >> Absolutely, absolutely. And it doesn't have to be the government stand in the front lines of the U. S. Internet is, though, is that you could even determine the boundaries of the U. S. Internet. Right? Nobody wants an essay or something out there doing that, but you do want is if you're gonna put the private sector in the in the line of first defense. We gotta empower that defense if you're not doing that than the government isn't doing its job. And so we gonna talk about this for a long time. I worked on that first piece of information sharing legislation with the House chairman, intelligence Chairman Mike Rogers and Dutch Ruppersberger from Maryland, right congressman from both sides of the aisle, working together to get a fresh your decision done that got done in 2015. But that's just a first step. The government's got to be willing to share classified information, scaled speed. We're still not seeing that. Yeah, How >> do people get involved? I mean, like, I'm not a political person. I'm a moderate in the middle. But >> how do I How do people get involved? How does the technology industry not not the >> policy budgets and the top that goes on the top tech companies, how to tech workers or people who love Tad and our patriots and or want freedom get involved? What's the best approach? >> Well, that's a great question. I think part of is learning how to talk policy. How do we get in front policymakers? Right. And we're I run. I run a think tank on the side at the National Institute at George Mason University's Anton Scalia Law School Way have a program funded by the Hewlett Foundation who were bringing in technologists about 25 of them. Actually. Our next our second event. This Siri's is gonna be in Chicago this weekend. We're trained these technologies, these air data scientists, engineers and, like talk Paul's right. These are people who said We want to be involved. We just don't know how to get involved And so we're training him up. That's a small program. There's a great program called Tech Congress, also funded by the U. A. Foundation that places technologists in policy positions in Congress. That's really cool. There's a lot of work going on, but those are small things, right. We need to do this, its scale. And so you know, what I would say is that their technology out there want to get involved, reach out to us, let us know well with our partners to help you get your information and dad about what's going on. Get your voice heard there. A lot of organizations to that wanna get technologies involved. That's another opportunity to get in. Get in the building is a >> story that we want to help tell on be involved in David. I feel passion about this. Is a date a problem? So there's some real tech goodness in there. Absolutely. People like to solve hard problems, right? I mean, we got a couple days of them. You've got a big heart problems. It's also for all the people out there who are Dev Ops Cloud people who like to work on solving heart problems. >> We got a lot >> of them. Let's do it. So what's going on? Iron? Give us the update Could plug for the company. Keith Alexander found a great guy great guests having on the Cube. That would give the quick thanks >> so much. So, you know, way have done two rounds of funding about 110,000,000. All in so excited. We have partners like Kleiner Perkins Forge point C five all supporting us. And now it's all about We just got a new co CEO in Bill Welshman. See Scaler and duo. So he grew Z scaler. $1,000,000,000 valuation he came in to do Oh, you know, they always had a great great exit. Also, we got him. We got Sean Foster in from from From Industry also. So Bill and Sean came together. We're now making this business move more rapidly. We're moving to the mid market. We're moving to a cloud platform or aggressively and so exciting times and iron it. We're coming toe big and small companies near you. We've got the capability. We're bringing advanced, persistent defense to bear on his heart problems that were threat analytics. I collected defence. That's the key to our operation. We're excited >> to doing it. I call N S A is a service, but that's not politically correct. But this is the Cube, so >> Well, look, if you're not, if you want to defensive scale, right, you want to do that. You know, ECE knows how to do that key down here at the forefront of that when he was in >> the government. Well, you guys are certainly on the cutting edge, riding that wave of common societal change technology impact for good, for defence, for just betterment, not make making a quick buck. Well, you know, look, it's a good business model by the way to be in that business. >> I mean, It's on our business cards. And John Xander means it. Our business. I'd say the Michigan T knows that he really means that, right? Rather private sector. We're looking to help companies to do the right thing and protect the nation, right? You know, I protect themselves >> better. Well, our missions to turn the lights on. Get those voices out there. Thanks for coming on. Sharing the lights. Keep covers here. Day one of two days of coverage. Eight of us reinforce here in Boston. Stay with us for more Day one after this short break.

(upbeat music) >> Live, from Washington DC. It's theCUBE. Covering AWS Public Sector Summit. Brought to you by Amazon Web Services. >> Welcome back everyone to theCUBE's live coverage of the AWS Public Sector Summit here in Washington DC. I'm your host Rebecca Knight, co-hosting alongside of John Furrier. We are excited to welcome to the program, General Keith Alexander former NSA Director, the first Commander to lead the US Cyber Command, Four-star General with a 40 year career. Thank you so much for coming theCUBE, we are honored, we are honored to have you. >> It is an honor to be here. Thank you. >> So let's talk about cyber threats. Let's start there and have you just give us your observations, your thoughts on what are the most pressing cyber threats that keep you up at night? >> Well, so, when you think about threats, you think about Nation States, so you can go to Iran, Russia, China, North Korea. And then you think about criminal threats, well all the things like ransomware. Some of the Nation State actors are also criminals at night so they can use Nation State tools. And my concern about all the evolution of cyber-threats, is that the attacks are getting more destructive, the malware has more legs with worms and the impact on our commercial sector and our nation, increasingly bigger. So you have all those from cyber. And then I think the biggest impact to our country is the theft of intellectual property, right. That's our future. So you look out on this floor here, think about all the technical talent. Now imagine that every idea that we have, somebody else is stealing, making a product out of it, competing with us, and beating us. That's kind of what Huawei did, taking CISCO code to make Huawei, and now they're racing down that road. So we have a couple of big issues here to solve, protect our future, that intellectual property, stop the theft of money and other ideas, and protect our nation. So when you think about cyber, that's what I think about going to. Often times I'll talk about the Nation State threat. The most prevalent threats is this criminal threat and the most, I think, right now, important for us strategically is the theft of intellectual property. >> So why don't we just have a digital force to counter all this? Why doesn't, you know, we take the same approach we did when we, you know, we celebrated the 75th anniversary D-day, okay, World War II, okay, that was just recently in the news. That's a physical war, okay. We have a digital war happening whether you call it or not. I think it is, personally my opinion. I think it is. You're seeing the misinformation campaigns, financial institutions leaving England, like it's nobody's business. I mean it crippled the entire UK, that like a big hack. Who knows? But its happening digitally. Where's the forces? Is that Cyber Command? What do you do? >> So that's Cyber Command. You bring out an important issue. And protecting the nation, the reason we set up Cyber Command not just to get me promoted, but that was a good outcome. (laughing) But it was actually how do we defend the country? How do we defend ourselves in cyber? So you need a force to do it. So you're right, you need a force. That force is Cyber Command. There's an issue though. Cyber Command cannot see today, attacks on our country. So they're left to try to go after the offense, but all the offense has to do is hit over here. They're looking at these sets of targets. They don't see the attacks. So they wouldn't have seen the attack on Sony. They don't see these devastating attacks. They don't see the thefts. So the real solution to what you bring up is make it visible, make it so our nation can defend itself from cyber by seeing the attacks that are hitting us. That should help us protect companies in sectors and help us share that information. It has to be at speed. So we talk about sharing, but it's senseless for me to send you for air traffic control, a letter, that a plane is located overhead. You get it in the mail seven days later, you think, well-- >> Too late. >> That's too late. >> Or fighting blindfolded. >> That's right. >> I mean-- >> So you can't do either. And so what it gets you to, is we have to create the new norm for visibility in cyber space. This does a whole host of things and you were good to bring out, it's also fake news. It's also deception. It's all these other things that are going on. We have to make that visible. >> How do you do that, though? >> What do you do? I do that. (laughing) So the way you do it, I think, is start at the beginning. What's happening to the network? So, on building a defensible framework, you've got to be able to see the attacks. Not what you expect, but all the attacks. So that's anomaly detection. So that's one of the things we have to do. And then you have to share that at network speed. And then you have to have a machine-learning expert system AI to help you go at the speeds the attacker's going to go at. On fake-news, this is a big problem. >> Yeah. >> You know. This has, been throughout time. Somebody pointed out about, you know, George Washington, right, seven fake letters, written to say, "Oh no, I think the King's good." He never wrote that. And the reason that countries do it, like Russia, in the elections, is to change something to more beneficial for them. Or at least what they believe is more beneficial. It is interesting, MIT has done some studies, so I've heard, on this. And that people are 70% more like to re-Tweet, re-Tweet fake news than they are the facts. So. >> Because it's more sensational, because it's-- >> That's food. It's good for you, in a way. But it's tasty. >> Look at this. It's kind of something that you want to talk about. "Can you believe what these guys are doing? "That's outrageous, retweet." >> Not true. >> Not true. Oh, yeah, but it makes me mad just thinking about it. >> Right, right. >> And so, you get people going, and you think, You know, it's like going into a bar and you know, you go to him, "He thinks you're ugly." and you go to me, and you go, "He thinks you're ugly." (laughs) And so we get going and you started it and we didn't even talk. >> Right, right. >> And so that's what Russia does. >> At scale too. >> At scale. >> At the scale point. >> So part of the solution to that is understanding where information is coming from, being able to see the see the environment like you do the physical environment at speed. I think step one, if I were to pick out the logical sequence of what'll happen, we'll get to a defensible architecture over the next year or two. We're already starting to see that with other sectors, so I think we can get there. As soon as you do that, now you're into, how do I know that this news is real. It's kind of like a block-chain for facts. How do we now do that in this way. We've got to figure that out. >> We're doing our part there. But I want to get back to this topic of infrastructure, because digital, okay, there's roads, there's digital roads, there's packets moving round. You mentioned Huawei ripping off CISCO, which takes their R and D and puts it in their pockets. They have to get that. But we let fake news and other things, you've got payload, content or payload, and then you've got infrastructure distribution. Right, so, we're getting at here as that there are literally roads and bridges and digital construction apparatus, infrastructure, that needs to be understood, addressed, monitored, or reset, because you've had email that's been around for awhile. But these are new kinds of infrastructure, but the payload, malware, fake news, whatever it is. There's an interaction between payload and infrastructure. Your thoughts and reaction to that as a Commander, thinking about how to combat all this? >> I, my gut reaction, is that you're going to have to change, we will have to change, how we think about that. It's not any more roads and avenues in. It's all the environment. You know, it's like this whole thing. Now the whole world is opened up. It's like the Matrix. You open it up and there it is. It's everything. So what we have to do is think about is if it's everything, how do we now operate in a world where you have both truths and fiction? That's the harder problem. So that's where I say, if we solve the first problem, we're so far along in establishing perhaps the level so it raises us up to a level where we're now securing it, where we can begin to see now the ideas for the pedigree of information I think will come out. If you think about the amount of unique information created every year, there are digital videos that claim it's doubling every year or more. If that's true, that half of, 75% of it is fiction, we've got a big road to go. And you know there is a lot of fiction out there, so we've got to fix it. And the unfortunate part is both sides of that, both the fiction and the finding the fiction, has consequences because somebody says that "A wasn't true, "That person, you know, they're saying, he was a rapist, "he was a robber, he was a drugger," and then they find out it was all fake, but he still has that stigma. And then the person over here says, "See, they accused me of that. "They're out to get me in other areas. "They can exclaim what they want." >> But sometimes the person saying that is also a person who has a lot of power in our government, who is saying that it's fake news, when it's not fake news, or, you know what, I-- >> So that's part of the issue. >> It's a very different climate >> Some of it is fake. Some of it's not. And that's what makes it so difficult for the public. So you could say, "That piece was fake, "maybe not the other six." But the reality is, and I think this is where the media can really help. This is where you can help. How do we set up the facts? And I think that's the hardest part. >> It's the truth. >> Yeah, yeah. >> It's a data problem. And you know, we've talked about this off camera in the past. Data is critical for the systems to work. The visibility of the data. Having contextual data, the behavioral data. This gets a lot of the consequences. There's real consequences to this one. Theft, IP, freedom, lives. My son was video-gaming the other day and I could hear his friends all talking, "What's your ping start word? "What's your ping time? "I got lag, I'm dead." And this is a video game. Military, lagging, is not a game. People are losing their lives, potentially if they don't have the right tactical edge, access to technology. I know this is near and dear to your heart. I want to get your reaction. The Department of Defense is deploying strategies to make our military in the field, which represents 85% infantry, I believe, some statistic around that number, is relying on equipment. Technology can help, you know, that. Your thoughts on, the same direction. >> Going to the Cloud. Their effort to go to the Cloud is a great step forward, because it addresses just what you're saying. You know, everybody used to have their own data centers. But a data center has a fixed amount of computational capability. Once you reach it, you have to get another data center, or you just live with what you've got. In the Cloud if the problem's bigger, elasticity. Just add more corridors. And you can do things now that we could never do before. Perhaps even more importantly, you can make the Clouds global. And you can see around the world. Now you're talking about encrypted data. You're talking about ensuring that you have a level of encryption that you need, accesses and stuff. For mobile forces, that's the future. You don't carry a data center around with an infantry battalion. So you want that elasticity and you need the connectivity and you need the training to go with it. And the training gets you to what we were just talking about. When somebody serves up something wrong, and this happened to me in combat, in Desert Storm. We were launched on, everybody was getting ready to launch on something, and I said, "This doesn't sound right." And I told the Division Commander, "I don't agree. "I think this is crazy. "The Iraqis are not attacking us down this line. "I think it's old news. "I think somebody's taken an old report that we had "and re-read it and said oh my God, they're coming." And when we found out that was a JSTARS, remember how the JSTARS MTI thing would off of a wire, would look like a convoy. And that's what it was. So you have to have both. >> So you were on the cusp of an attack, deploying troops. >> That's right. >> On fake information, or misinformation, not accurate-- >> Old information. >> Old information. >> Old information. >> Old, fake, it's all not relevant. >> Well what happens is somebody interprets that to be true. So it gets back to you, how do you interpret the information? So there's training. It's a healthy dose of skepticism, you know. There are aliens in this room. Well, maybe not. (laughing) >> As far as we know. >> That's what everybody. >> But what a fascinating anecdote that you just told, about being in Desert Storm and having this report come and you saying, "Guys, this doesn't sound right." I mean, how often do you harken back to your experience in the military and when you were actually in combat, versus what you are doing today in terms of thinking about these threats? >> A lot. Because in the military, when you have troops in danger your first thought is how can I do more, how can I do better, what can I do to get them the intelligence they need? And you can innovate, and pressure is great innovator. (crunching sound) And it was amazing. And our Division Commander, General Griffith, was all into that. He said, "I trust you. "Do whatever you want." And we, it was amazing. So, I think that's a good thing. Note that when you go back and look at military campaigns, there's always this thing, the victor writes the history. (laughing) So you know, hopefully, the victor will write the truthful history. But that's not always the case. Sometimes history is re-written to be more like what they would like it to be. So, this fake news isn't new. This is something where I think journalists, historians, and others, can come together and say, "You know, that don't make sense. "Let's get the facts." >> But there's so much pressure on journalists today in this 24-hour news cycle, where you're not only expected to write the story, but you're expected to be Tweeting about it, or do a podcast about it later, to get that first draft of history right. >> So it may be part of that is as the reporter is saying it, step back and say, "Here's what we've been told." You know, we used to call those a certain type of sandwich, not a good-- (laughing) If memory serves it's a sandwich. One of these sandwiches. You're getting fed that, you're thinking, "You know, this doesn't make sense. "This time and day that this would occur." "So while we've heard this report. "It's sensational. "We need to go with the facts." And that's one of the areas that I think we really got to work. >> Journalism's changing too. I can tell you, from we've talked, data drives us. We've no advertising. Completely different model. In-depth interviews. The truth is out there. The key is how do you get the truth in context to real-time information for those right opportunities. Well, I want to get before we go, and thanks for coming on, and spending the time, General, I really appreciate it. Your company that you've formed, IronNet, okay, you're applying a lot of your discipline and knowledge in military cyber and cutting-edge tech. Tell us about your company. >> So one of the things that you, we brought up, and discussed here. When I had Cyber Command, one of the frustrations that I discussed with both Secretary Gates and Secretary Panetta, we can't see attacks on our country. And that's the commercial sector needs to help go fix that. The government can't fix that. So my thought was now that I'm in the commercial sector, I'll help fix the ability to see attacks on the commercial sector so we can share it with the government. What that entails is creating a behavioral analytic system that creates events, anomalies, an expert system with machine-learning and AI, that helps you understand what's going on and the ability to correlate and then give that to the government, so they can see that picture, so they have a chance of defending our country. So step one is doing that. Now, truth and lending, it's a lot harder than I thought it would be. (laughing) You know, I had this great saying, "Nothing is too hard "for those of us who don't have to do it." "How hard can this be?" Those were two of my favorite sayings. Now that I have to do it, I can say that it's hard, but it's doable. We can do this. And it's going to take some time. We are getting traction. The energy sector has been great to work with in this area. I think within a year, what we deploy with the companies, and what we push up to the Cloud and the ability to now start sharing that with government will change the way we think about cyber security. I think it's a disruptor. And we have to do that because that's the way they're going to attack us, with AI. We have to have a fast system to defend. >> I know you got to go, tight schedule here, but I want to get one quick question in. I know you're not a policy, you know, wonk, as they say, or expert. Well, you probably are an expert on policy, but if we can get a re-do on reshaping policy to enable these hard problems to be solved by entrepreneurs like yourself expertise that are coming into the space, quickly, with ideas to solve these big problems, whether it's fake news or understanding attacks. What do the policy makers need to do? Is it get out of the way? Do they rip up everything? Do they reshape it? What's your vision on this? What's your opinion? >> I think and I think the acting Secretary of Defense is taking this on and others. We've got to have a way of quickly going, this technology changes every two years or better. Our acquisition cycle is in many years. Continue to streamline the acquisition process. Break through that. Trust that the military and civilian leaders will do the right thing. Hold 'em accountable. You know, making the mistake, Amazon, Jeff Bezos, says a great thing, "Go quickly to failure so we can get "to success." And we in the military say, "If you fail, you're a dummy." No, no, try it. If it doesn't work, go on to success. So don't crush somebody because they failed, because they're going to succeed at some point. Try and try again. Persevere. The, so, I think a couple of things, ensure we fix the acquisition process. Streamline it. And allow Commanders and thought leaders the flexibility and agility to bring in the technology and ideas we need to make this a better military, a better intelligence community, and a better country. We can do this. >> All right. All right, I'm thinking Rosie the Riveter. We can do this. (laughing) >> We can do it. Just did it. >> General Alexander, thank you so much for coming on the show. >> Thank you. >> I'm Rebecca Knight for John Furrier. Stay tuned for more of theCUBE. (electronic music)

(upbeat music) >> Live from San Francisco. It's theCUBE covering RSA Conference 2019, brought to you by Forescout. >> Hey welcome back everybody. Jeff Frick here with theCUBE. We're at RSA North America at the newly opened and finally finished Moscone Center. We're here in the Forescout booth, excited to be here. And we've got our next guest who's been coming to this show for a long, long time. He's Dan Burns, the CEO of Optiv. Dan, great to see you. >> Great to see you too, Jeff. Appreciate you having me on the show. >> So you said this is your 23rd RSA. >> Yeah, somewhere right around there. It's got to be and I don't think I've missed any in between. I've missed some Black Hats in there now and again but RSA is just one of those that that I feel like you got to go to. >> Right, right, so obviously the landscape has changed dramatically so we won't go all the way back 23 years. But in the last couple of years as things have really accelerated with the internet and IoT and OT and all these connected devices, autonomous cars. From a threat perspective and from where you sit in the captain's seat, what are you seeing? What are your, kind of your impressions? How are you helping people navigate this? >> Yeah I appreciate that question, Jeff. So it has changed dramatically. There's no doubt about it. So I got into security in 1996. And that was a long time ago so it's really in the infancy of security. And back in '96 when I remember really studying what security was, and by the way back then it was called information security. Now it's cyber security. But it was really straightforward and simple. There were probably two or three threats and vulnerabilities out there right? Some of the early on one so that's one part of the equation. The second part there were probably two or three regulations and standards out there. No more than that. And then when you went over to kind of the third part of the triad and you talk about vendors and technology there were maybe five or six right? You have McAfee, you have Check Point and you had some of the early, early stage companies that were really addressing kind of simplistic things, right? >> Right. >> Firewalling, URL filtering and things like that. And now you fast-forward to today and it's night and day, so much different. So today when we talk about threats and vulnerabilities there are hundreds of millions, if not billions, of threats and vulnerabilities. Number one, big problem. Number two, regulations standards. There's hundreds of them globally. And number three when you look at our great technology partners here and I think there's probably about 3,500 technology partners here on the floor today. Night and day >> Right. >> Nigh and day from '96 to 2019. And that's created a lot of issues, right? A lot of issues which I'm happy to talk about. >> Yeah, complexity and but you've been a great quote of one of the other things I saw doing the research for this interview. You talked about rationalization >> Yeah. >> and how does a CSO rationalize the world in which you just described because they can't hire their way out of it. They can't buy their way out of it. And at some point you're going to have to make trade-off decisions 'cause you can't use all the company's resources just for security. At the same time, you don't want to be in the cover of the Wall Street Journal tomorrow because you have a big breach that you just discovered. >> Yeah >> How do you help >> it's a balancing act >> How do you help them figure this, navigate these choppy waters? >> Yeah so we think Optiv is in a prime space to do that and place to do that. No doubt about it. So let's talk about the complexity that's out there. Now you look at the landscape. You look at the 25, 35 hundred different technology companies out there today. And when we talk to a typical client and we ask a question. How many vendors, how many OEMs do you have to deal with on an annual basis and the response, of course, depending on the size of the organization but let's just take your average small, mid-sized, enterprise client, the response is somewhere between 75 and 90 partners. And then of course we've got shot on our face. >> Just on the security side? >> Just on the security >> That's not counting all their CRM and all their >> That's not IT, that's not anything. That is just to solve >> 75? >> and build their own security programs. And the next response we get from them is we can't do it, we just can't do it. We spend about 90% of our time acting as if I'm the CSO right now, 90 plus percent of our time working with all of these wonderful, great technologies and partners just to establish those relationships and make sure we're going the right things by them and then by us. And so given this complexity in the marketplace, everything that's going on, it's just a prime scenario for what we call ourselves is a global cyber security solutions integrator, right? Being able to, for a lack of a better term, be the gatekeeper for our clients and help them navigate this complexity that's out there in the space. And so the value that we bring, I talk about it in terms of an equation, right? We're all mathematical in nature, typically people in cyber and so when I think about cyber, I think about equations. And the first equation I think abut is a very simplistic one. It's people, it's process and technology. And you need equal focus on all three of those parts of the equation to truly balance things in a matter where you're building a very effective security program. And historically CSOs have really leaned towards the technology side of that equation. >> Right. And now what we're seeing is a balance like we've got to worry about people, right? We've got to find people with that intelligence and knowledge and know-how and wherewithal, right? And we've got to find companies that have that process expertise, the processes, a means to an end. How do I get to a certain outcome? And so what we bring is the people process and technology. All sides of the equation with the ability in masses to help clients plan, build and run their entire security program or parts of it. >> So how, how is it changed with a couple things like cloud computing. >> Yeah. >> So now I'm sure the bad guys use the cloud just like the good guys use the cloud. So the type of scale and resources that they can bring to bear are significantly higher. Just the pure quantity of and variability using AI and machine learning and as we saw in the election really kind of simple Facebook targeting methods that most marketers use, that work at REI to get you to buy a sleeping bag if you looked at tents on your last way in. So how is the role of AI and machine learning now going to impact this balance? And then of course the other thing is all we see is so many open security jobs. You just can't hire enough people. They're just not there. So that's a whole kind of different level of pressure on the CSO. >> Yeah definitely no doubt about it. And there are few companies that can truly build that have enough budget to address cyber on their own. And those today are typically the large financial right? They're typically given massive budgets. >> Right. >> They have massive teams and they're able to minimize the partnerships and really handle a lot of their own stuff internally and go out for special things. But you look at the typical company, small, mid, even some of the large enterprise companies. No, they can't find the resources. They can't get the budget. They can't address everything. And to your point around digital transformation and what's going on in the world there. And that's probably what continues to support 3,500 technology companies out here. >> Right. >> Right? It's the continuous change >> Right. >> That we see in the industry every single day and of course cloud is one of the most recent transformations and obviously a real one which opens up other threat factors and other scenarios that create new vulnerabilities, and new threats and so that the problem just keeps getting bigger exponentially >> So you come in for another 20 years? Is that what you're saying? (laughing) >> How you're, come for another 20 years. I think though eventually, Jeff, I can remember I kind of poke fun at this a little bit. I can remember I think it was Palo Alto, there was a first company that said, hey we're a platform company. And I think that started happening whatever, it was roughly seven years ago. We're a platform company. And I can remember so many people kind of pooh-poohing that. Right, you're not a, nobody's a platform company. Fair enough, fair enough back then. But I'm going to say, fast-forward to today and that's what it's going to happen, have to happen in this industry, Jeff. >> Right, right. >> Eventually we will have to have some large platform companies that can address multiple things within a client's environment, right? And then there will always be the need to to fill gaps with some of the other great new emerging technologies out there so maybe we won't have 3,500 vendors in ten years. Maybe it's 2,000 so there will be consolidation. There will be the platform play >> Right. >> that happens. >> But then you have the addition of public cloud, right? So now a lot of, a lot of infrastructures, they've got some stuff in public cloud. They still have some stuff on their data center, right? So this is kind of hybrid world. Then you add the IoT thing and the OT connectivity back to the IT which is relatively new. So now if you've got this whole other threat factors that you never had to deal with before at all. It's the machines down on the factory floor. You had been pumping out widgets for a long time that are suddenly connected the infrastructure. So the environment that you're trying to apply security to is really evolving at a crazy pace. >> That is, it's a great industry to be in. (Jeff laughs) Every day I wake up, pitch myself I think all our guys do. >> Right. >> What's amazing, I don't see that slowing down, right? So I think that's why some of that balance continues to be there in the future. One of the things that we're seeing in our industry is companies really trying to take this inside-out approach as opposed to this outside-in approach. And I'll tell you the difference. The outside-in approach is it's all of this chaos, right? It's all the chaos that's behind us and we see it right here. It's everybody telling you what you need >> Right. >> and you build it, you building a security program around what's being fed to you externally as opposed to really taking a step back looking at your organization understanding what your company's initiatives and priorities are, right? And your own company's vision, mission and strategy. And I tell people all the time, I don't care if they're part of our company or any company, first thing you should do is understand the vision and the mission and the strategy of the organization you work for. And so that's part of the inside-out approach. Understanding what your company is trying to accomplish and is a security practitioner really wrapping your arms in your mind around that and supporting those initiatives and aligning your security initiatives to the business initiatives >> Right. >> And then doing it through a risk management type of program and feeding that risk management dashboard and information directly to the board >> Right. >> So. >> So I'm curious how the how you approach the kind of the changes now we have state-sponsored attackers. And how, what they're trying to get and why they're trying to get it has maybe changed and the value equation on your assets, that clearly some assets are super valuable and for some information and some things that are kind of classical but now we're seeing different motivations, political motivations, other types of motivations. So they're probably attacking different repositories of data that you maybe didn't think carry that type of value. Are you seeing >> Yeah. >> kind of a change in that both in the way the attacks are executed and what they're trying to get and the value they're trying to extract then just kind of a classic commercial ransomware or I'm just going to grab some money out of your account. >> Yeah I think, I think you are right. And it kind of goes back to the earlier part of the conversation, the number of devices that the attackers can attack are almost infinite right? >> Right. And especially with the edge right? With IoT it's created this thing we call the edge. Devices on street lights. Devices on meters. Devices here, devices there. >> Right, right. >> So the number of devices they can go for is ever increasing, right? which continues to support the need >> Right. and the cause that we all are a part of. And in the ways they're going to do that is going to change as well. There's no question about it. Yeah, so we've seen different ways of doing it. Yes there's no question about it. Back to the state-sponsored it's kind of stuff the way I look at cyber and probably one of my biggest personal concerns is I think about us, people and family right? We all have family is that cyber and ultimately cyber warfare has created this levity, or equalness in terms of countries, right? Where a country like the U.S. or Russia or somebody with massive resources around physical weapons are now no longer necessarily as powerful as they were. So brevity it's just created this field, leveling playing field. So countries like North Korea, countries like Afghanistan and others have a new opportunity to create a pretty bad situation. >> Right, right. And we haven't seen cyber warfare quote and unquote yet. We would call it something a little because they haven't really used it as a mass weapon of destruction but the threat of that being there >> Right. is creating a more of a even playing field. >> Right. >> And that's one of my biggest concerns like what's the next step there. >> Right, and the other thing is really the financial implications. If you don't do it right, it's beyond being embarrassed on the Wall Street Journal. But right GDPR regulations went into place last year. It's now the California data privacy law that's coming into place. >> Yeah. >> People are calling it kind of the GDPR of California. And that may take more of a national footprint as time moves on. It's weird on one hand we're kind of desensitized 'cause there's so many data breaches right? You can't keep track. We don't actually flip past that page on the wall. >> I can't keep track. But on the other hand there is this kind of this renewed, kind of consumer protection of my data that's now being codified into law with significant penalties. So I wonder how that plays into your kind of risk portfolio strategy of deciding how much to invest. How much you need to put into this effort because if you get in trouble, it's expensive. >> Yeah it is. So can be and it will be and it will get even more expensive. And we're still waiting for the lawmakers to levy some pretty heavy fines. We've seen a few but I think there's going to be more and I think you do have to pay more attention to regulations and compliance. But I think it is a balancing act. Back to our inside-out approach that I was talking about. A lot of companies when PCI came out, as you know, Jeff, a lot of companies were guiding their security program by PCI specifically >> Right. >> and only, and that's a very outside-in approach, right? That's not really accounting for the assets that you were talking about earlier. Not all of them. >> Right. >> Some of them. And so I think that's a great point, right? As a CSO, the first thing you've got to understand is what are your assets? What are you trying to protect? >> Right. And our friends here at Forescout do a great job of giving you the visualization of your network, understanding what your assets are. And then I think the next step is placing a dollar value on that. And not many people do that, right. They're, oh here's my assets. >> You're paying >> This one's kind of important >> This one's kind of important. But to get buy-in from the rest of your organization, you need to force the conversation with your counterparts, with your CFO, with your CMO, with anyone who's a partial owner of those assets >> Right. and make them put a dollar amount on. How much do you think that the data on the server is worth? How much do you think the data on this server, how much do you think, and inventory that is part of the asset inventory. And then I think you've got a much better argument as it relates to getting budget and getting buy-in. >> Right. >> Getting buy-in. And I see it a lot where CSOs tend to be, most tend to be a little bit introverted right? >> Right. >> They'd rather hang out there on the second floor and be there with their team. Take a look at the latest threats. Take a look at what's going on, with their (coughs) logs and their data and trying to solve really critical problems. But my recommendations to CSOs is man, build tight relationships across the entire organization and get out there, be out there, be visible. Get buy-in. Do lunch and learns on why cyber is so critical and how our employees can help us on this journey. >> Right, right. Dan you trip into a whole other category that we'll have to leave for next time which is, what is the value of that data 'cause I think that's changed quite a bit over the last little while. But thanks for taking a few minutes >> Absolutely, Jeff. and hopefully have a good 23rd RSA. >> Thank you very much. >> All right. >> I appreciate it. >> He's Dan, I'm Jeff. You're watching theCUBE. We're at RSA in North America at Moscone at the Forescout booth. Thanks for watching. See you next time. (upbeat music)

(upbeat instrumental music) >> From Las Vegas it's the CUBE. Covering Open Systems, the future is crystal clear with security and SD-WAN. Brought to you by Open Systems. >> Hello everyone and welcome back to the CUBE. We are here in Las Vegas in the Cosmo hotel in the Chandelier bar. Part of Open Systems get together, kind of session of smart people gathered. All part of big week here in Vegas. Garden is having a big event, a lot of things happening. We have Martin Bosshardt who is the CEO of Open Systems who's hosting the event. Thanks for coming on the CUBE. >> Thank you. >> Thanks for joining me. Okay so, I got to get this out there. You guys are in Switzerland headquarters. You've just established big presence in Silicon Valley. >> Right. >> And you've expanding rapidly in Silicon Valley, congratulations. >> Thank you. >> Explain what you guys do, how you started, where you come from and what's the story of Open Systems? >> Well, originally we started as managed security service provider and I managed security infrastructure. We learned, especially if you are doing financial services, security infrastructure, if you try to update you need to go into those data centers. And that is harder to get in there, it's like entering North Korea. So we learned to operate that stuff remotely and that really brought us in more than 180 countries, especially with industry companies. Industry they manufacturing, they started to globalize their value chains, and that really helped us to globalize our foot print. And obviously to do that we used SD-WAN. So we definitely came from the security space, but today we are the largest SD-WAN, standardize SD-WAN platform we a fully integrated security staff. >> So how big is the company roughly people-wise? What's a... >> We are 200 plus people currently, and a 50 plus million revenue this year. >> How big, sounds like the customers are really large complex data centers with a lot of offices and facilities. Is that your makeup of your customer base right now? >> Our customer base really is, I think, I mean obviously financial services that's always if you start in Switzerland a company, the financial services is very important. But then also, industry, manufacturing is especially companies with globalized value chains are very interested in our services. Because you have serious complexity from regulatory point of view, but also from operational point of view to operate SD-WAN in a secured way. So this is really our sweet spot. >> So explain the difference between SD-WAN old way and the new way, because SD-WAN was simply connecting branch offices together, basic networking stuff. Mean its like connectivity. So today is much more complex. What's the difference between the SD-WAN environment thing, because there is a resurgence with SD-WAN. With cloud computing, with the internet, obviously with secure issues, it's a whole different ball game. Explain the difference between the old way and the new way. >> Well the old way was it just connected occasions and then you piped traffic through a VPN, right. And I think we learned a lot about what SD-WAN is really capable to do when we start to work for the NGO Space, when you use a lot of satellite traffic. It's very expensive to pipe everything through the satellites, so you need to slice the traffic into important stuff, less important stuff and then you decide what are you going to route through the satellite and what you going to route terrestric. And this is really where the whole magic of SD-WAN comes from. You certainly have to, the freedom to route traffic application based in a very different way. So, you're not bound to protocols anymore, so you really can route your Office 365 traffic different than your Facebook traffic. You can route, you can priortize. >> So you can differentiate between the traffic types first. That was a first, discovery. >> That was important for us, because we managed infrastructure and obviously you don't want to create congestion by managing infrastructure. So, it is really about, what traffic is important? What traffic is time critical? >> Yeah. >> And route, depending on the application needs, traffic differently. >> Yes, cost is always a big motivator. But for innovation. >> Cost performance. It's always cost performance, right? >> So, I get that's awesome and by the way that's how startups figure out innovations that don't have a lot of capital. They figure it out by being effective and making things work. When did the security piece click in for you guys? When you guys saw SD-WAN, when was the moment you said, "Okay we are going to do all these things to save costs and do this kind of routings and these kinds of policy based". I'm over simplifying, but you know what I'm saying. When did security become important? Was it from the beginning? Was it a discovery? Was it something that was a, you just caught the wave? Explain how you guys became so prolific in your product with security. >> We definitely, we came sort of from the security space and the SD-WAN was something we used to operate security infrastructure. So it's maybe, we looked at it a little bit different, but at the end of the day, SD-WAN creates so much opportunities for companies. And I believe the whole cloud movement is creating so many opportunities for companies to move fast, to create growth. Also, if you think IoT, it creates whole different business models for almost all enterprise organizations. >> Talk about the business model, that's important, because go ahead finish your thoughts. >> And now the question is, How can you embrace all that growth and managing the risks? And that's what's happening right now. We help customers to combine the security. >> So one of the things we were here last week for Amazon re:Invent big event for Amazon web services and they announce a non-premise product. No one thought they were ever going to do that. So I asked the CEO there why they were doing that, essentially he said, "latency kills". Certain latency is now the new problem. You learned that from the satellite situation where cost and latency are really important factors in determining how you architect things. But then you realize that the business models are shifting. So, I ask you, as you have need for security and low latency, people are looking for direct connections. They don't want to route traffic through internet. Who knows where it's going to go though, China? It's all these hidden problems. >> Yeah, and you know I agree basically. Latency kills, but I also disagree, because there are applications where latency is not an issue, like email. I mean you couldn't care less about latency in email. >> In fact don't deliver it. (laughs) >> But at the same time it's really important that a network understands not only how it routes, it also understands what it routes. And that is the power of SD-WAN, so you really can route different applications in different routes. >> Right time, right place kind of thing. >> Exactly and then it depends where it's consumed, where it's delivered and where do you route those >> Talk about your business model now, you got a U.S. Why the U.S. expansion? Is it right for growth? Is it a natural progression? What's the strategy, Why U.S. expansion? >> Actually, what we see the U.S. is moving very fast to the cloud right now and this is an opportunity for us to really support that, I would call it transformation. It's really an industry transformation is happening right now and we just in Europe maybe to bring down the cost of connectivity. That's still more of a business driver, and obviously, that's always exciting to bring down costs. But if you move to cloud, you really have to rethink your network structure and also you have to rethink your security posture. So this is just a way of opportunity. >> Martin, I got to ask you honestly, I've been kind of checking around Silicon Valley and you guys have a good vibe and good buzz. Certainly great reputation in Switzerland, great product, great work, but you are attracting kind of new talent from the Bay area, Cisco in particular. A lot of these high-powered people. Networking guys, developers. Who are you guys looking to attract into your office as you expand, I know you got a lot of openings. It's not a recruiting plug, but I mean as you look to put the team together, What are you guys looking for? What's the kind of individual? What's the culture of your company? What's the kind of things people can expect if they work there? >> I mean we are focused on, we just want to create the most amazing networks in a secured way. And I believe this is very attractive, what we've created the last couple of years. And that is also attractive for talent in Silicon Valley. But obviously, it's a competitive market. But it's all over the world, it's competitive market. And I believe, especially going to the market and understanding what the world needs. That's very powerful in Silicon Valley. The eco-system is very powerful, so for us is clear. We want to be there, we want to play a role. >> That's awesome, we look forward to doing more content. Final question for you, If you could have to nail down the core problem that you guys are trying to solve. As the world evolves, the landscape continues, the world gone global. You're seeing all kinds of needs, all kinds of intelligence. What have the top problems that your team is working on, to continue to iterate and solve, What are the big things you are trying to nail down? >> We want to make it for a customer very easy to consume a secure SD-WAN. And that sounds maybe simple, but it's not. To operate an SD-WAN in a secure way is really challenge. So most companies operate like 40, 50 different products to achieve that. >> Yeah. >> And we us it's like subscribing a service. >> Quick plug last minute, What's your product? 'Cause you have a deal with multiple vendors. Is this a SAS product, on-premise, cloud? >> It's a SAS, on prem available and it's availa6ble in all major cloud (mumbles), like Azuren and Amazon. So it's in all clouds premises working. >> You're literally Switzerland, for the cloud. (laughs) >> Yeah. >> They use that expression in the United States a lot. >> Yeah. >> We're Switzerland, we're neutral. >> Yeah, we're Switzerland, we're neutral. We're actually very neutral and also... >> But seriously, you can work with, if I'm the customer >> Right. >> I have multiple clouds, I have multiple vendors. I have a ton of security products. Can I use you guys? >> Right, yeah it's simple. I mean we are already a platform so we use many security products and orchestrate so they work together. >> What are the common things you get from customers that have been successful with you. And I don't want to say single (mumbles) lessons that is an old IT expression, but the world has to be smarter, faster, dashboard oriented, AP harden, APIs, a lot of data traversal. What's the ideal end state for your customers, when you guys are successful? >> You have to repeat that question. >> From a customer, what's the value purchase to me? Am I saving time? Am I integrating multiple devices? >> You save a lot of time, you save a lot of money. And I believe the most important thing is, we see ourself as weapon in a war for talent. It's just impossible for our customers to find the talents to really operate that stuff in a good way. And we make that much easier. So obviously, you cannot outsource security, but you can make security easy, manageable and that's where we... >> And operational, make it work. >> And operational, make it work, and that's I believe the key already. >> Well Martin, congratulations on the expansion strategy. Real quick, What's going on in Vegas for you guys here? What are you guys here talking about? What's the big story here for you guys? >> Well basically, obviously, we grow very fast so we also use this to bring together people. But then also, everybody is here right now. It's great to see winners, it's great to see partners. It's great to see competitors, so it's just important to understand the market. It's also, there are worst place in the world to be. >> Yeah. >> In Las Vegas. >> Build those relationships, thanks so much for coming on the CUBE, really appreciate it. >> Thank you so much. >> I'm here with the CEO of Open Systems from John Furrier the CUBE, we are here at the Chandelier bar at the Cosmo. We are just getting started, we got a couple bunch more interviews still to come. We just had the FBI on, really importa6nt conversations around security, cybersecurity, enterprise security, and how to make SD-WAN work. We'll be right back with more. Stay with us after this short break. (techno music)