(upbeat music) >> Announcer: New York City. It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify, and the Institute For Critical Infrastructure Technology. >> Hey, welcome back everyone. This is theCUBE, live in New York City, in Manhattan. We're here at the Grand Hyatt Ballroom for CyberConnect 2017. Inaugural event presented by Centrify. I'm John Furrier, with my co-host Dave Vellante, both Co-Founders of SiliconANGLE Media. Our next guest is Parham Eftekhari, who's the Co-Founder and Senior Fellow of ICIT. Also part of the team and the lead around putting the content agenda together. These are the guys who put it all together. Really inaugural conference, great success. Turns out, you know we (laughs), we talked about it was going to be big, it was going to be huge. By the numbers, it's just a great beachhead, the right people showed up. Welcome to theCUBE, thanks for joining us. >> Yeah, thank you for having me, excited to be here, good to chat with you again. >> So, we, before the event started, just, you know, a couple months ago when we were talking about the event, we're like, this is, love the name, first event of its kind. Always wondering, you know, will people show up? Right, you know? >> That's right, first-time events, we've talked about this before, there are so many cyber security events out there, and so many organizations competing for a limited time and resources. So, I think to have a, an event like this be such a big success in the first time speaks to the quality of the content, and, you know, Centrify's role and ICIT's role in putting it together. >> I want to give you guys congratulations, to you and your partner, for running a really amazing company and event. You guys go big by thinking small, by being small, being relevant. Your model and how you do business earns trust, it's very community-driven. Same ethos as what we believe in. So, wanted to give you props for that. >> Parham: Thank you. >> It's not usual you see great execution thinking about your audience and constituents, so congratulations. >> Thank you. >> Okay, so, with that, you've got a lot of heavy hitters in your rolodex, you guys got a great community, big names. General's up there, you have big time SiSoS. >> Parham: Yeah. >> What's the vibe? I mean, you guys are dealing with this profile persona all the time. What's on the minds? I mean, obviously the General's banging his fist on the table, virtual table, or he's holding his coffee cup, telling war stories, he's basically saying, if we don't get our act together, industry and government... >> Yeah, well, I think what's happening today, and you know the business of the Institute, we're a research-driven organization, so as an organization that provides objective research, we have the fortunate position to be able to advise to some of these commercial and public sector leaders. And so, in that advisory, we have a really good sense on the pulse of the community. And we're able to hear directly from these individuals, we don't have to look at market research studies, we don't have to look at what some of these third-party groups are talking about. We're able to communicate directly, and we can actually see and feel their feedback to what we're discussing. >> There's no lag to your model, you have your fingers on the pulse. What is it telling you? Obviously, we heard the message here, there's some work to be done, there's some technical core fundamental infrastructure things, there's application-specific things, obviously the threats aren't stopping. >> Parham: That's right. >> What are the, what's-- >> If you look at the program that was built, it really does mirror the way that the Institute believes we need to approach solving these issues. And that comes with a layered security strategy. And so, oftentimes you'll go to these events, and we understand that there's organizations that are looking to make this into more of a marketing opportunity for them. So, unfortunately, the curriculum and content only touches one or two core competencies, which obviously really underscore what the sponsors do. What we've done here at CyberConnect, which is why Centrify's such a great partner, they understand that they may be one of the world's leading identity access management organizations, but they know for us to have a cyber security renaissance and actually make that quantum leap that the General and some of the executives that you were mentioning were discussing all day, we need to have a number of different technologies discussed, and have that education talk about things like the use of machine-learning based artificial intelligence. Talk about how technology can enable automation. Talk about identity access management. Talk about, like we just heard Terry Gravenstein, talk about the importance of building a culture of trust, right? Security has a human element to it, people's one of the biggest problems we have. So, I think this is one of the reasons why this event, to your point earlier, is such a big success only the first year out. >> Parham, we heard a lot today about sort of the partnership, really the imperative, of government and commercial enterprises working together. You do a lot of work in the government. And there seems to be, anyway our impression is, there's a heightened sense of security, for obvious reasons. And, board levels in the commercial side have really tuned in to security. But still, organizations seem to be struggling with what's the right regime. You know, it used to be just an IT problem, or a security team problem, and as you really pointed out many, many times at this event, it's everybody's problem. >> Parham: Yeah. >> So, what are you seeing in terms of, things that commercial enterprises can learn from government, particularly from the top, in the top down initiative. >> Yeah, I think one of the themes you've heard discussed several times today is, and Terry again just talked about us having a seat at the table, I think there's so much media discussion about cyber security. You know, all of our families, our moms, our grandparents, are understanding that cyber security is a major issue. We're even starting to get some more general consensus that cyber security is a national security imperative. And, so I think this is helpful. I think now we have to start to, as cyber security practitioners, we have to speak in the language that resonates with, so, if you're talking to a chief operating officer, and trying to educate them on the impact of ITOT convergence, then you have to speak in the terms that a COO is interested in, versus a CFO, versus your CIO, versus your Board of Directors. So I think language matters, vocabulary matters. And I think it's one of the things that we see, we see starting to percolate up in some of the conversations that we're having. >> Given that humans are the main problem, I mean we all have this assumption, we talk about it in theCUBE all the time, but oh my gosh, internet of things is going to create this huge space of people to attack, a huge attack vector. But if the humans aren't managing the devices, is there potentially an upside there, if that makes sense? >> Yeah, so, you know, I think it all goes back to, tomorrow morning, we'll hear from Dr. Ron Ross and David from Centrify. And they're going to be talking about security by design. In this, Dr. Ross actually put out a paper, 800-160, which really talks about the importance of building better systems, devices, products. So, I think that we are moving towards automation, we're moving towards machine learning, we already see it impacting a lot of our society, and even down to the, to your point, the IoT devices. We just put out a paper about cyborgs and the use of embedded devices in an actual, in humans, trans-humanism. This is all a, this, this ship has, the train has left the station, I guess you could say. I think what's important now is to not make the same mistakes we did the first go around, and pause and not put profits over security and privacy, and actually understand that, if we can't build it with security, certain security requirements there, then we can't get that functionality, or it may not cost the price point that we want it to cost, which may, you know, have it be more affordable for consumers. So I think we have to re-prioritize. >> US companies generally have not taken that pause and put security over profits. It's really been the reverse. And many would say, okay, but it's actually worked out pretty well for US companies, they dominate the technology industry. What do you say to those folks that say, well, profits are actually more important? >> Well, I think, I think it depends, when you say it worked out well, I think if you look at all those individuals that have been impacted by the breaches, I think that's where people are really starting to understand how it's impacting us, and going back to my comment about the national security side, this is no longer just about being able to steal your PII, and maybe doing some fraud in terms of identity theft and what not. When we're talking about meta-data and capitalistic dragnet surveillance, and now if you're looking at who is stealing and curating this information, it could be special interest groups, could be nation states, so now this becomes a much larger issue and a much larger challenge. >> So it's a ticking timebomb, is essentially what you're saying. And so that begs the next question: does really government have to get involved, to begin to impose its will, if you will, on commercial organizations? >> Yeah, I think what's going to happen, and actually we were talking about this at lunch with General Alexander earlier today, it's going to be a balance. You know, the government will be getting involved, they are getting involved, there's a lot of legislation being passed that truly is trying to make a bi-partisan push to address some of these issues. But I think, ultimately, that's going to be, as the General kind of said earlier, it's just going to be the government beating these, these folks virtually on the head until they start to do some self-governance and self-regulation. >> Parham, talk about your relationship with the General, vis-a-vis, this event. I see he had a great keynote, inspiring us, he moved a lot of people, talked about the general common defense versus civil liberties balancing privacy, as you mentioned. What more can you share about some of the things that he sees and feels strongly about, that you guys are seeing in your research in the Institute, because this is interesting, because you got a guy who says, "I'm an Army guy," right, who's now looking through the prism of the future, with past history at the NSA Command Center, Cyber Command Center. >> Yeah. >> He's got a pretty interesting view, and he sees both sides of the coin. >> Yeah. >> You guys are seeing that, people in the tech business are like deer in the headlights. We saw Twitter, Facebook and Alphabet, you know, like (groans). And then the center's trying to grock what Twitter does. >> Parham: Yeah. >> So, I mean, you have this generational gap, you also have historical analog to digital transformation going on. This is a societal impact, this is pretty huge. What does the General truly feel, what's his vision, what's his point of view these days? >> So, I'm not going to speak for the General, I wouldn't dare do that, but I will say that, if you listen to his comments on stage, one of the things he does talk about, and where our relationship is very strong, is the importance of public-private sector collaboration. The General actually received our pinnacle, I'm sorry, was named our pioneer last year at our gala which is actually happening in a couple of days in Washington, DC. And he really, if you listen to his message, he underscores the importance of collaboration, not just within a sector, not just within government, but cross-sector and between public-private sector, and between technology providers and government and legislative community. So, I think one of the things that I am comfortable saying is that, he would encourage more collaboration, and more information sharing, and more trust among the sectors to work together to solve these problems. >> How should people measure success in this business? >> That's a loaded question. I think, I think success needs to be, at this stage, incremental. I think that we need to be realistic in terms of how much quote success can we achieve overnight. We've, as we mentioned earlier, the ship has sailed, and so I think we need to do multiple things simultaneously. We, of course, do need to continue to implement technology and strategies that detect and respond to threats. But I personally would say that the true success is going to really be accomplished when we start to deploy strategies and re-prioritize so we're actually building more secure systems, more secure devices. I think that's going to be... Needs to go hand-in-hand, and we'll hear a lot about that tomorrow with Dr. Ross. >> Would that imply that, either, you know, the rate of growth of breaches starts to moderate, or the amount of data or loss, revenue dollars lost, begins to, you know, slow down its growth rate or-- >> Yeah, at some point that's absolutely going to be the goal, I think that-- >> Is that a reality though, I mean given that everything is growing so fast in our business? >> Oh, yeah, I'm an eternal optimist. I think absolutely, we'll get there. I can't tell you the timeframe, but I do know that venues like this, and the work that ICIT is doing, is really important to getting us to that point. Until we get folks in the media and on Capitol Hill and in federal agencies talking about these issues, so then it's not just the security folks who are focused on this, but a broader group. >> Yeah, and I think that's the opportunity, and as we wrap up day one here, education and content value is what we're seeing. You guys see that all the time, I know I'm preaching to the choir. But again, looking at mainstream media and some of the techniques that the Russians and other states have used to implement means and the election conversations, it's being gamified, we know that. So, the media picks up on it because there's identity politics going on. So, I think there needs to be a wake-up call, I mean, I think the educational process is critical. >> Yeah. >> What's next? >> And, and, and that's where, you know, we feel very fortunate to be in the position that we're in, because ICIT is a neutral, third-party, non-profit, and non-partisan research organization. So what we're doing is putting out content. We're not, we're not, the... I should say it this way, the information comes out-- >> You've no agenda in terms of how to capture? >> Yeah, exactly. >> It's all transparent. >> Our, our, our agenda is national security. Our agenda is improving the security of our nation's critical infrastructure sectors, improving resiliency. And providing trusted advisory to these various stakeholders. >> Well, getting the people here on theCUBE, and having you guys come on, and doing this great event really get, opens up the door for more voices to be heard. >> Parham: Absolutely. >> And we heard from your partner, had some great things to say. This has got to get out there, so the people, the press can report on it-- >> Parham: That's right. We'll turn on the cameras. >> Parham: Yeah. >> Dave, what's your take on the event here? Obviously, as an inaugural event, what's your analysis? >> Well, I mean, we touched on some big topics, right? I mean, the General, in particular, was talking about collaboration with the FBI, you know, Sony came in. >> John: The role of government. >> Privacy, ACLU, Jeffrey Stone. I think, you know, my big takeaway, as we were just discussing, was... And the General said that Sony, for example, he gave that example, can't do it alone. And I, we've been saying this for a while. And John, you predicted this, you said a while back that, that the government's processes, technologies, know-how, is going to seep into commercial businesses. As it has so often. I mean, you look at, you know, space launch, you know, radar, nuclear energy, the internet, et cetera. And I think security, cyber security, is such a big problem, only the government can help solve this problem. >> Well, the government's always been dealing with the moving train, and the corporations and the enterprise have traditionally been buying shrink-wrapped software loaded on a server that's evolved to buying more servers that have been pre-integrated with software. And buying silver bullet solutions, and then leave it alone until something breaks, and then fixes it. And I think, you know, when we were talking and looking at this event, my takeaway here is, the moving train is never going to stop, and the shifting of the game is going to be a cat-and-mouse, good versus bad, new technology versus reality. Open source certainly accelerated the role of the public domain. Treasure troves of information are being amassed, whether it's WikiLeaks or in the open source. This is a problem, and then there's no real, like, real creative solutions. I am not seeing anything. So, to me, this event takeaway is that, this is the first time a step has been taken to saying, whoa, holistic big picture. What is the architecture of a global society, where nation states can compete with no borders. >> Yeah. >> In a digital, virtual space, be effective, have freedom, and then respect for the individual. I mean, no one's ever had that conversation. >> Yeah, well we're excited to have it. We've gotten really great feedback from just some of the conversations that we're hearing in the hallway, as people are taking, learning actionable intelligence, where I can actually take this and instill it. I think a lot of people are actually being inspired, and that's something we need, especially in an industry where every day is about how, you know, cyber security folks don't get in the news when nothing happens. There's a commercial, I think it's an IBM commercial, right, where it's, my, my, nothing happened at work for my dad today, right? That never happens, it's always about what does go wrong, so I think we need to be inspired and motivate ourselves. >> Well, one of the things that we're excited about, as you know, we're community-model like you guys are. You look at some of the early indicators of how blockchain, and even though it's kind of crazy, you know, bubbly with the ICOs and cryptocurrency and overall blockchain, it all comes down to the common thread. We see an open source software over multiple generations, we're seeing it in blockchain, we're seeing it in security. Community matters. And I think the role of individuals and communities will be a big part of the change, as a new generation comes up. Really fundamental, so congratulations. >> Parham: Absolutely, thank you. >> Okay, Parham here's inside theCUBE for our wrap-up of day one of CyberConnect 2017. I'm John, with Dave Vellante. Thanks for watching. (synthesizer music)

(clicking noise) >> Hello, I'm John Furrier, SiliconANGLE media, co-host of theCUBE. We are here on the ground in, here in Santa Clara, California, Centrify's headquarters, with Tom Kemp, the CEO of Centrify, and Parham Eftekhari, who's the co-founder and senior fellow of ICIT, which is the Institute of Critical Infrastructure Technologies, here to talk about security conversation. Guys, welcome to theCUBE's On the Ground. >> Thank you. >> Great to be here. >> Great to see you again, Tom. >> Yeah, absolutely. >> And congratulations on all your success. And Parham, GovCloud is hot. We were just in D.C. with Amazon Web Services Public Sector Summit. It's gotten more and more to the point where cyber is in the front conversation, and the political conversation, but on the commercial side as well. There's incidents happening every day. Just this past month, HBO, Game of Thrones has been hijacked and ransomed. I guess that's ransom, or technically, and a hack. That's high-profile, but case after case of high-profile incidents. >> Yeah, yeah. >> Okay, on the commercial side. Public sector side, nobody knows what's happening. Why is security evolving slow right now? Why isn't it going faster? Can you guys talk about the state of the security market? >> Yeah, well, ya know, I think first of all, you have to look at the landscape. I mean, our public and private sector organizations are being pummeled every day by nation states, mercenaries, cyber criminals, script kiddies, cyber jihadists, and they're exploiting vulnerabilities that are inherent in our antiquated legacy systems that are put together by, ya know, with a Frankenstein network as well as devices and systems and apps that are built without security by design. And we're seeing the results, as you said, right? We're seeing an inundation of breaches on a daily basis, and many more that we don't hear about. We're seeing weaponized data that's being weaponized and used against us to make us question the integrity of our democratic process and we're seeing, now, a rise in the focus on what could be the outcome of a cyberkinetic incident, which, ultimately, in the worst case scenario, could have a loss of life. And so I think as we talk about cyber and what it is we're trying to accomplish as a community, we ultimately have a responsibility to elevate the conversation and make sure that it's not an option, but it is a priority. >> Yeah, no, look, I mean, here we are in a situation in which the industry is spending close to 80 billion dollars a year, and it's growing 10 percent, but the number of attacks are increasing much more than 10 percent, and as Parham said, you know, we literally had an election impacted by cyber security. It's on the front page with HBO, et cetera. And I really think that we're now in a situation where we really need to rethink how we do security in, as enterprises and as even individuals. >> And it's seems, talking about HBO, talking about the government, you mentioned, just the chaos that's going on here in America, you almost don't know what you don't know. And with the whole news cycle going on around this, but this gets back to this notion of critical infrastructure. I love that name, and you have in your title 'ICIT,' Institute of Critical Infrastructure, because, ya know, and certainly the government has had critical infrastructure. There's been bridges, and roads, and whatnot, they've had the DNS servers, there's been some critical infrastructure at the airports and whatnot, but for corporations, the critical infrastructure used to be the front door. And then their data center. Now with cloud, no perimeter, we've talked about this on theCUBE before, you start to change the notion of what critical infrastructure is. So, I guess, Parham, what does critical infrastructure mean, from a public and commercial perspective? Tell me, you can talk about it. And what's the priorities for the businesses and governments to figure out what's the order of operations to get to the bottom of making sure everything's secure? >> Yeah, it's interesting, that's a great question, you know, when most people think about critical infrastructure as legacy technology, or legacy's, you know, its roads, its bridges, its dams. But if you look at the Department of Homeland Security, they have 16 sectors that they're tasked with protecting. Includes healthcare, finance, energy, communications, right? So as we see technology start to become more and more ingrained in all these different sectors, and we're not just talking about data, we're talking about ICS data systems. A digital attack against any one of these critical infrastructure sectors is going to have different types of outcomes, whether you're talking about a commercial sector organization, or the government. You know, one of the things that we always talk about is really the importance of elevating the conversation, as I mentioned earlier, and putting security before profits. I think, ultimately, we've gotten to this situation because a lot of companies do a cost-benefit analysis, say, "You know what? I may be in the healthcare sector, "and ultimately it'll be cheaper for me to be breached, "pay my fines, and deal with potentially even the "loss to brand, to my brand, in terms of brand value, "and that'll cheaper than investing what "I need to to protect my patients and their information." And that's the wrong way to look at it. I think now, as we were talking about this week, the cost of all this is going higher, which is going to help, but I think we need to start seeing this fundamental mind-shift in how we are prioritizing security, as I mentioned earlier. It's not an option, it must be a requisite. >> Yeah, I think what we're seeing now, is in the years past, the hackers would get at some bits of information, but now we're seeing with HBO, with Sony, they can strip mine an entire company. >> They put them out of business. >> Exactly. >> The money that they're doing with ransomeware, which is a little bit higher profile, ransomware, I mean, there's a specific business outcome, here, and it's not looking good, they go out of business. >> Oh, absolutely, and so Centrify, we just recently sponsored a survey, and nowadays, if you announce that you got breached, and you have to, now. It's 'cause you have to tell your shareholders, you have to tell your customers. Your stock drops, on average, five percent in a day. And so we're talking about billions of dollars of market capitalization that can disappear with a breach as well. So we're beyond, it's like, "Oh, they stole some data, "we'll send out a letter to our customers, "and we'll give 'em free Experian for a year." Or something like that." Now, it's like, all your IP, all the content, and John, I think you raised a very good point, as well. In the case of the federal government, it's still about the infrastructure being physical items, and of course, with internet a thing since now it's connected to the internet, so it's really scary that a bridge can flip open by some guy in the Ukraine or Russia fiddling with it. But now with enterprises, it's less and less physical, the store, and we're now going through this massive shift to the cloud, and more and more of your IP is controlled and run. It's the complete deperimeterization that makes things every more complicated. >> Well it's interesting you mentioned the industrial aspect of it, with the bridge, because this is actually a real issue with self-driving cars, this was on everyone's mind, we were just covering some content, covering Ford's event yesterday in San Francisco. They got this huge problem. Ya know, hacking of the cars. So, industrial IOT opens up, again, the surface area, but this kind of brings the question down to customers, that you guys have or companies or governments. How do they become resilient? How do they put steps in place? Because, you know, I was just talking to someone who runs a major port in the U.S., and the issues there are maritime, right? So you talk about infrastructure, container ships, obviously worry about terrorists and other things happening. But just the general IT infrastructure is neanderthal, it's like, 30 years old. >> Yeah. >> So you have legacy infrastructure, as you mentioned, but businesses also have legacy, so how do you balance where you are? How do you know the progress bar of your protection? How do you know the things you need to put in place? How do you get to resilience? >> Yeah, but see, I think there also needs to be a rethink of security. Because the traditional ways that people did it, was protecting the perimeter, having antivirus, firewalls, et cetera. But things have really changed and so now what we're seeing is that an entity has become the top attack vector going in. And so if you look at all these hacks and breaches, it's the stealing of usernames and passwords, so people are doing a good job of, the hackers are social engineering the actual users, and so, kind of a focus needs to shift of securing the old perimeter, to focusing on securing the user. Is it really John Furrier trying to access e-mail? Can we leverage biometrics in this? And trying to move to the concept of a zero-trust model, and where you have to, can't trust the network, can't trust the IP address, but you need to factor in a lot of different aspects. >> It's interesting, I was just following this blog chain because we've been covering a lot of the blog chains, immutable and encrypted, the wallets were targets. (laughing) Hey, this Greta the Wall, where they store the money. Now we own that encrypted data. So, again, this is the, hackers are fast, so, again, back to companies because they have to put if they have shareholder issues, or they have some corporate governance issues. But at the end of the day, it's a moving train. How does the government offer support? How do companies put it in place? What do they need to do? >> Yeah, well, there's a couple of things you can look at. First of all, you know, as a think tank, we're active on Capital Hill, working with members of both minority and majority sides, we're actively proposing bipartisan legislation, which provides a meaningful movement forward to secure and address some of the issues you're talking about. Senator Markey recently put out the Cyber Shield Act, which creates a type of score, right? For a device, kind of like the ENERGY STAR in the energy sector. So just this week, ICIT put out a paper in support of an amendment by Senator Lindsey Graham, which actually addresses the inherent vulnerabilities in our election systems, right? So there's a lot of good work being done. And that really goes to the core of what we do, and the reasons that we're partnering together. ICIT is in the business of educating and advising. We put out research, we make it freely available, we don't believe in com`moditizing information, we believe in liberating it. So we get it in the hands of as many people as possible, and then we get this objective research, and use it as a stepping stone to educate and to advise. And it could be through meetings, it could be through events, it could be through conversation with the media. But I think this educational process is really critical to start to change the minds of-- >> You know, if I can add to that, I think what really needs to be done with security, is better information sharing. And it's with other governments and enterprises that are under attack. Sharing that information as opposed to only having it for themselves and their advantage, and then also what's required is better knowledge of what are the best practices that need to be done to better protect both government and enterprises. >> Well, guys, I want to shift gears and talk about the CyberConnect event, which is coming up in November, an industry event. You guys are sponsoring, Centrify, but you guys are also on the ball, there's a brand new content program. It's an independent event, it's targeted to the industry, not a Centrify user group. Parham, I want to put you on the spot before we get to the CyberConnect event. You mentioned the elections. What's the general, and I'm Silicon Valley and so I had to ask the question 'cause you're in the trenches down in D.C. What is the general sentiment in D.C. right now on the hacking? Because, I was explaining it to my son the other day, like, "Yeah, the Russians probably hacked everybody, "so technically the election "fell into that market basket of hats." So maybe they did hack you. So I'm just handwaving that, but it probably makes sense. The question is, how real is the hacking threat in the minds of the folks in D.C. around Russia and potentially China and these areas? >> Yeah, I think the threat is absolutely real, but I think there has to be a difference between media, on both sides, politicizing the conversation. There's a difference between somebody going in and actually, you know, changing your vote from one side to the other. There's also the conversation about the weaponization of data and what we do know that Russia is doing with regards to having armies of trolls out there or with fake profiles, and are creating faux conversations and steering public sentiment of perception in directions that maybe wasn't already there. And so I think part of the hysteria that we see, I think we're fearful and we have a right to be fearful, but I think taking the emotion and the politics out of it, and actually doing forensic assessments from an objective perspective to understanding what truly is going on. We are having our information stolen, there is a risk that a nation state could execute a very high-impact, digital attack that has a loss of life. We do know that foreign states are trying to impact the outcomes of our democratic processes. I think it's important to understand, though, how are they doing it and is what we're reading about truly what's happening kind of on the streets. >> And that's where the industrial thing you were kind of tying together, that's the loss of life potential, using digital as an attack vector into something that could have a physical, and ultimately deadly outcome. Yeah, we covered, also that story that was put out, about the fake news infrastructure. It's not just the content that they're making up, it's actually the infrastructure fake news. Bionets, and whatnot. And I think Mike Rowe wrote a story on this, where they actually detailed, you can smear a journalist for 40K. >> Yeah. >> These are actually out there, that are billed for specifically these counter... Programs. >> As a service. You know, go on a forum on the Deep Web and you can contract these types of things out. And it's absolutely out there. >> And then what do you say to your average American friends, that you're saying, hey, having a cocktail with, you're at a dinner. What's going on with security? What do you say to them? You should be worried, calm down, no we're on it. What's the message that you share with your friends that aren't in the industry? >> Personally, I think the message is that, you know, you need to vigilant, you need to, it may be annoying, but you do have to practice good cyber hygiene, think about your passwords, think about what you're sharing on social media. We'd also talk, and I personally believe that, some of these things will not change unless we as consumers change what is acceptable to us. If we stop buying devices or systems or apps based on the convenience that it brings to our lives, and we say, "I'm not going to spend money on that car, "because I don't know if it's secure enough for me." You will see industry change very quickly. So I think-- >> John: Consumer behavior is critical. >> Absolutely. That's definitely a piece of it. >> Alright, guys, so exciting event coming up, theCUBE will be covering the CyberConnect event in November. The dates, I think, November-- >> Sixth and seventh. >> Sixth and seventh in New York City at the Grand Hyatt. Talk about the curriculum, because this is a unique event, where you guys are bringing your sponsorship to the table, but providing an open industry event. What's the curriculum, what's the agenda, what's the purpose of the event? >> Yeah, Tom. >> Okay, I'll take it, yeah. I mean, historically, like other security vendors, we've had our users' conference, right? And what we've found is that, as you alluded to, that there just needs to be better education of what's going on. And so, instead of just limiting it to us talking to our customers about us, we really need to broaden the conversation. And so that's why we brought in ICIT, to really help us broaden the conversation, raise more awareness and visibility for what needs to be done. So this is a pretty unique conference in that we're having a lot of CSOs from some incredible enterprise, as well as government. General Alexander, the former of the Cyber Security Command is a keynote, but we have the CSO of Aetna, Blue Cross involved, as well. So we want to raise the awareness in terms of, what are the best practices? What are the leading minds thinking about security? And then parallel, also, for our customers, we're going to have a parallel track where, if they want to get more product-focused technology. So this is not a Centrify event. This is an industry event, ya know. Black Hat is great, RSA is great, but it's really more at the, kind of the bits and bytes-- >> They're very narrow, but you are only an identity player. There's a bigger issue. What about these other issues? Will you discuss-- >> Oh, absolutely. >> Yeah, well-- >> Is it an identity or is it more? >> It actually is more, and this is one of the reasons, at a macro level, the work that we've done at Centrify, for a number of years now. You know, we have shared the same philosophy that we have a responsibility, as experts in the cyberspace, to move the industry forward and to really usher in, almost a cyber security renaissance, if you will. And so, this is really the vision behind CyberConnect. So if you look at the curriculum, we're talking about, you know, corporate espionage, and how it's impacting commercial organizations. We're talking about the role of machine-learning based artificial intelligence. We'll be talking about the importance of encrypting your data. About security by design. About what's going on with the bot net epidemic that's out there. So there absolutely will be a very balanced program, and it is, again, driven and grounded in that research that ICIT is putting out in the relationships that we have with some of these key players. >> So you institute a critical infrastructure technology, the think tank that you're the co-founder of. You're bringing that broader agenda to CyberConnect. >> That's correct, absolutely. >> So this is awesome, congratulations, I got to ask, on the thought leadership side, you guys have been working together. Can you just talk about your relationship between Centrify and ICIT? So you're independent, you guys are a vendor. Talk about this relationship and why it's so important to this event. >> Well, absolutely. I mean, look, as a security vendor, you know, a lot of, a big percentage of security vendors sell into the U.S. federal government, and through those conversations that a lot of the CSOs at these governments were pointing at us to these ICIT guys, right? And we got awareness and visibility thought that. And it was like, they were just doing great stuff in terms of talking about, yes, Centrify is a leading identity provider, but people are looking for a complete solution, looking for a balanced way to look at it. And so we felt that it would be a great opportunity to partner with these guys. And so we sponsored an event that they did, Winter Summit. And then they did such a great job and the content was amazing, the people they had, that we said, "You know what? "Let's make this more of a general thing and "let's be in the background helping facilitate this, "but let the people hear about this good information." >> So you figured out the community model? (laughs) No, 'cause this is really what works. You got to enable, you're enabling this conversation, and more than ever in the security system, would love to get your perspective on this, is that there's an ethos developing, has been developed. And it's expanding aggressively. Kind of opens doors on one side, but security's all about data sharing. You mentioned that-- >> Yeah, absolutely. >> From a hacking standpoint, that's more of a statutory filing, but here, the security space is highly communicative. They talk to each other, and it's a trust relationship, so you're essentially bringing an independent event, you're funding it. >> Yeah, absolutely. >> It's not your event, this is an independent event. >> Absolutely. >> Yeah, and so Tom said it very well, as an institute, we rely on the financial capital that comes in from our partners, like Centrify. And so we would be unable to deliver at a large scale the value that we do to the legislative community, to federal agencies, and the commercial sector, and the institute's research is being shared on NATO libraries and embassies around the world. So this is really a global operation that we have. And so when we talk about layered security, right, we're not into a silver bullet solution. A lot of faux experts out there say, "I have the answer." We know that there's a layered approach that needs to be done. Centrify, they have the technology that plays a part in that, but, even more important than that for us is that they share that same philosophy and we do see ourselves as being able to usher in the changes required to move everything forward. And so it's been a great, you know, we have a lot of plans for the next few years. >> Yeah, that's great work, you're bringing in some great content to the table, and that's what people want, and they can see who's enabling it, that's a great business model for everyone. I got to ask one question, though, about your business. I love the critical infrastructure focus and I like your value you guys are bringing. But you guys have this fellow program. Can you just talk about this, 'cause your a part of the fellowship-- >> Yeah, absolutely. >> You're on a level, and I don't want to say credit 'cause you're not really going to get credit. But it's a badge, it's a bar. >> Yeah, yeah, no-- >> Explain the fellow program. >> That's a great question. At the institute, we have a core group of experts who represent different technology niches. They make up our fellow program, and so as I discussed earlier, when we're putting out research, when we're educating the media, when we're advising congress, when we're doing the work of the institute, we're constantly turning back to our fellow program members to provide some of that research and expertise. And sharing, you know, not just providing financial capital, but really bringing that thought leadership to the table. Centrify is a part of our fellows program, and so we've been working with them for a number of years. It's very exclusive and there's a process. You have to be referred in by an existing fellow program member. We have a lot of requests, but it really comes down to, do you understand what we're trying to accomplish? Do you share our same mission, our same values? And can you be part of this elite community that we've built? And so, you know, Centrify is a big part of that. >> And the cloud, obviously, is accelerating everything. You've got the cloud action, certainly, in your space, and we know what's going on in our world. >> Yeah, absolutely. >> The world is moving at a zillion miles an hour. It's like literally moving a train. So, congratulations, CyberConnect event in November. Great event, check it out, theCUBE will be there, we'll have live coverage, we broadcast, be documenting all the action and bringing it to you on theCUBE, obviously, (mumbles) John Furrier, here at Centrify's headquarters in California, in Silicon Valley, thanks for watching. (upbeat electronic music)