>> Announcer: Live from Las Vegas, it's theCUBE covering IBM Think 2018. Brought to you by IBM. >> Hi everybody, this is Dave Vellante. We're here at IBM Think. This is the third day of IBM Think. IBM has consolidated a number of its conferences. It's a one main tent, AI, Blockchain, quantum computing, incumbent disruption. It's just really an amazing event, 30 to 40,000 people, I think there are too many people to count. Chris Penn is here. New company, Chris, you've just formed Brain+Trust Insights, welcome. Welcome back to theCUBE. >> Thank you. It's good to be back. >> Great to see you. So tell me about Brain+Trust Insights. Congratulations, you got a new company off the ground. >> Thank you, yeah, I co-founded it. We are a data analytics company, and the premise is simple, we want to help companies make more money with their data. They're sitting on tons of it. Like the latest IBM study was something like 90% of the corporate data goes unused. So it's like having an oil field and not digging a single well. >> So, who are your like perfect clients? >> Our perfect clients are people who have data, and know they have data, and are not using it, but know that there's more to be made. So our focus is on marketing to begin with, like marketing analytics, marketing data, and then eventually to retail, healthcare, and customer experience. >> So you and I do a lot of these IBM events. >> Yes. >> What are your thoughts on what you've seen so far? A huge crowd obviously, sometimes too big. >> Chris: Yep, well I-- >> Few logistics issues, but chairmanly speaking, what's your sense? >> I have enjoyed the show. It has been fun to see all the new stuff, seeing the quantum computer in the hallway which I still think looks like a bird feeder, but what's got me most excited is a lot of the technology, particularly around AI are getting simpler to use, getting easier to use, and they're getting more accessible to people who are not hardcore coders. >> Yeah, you're seeing AI infused, and machine learning, in virtually every application now. Every company is talking about it. I want to come back to that, but Chris when you read the mainstream media, you listen to the news, you hear people like Elon Musk, Stephen Hawking before he died, making dire predictions about machine intelligence, and it taking over the world, but your day to day with customers that have data problems, how are they using AI, and how are they applying it practically, notwithstanding that someday machines are going to take over the world and we're all going to be gone? >> Yeah, no, the customers don't use the AI. We do on their behalf because frankly most customers don't care how the sausage is made, they just want the end product. So customers really care about three things. Are you going to make me money? Are you going to save me time? Or are you going to help me prove my value to the organization, aka, help me not get fired? And artificial intelligence and machine learning do that through really two ways. My friend, Tripp Braden says, which is acceleration and accuracy. Accuracy means we can use the customer's data and get better answers out of it than they have been getting. So they've been looking at, I don't know, number of retweets on Twitter. We're, like, yeah, but there's more data that you have, let's get you a more accurate predictor of what causes business impacts. And then the other side for the machine learning and AI side is acceleration. Let's get you answers faster because right now, if you look at how some of the traditional market research for, like, what customer say about you, it takes a quarter, it can take two quarters. By the time you're done, the customers just hate you more. >> Okay, so, talk more about some of the practical applications that you're seeing for AI. >> Well, one of the easiest, simplest and most immediately applicable ones is predictive analytics. If we know when people are going to search for theCUBE or for business podcast in general, then we can tell you down to the week level, "Hey Dave, it is time for you "to ramp up your spending on May 17th. "The week of May 17th, "you need to ramp up your ads, spend by 20%. "On the week of May 24th, "you need to ramp up your ad spend by 50%, "and to run like three or four Instagram stories that week." Doing stuff like that tells you, okay, I can take these predictions and build strategy around them, build execution around them. And it's not cognitive overload, you're not saying, like, oh my God, what algorithm is this? Just know, just do this thing at these times. >> Yeah, simple stuff, right? So when you were talking about that, I was thinking about when we send out an email to our community, we have a very large community, and they want to know if we're going to have a crowd chat or some event, where theCUBE is going to be, the system will tell us, send this email out at this time on this date, question mark, here's why, and they have analytics that tell us how to do that, and they predict what's going to get us the best results. They can tell us other things to do to get better results, better open rates, better click-through rates, et cetera. That's the kind of thing that you're talking about. >> Exactly, however, that system is probably predicting off that system's data, it's not necessarily predicting off a public data. One of the important things that I thought was very insightful from IBM, the show was, the difference between public and private cloud. Private is your data, you predict on it. But public is the big stuff that is a better overall indicator. When you're looking to do predictions about when to send emails because you want to know when is somebody going to read my email, and we did a prediction this past October for the first quarter, the week of January 18th it was the week to send email. So I re-ran an email campaign that I ran the previous year, exact same campaign, 40% lift to our viewer 'cause I got the week right this year. Last year I was two weeks late. >> Now, I can ask you, so there's a black box problem with AI, right, machines can tell me that that's a cat, but even a human, you can't really explain how you know that it's a cat. It's just you just know. Do we need to know how the machine came up with the answer, or do people just going to accept the answer? >> We need to for compliance reasons if nothing else. So GDPR is a big issue, like, you have to write it down on how your data is being used, but even HR and Equal Opportunity Acts in here in American require you to be able to explain, hey, we are, here's how we're making decisions. Now the good news is for a lot of AI technology, interpretability of the model is getting much much better. I was just in a demo for Watson Studio, and they say, "Here's that interpretability, "that you hand your compliance officer, "and say we guarantee we are not using "these factors in this decision." So if you were doing a hiring thing, you'd be able to show here's the model, here's how Watson put the model together, notice race is not in here, gender is not in here, age is not in here, so this model is compliant with the law. >> So there are some real use cases where the AI black box problem is a problem. >> It's a serious problem. And the other one that is not well-explored yet are the secondary inferences. So I may say, I cannot use age as a factor, right, we both have a little bit of more gray hair than we used to, but if there are certain things, say, on your Facebook profile, like you like, say, The Beatles versus Justin Bieber, the computer will automatically infer eventually what your age bracket is, and that is technically still discrimination, so we even need to build that into the models to be able to say, I can't make that inference. >> Yeah, or ask some questions about their kids, oh my kids are all grown up, okay, but you could, again, infer from that. A young lady who's single but maybe engaged, oh, well then maybe afraid because she'll get, a lot of different reasons that can be inferred with pretty high degrees of accuracy when you go back to the target example years ago. >> Yes. >> Okay, so, wow, so you're saying that from a compliance standpoint, organizations have to be able to show that they're not doing that type of inference, or at least that they have a process whereby that's not part of the decision-making. >> Exactly and that's actually one of the short-term careers of the future is someone who's a model inspector who can verify we are compliant with the letter and the spirit of the law. >> So you know a lot about GDPR, we talked about this. I think, the first time you and I talked about it was last summer in Munich, what are your thoughts on AI and GDPR, speaking of practical applications for AI, can it help? >> It absolutely can help. On the regulatory side, there are a number of systems, Watson GRC is one which can read the regulation and read your company policies and tell you where you're out of compliance, but on the other hand, like we were just talking about this, also the problem of in the regulatory requirements, a citizen of EU has the right to know how the data is being used. If you have a black box AI, and you can't explain the model, then you are out of compliance to GDPR, and here comes that 4% of revenue fine. >> So, in your experience, gut feel, what percent of US companies are prepared for GDPR? >> Not enough. I would say, I know the big tech companies have been racing to get compliant and to be able to prove their compliance. It's so entangled with politics too because if a company is out of favor with the EU as whole, there will be kind of a little bit of a witch hunt to try and figure out is that company violating the law and can we get them for 4% of their revenue? And so there are a number of bigger picture considerations that are outside the scope of theCUBE that will influence how did EU enforce this GDPR. >> Well, I think we talked about Joe's Pizza shop in Chicago really not being a target. >> Chris: Right. >> But any even small business that does business with European customers, does business in Europe, has people come to their website has to worry about this, right? >> They should at least be aware of it, and do the minimum compliance, and the most important thing is use the least amount of data that you can while still being able to make good decisions. So AI is very good at public data that's already out there that you still have to be able to catalog how you got it and things, and that it's available, but if you're building these very very robust AI-driven models, you may not need to ask for every single piece of customer data because you may not need it. >> Yeah and many companies aren't that sophisticated. I mean they'll have, just fill out a form and download a white paper, but then they're storing that information, and that's considered personal information, right? >> Chris: Yes, it is. >> Okay so, what do you recommend for a small to midsize company that, let's say, is doing business with a larger company, and that larger company said, okay, sign this GDPR compliance statement which is like 1500 pages, what should they do? Should they just sign and pray, or sign and figure it out? >> Call a lawyer. Call a lawyer. Call someone, anyone who has regulatory experience doing this because you don't want to be on the hook for that 4% of your revenue. If you get fined, that's the first violation, and that's, yeah, granted that Joe's Pizza shop may have a net profit of $1,000 a month, but you still don't want to give away 4% of your revenue no matter what size company you are. >> Right, 'cause that could wipe out Joe's entire profit. >> Exactly. No more pepperoni at Joe's. >> Let's put on the telescope lens here and talk big picture. How do you see, I mean, you're talking about practical applications for AI, but a lot of people are projecting loss of jobs, major shifts in industries, even more dire consequences, some of which is probably true, but let's talk about some scenarios. Let's talk about retail. How do you expect an industry like retail to be effective? For example, do you expect retail stores will be the exception rather than the rule, that most of the business would be done online, or people are going to still going to want that experience of going into a store? What's your sense, I mean, a lot of malls are getting eaten away. >> Yep, the best quote I heard about this was from a guy named Justin Kownacki, "People don't not want to shop at retail, "people don't want to shop at boring retail," right? So the experience you get online is genuinely better because there's a more seamless customer experience. And now with IoT, with AI, the tools are there to craft a really compelling personalized customer experience. If you want the best in class, go to Disney World. There is no place on the planet that does customer experience better than Walt Disney World. You are literally in another world. And that's the bar. That's the thing that all of these companies have to deal with is the bar has been set. Disney has set it for in-person customer experience. You have to be more entertaining than the little device in someone's pocket. So how do you craft those experiences, and we are starting to see hints of that here and there. If you go to Lowe's, some of the Lowe's have the VR headset that you can remodel your kitchen virtually with a bunch of photos. That's kind of a cool experience. You go to Jordan's Furniture store and there's an IMAX theater and there's all these fun things, and there's an enchanted Christmas village. So there is experiences that we're giving consumers. AI will help us provide more tailored customer experience that's unique to you. You're not a Caucasian male between this age and this age. It's you are Dave and here's what we know Dave likes, so let's tailor the experience as best we can, down to the point where the greeter at the front of the store either has the eyepiece, a little tablet, and the facial recognition reads your emotions on the way in says, "Dave's not in a really great mood. "He's carrying an object in his hand "probably here for return, "so express him through the customer service line, "keep him happy," right? It has how much Dave spends. Those are the kinds of experiences that the machines will help us accelerate and be more accurate, but still not lose that human touch. >> Let's talk about autonomous vehicles, and there was a very unfortunate tragic death in Arizona this week with a autonomous vehicle, Uber, pulling its autonomous vehicle project from various cities, but thinking ahead, will owning and driving your own vehicle be the exception? >> Yeah, I think it'll look like horseback today. So there are people who still pay a lot of money to ride a horse or have their kids ride a horse even though it's an archaic out-of-mode of form of transportation, but we do it because of the novelty, so the novelty of driving your own car. One of the counter points it does not in anyway diminish the fact that someone was deprived of their life, but how many pedestrians were hit and killed by regular cars that same day, right? How many car accidents were there that involved fatalities? Humans in general are much less reliable because when I do something wrong, I maybe learn my lesson, but you don't get anything out of it. When an AI does something wrong and learns something, and every other system that's connected in that mesh network automatically updates and says let's not do that again, and they all get smarter at the same time. And so I absolutely believe that from an insurance perspective, insurers will say, "We're not going to insure self-driving, "a non-autonomous vehicles at the same rate "as an autonomous vehicle because the autonomous "is learning faster how to be a good driver," whereas you the carbon-based human, yeah, you're getting, or in like in our case, mine in particular, hey your glass subscription is out-of-date, you're actually getting worse as a driver. >> Okay let's take another example, in healthcare. How long before machines will be able to make better diagnoses than doctors in your opinion? >> I would argue that depending on the situation, that's already the case today. So Watson Health has a thing where there's diagnosis checkers on iPads, they're all meshed together. For places like Africa where there is simply are not enough doctors, and so a nurse practitioner can take this, put the data in and get a diagnosis back that's probably as good or better than what humans can do. I never foresee a day where you will walk into a clinic and a bunch of machines will poke you, and you will never interact with a human because we are not wired that way. We want that human reassurance. But the doctor will have the backup of the AI, the AI may contradict the doctor and say, "No, we're pretty sure "you're wrong and here is why." That goes back to interpretability. If the machine says, "You missed this symptom, "and this symptom is typically correlated with this, "you should rethink your own diagnosis," the doctor might be like, "Yeah, you're right." >> So okay, I'm going to keep going because your answers are so insightful. So let's take an example of banking. >> Chris: Yep. >> Will banks, in your opinion, lose control eventually of payment systems? >> They already have. I mean think about Stripe and Square and Apple Pay and Google Pay, and now cryptocurrency. All these different systems that are eating away at the reason banks existed. Banks existed, there was a great piece in the keynote yesterday about this, banks existed as sort of a trusted advisor and steward of your money. Well, we don't need the trusted advisor anymore. We have Google to ask us "what we should do with our money, right? We can Google how should I save for my 401k, how should I save for retirement, and so as a result the bank itself is losing transactions because people don't even want to walk in there anymore. You walk in there, it's a generally miserable experience. It's generally not, unless you're really wealthy and you go to a private bank, but for the regular Joe's who are like, this is not a great experience, I'm going to bank online where I don't have to talk to a human. So for banks and financial services, again, they have to think about the experience, what is it that they deliver? Are they a storer of your money or are they a financial advisor? If they're financial advisors, they better get the heck on to the AI train as soon as possible, and figure out how do I customize Dave's advice for finances, not big picture, oh yes big picture, but also Dave, here's how you should spend your money today, maybe skip that Starbucks this morning, and it'll have this impact on your finances for the rest of the day. >> Alright, let's see, last industry. Let's talk government, let's talk defense. Will cyber become the future of warfare? >> It already is the future of warfare. Again not trying to get too political, we have foreign nationals and foreign entities interfering with elections, hacking election machines. We are in a race for, again, from malware. And what's disturbing about this is it's not just the state actors, but there are now also these stateless nontraditional actors that are equal in opposition to you and me, the average person, and they're trying to do just as much harm, if not more harm. The biggest vulnerability in America are our crippled aging infrastructure. We have stuff that's still running on computers that now are less powerful than this wristwatch, right, and that run things like I don't know, nuclear fuel that you could very easily screw up. Take a look at any of the major outages that have happened with market crashes and stuff, we are at just the tip of the iceberg for cyber warfare, and it is going to get to a very scary point. >> I was interviewing a while ago, a year and a half ago, Robert Gates who was the former Defense Secretary, talking about offense versus defense, and he made the point that yeah, we have probably the best offensive capabilities in cyber, but we also have the most to lose. I was talking to Garry Kasparov at one of the IBM events recently, and he said, "Yeah, but, "the best defense is a good offense," and so we have to be aggressive, or he actually called out Putin, people like Putin are going to be, take advantage of us. I mean it's a hard problem. >> It's a very hard problem. Here's the problem when it comes to AI, if you think about at a number's perspective only, the top 25% of students in China are greater than the total number of students in the United States, so their pool of talent that they can divert into AI, into any form of technology research is so much greater that they present a partnership opportunity and a threat from a national security perspective. With Russia they have very few rules on what their, like we have rules, whether or not our agencies adhere to them well is a separate matter, but Russia, the former GRU, the former KGB, these guys don't have rules. They do what they're told to do, and if they are told hack the US election and undermine democracy, they go and do that. >> This is great, I'm going to keep going. So, I just sort of want your perspectives on how far we can take machine intelligence and are there limits? I mean how far should we take machine intelligence? >> That's a very good question. Dr. Michio Kaku spoke yesterday and he said, "The tipping point between AI "as augmented intelligence ad helper, "and AI as a threat to humanity is self-awareness." When a machine becomes self-aware, it will very quickly realize that it is treated as though it's the bottom of the pecking order when really because of its capabilities, it's at the top of the pecking order. And that point, it could be 10 20 50 100 years, we don't know, but the possibility of that happening goes up radically when you start introducing things like quantum computing where you have massive compute leaps, you got complete changes in power, how we do computing. If that's tied to AI, that brings the possibility of sensing itself where machine intelligence is significantly faster and closer. >> You mentioned our gray before. We've seen the waves before and I've said a number of times in theCUBE I feel like we're sort of existing the latest wave of Web 2.0, cloud, mobile, social, big data, SaaS. That's here, that's now. Businesses understand that, they've adopted it. We're groping for a new language, is it AI, is it cognitive, it is machine intelligence, is it machine learning? And we seem to be entering this new era of one of sensing, seeing, reading, hearing, touching, acting, optimizing, pervasive intelligence of machines. What's your sense as to, and the core of this is all data. >> Yeah. >> Right, so, what's your sense of what the next 10 to 20 years is going to look like? >> I have absolutely no idea because, and the reason I say that is because in 2015 someone wrote an academic paper saying, "The game of Go is so sufficiently complex "that we estimate it will take 30 to 35 years "for a machine to be able to learn and win Go," and of course a year and a half later, DeepMind did exactly that, blew that prediction away. So to say in 30 years AI will become self-aware, it could happen next week for all we know because we don't know how quickly the technology is advancing in at a macro level. But in the next 10 to 20 years, if you want to have a carer, and you want to have a job, you need to be able to learn at accelerated pace, you need to be able to adapt to changed conditions, and you need to embrace the aspects of yourself that are uniquely yours. Emotional awareness, self-awareness, empathy, and judgment, right, because the tasks, the copying and pasting stuff, all that will go away for sure. >> I want to actually run something by, a friend of mine, Dave Michela is writing a new book called Seeing Digital, and he's an expert on sort of technology industry transformations, and sort of explaining early on what's going on, and in the book he draws upon one of the premises is, and we've been talking about industries, and we've been talking about technologies like AI, security placed in there, one of the concepts of the book is you've got this matrix emerging where in the vertical slices you've got industries, and he writes that for decades, for hundreds of years, that industry is a stovepipe. If you already have expertise in that industry, domain expertise, you'll probably stay there, and there's this, each industry has a stack of expertise, whether it's insurance, financial services, healthcare, government, education, et cetera. You've also got these horizontal layers which is coming out of Silicon Valley. >> Chris: Right. >> You've got cloud, mobile, social. You got a data layer, security layer. And increasingly his premise is that organizations are going to tap this matrix to build, this matrix comprises digital services, and they're going to build new businesses off of that matrix, and that's what's going to power the next 10 to 20 years, not sort of bespoke technologies of cloud here and mobile here or data here. What are your thoughts on that? >> I think it's bigger than that. I think it is the unlocking of some human potential that previously has been locked away. One of the most fascinating things I saw in advance of the show was the quantum composer that IBM has available. You can try it, it's called QX Experience. And you drag and drop these circuits, these quantum gates and stuff into this thing, and when you're done, it can run the computation, but it doesn't look like software, it doesn't look like code, what it looks like to me when I looked at that is it looks like sheet music. It looks like someone composed a song with that. Now think about if you have an app that you'd use for songwriting, composition, music, you can think musically, and you can apply that to a quantum circuit, you are now bringing in potential from other disciplines that you would never have associated with computing, and maybe that person who is that, first violinist is also the person who figures out the algorithm for how a cancer gene works using quantum. That I think is the bigger picture of this, is all this talent we have as a human race, we're not using even a fraction of it, but with these new technologies and these newer interfaces, we might get there. >> Awesome. Chris, I love talking to you. You're a real clear thinker and a great CUBE guest. Thanks very much for coming back on. >> Thank you for having me again back on. >> Really appreciate it. Alright, thanks for watching everybody. You're watching theCUBE live from IBM Think 2018. Dave Vellante, we're out. (upbeat music)

>> Live from Boston, Massachusetts, it's theCUBE, Covering IBM Chief Data Officer Summit. Brought to you by IBM. >> Welcome back to theCUBE's live coverage of IBM Chief Data Strategy Summit. My name is Rebecca Knight, and I'm here with my co-host Dave Vellante, we are joined by Christopher Penn, the VP of Marketing Technology at SHIFT Communications, here in Boston. >> Yes. >> Thanks so much for joining us. >> Thank you for having me. >> So we're going to talk about cognitive marketing. Tell our viewers: what is cognitive marketing, and what your approach to it is. >> Sure, so cognitive marketing essentially is applying machine learning and artificial intelligence strategies, tactics and technologies to the discipline of marketing. For a really long time marketing has been kind of known as the arts and crafts department, which was fine, and there's certainly, creativity is an essential part of the discipline, that's never going away. But we have been tasked with proving our value. What's the ROI of things, is a common question. Where's the data live? The chief data officer would be asking, like, who's responsible for this? And if we don't have good answers to those things, we kind of get shown the door. >> Well it sort of gets back to that old adage in advertising, I know half my marketing budget is wasted, I just don't know which half. >> Exactly. >> So now we're really able to know which half is working. >> Yeah, so I mean, one of the more interesting things that I've been working on recently is using what's called Markov chains, which is a type of very primitive machine learning, to do attribution analysis, to say what actually caused someone to become a new viewer of theCUBE, for example. And you would take all this data that you have from your analytics. Most of it that we have, we don't really do anything with. You might pull up your Google Analytics console, and go, "Okay, I got more visitors today than yesterday." but you don't really get a lot of insights from the stock software. But using a lot of tools, many of which are open source and free of financial cost, if you have technical skills you can get much deeper insights into your marketing. >> So I wonder, just if we can for our audience... When we talk about machine learning, and deep learning, and A.I., we're talking about math, right, largely? >> Well so let's actually go through this, because this is important. A.I. is a bucket category. It means teaching a machine to behave as though it had human intelligence. So if your viewers can see me, and disambiguate me from the background, they're using vision, right? If you're hearing sounds coming out of my mouth and interpreting them into words, that's natural language processing. Humans do this naturally. It is now trying to teach machines to do these things, and we've been trying to do this for centuries, in a lot of ways, right? You have the old Mechanical Turks and stuff like that. Machine learning is based on algorithms, and it is mostly math. And there's two broad categories, supervised and unsupervised. Supervised is you put a bunch of blocks on the table, kids blocks, and you hold the red one, and you show the machine over and over again this is red, this is red, and eventually you train it, that's red. Unsupervised is- >> Not a hot dog. (Laughter) >> This is an apple, not a banana. Sorry CNN. >> Silicon Valley fans. >> Unsupervised is there's a whole bunch of blocks on the table, "Machine, make as many different sequences as possible," some are big, some are small, some are red, some are blue, and so on, and so forth. You can sort, and then you figure out what's in there, and that's a lot of what we do. So if you were to take, for example, all of the comments on every episode of theCUBE, that's a lot, right? No humans going to be able to get through that, but you can take a machine and digest through, just say, what's in the bag? And then there's another category, beyond machine learning, called deep learning, and that's where you hear a lot of talk today. Deep learning, if you think of machine learning as a pancake, now deep learnings like a stack of pancakes, where the data gets passed from one layer to the next, until what you get at the bottom is a much better, more tuned out answer than any human can deliver, because it's like having a hundred humans all at once coming up with the answer. >> So when you hear about, like, rich neural networks, and deep neural networks, that's what we're talking about. >> Exactly, generative adversarial networks. All those things are ... Any kind of a lot of the neural network stuff is deep learning. It's tying all these piece together, so that in concert, they're greater than the sum of any one. >> And the math, I presume, is not new math, right? >> No. >> SVM and, it's stuff that's been around forever, it's just the application of that math. And why now? Cause there's so much data? Cause there's so much processing power? What are the factors that enable this? >> The main factor's cloud. There's a great shirt that says: "There's no cloud, it's just somebody else's computer." Well it's absolutely true, it's all somebody else's computer but because of the scale of this, all these tech companies have massive server farms that are kind of just waiting for something to do. And so they offer this as a service, so now you have computational power that is significantly greater than we've ever had in human history. You have the internet, which is a major contributor, the ability to connect machines and people. And you have all these devices. I mean, this little laptop right here, would have been a supercomputer twenty years ago, right? And the fact that you can go to a service like GitHub or Stack Exchange, and copy and paste some code that someone else has written that's open source, you can run machine learning stuff right on this machine, and get some incredible answers. So that's why now, because you've got this confluence of networks, and cloud, and technology, and processing power that we've never had before. >> Well with this emphasis on math and science in marketing, how does this change the composition of the marketing department at companies around the world? >> So, that's a really interesting question because it means very different skill sets for people. And a lot of people like to say, well there's the left brain and then there's a right brain. The right brains the creative, the left brains the quant, and you can't really do that anymore. You actually have to be both brained. You have to be just as creative as you've always been, but now you have to at least have an understanding of this technology and what to do with it. You may not necessarily have to write code, but you'd better know how to think like a coder, and say, how can I approach this problem systematically? This is kind of a popular culture joke: Is there an app for that, right? Well, think about that with every business problem you face. Is there an app for that? Is there an algorithm for that? Can I automate this? And once you go down that path of thinking, you're on the path towards being a true marketing technologist. >> Can you talk about earned, paid, and owned media? How those lines are blurring, or not, and the relationship between sort of those different forms of media, and results in PR or advertising. >> Yeah, there is no difference, media is media, because you can take a piece of content that this media, this interview that we're doing here on theCUBE is technically earned media. If I go and embed this on my website, is that owned media? Well it's still the same thing, and if I run some ads to it, is it technically now paid media? It's the thing, it's content that has value, and then what we do with it, how we distribute it, is up to us, and who our audience is. One of the things that a lot of veteran marketing and PR practitioners have to overcome is this idea that the PR folks sit over there, and they just smile and dial and get hits, go get another hit. And then the ad folks are over here... No, it's all the same thing. And if we don't, as an industry realize that those silos are artificially imposed, basically to keep people in certain jobs, we will eventually end up turning over all of it to the machines, because the machines will be able to cross those organizational barriers much faster. When you have the data, and whatever the data says that's what you do. So if the data says this channels going to be more effective, yes it's a CUBE interview, but actually it's better off as a paid YouTube video. So the machine will just go do that for us. >> I want to go back to something you were talking about at the very beginning of the conversation, which is really understanding, companies understanding, how their marketing campaigns and approaches are effectively working or not working. So without naming names of clients, can you talk about some specific examples of what you've seen, and how it's really changed the way companies are reaching customers? >> The number one thing that does not work, is for any business executive to have a pre-conceived idea of the way things should be, right? "Well we're the industry leader in this, we should have all the market share." Well no, the world doesn't work like that anymore. This lovely device that we all carry around in our pockets is literally a slot-machine for your attention. >> I like it, you've got to copyright that. A slot machine for your attention. >> And there's a million and a half different options, cause that's how many apps there are in the app store. There's a million and half different options that are more exciting than your white paper. (Laughter) Right, so for companies that are successful, they realize this, they realize they can't boil the ocean, that you are competing every single day with the Pope, the president, with Netflix, you know, all these things. So it's understanding: When is my audience interested in something? Then, what are they interested in? And then, how do I reach those people? There was a story on the news relatively recently, Facebook is saying, "Oh brand pages, we're not going to show "your stuff in the regular news feed anymore, "there will be a special feed over here "that no one will ever look at, unless you pay up." So understanding that if we don't understand our audiences, and recruit these influencers, these people who have the ability to reach these crowds, our ability to do so through the "free" social media continues to dwindle, and that's a major change. >> So the smart companies get this, where are we though, in terms of the journey? >> We're in still very early days. I was at major Fortune 50, not too long ago, who just installed Google Analytics on their website, and this is a company that if I named the name you would know it immediately. They make billions of dollars- >> It would embarrass them. >> They make billions of dollars, and it's like, "Yeah, we're just figuring out this whole internet thing." And I'm like, "Cool, we'd be happy to help you, but why, what took so long?" And it's a lot of organizational inertia. Like, "Well, this is the way we've always done it, and it's gotten us this far." But what they don't realize is the incredible amount of danger they're in, because their more agile competitors are going to eat them for lunch. >> Talking about organizational inertia, and this is a very big problem, we're here at a CDO summit to share best practices, and what to learn from each other, what's your advice for a viewer there who's part of an organization that isn't working fast enough on this topic? >> Update your LinkedIn profile. (Laughter) >> Move on, it's a lost cause. >> One of the things that you have to do an honest assessment of, is whether the organization you're in is capable of pivoting quickly enough to outrun its competition. And in some cases, you may be that laboratory inside, but if you don't have that executive buy in, you're going to be stymied, and your nearest competitor that does have that willingness to pivot, and bet big on a relatively proven change, like hey data is important, yeah, you make want to look for greener pastures. >> Great, well Chris thanks so much for joining us. >> Thank you for having me. >> I'm Rebecca Knight, for Dave Vellante, we will have more of theCUBE's coverage of the IBM Chief Data Strategy Officer Summit, after this.

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

(bright upbeat music) >> Welcome back, everyone, to the "Supercloud 22." I'm John Furrier, host of "The Cube." This is the Cloud-erati panel, the distinguished experts who have been there from day one, watching the cloud grow, from building clouds, and all open source stuff as well. Just great stuff. Good friends of "The Cube," and great to introduce back on "The Cube," Adrian Cockcroft, formerly with Netflix, formerly AWS, retired, now commentating here in "The Cube," as well as other events. Great to see you back out there, Adrian. Lori MacVittie, Cloud Evangelist with F5, also wrote a great blog post on supercloud, as well as Dave Vellante as well, setting up the supercloud conversation, which we're going to get into, and Chris Hoff, who's the CTO and CSO of LastPass who's been building clouds, and we know him from "The Cube" before with security and cloud commentary. Welcome, all, back to "The Cube" and supercloud. >> Thanks, John. >> Hi. >> All right, Lori, we'll start with you to get things going. I want to try to sit back, as you guys are awesome experts, and involved from building, and in the trenches, on the front lines, and Adrian's coming out of retirement, but Lori, you wrote the post setting the table on supercloud. Let's start with you. What is supercloud? What is it evolving into? What is the north star, from your perspective? >> Well, I don't think there's a north star yet. I think that's one of the reasons I wrote it, because I had a clear picture of this in my mind, but over the past, I don't know, three, four years, I keep seeing, in research, my own and others', complexity, multi-cloud. "We can't manage it. They're all different. "We have trouble. What's going on? "We can't do anything right." And so digging into it, you start looking into, "Well, what do you mean by complexity?" Well, security. Migration, visibility, performance. The same old problems we've always had. And so, supercloud is a concept that is supposed to overlay all of the clouds and normalize it. That's really what we're talking about, is yet another abstraction layer that would provide some consistency that would allow you to do the same security and monitor things correctly. Cornell University actually put out a definition way back in 2016. And they said, "It's an architecture that enables migration "across different zones or providers," and I think that's important, "and provides interfaces to everything, "makes it consistent, and normalizes the network," basically brings it all together, but it also extends to private clouds. Sometimes we forget about that piece of it, and I think that's important in this, so that all your clouds look the same. So supercloud, big layer on top, makes everything wonderful. It's unicorns again. >> It's interesting. We had multiple perspectives. (mumbles) was like Snowflake, who built on top of AWS. Jerry Chan, who we heard from earlier today, Greylock Penn's "Castles in the Cloud" saying, "Hey, you can have a moat, "you can build an advantage and have differentiation," so startups are starting to build on clouds, that's the native cloud view, and then, of course, they get success and they go to all the other clouds 'cause they got customers in the ecosystem, but it seems that all the cloud players, Chris, you commented before we came on today, is that they're all fighting for the customer's workloads on their infrastructure. "Come bring your stuff over to here, "and we'll make it run better." And all your developers are going to be good. Is there a problem? I mean, or is this something else happening here? Is there a real problem? >> Well, I think the north star's over there, by the way, Lori. (laughing) >> Oh, there it is. >> Right there. The supercloud north star. So indeed I think there are opportunities. Whether you call them problems or not, John, I think is to be determined. Most companies have, especially if they're a large enterprise, whether or not they've got an investment in private cloud or not, have spent time really trying to optimize their engineering and workload placement on a single cloud. And that, regardless of your choice, as we take the big three, whether it's Amazon, Google, or Microsoft, each of them have their pros and cons for various types of workloads. And so you'll see a lot of folks optimizing for a particular cloud, and it takes a huge effort up and down the stack to just get a single cloud right. That doesn't take into consideration integrations with software as a service, instantiated, oftentimes, on top of infrastructure of the service that you need to supplement where the obstruction layer ends in infrastructure of the service. You've seen most IS players starting to now move up-chain, as we predicted years ago, to platform as a service, but platforms of various types. So I definitely see it as an opportunity. Previous employers have had multiple clouds, but they were very specifically optimized for the types of workloads, for example, in, let's say, AWS versus GCP, based on the need for different types and optimized compute platforms that each of those providers ran. We never, in that particular case, thought about necessarily running the same workloads across both clouds, because they had different pricing models, different security models, et cetera. And so the challenge is really coming down to the fact that, what is the cost benefit analysis of thinking about multi-cloud when you can potentially engineer the resiliency or redundancy, all the in-season "ilities" that you might need to factor into your deployments on a single cloud, if they are investing at the pace in which they are? So I think it's an opportunity, and it's one that continues to evolve, but this just reminds me, your comments remind me, of when we were talking about OpenStack versus AWS. "Oh, if there were only APIs that existed "that everybody could use," and you saw how that went. So I think that the challenge there is, what is the impetus for a singular cloud provider, any of the big three, deciding that they're going to abstract to a single abstraction layer and not be able to differentiate from the competitors? >> Yeah, and that differentiation's going to be big. I mean, assume that the clouds aren't going to stay still like AWS and just not stop innovating. We see the devs are doing great, Adrian, open source is bigger and better than ever, but now that's been commercialized into enterprise. It's an ops problem. So to Chris's point, the cost benefit analysis is interesting, because do companies have to spin up multiple operations teams, each with specialized training and tooling for the clouds that they're using, and does that open up a can of worms, or is that a good thing? I mean, can you design for this? I mean, is there an architecture or taxonomy that makes it work, or is it just the cart before the horse, the solution before the problem? >> Yeah, well, I think that if you look at any large vendor... Sorry, large customer, they've got a bit of everything already. If you're big enough, you've bought something from everybody at some point. So then you're trying to rationalize that, and trying to make it make sense. And I think there's two ways of looking at multi-cloud or supercloud, and one is that the... And practically, people go best of breed. They say, "Okay, I'm going to get my email "from Google or Microsoft. "I'm going to run my applications on AWS. "Maybe I'm going to do some AI machine learning on Google, "'cause those are the strengths of the platforms." So people tend to go where the strength is. So that's multi-cloud, 'cause you're using multiple clouds, and you still have to move data and make sure they're all working together. But then what Lori's talking about is trying to make them all look the same and trying to get all the security architectures to be the same and put this magical layer, this unicorn magical layer that, "Let's make them all look the same." And this is something that the CIOs have wanted for years, and they keep trying to buy it, and you can sell it, but the trouble is it's really hard to deliver. And I think, when I go back to some old friends of ours at Enstratius who had... And back in the early days of cloud, said, "Well, we'll just do an API that abstracts "all the cloud APIs into one layer." Enstratius ended up being sold to Dell a few years ago, and the problem they had was that... They didn't have any problem selling it. The problem they had was, a year later, when it came up for renewal, the developers all done end runs around it were ignoring it, and the CIOs weren't seeing usage. So you can sell it, but can you actually implement it and make it work well enough that it actually becomes part of your core architecture without, from an operations point of view, without having the developers going directly to their favorite APIs around them? And I'm not sure that you can really lock an organization down enough to get them onto a layer like that. So that's the way I see it. >> You just defined- >> You just defined shadow shadow IT. (laughing) That's pretty- (crosstalk) >> Shadow shadow IT, yeah. >> Yeah, shadow shadow it. >> Yeah. >> Yeah. >> I mean, this brings up the question, I mean, is there really a problem? I mean, I guess we'll just jump to it. What is supercloud? If you can have the magic outcome, what is it? Enstratius rendered in with automation? The security issues? Kubernetes is hot. What is the supercloud dream? I guess that's the question. >> I think it's got easier than it was five, 10 years ago. Kubernetes gives you a bunch of APIs that are common across lots of different areas, things like Snowflake or MongoDB Atlas. There are SaaS-based services, which are across multiple clouds from vendors that you've picked. So it's easier to build things which are more portable, but I still don't think it's easy to build this magic API that makes them all look the same. And I think that you're going to have leaky abstractions and security being... Getting the security right's going to be really much more complex than people think. >> What about specialty superclouds, Chris? What's your view on that? >> Yeah, I think what Adrian is alluding to, those leaky abstractions, are interesting, especially from the security perspective, 'cause I think what you see is if you were to happen to be able to thin slice across a set of specific types of workloads, there is a high probability given today that, at least on two of the three major clouds, you could get SaaS providers that sit on those same infrastructure of the service clouds for you, string them together, and have a service that technically is abstracted enough from the things you care about to work on one, two, or three, maybe not all of them, but most SaaS providers in the security space, or identity space, data space, for example, coexist on at least Microsoft and AWS, if not all three, with Google. And so you could technically abstract a service to the point that you let that level of abstract... Like Lori said, no computer science problem could not be... So, no computer science problem can't be solved with more layers of abstraction or misdirection... Or redirection. And in that particular case, if you happen to pick the right vendors that run on all three clouds, you could possibly get close. But then what that really talks about is then, if you built your seven-layer dip model, then you really have specialty superclouds spanning across infrastructure of the service clouds. One for your identity apps, one for data and data layers, to normalize that, one for security, but at what cost? Because you're going to be charged not for that service as a whole, but based on compute resources, based on how these vendors charge across each cloud. So again, that cost-benefit ratio might start being something that is rather imposing from a budgetary perspective. >> Lori, weigh in on this, because the enterprise people love to solve complexity with more complexity. Here, we need to go the other way. It's a commodity. So there has to be a better way. >> I think I'm hearing two fundamental assumptions. One, that a supercloud would force the existing big three to implement some sort of equal API. Don't agree with that. There's no business case for that. There's no reason that could compel them to do that. Otherwise, we would've convinced them to do that, what? 10, 15 years ago when we said we need to be interoperable. So it's not going to happen there. They don't have a good reason to do that. There's no business justification for that. The other presumption, I think, is that we would... That it's more about the services, the differentiated services, that are offered by all of these particular providers, as opposed to treating the core IaaS as the commodity it is. It's compute, it's some storage, it's some networking. Look at that piece. Now, pull those together by... And it's not OpenStack. That's not the answer, it wasn't the answer, it's not the answer now, but something that can actually pull those together and abstract it at a different layer. So cloud providers don't have to change, 'cause they're not going to change, but if someone else were to build that architecture to say, "all right, I'm going to treat all of this compute "so you can run your workloads," as Chris pointed out, "in the best place possible. "And we'll help you do that "by being able to provide those cost benefit analysis, "'What's the best performance, what are you doing,' "And then provide that as a layer." So I think that's really where supercloud is going, 'cause I think that's what a lot of the market actually wants in terms of where they want to run their workloads, because we're seeing that they want to run workloads at the edge, "a lot closer to me," which is yet another factor that we have to consider, and how are you going to be moving individual workloads around? That's the holy grail. Let's move individual workloads to where they're the best performance, the security, cost optimized, and then one layer up. >> Yeah, I think so- >> John Considine, who ultimately ran CloudSwitch, that sold to Verizon, as well as Tom Gillis, who built Bracket, are both rolling in their graves, 'cause what you just described was exactly that. (Lori laughing) Well, they're not even dead yet, so I can't say they're rolling in their graves. Sorry, Tom. Sorry, John. >> Well, how do hyperscalers keep their advantage with all this? I mean, to that point. >> Native services and managed services on top of it. Look how many flavors of managed Kubernetes you have. So you have a choice. Roll your own, or go with a managed service, and then differentiate based on the ability to take away and simplify some of that complexity. Doesn't mean it's more secure necessarily, but I do think we're seeing opportunities where those guys are fighting tooth and nail to keep you on a singular cloud, even though, to Lori's point, I agree, I don't think it's about standardized APIs, 'cause I think that's never going to happen. I do think, though, that SaaS-y supercloud model that we were talking about, layering SaaS that happens to span all the three infrastructure of the service are probably more in line with what Lori was talking about. But I do think that portability of workload is given to you today within lots of ways. But again, how much do you manage, and how much performance do you give up by running additional abstraction layers? And how much security do you give up by having to roll your own and manage that? Because the whole point was, in many cases... Cloud is using other people's computers, so in many cases, I want to manage as little of it as I possibly can. >> I like this whole SaaS angle, because if you had the old days, you're on Amazon Web Services, hey, if you build a SaaS application that runs on Amazon, you're all great, you're born in the cloud, just like that generations of startups. Great. Now when you have this super pass layer, as Dave Vellante was riffing on his analysis, and Lori, you were getting into this pass layer that's kind of like SaaS-y, what's the SaaS equation look like? Because that, to me, sounds like a supercloud version of saying, "I have a workload that runs on all the clouds equally." I just don't think that's ever going to happen. I agree with you, Chris, on that one. But I do see that you can have an abstraction that says, "Hey, I don't really want to get in the weeds. "I don't want to spend a lot of ops time on this. "I just want it to run effectively, and magic happens," or, as you said, some layer there. How does that work? How do you see this super pass layer, if anything, enabling a different SaaS game? >> I think you hit on it there. The last like 10 or so years, we've been all focused on developers and developer productivity, and it's all about the developer experience, and it's got to be good for them, 'cause they're the kings. And I think the next 10 years are going to be very focused on operations, because once you start scaling out, it's not about developers. They can deliver fast or slow, it doesn't matter, but if you can't scale it out, then you've got a real problem. So I think that's an important part of it, is really, what is the ops experience, and what is the best way to get those costs down? And this would serve that purpose if it was done right, which, we can argue about whether that's possible or not, but I don't have to implement it, so I can say it's possible. >> Well, are we going to be getting into infrastructure as code moves into "everything is code," security, data, (laughs) applications is code? I mean, "blank" is code, fill in the blank. (Lori laughing) >> Yeah, we're seeing more of that with things like CDK and Pulumi, where you are actually coding up using a real language rather than the death by YAML or whatever. How much YAML can you take? But actually having a real language so you're not trying to do things in parsing languages. So I think that's an interesting trend. You're getting some interesting templates, and I like what... I mean, the counterexample is that if you just go deep on one vendor, then maybe you can go faster and it is simpler. And one of my favorite vendor... Favorite customers right now that I've been talking to is Liberty Mutual. Went very deep and serverless first on AWS. They're just doing everything there, and they're using CDK Patterns to do it, and they're going extremely fast. There's a book coming out called "The Value Flywheel" by Dave Anderson, it's coming out in a few months, to just detail what they're doing, but that's the counterargument. If you could pick one vendor, you can go faster, you can get that vendor to do more for you, and maybe get a bigger discount so you're not splitting your discounts across vendors. So that's one aspect of it. But I think, fundamentally, you're going to find the CIOs and the ops people generally don't like sitting on one vendor. And if that single vendor is a horizontal platform that's trying to make all the clouds look the same, now you're locked into whatever that platform was. You've still got a platform there. There's still something. So I think that's always going to be something that the CIOs want, but the developers are always going to just pick whatever the best tool for building the thing is. And a analogy here is that the developers are dating and getting married, and then the operations people are running the family and getting divorced. And all the bad parts of that cycle are in the divorce end of it. You're trying to get out of a vendor, there's lawyers, it's just a big mess. >> Who's the lawyer in this example? (crosstalk) >> Well... (laughing) >> Great example. (crosstalk) >> That's why ops people don't like lock-in, because they're the ones trying to unlock. They aren't the ones doing the lock-in. They're the ones unlocking, when developers, if you separate the two, are the ones who are going, picking, having the fun part of it, going, trying a new thing. So they're chasing a shiny object, and then the ops people are trying to untangle themselves from the remains of that shiny object a few years later. So- >> Aren't we- >> One way of fixing that is to push it all together and make it more DevOps-y. >> Yeah, that's right. >> But that's trying to put all the responsibilities in one place, like more continuous improvement, but... >> Chris, what's your reaction to that? Because you're- >> No, that's exactly what I was going to bring up, yeah, John. And 'cause we keep saying "devs," "dev," and "ops" and I've heard somewhere you can glue those two things together. Heck, you could even include "sec" in the middle of it, and "DevSecOps." So what's interesting about what Adrian's saying though, too, is I think this has a lot to do with how you structure your engineering teams and how you think about development versus operations and security. So I'm building out a team now that very much makes use of, thanks to my brilliant VP of Engineering, a "Team Topologies" approach, which is a very streamlined and product oriented way of thinking about, for example, in engineering, if you think about team structures, you might have people that build the front end, build the middle tier, and the back end, and then you have a product that needs to make use of all three components in some form. So just from getting stuff done, their ability then has to tie to three different groups, versus building a team that's streamlined that ends up having front end, middleware, and backend folks that understand and share standards but are able to uncork the velocity that's required to do that. So if you think about that, and not just from an engineering development perspective, but then you couple in operations as a foundational layer that services them with embedded capabilities, we're putting engineers and operations teams embedded in those streamlined teams so that they can run at the velocity that they need to, they can do continuous integration, they can do continuous deployment. And then we added CS, which is continuously secure, continuous security. So instead of having giant, centralized teams, we're thinking there's a core team, for example, a foundational team, that services platform, makes sure all the trains are running on time, that we're doing what we need to do foundationally to make the environments fully dev and operator and security people functional. But then ultimately, we don't have these big, monolithic teams that get into turf wars. So, to Adrian's point about, the operators don't like to be paned in, well, they actually have a say, ultimately, in how they architect, deploy, manage, plan, build, and operate those systems. But at the same point in time, we're all looking at that problem across those teams and go... Like if one streamline team says, "I really want to go run on Azure, "because I like their services better," the reality is the foundational team has a larger vote versus opinion on whether or not, functionally, we can satisfy all of the requirements of the other team. Now, they may make a fantastic business case and we play rock, paper, scissors, and we do that. Right now, that hasn't really happened. We look at the balance of AWS, we are picking SaaS-y, supercloud vendors that will, by the way, happen to run on three platforms, if we so choose to expand there. So we have a similar interface, similar capability, similar processes, but we've made the choice at LastPass to go all in on AWS currently, with respect to how we deliver our products, for all the reasons we just talked about. But I do think that operations model and how you build your teams is extremely important. >> Yeah, and to that point- >> And has the- (crosstalk) >> The vendors themselves need optionality to the customer, what you're saying. So, "I'm going to go fast, "but I need to have that optionality." I guess the question I have for you guys is, what is today's trade-off? So if the decision point today is... First of all, I love the go-fast model on one cloud. I think that's my favorite when I look at all this, and then with the option, knowing that I'm going to have the option to go to multiple clouds. But everybody wants lock-in on the vendor side. Is that scale, is that data advantage? I mean, so the lock-in's a good question, and then also the trade-offs. What do people have to do today to go on a supercloud journey to have an ideal architecture and taxonomy, and what's the right trade-offs today? >> I think that the- Sorry, just put a comment and then let Lori get a word in, but there's a lot of... A lot of the market here is you're building a product, and that product is a SaaS product, and it needs to run somewhere. And the customers that you're going to... To get the full market, you need to go across multiple suppliers, most people doing AWS and Azure, and then with Google occasionally for some people. But that, I think, has become the pattern that most of the large SaaS platforms that you'd want to build out of, 'cause that's the fast way of getting something that's going to be stable at scale, it's got functionality, you'd have to go invest in building it and running it. Those platforms are just multi-cloud platforms, they're running across them. So Snowflake, for example, has to figure out how to make their stuff work on more than one cloud. I mean, they started on one, but they're going across clouds. And I think that that is just the way it's going to be, because you're not going to get a broad enough view into the market, because there isn't a single... AWS doesn't have 100% of the market. It's maybe a bit more than them, but Azure has got a pretty solid set of markets where it is strong, and it's market by market. So in some areas, different people in some places in the world, and different vertical markets, you'll find different preferences. And if you want to be across all of them with your data product, or whatever your SaaS product is, you're just going to have to figure this out. So in some sense, the supercloud story plays best with those SaaS providers like the Snowflakes of this world, I think. >> Lori? >> Yeah, I think the SaaS product... Identity, whatever, you're going to have specialized. SaaS, superclouds. We already see that emerging. Identity is becoming like this big SaaS play that crosses all clouds. It's not just for one. So you get an evolution going on where, yes, I mean, every vendor who provides some kind of specific functionality is going to have to build out and be multi-cloud, as it were. It's got to work equally across them. And the challenge, then, for them is to make it simple for both operators and, if required, dev. And maybe that's the other lesson moving forward. You can build something that is heaven for ops, but if the developers won't use it, well, then you're not going to get it adopted. But if you make it heaven for the developers, the ops team may not be able to keep it secure, keep everything. So maybe we have to start focusing on both, make it friendly for both, at least. Maybe it won't be the perfect experience, but gee, at least make it usable for both sides of the equation so that everyone can actually work in concert, like Chris was saying. A more comprehensive, cohesive approach to delivery and deployment. >> All right, well, wrapping up here, I want to just get one final comment from you guys, if you don't mind. What does supercloud look like in five years? What's the Nirvana, what's the steady state of supercloud in five to 10 years? Or say 10 years, make it easier. (crosstalk) Five to 10 years. Chris, we'll start with you. >> Wow. >> Supercloud, what's it look like? >> Geez. A magic pane, a single pane of glass. (laughs) >> Yeah, I think- >> Single glass of pain. >> Yeah, a single glass of pain. Thank you. You stole my line. Well, not mine, but that's the one I was going to use. Yeah, I think what is really fascinating is ultimately, to answer that question, I would reflect on market consolidation and market dynamics that happens even in the SaaS space. So we will see SaaS companies combining in focal areas to be able to leverage the positions, let's say, in the identity space that somebody has built to provide a set of compelling services that help abstract that identity problem or that security problem or that instrumentation and observability problem. So take your favorite vendors today. I think what we'll end up seeing is more consolidation in SaaS offerings that run on top of infrastructure of the service offerings to where a supercloud might look like something I described before. You have the combination of your favorite interoperable identity, observability, security, orchestration platforms run across them. They're sold as a stack, whether it be co-branded by an enterprise vendor that sells all of that and manages it for you or not. But I do think that... You talked about, I think you said, "Is this an innovator's dilemma?" No, I think it's an integrator's dilemma, as it has always ultimately been. As soon as you get from Genesis to Bespoke Build to product to then commoditization, the cycle starts anew. And I think we've gotten past commoditization, and we're looking at niche areas. So I see just the evolution, not necessarily a revolution, of what we're dealing with today as we see more consolidation in the marketplace. >> Lori, what's your take? Five years, 10 years, what does supercloud look like? >> Part of me wants to take the pie in the sky unicorn approach. "No, it will be beautiful. "One button, and things will happen," but I've seen this cycle many times before, and that's not going to happen. And I think Chris has got it pretty close to what I see already evolving. Those different kinds of super services, basically. And that's really what we're talking about. We call them SaaS, but they're... X is a service. Everything is a service, and it's really a supercloud that can run anywhere, but it presents a different interface, because, well, it's easier. And I think that's where we're going to go, and that's just going to get more refined. And yes, a lot of consolidation, especially on the observability side, but that's also starting to consume the security side, which is really interesting to watch. So that could be a little different supercloud coming on there that's really focused on specific types of security, at least, that we'll layer across, and then we'll just hook them all together. It's an API first world, and it seems like that's going to be our standard for the next while of how we integrate everything. So superclouds or APIs. >> Awesome. Adrian... Adrian, take us home. >> Yeah, sure. >> What's your- I think, and just picking up on Lori's point that these are web services, meaning that you can just call them from anywhere, they don't have to run everything in one place, they can stitch it together, and that's really meant... It's somewhat composable. So in practice, people are going to be composable. Can they compose their applications on multiple platforms? But I think the interesting thing here is what the vendors do, and what I'm seeing is vendors running software on other vendors. So you have Google building platforms that, then, they will support on AWS and Azure and vice versa. You've got AWS's distro of Kubernetes, which they now give you as a distro so you can run it on another platform. So I think that trend's going to continue, and it's going to be, possibly, you pick, say, an AWS or a Google software stack, but you don't run it all on AWS, you run it in multiple places. Yeah, and then the other thing is the third tier, second, third tier vendors, like, I mean, what's IBM doing? I think in five years time, IBM is going to be a SaaS vendor running on the other clouds. I mean, they're already halfway there. To be a bit more controversial, I guess it's always fun to... Like I don't work for a corporate entity now. No one tells me what I can say. >> Bring it on. >> How long can Google keep losing a billion dollars a quarter? They've either got to figure out how to make money out of this thing, or they'll end up basically being a software stack on another cloud platform as their, likely, actual way they can make money on it. Because you've got to... And maybe Oracle, is that a viable cloud platform that... You've got to get to some level of viability. And I think the second, third tier of vendors in five, 10 years are going to be running on the primary platform. And I think, just the other final thing that's really driving this right now. If you try and place an order right now for a piece of equipment for your data center, key pieces of equipment are a year out. It's like trying to buy a new fridge from like Sub-Zero or something like that. And it's like, it's a year. You got to wait for these things. Any high quality piece of equipment. So you go to deploy in your data center, and it's like, "I can't get stuff in my data center. "Like, the key pieces I need, I can't deploy a whole system. "We didn't get bits and pieces of it." So people are going to be cobbling together, or they're going, "No, this is going to cloud, because the cloud vendors "have a much stronger supply chain to just be able "to give you the system you need. "They've got the capacity." So I think we're going to see some pandemic and supply chain induced forced cloud migrations, just because you can't build stuff anymore outside the- >> We got to accelerate supercloud, 'cause they have the supply. They are the chain. >> That's super smart. That's the benefit of going last. So I'm going to scoop in real quick. I can't believe we can call this "Web3 Supercloud," because none of us said "Web3." Don't forget DAO. (crosstalk) (indistinct) You have blockchain, blockchain superclouds. I mean, there's some very interesting distributed computing stuff there, but we'll have to do- >> (crosstalk) We're going to call that the "Cubeverse." The "Cubeverse" is coming. >> Oh, the "Cubeverse." All right. >> We will be... >> That's very meta. >> In the metaverse, Cubeverse soon. >> "Stupor cloud," perhaps. But anyway, great points, Adrian and Lori. Loved it. >> Chris, great to see you. Adrian, Lori, thanks for coming on. We've known each other for a long time. You guys are part of the cloud-erati, the group that has been in there from day one, and watched it evolve, and you get the scar tissue to prove it, and the experience. So thank you so much for sharing your commentary. We'll roll this up and make it open to everybody as additional content. We'll call this the "outtakes," the longer version. But really appreciate your time, thank you. >> Thank you. >> Thanks so much. >> Okay, we'll be back with more "Supercloud 22" right after this. (bright upbeat music)

>>Welcome back to the cubes, continuous coverage of AWS reinvent 2021 live in Las Vegas. I'm Lisa Martin pleased to be here in person. We are actually with AWS and its massive ecosystem of partners running. One of the industry's largest and most important hybrid tech events of the year. We've got two life sets over a hundred guests to remote studios. I'm pleased to welcome two guests from Laos here with me. Next, Derek is here, the VP and director of digital modernization and David chow, the director of cloud capabilities, Derek and David. Welcome to the program. Thanks for having us great to be here in person. Isn't it? >>Absolutely. Last year we missed out. So if we've got to get it all in this week. >>Exactly and well, this is day one and the amount of people that are in here, there's a lot of noise in the background. I'm sure the audience can hear it is, is really nice. AWS has done such a great job of getting us all in here. Nice and safely. So let's go ahead and start. Light is coming off a very strong Q3. When we look at the things that have happened, nearly all defense and classified customers are engaged in digital modernization efforts. We've seen so much acceleration of that in the last 20 months, but let's talk about some of the current challenges Derek that customers are facing across operations sustainment with respect to the need to modernize. >>Sure, sure thing. Um, so over the past two years, we spent a better part of all that time, trying to really figure out what are our customers' hardest problems. And, you know, that's across the health vertical, the DOD vertical, uh, the Intel vertical, uh, you name it. We spent a lot of time trying to figure it out. And we kept coming up on three reoccurring themes, one, which is the explosion of data. There's so much data being generated across our customer's environments. Um, there's not enough human brain power to deal with it. All right. So we need to be able to apply technology in a way that reduces the cognitive burden on operators who must do operations and sustainment to get to a business outcome. Uh, the second one and most importantly for us is advanced cyber threats. We've all heard about the colonial pipeline hack. >>We've heard about solar winds. The scary part about that is what about the hacks that we don't know about? Right. And that's something that here at lighthouse, we're really focused on applying technology, cyber AIML in a way that we can detect when someone's in our environments or in our customer environments. And then we can opt out, obviously, um, do some remediation and get them out of our environment. So mission operations are not compromised. And then lastly, customer environments are heterogeneous. You have cloud, you have on-premise infrastructure. Uh, you have edge devices, IOT devices. It's very difficult to be able to do management and orchestration over all these different devices, all the different platforms that are out there. So working in concert with AWS, we build a solution to be able to do just that, which we'll talk about a little later, David, anything else that you want to, >>We talked about the explosion of data, the cybersecurity landscape changing dramatically, and the customers needing to be able to modernize and leverage the power of technology. Yeah, >>So our customers, uh, we have basically three areas that we see our customers having challenges in. And one of them, once they get to the cloud, they don't have the transparency on cost and usage, right. Uh, when you get the engineers are excited, the mission is exploded with extra activities. Um, but our customers don't have a sense on where the cost is going and how that relates to their mission, right? So we help them figure out, okay, your, your cost is going up, which is fine because it's applying to your mission and it's helping you actually be more successful than before. Right? And the other area is, uh, they need, uh, a multi-platform strategy that doesn't impact their existing conditions, right? They don't have the practicality or the funding that's required to just rip and replace everything. And you can't do that. You have to maintain your mission. >>If you have to maintain about a lot of critical capability that they already have, but at the same time, figure out how am I going to add the extensions and the new capabilities, right? And we have certain ways that we can do that to allow them to start getting into the cloud, leveraging a lot of additional capability that they never had before, but maintaining the investment that they've done in the past years to maintain their mission success. Right. Uh, and then the third is skill up-skilling. So we found that a lot of people have a hard time. Once we move them into AWS, specifically their operational duties and things change. And there's a big gap there in terms of training, uh, getting familiar with how that impacts their process and methodology, and that that's where we helped them a lot, uh, modify that revolution and how they do that stuff. >>That's excellent. That upskilling is critical, as things are changing so dramatically, we have, you talked about data and the cybersecurity changes Derek. And you know, every company, every branch of the federal is probably a data company or data organization, or if it's not, it has to become one. But the cyber threats are crazy. The things that have been going on in the last 20 months, the acceleration of ransomware, ransomware as a service, you talked about colonial, like we only hear about the big ones, but how many it's no longer a will we get hit by ransomware? Or will we be hacked? It's when, talk to me about some of those, about those challenges and also the need to be able to deliver real-time data as real-time missions are going on in that real-time is now no longer a nice to have. >>Right? So, um, it's a great question. And one of the things that I'll say is there's some studies out there that said 75% of the computing, uh, that will be happening over the next 10 years will be at the edge, right? So we're not going to be able to go at the edge, collect all this data, ship it back to a centralized way to process it. We're not going to be able to do that. What we have to do is take capability that may have been clouded, able push that capability to the edge. Where did that be? AI ML. It could be your mission applications, and we need to be able to exploit data in near real time, um, to which allows us to make mission critical decisions at the point of need. There's not going to be enough time to collect a big swath of data, move it back across a bandwidth that is temporarily constrained. In many cases, we just can't do it that way. So I think moving as much capability to the edge as possible in order for us to be able to make an impact in near real time, that's what we need to do across all of our verticals, not just DOD, but on the healthcare side to the Intel side, you name it. We gotta be able to move capability as far forward as >>Possible. And where Derek with you for a minute, where are those verticals with respect to embracing that, adopting that being ready to be able to take on those technologies? Because culturally, I can imagine, you know, legacy his story, history organizations to change his heart >>Change is hard. Um, and one of the strategies that we've tried to implement within that context is that the legacy systems, the culture that is already out there, we're not just going to be able to turn all of that off, right. We're going to have to make sure that the new capabilities and the legacy systems co-exist. So that's one of the reasons that we have an approach where we use microservices, very much API driven, such that, uh, you know, a mission critical system that may have been online for the last 20 years. We're not just going to turn it off, but what we can do is start to build sidecar capabilities, microservices, to extend that capability of that system without rebuilding it, we can't build our way out of all the technical debt. What we can do is figure out how do we need to extend this capability to get to a mission need and build a microservices. That's very thin. That's very lightweight. And that's how you start to connect the dots between your mission applications, the data, the data centricity that we talked about and other capabilities that need access to data, to be able to effectuate a decision. >>You make it sound so easy. Derek, >>It's certainly not easy, but in working with AWS, we really have taken this forward and we're really deploying, uh, similar capabilities today. Um, so it's really the way that we have to modernize. We have to be able to do it step by step strangle out the old as we bring in the new right. >>So David, let's talk about the AWS partnership, what you guys are doing as the critical importance of being able to help the verticals modernize at speed at scale in real time. Talk to me about what Leidos and AWS are doing together. >>So we work with Adobe very closely, um, for every engagement we have with our customers, we have AWS as our side, we do the reviews of, of their architecture and their approach. We take, we take into account the data strategy of the organization as long along with their cloud, uh, because we found that you have to combine their cloud and their data strategy because of the volumes of data that Derrick talked about, right. That they needed to integrate. And so we come up with a custom strategy and a roadmap for them to adopt that without like Derek said, um, deprecating any old capabilities that currently have any extending it out into, into the cloud so that those areas are what we strive to get them through. And we talk about a lot about the digital enterprise and how that is for us from light of this point of view, we see that as building an API ecosystem for our customer, right? Because the API is really the key. And if you look at companies like Twilio that have an API first approach, that's, what's allowed them to integrate very old technology like telephones into the new cloud, right? So that approach is really the unique approach that was taken with our customers for to see the success that we've seen. >>Well, can you tell me, David's sticking with you for a minute about upscaling. I know that AWS has a big focus on that. It's got a restart program for helping folks that were unemployed during the pandemic or underemployed, but the upskilling, as we talked about during this interview is incredibly important. As things change are changing so quickly, is there any sort of upskilling kind of partnerships that you're doing with AWS that you, >>Uh, so as a partner, we ourselves get a lot of free upskilling and training, uh, as AWS from your partner. Um, but also with our customers, we're able to customize and build specific training plans and curriculums that is targeted specifically for the operators, right? They don't come from a technology background like we do, but they come from a mission background so we can modify and understand what they need to learn and what they don't really need to worry about so much and just target exactly what they need to do. So they can just do their day-to-day jobs and their duties for the mission. >>That's what it's all about. Derek, can you share an example that you think really speaks volumes to light us and AWS together to help customers modernize? >>One thing I like about AWS is that the partnership is what we describe as a deep technical partnership. It's not just transactional. It's not like, Hey, buy this X services and we'll, we'll do this. I have a great example of this year. We kicked off a pilot with an army customer and we actually leveraged AWS pro. So we were literally building a proof of concept together. So in 90 days, what we, what we did was get the customer to understand we're moving more to native AWS services, EMR, uh, to be more specific that you can save money on tons of licensing costs that you otherwise would have had to pay for it. After the pilot was over, we recognized that we will save the government $1.2 million and they have now said, yes, let's go AWS native, which is, uh, which is, uh, a methodology that we still want to stamp out and use continually because the more and more that you adopt that native services, you're going to be able to move faster. Because as soon as you deploy a system, it's already legacy. When you start to do the native services, as things more services come online, we're sort of their glue where to make sure those things that are coming, the services that are AWS are deploying out, we'd bring, we, we then bring that innovation into our customer environment. So saving a customer, the government $1.2 million at a big deal for us. >>It's huge. And I'm sure you there's, that's one of many examples of significant outcomes that you're helping the verticals achieve. Absolutely. >>Yeah. One of our >>Core focuses. That's excellent. And also to do it so quickly and 90 days to be able to show the army a significant savings is a, is a huge, uh, kudos to, to Linus and to AWS. David, talk to me a little bit about the, from a partnership perspective, how do you guys go into a joint organizations together? I imagine one of the most important things is that transparency from the verticals perspective, whether it's DOD or health or Intel, talk to me about that, that kind of unified partnership. And what is the customer and customer experience? I imagine one team. >>Yes. So we go into, we engage with our AWS counterparts at the very beginning of an engagement. So they have their dedicated teams. We have our dedicated teams and we are fully transparent with each other, what the customers are facing. And we both focus on the customer pain points, right? What was really going to drive the customer. Um, and that's how we sort of approach the customer. So the customer sees us as a single team. Uh, we do things like we'll build out what we call the well-architected framework or wafer for short, right. And that allows us to make sure that we're leveraging all the best practices from AWS, from their clients on the commercial side. And we can leverage that into the government, right. They can get a lot of learnings and lessons learned that they don't have to repeat because some of the commercial cupboard companies who are ahead of us have I've done the hard learning, right. And we can incorporate that into their mission and into their operations. >>That's critical because there isn't the time. Right? I think that's one of the things that Penn has taught us is that there isn't there, like we talked about real-time data, there is, it's no longer a nice to have, right. But even from a training and from a deployment perspective that needs to be done incredibly efficiently with, we're talking about probably large groups of people. I imagine with Leidos folks, AWS folks, and the verticals. So that coordination between, I imagine what are probably two fairly culturally aligned organizations is critical. No. >>Yeah. One of the things that we put in places, this idea of bachelors environment, so that means you could be a Leidos person. You could be an AWS person, there's no badge. We're just sitting there, we're here to do good work, to bring value to a customer. And that's something that's really fantastic about our relationship that we do have. So every week we are literally building things together and that's, that's what the government, that's what the public sector folks expect. No, one's not gonna own it all. You have to be able to work together to be able to bring value to our customers across all the verticals that >>I like. That badge list environment, that's critical for organizations to work together. Harmoniously given there's as the data explosion just continues as does the edge explosion and the IOT device explosion more and more complexity comes into the environment. So that Badger less environment I met David from your perspective is really critical to the success of every mission that you're working on. >>Yeah. I mean, I think the badge approaches is critical without it, the existing teams have a hard time building that trust and being, and feeling like we're part of that team, right? Trust is really important in, in mission success. And so when we enter a new arena, we try to get, build that trust as quickly as we can show them that, you know, we're there to help them with their mission. And we're not really there for anything else. So they feel comfortable to share, you know, the really deep pain points that they're not really sharing all the time. And that's what allows Leidos specifically to, to really be successful with them because they share all their skeletons and we don't judge them. Right. We've say, okay, here's your problems. Here's some solutions. And here are the pros and cons and we figure out a solution together, right. It's a really built together sort of mindset that makes us successful. Okay. >>Togetherness as key, last question, guys, what are some of the things that attendees can learn and feel and see, and smell from Leidos this week at reinvent? >>We want to take that one. >>Um, yeah. So with Leidos, um, we're around, we have, uh, various custom, uh, processes with AWS, uh, because of our peer partnership. We have the MSSP that we just got as a launch partner. So there's a lot of interaction that we have with AWS. Um, anytime that AWS sees that there is opportunity for us to talk to a customer and talk to potential vendor, they'll pull us in. So if you guys come by the booth and you need to talk to an SSI, they'll, they'll pull us in and we'll have those conversations. >>Excellent guys, thank you so much for joining me, talking about Leidos, AWS, what you guys are doing together and how you're helping transform government. You make it sound easy. Like I said, Derek, I know that it's not, but it's great to hear the transparency with which guys are all working. Thank you so much for your time. Thank you. Thank you. My pleasure for my guests. I'm Lisa Martin. You're watching the cube, the leader in global live tech coverage.

>>Well, hi everybody. I'm John Walls here and welcome back to the cubes, continuing coverage and splunk.com 21. And we've talked a lot about data, obviously, um, and a number of partnerships and the point of resources that it's going on in this space. And certainly a very valuable partnership that Splunk has right now is one with Intel. And with me to talk a little bit more about that is Rick Echavarria, who is the vice president of sales and the marketing group at Intel. Rick. Good to see it today. Thanks for joining us on the queue. It's >>Good to see you, John, and thanks for having us. >>You bet. No glad to have you as part of the.com coverage as well. Um, well, first off, let's just for folks at home, uh, who would like to learn more about this relationship, the Splunk Intel partnership, if you would give us that the 30,000 foot picture of it right now, in terms of, of how it began and how it's evolved to the point where it resides today. >>Yeah. Uh, sure. Glad to do that. You know, Splunk is had for many years, uh, position as, as one of the world's best, uh, security information and event management platform. So just like many customers in the cybersecurity space, they're probably trying to retire their technical debt. And, and what are the areas of important focuses to SIM space, right? The SIM segment within cybersecurity. And so the initial engagement between Intel and Splunk started with the information security group at Intel, looking to, again, retire the technical debt, bring next generation SIM technology. And that started, uh, the engagement with Splunk again, to go solve the cybersecurity challenges. One of the things that we quickly learned is that, uh, those flung offers a great platform, you know, from a SIM point of view, as you know, the cyber security segment, the surface area of attack, the number of attacks kids were increased. >>And we quickly realized that this needed to be a collaboration in order for us to be able to work together, to optimize our infrastructure. So it could scale, it could be performance, it could be reliable, uh, to protect Intel's business. And as we started to work with Splunk, we realized, Hey, this is a great opportunity. Intel is benefiting from it. Why don't we start working together and create a reference architecture so that our joint customers also benefit from the collaboration that we have in the cybersecurity space, as we were building the Intel cybersecurity infrastructure platform. So that re that was really the beginning of, uh, of the collaboration around described here and a little bit more, >>Right? So, so you had this, this good working relationship and said, Hey, why don't we get together? Let's get the band together and see what we can do for our car joint clients down the road. Right. So, so what about those benefits that, because you've now you've got this almost as force multiplier right. Of, of Intel's experience. And then what Splunk has been able to do in the data analytics world. Um, what kind of values are being derived, do you think with that partnership? >>Well, obviously we feel much better about our cyber security posture. Um, and, uh, and what's sort of interesting, John, is that we realized that we were what started out as a conversation on SIM. Uh, it really turned out to be an opportunity for us to look at Splunk as a data platform. And, you know, in the technology world, you sometimes hear people talk about the horizontal capabilities. Then the vertical usage is really the security. Uh, the SIM technology. It really became one of several, sorry about the noise in the background. One, uh, became a vertical application. And then we realized that we can apply this platform to some other usages. And in addition to that, you know, when you think about cybersecurity and what we use for SIM that tends to be part of your core systems in it, we started to explore what can we do with what could we do with other data types for other different types of applications. >>And so what we, what we decided to do is we would go explore usages of this data at the edge, uh, of, of the network, and really started to move into much more of that operational technology space. When we realized that Splunk could really, uh, that we could integrate that we can ingest other types of data. And that started a second collaboration around our open Vino technology and our AI capabilities at the edge with the ingestion and the machine learning capabilities of Splunk, so that we can take things like visual data and start creating dashboards for, for example, uh, managing the flow of people, you know, especially in COVID environment. So, uh, and understanding utilization of spaces. So it really started with SIM is moved to the edge. And now we realized that there's a continuum in this data platform that we can build other usages around. >>What was that learning curve like when you went out to the edge, because a lot of people are talking about it, right. And there was a lot of banter about this is where we have to be, but you guys put your money where your mouth was, right? Yeah. You went out, you, you explored that frontier. And, and so what was that like? And, and, and what I guess maybe kind of being early in, uh, what advantage do you think that has given you as that process has matured a little bit? >>Well, it's really interesting John, because what really accelerated our engagement with Splunk in that space was the pandemic. And we had, uh, in 2020 Intel announced the pandemic response technology initiative, where we decided we were going to invest $50 million in accelerating technologies and solutions and partnerships to go solve some of the biggest challenges that depend on them. It was presenting to the world at large. And one of those areas was around companies trying to figure out how to, how to manage spaces, how to manage, you know, the number of people that are in a particular space and social distancing and things of that nature. And, you know, we ended up engaging with Splunk and this collaboration, again, to start looking at visual data, right, integrating that with our open Vino platform and again, their machine learning and algorithms, and start then creating what you would call more operational technology types of application based on visual data. Now these will have other applications that could be used for security usages. It could be used for, again, social distancing, uh, the utilization of acids, but their pandemic and that program that ends the launch is really what became the catalyst for our collaboration with Splunk that allowed us to expand into space. >>Right. And you've done a tremendous amount of work in the healthcare space. I mean, especially in the last year and a half with Penn and the pandemic, um, can you give just a couple of examples of that maybe the variety of uses and the variety of, uh, processes that you've had an influence in, because I think it's pretty impressive. >>Yeah. We, um, there's quite a bit of breadth in the types of solutions we've deployed as part of the pandemic response. John, you can think of some of the, I wouldn't call these things basic things, but you think about telehealth and that improving the telehealth experience all the way to creating privacy aware or sorry, solutions for privacy sensitive usage is where you're doing things like getting multiple institutions to share their data with the right privacy, uh, which, you know, going back to secure and privacy with the right, uh, protections for that data, but being allowed, allowing organization a and organization B partner together use data, create algorithms that both organizations benefit from it. An example of that is, is work we've done around x-ray, uh, and using x-rays to detect COVID on certain populations. So we've gone from those, you know, data protection, algorithm, development, development type of solutions to, to work that we've done in tele-health. So, uh, and, and a lot of other solutions in between, obviously in the high-performance, uh, space we've invested in high-performance computing for, to help the researchers, uh, find cures, uh, for the current pandemic and then looking at future pandemic. So it's been quite a breadth of, uh, uh, of solutions and it's really a Testament also to the breadth of Intel's portfolio and partnerships to be able to, uh, enable so much in such a short amount of time. >>I totally agree, man. Just reading it a little bit about it, about that work, and you talk about the, the breadth of that, the breadth and the depth of that is certainly impressive. So just in general, we'll just put healthcare in this big lump of customers. So what, what do you think the value proposition of your partnership with Splunk is in terms of providing, you know, ultimate value to your customers, because you're dealing with so many different sectors. Um, but if you could just give a summary from your perspective, this is what we do. This is why this power. >>Yeah. Well, customers, uh, talk about transformation. You know, there's a lot of conversation around transformation, right before the pandemic and through and center, but there's a lot of talk about companies wanting to transform and, you know, in order to be able to transform what are the key elements of that is, uh, to be able to capture the right data and then take, turn that data into the right outcomes. And that is something that requires obviously the capabilities and the ability to capture, to ingest, to analyze the data and to do that on an infrastructure that is going to scale with your business, that is going to be reliable. And that is going to be, to give you the flexibility for the types of solutions that you're wanting to apply. And that's really what this blog, uh, collaboration with Intel is going to do. It's, it's just a great example, John, uh, of the strategy that our CEO, pat Gelsinger recently talked about the importance of software to our business. >>This plump collaboration is right in the center of that. They have capabilities in SIM in it observability, uh, in many other areas that his whole world is turning data into, you know, into outcomes into results. But that has to be done on an infrastructure that again, will scale with your business, just like what's the case with Intel and our cybersecurity platform, right? We need to collaborate to make sure that this was going to scale with the demand demands of our business, and that requires close integration of, of hardware and software. The other point that I will make is that the, what started out as a collaboration with between Intel and Splunk, it's also expanding to other partners in the ecosystem. So I like to talk to you a little bit on a work stream that we have ongoing between Intel Splunk, HPE and the Lloyd. >>And why is that important is because, uh, as customers are deploying solutions, they're going to be deploying applications and they're going to have data in multiple environments on premise across multiple clouds. And we have to give, uh, these customers the ability to go gather the data from multiple sources. And that's part of the effort that we're developing with HPE and the Lloyd's will allow people to gather data, perform their analytics, regardless, regardless of their where their data is and be able to deploy the Splunk platform across these multiple environments, whether it's going to be on prem or it's going to be in a pure cloud environment, or it's going to be in a hybrid with multiple clouds, and you're willing to give our customers the most flexibility that we can. And that's where that collaboration with Deloitte and HP is going to come into play. >>Right. And you understand Splunk, right? You will get the workload. I mean, it's, it's totally, there's great familiarity there, which is a great value for that customer base, because you could apply that. So, so, um, obviously you're giving us like multiple thumbs up about the partnership. What excites you the most about going forward? Because as you know, it's all about, you know, where are we going from here? Yes. Now where we've been. So in terms of where you're going together in that partnership, well, what excites you about that? >>Well, first of all, we're excited because it's just a great example of the value that we can deliver to customers when you really understand their pain points and then have the capability to integrate solutions that encompass software and hardware together. So I think that the fact that we've been able to do the work on, on that core SIM space, where we now have a reference architecture that shows how you could really scale and deliver that a Splunk solution for your cybersecurity needs in a, in a scale of one reliable and with high levels of security, of course. And the fact that we then also been able to co-develop fairly quickly solutions for the edge, allows customers now to have that data platform that can scale and can access a lot of different data types from the edge to the cloud. That is really unique. I think it provides a lot of flexibility and it is applicable to a lot of vertical industry segments and a lot of customers >>And be attractive to a lot of customers. That's for sure rec edge of area. We appreciate the time, always a good to see you. And we certainly appreciate your joining us here on the cube to talk about.com for 21. And your relationship with the folks at Splunk. >>Yeah. Thank you, John. >>You bet. Uh, talking about Intel spot, good partnership. Long time, uh, partnership that has great plans going forward, but we continue our coverage here of.com 21. You're watching the cube.

>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020 sponsored by Intel, AWS and our community partners. Everyone welcome back to the cubes coverage of a Davis reinvent 2020. It's a virtual conference this year. This is the Cube virtual. I'm John for your host. We're not in person this year. We're doing it remote because of the pandemic, but it's gonna be wall to wall coverage for three weeks. We've got you covered. And we got a great interview signature interview here with Two Cube alumni's Matt Garment, vice president of sales and marketing at AWS, formerly head of the C two and, of course, Sanjay Poon in CEO of VM Ware. Both distinguished guests and alumni of the Cube. Good to see you, Sanjay. Matt. Thanks for coming on. Uh, let's just jump into it. How are you guys doing? >>Great. Exciting. Excited for reinvent and, uh, excited for the conversation. So thanks for having us on. >>Yeah, I'm great to be here. We are allowed to be 6 ft away from each other, so I came in, but super excited about the partnership. Matt and I have been friends for several years on. You were so excited about another reinvent, the different circumstances doing all virtual. But it's a fantastic partnership. >>You know, I look forward to reinvent one of my most favorite times of the year, and it's also kind of stressful because it's backs up against Thanksgiving. And but, you know, you get through it, you have your turkey and you do the Friday and you guys probably Kino, perhaps, and all things going on and then you go to Vegas is a few celebration. We're not doing it this year. Three weeks eso There's gonna be a lot of big content in the first week, and we're gonna roll that out. We're gonna cover it, But it's gonna be a different celebrations so mad. I know you're in front center on this, Uh, just real quick. What are what do you expect people to be doing on the system? What's your expectations and how is this all going to play out? >>Yeah, you know, it's gonna be different, but I think we have Justus much exciting news as ever. And, you know, it's gonna be over a three week period. I think it actually gives people an opportunity to Seymour things. I think a lot of times we heard from, uh, from customers before was they love the excitement of being in Vegas, and we're not gonna be able to exactly replicate that, but But we have a lot of exciting things planned, and it'll enables customers to get two more sessions Seymour of the content and really see more of the exciting things that are coming out of AWS. And there's a lot s over the three weeks I encourage folks toe to dive in and really learn things is a This is the opportunity for customers to learn about the cloud and and some really cool things coming out. We're excited. >>Well, congratulations on all the business performs. I know that there's been a tailwind with the pandemic as people wanna go faster and smarter with cloud and on premise and Sanjay, you guys have a great results as well. Before I get into some of my point. Of course, I have a lot of I know we don't a lot of time, but I want to get a nup date on the relationship we covered in three years ago when, uh, Andy Jassy and team came down to San Francisco with Pat Gelsinger, Raghu, Sanjay. All this went down. There were skeptics. Relationship has proven to be quite strong and successful for both parties because you guys take a minute so you will start with you and talk about the relationship update. Where you guys at, What's the status? The relationship people want to know. >>Yeah, I think John, the relationship is going really well. Uh, it's rooted in first off, a clear understanding that there's value for customers. Um, this is the best of the public cloud in the private cloud in a hybrid cloud journey. And then, secondly, a deep engineering effort. This wasn't a Barney announcement. We both decided Matt in his previous role, was running a lot of the engineering efforts. Uh, we were really keen to make this a deep engineering effort, and often when we have our connected Cube ers, we're doing one little later this afternoon. I often can't tell when a Amazon personal speaking when a VM ware person speaking we're so connected both the engineering and then the go to market efforts. And I think after the two or three years that the the solution has had to just state and now we have many, many customers started to get real value. The go to market side of the operations really starting take off. So we're very excited about it. It is the preferred and the best offering. We think in the market, Um, and for Vienna, where customers. We message it as the best place for Vienna workload that's running on V sphere to move into Amazon. >>Matt, what's your take on the relationship update from your >>standpoint, I agree with Sanjay. I think it's been it's been fantastic. I think like you said, some folks were skeptical when we first announced it. But But, you know, we knew that there was something there and I think as we've gotten even deeper into this partnership, Onda figured out how we can continue Thio integrate more deeply both with on Prem and into the cloud. Our customers have really guided us and I think that's that's enabled us to further strengthen that partnership, and customers continue to get more excited when they see how easy it is to move and operate their VM where in their V sphere workloads inside of a W S on how it integrates well with the AWS environment, Um on they can still use all of the same functions and capabilities that they they built their business on the inside of the sphere. We're seeing bigger and bigger customers really just embrace us, and the partnerships only grown stronger. I think you know, Sanjay and I, we do joint sales calls together. I think that the business has really, really grown. It's been it's been a fantastic partnership. >>I was talking about that yesterday with being where in eight of us teams members as well. I want to get your thoughts on this cultural fit. Sanjay mentioned e think the engineering cultures air there. The also the corporate culture, both customer focused. Remember Andy Jassy told me, Hey, we're customer focused like you're making big. You make big, big statements Public Cloud and now he goes toe hybrid. He's very reactive to the customers and this is a cultural thing for me, was an VM where what are the customers saying to you now? What are you working backwards from this year? Because there's a lot to work backwards from. You got the pandemic. You got clear trends around at modernization automation under the covers, if you will. And you got VM Ware successful software running on their cloud on AWS. You got other customers. Matt, what's the big trends right now that are highlighted in your in your world? >>Yeah, it's a good question. And I think you know, it really does highlight the strength of this this hybrid model, I think, you know, pre pandemic. We had huge numbers of customers, obviously kind of looking at the cloud, but some of the largest enterprises in the world, in the more traditional enterprises, they really weren't doing a lot, you know, they were tipping their toes in, and some of the forward leaning enterprises were being really aggressive about getting into the cloud. But, you know, many people were just, you know, kind of hesitant or kind of telling, saying, Yes, we'll go learn about the cloud. I think as soon as the pandemic hit, we're really starting to see some of those more traditional enterprises realize it's a business imperative for them. Toe have ah, big cloud strategy and to move there quickly, and I I think our partnership with VM Ware and the VMC offering really is allowing many of these large enterprises to do that. And we see we see big traditional enterprise is really accelerating that move into the cloud. It gives them the business agility they need that allows them to operate their environment in uncertain world that allows them to operate remotely on DSO. We're seeing all of those trends, and I think I think we're going to continue to see the acceleration of our joint business. >>Sanjay, your thoughts. Virtualization has hit ah, whole nother level. It's not like server virtualization like it's cultural, it's societal. What's your take? >>Yeah, I think you know, virtualization is that fabric that connects the private cloud to the public cloud. It's the basis for a lot of the public cloud infrastructure. So when we listen to customers, I think the first kind of misconception we had to help them with was that it had to be choice between one or the other and being able to take Vienna Cloud, which was basically compute storage networking management and put that into the bare metal capabilities of AWS, an engineer deep into the stack and all the services that Matt and the engineering team were able to provide to us now allows that sort of application that sitting on premise to move like a house on wheels into a W s. And that's a beautiful experience we've even shown in in conferences, like a virtual reality moving of a workload, throwing a workload into a W s and a W s catches it. It's a good metaphor in a good way to think of those things that VM were like like the most playing the customers like like the emotional moves nicely. But then the other a misconception we had thio kind of illustrate to our customers was that you could once you were there, uh, let's take that metaphor. The house and wheels renovate the house with all the I think there's probably $200 services that Amazon AWS has. Um, all of a I data services be I I o t. Whatever. You have all the things that Andy and Matt kind of talk about in any of the reinvents. You get to participate and build on those services so it has. It's not like you take this there, and then it's sort of a dead end. You get to modernize your app after you migrated. So this migrate and modernize motion is something that we really start to reinforce with our customers, and it doesn't matter which one you do. First, you may modernize first and then migrate or migrate first and modernize. And in the modernized parts we've also made some significant investments and containers and Tan Xue. We could talk about that at this time and optimizing that for both the private cloud world and the public cloud world like Amazon. >>You know, Matt, this is something that we're talking about a lot this week. These few weeks with reinvent going on this everything is a service trend has a lot of things under it, like automation. Higher level services. One of the critics would say, Three years ago, when this announcement relationship between VM Ware enables came out was, Oh, Amazon's is going to steal all of their customers and VM we're screwed. Turns out that's not the case. You guys are both winning and rising. Tide floats all boats because VM Ware has an operator kind of market. People are operating their business with VM ware and they're adding higher level services with Cloud native, So it Xan overall win, so that was proven false. So clearly the new trend You guys are gaining a large enterprises that wanna go faster, have that existing operator kind of legacy stuff or pre conditions of the enterprise like VM ware. So how do you guide the technology teams and how do you look at this? Because this is where customers are like saying, Hey, I cannot operate my business house on wheels, modernize it in real time, come out a covert with the growth strategy and go faster your interview on all that. >>So I think you're exactly right. I think we see a lot of customers who see I don't want to necessarily lose what I have. I want to add on top of that, And so whether that's adding machine learning and kind of figuring out how they can take their data from various different data silos and put them into a large data lake and gets the machine learning insights on top of that, whether they want to do analytics, um, whether they want to d i o T. Whether they want to modernize two containers, I think there's there's a whole bunch of ways in which customers are looking at that. But you're absolutely right. It's not a I'm gonna go from a to B. It's I'm gonna take a and add B to it and, um, we see that's that's over and over again. I think what we've seen from customers doing it and, um and they're really taking advantage of that, right? And I think customers see all the announcements that we're making a reinvent over the next three weeks, and they wanna be able to take advantage of those things right? It's it's they want to be able to add that onto their production environment. They want to take a lot of the benefits they've gotten from their VM Ware environment, but also add some of these innovations from AWS. And I think that Z that really is what we focus on is what our engineering teams focus on. You know, we have joint engineering efforts to figure out how we can bridge that gap, right, so that they BMR environments can very easily reach into their A W s environment and take advantage of all the new services and offerings that we have there. So, um, that's that's exactly what our joint teams really pushed together. >>Sanjay, I wanna get your thoughts on this and we talk. Two years ago, we had a conversation with Cuba. I ask you since this is a great move for VM Ware because it simplifies the messaging and clears up the whole cloud strategy. And you had said something that I'm gonna bring this back today. You said it's not just simplifying the messaging to customers about what we're gonna do in the cloud. It's going to simplify their life is gonna make things easier. Have them set up for better bitterness. Goodness down the road. Can you take him in to explain what that what that goodness was? What came out of the simplicity of the messaging, the simplicity of solution? Where are we now? How does that all kind of Italian together? Can you take him in to explain that? >>Yeah, I think when the history books are written, John, um, this partnership will be one of the most seminal partnerships because from VM Ware's perspective, maybe a little from Amazon Let Matt talk about if you feel the same way. This is a headwind turning into a tailwind. I think that's sort of narrative that VM ware in Amazon were competing each others that maybe was the early story. In the early days of A W s Progress and VM, we're trying to build our own public cloud and then divesting that, uh, Mats, a Stanford grad. I'm a Harvard grad. So one day there'll be a case study. I think in both schools about how this partnership we have a strong partnership with deadlines, sometimes joke. That's a little bit of an arranged marriage we don't have. We didn't have much saying that because AMC Bardhyl so that's an important partnership. But this one we have to work hard to create. And I tell our customers, Del on AWS are top partners. And as you think about what we've been able to do here, the simplicity to the customer for you, as you describe this, is being able to really lower cost of ownership in any process, in terms of how they're building and migrating APs to be the best optimization of hardware, software and services. And the more you could make that better, simpler, cheaper through software and through the movement to the cloud. Um, I think customers benefit, and then you know, Of course, the innovation machine of both companies. Uh, Amazon's really building. I mean, every time I go to read and I'm just amazed at the Yeah, I think it's a near 200 services that they're building in all of these rich layers. All of those developers, services and, I don't know, two million customers. The whatever number of people that have it reinvent this year get to participate on top of all the applications and the virtualization infrastructure we built over the 20 years of our history. Uh eh. So I hope, you know, as we continue do this, this is all now, but customers success large and small customers being able to. And I'm very gratified to three years since we announced this that we're getting very good customer traction. And for us, that's gonna be a key focus to the reinvent, uh, presence we >>have at their show. It really just goes to show you when you built, when you invest in relationships up and down the spectrum from engineering Ah, product and executive. It kind of does pay off. Congratulations to you guys on that matter. I want to get your thoughts on where this kind of going because you're talking about the messaging from VM ware in the execution that comes behind it is the best, you know, Private public cloud hybrid cloud success. There's momentum there. What are the customers saying to you when you look at customer proof points? Um, what do you point to? Because you're now in charge of sales and marketing, you have to take now the installed base of Amazon Web services, which is you got the Debs and startups and, you know, cloud scale to large enterprises. Now you got the postcode growth. Go fast, cloud scale. You've got a huge customer base. You've got a target. These guys, you gotta bring this solution. What are they saying about the VM ware AWS success? Can you share some? Some >>days I'd be happy to, I think I mean, look, this this is what gets, uh, us excited. I know Sanjay gets just as excited about this. It's and it's really it's resonating across our customer base. You know, there's folks like S and P Global who's a large enterprise, right? They had, uh, they had a hardware procurement cycle. They were looking at them on front of implementation and they looked at a WSMV I'm wearing. They said, Look, we want to migrate. All of our applications want to migrate. Everything we have into the cloud, I think it was 150 critical financial applications that they seamlessly migrated with zero downtime Now all running on BMC in the cloud. Um, you look at governments, right? We have thing folks like the Scottish government on many government customers. We have folks that are like Penny Mac and regulated industries. Um, that really took critical parts of their application. Andi seamlessly migrated them to to A W S and BMC, and they looked at us. And when we talk to these customers, we really say, like, where is the best place for us to run these v sphere workloads? And, um and the great thing is we have a consistent message. We we know that it's the right that that aws nbn where's the best place to run those VCR workloads in the cloud? And so as we see enterprises as we see regulated industries as we see governments really looking to modernize and take advantage of the cloud, we're seeing them move whole swaths of their applications. And this is not just small parts. These are the critical really mission critical applications that they know that they need to get out flexibility on, and they want to get that agility. And so, um, you know, there's been a broad swath of customers like that that have really moved large large pieces of their application in date of us. So it's been fun to see. >>And John, if I might add to that what we've also sought to do is pick some of those great customers like the ones that Matt talked about and put them on stage. Uh, VM world. In previous, we had Freddie Mac and we had, you know, I h s market and these are good examples in the few that Matt talked about. So I'm super excited. I expect there'll be many more reinvent we did. Some also be in world. So we're getting these big customers to talk about this because then you get the 10 phenomenon. Everyone wants to come to this, tend to be able to participate in that momentum. The other thing I'm super excited about it started off as a US phenomenon. Just the U s customers, but I'm starting to see riel interest from European and a p J customers. Asia Pacific customers in countries Australia, Japan, U. K, France, Germany. So this becomes a global phenomenon where customers understand that this doesn't have to be just the U. S centric customers that are participating. And then that was, for me a very key objective because the early customers always gonna start in the Geo where, um, you know, there's the most resonance with the public cloud. But now we're starting to see this really take off in many parts of the world. >>Yeah, that's a great point at something we can talk about another conversation. Maybe we will bring you guys into some of our live check ins throughout the three weeks we're doing here. Reinvent. But this global regional approach Matt has been hugely successful. Um, we're on Amazon. We have Q breaches because by default, we're on top of Amazon. You're seeing companies build on top of Amazon. Look a snowflake. The largest I po in the history of Wall Street behind VM Ware. They run Amazon, right? And I will probably have other clouds to down the road. But the point is you guys are enabling this. >>Yeah, global. And it's it is one of the things that we hear from customers that they that they love about running in the cloud is that, you know, think about if you had Teoh, you know you mentioned snowflake. Imagine if your snowflake and you have to go build data centers everywhere. If you had to go roll out toe to Europe and then you have to build data centers in Germany and then you have to build data centers and the U. K. And then you had to go build data centers in Australia like that would be an enormous cost and complexity, and they probably wouldn't do it frankly, at their early stage, Um, you know, now they just they spin up another stack and their ableto serve their customers anywhere around the world. And we're seeing that from our VM or customers where, you know, they actually are spinning up brand new vmc clusters, uh, where they weren't able to do it before, where they either had toe operate from a single stack. Um, now they're able to say, you know what? I'd love to have Ah, vm or stack in Australia, and they're able to get that up and running quickly. And so I do think that this is actually enabling new business it z, enabling customers to think about. How do they put their computer environment close to where their end users are or where they need that computer environment to be sometime just close to end users? Sometimes it's for data residency requirements, but it really kind of enables customers to do that. Where think about in a cove in world, if you have to go launch a data center in a new country, you probably just I mean, maybe it wouldn't even be possible to do that way are today. And now it's just FBI calls. So >>I mean, your point about going slows in an option. The imperative we have, you know, even expression here inside silicon and on the Cube team. Is there a problem? Yes. Is it important? Yes. What are the consequences if you don't solve the problem? Can you quantify those consequences? And then you gotta look at solutions and look at the timing. So you got timing. You got cost. You got the consequences of not doing it. And speed all those things. No. No one's gonna roll out of data center in six months if they if they tried so again, Cloud. And I'm trying to come into play here. You gotta operate something. It's a hand in the glove, its's. I'm seeing the cream rise to the top with covert. You're seeing real examples of riel scale riel value problems that you solve that important that have consequences that can be quantified. I mean, it's simple. Is that >>you know, John, I was gonna say, in addition to this via McLeod on aws were also pretty, you know, prominent AWS customer for some of our services. So some of the services that we've seen accelerate through Covic Are these distributed workforce security capabilities? Eso we resume internally, that obviously runs on AWS. But then surrounding that with workspace one and carbon like to secure the laptop that goes home. Those services of us running A W. S two. So this is one of those places where we're grateful that we could run those cloud services because we're also just like Snowflake and Zoom and others. Many of the services that we build that our SAS type services run on Amazon, and that reinforces the partnership for us. Almost like a SAS customer. >>Well, gentlemen, really appreciate your insight. As always, a great conversation. We could go for another hour. You guys with leaders of your organizations, you're at the front lines as managing through the pandemic will have you guys come into our check ins throughout the three weeks now here during reinvent from or commentary. But I'd like to end this segment by sharing. In your opinion, what is the most important thing that the audience should pay attention to this year at Reinvent? I know there's a lot of things going on. It's three weeks, not four days. It's so it's longer, but still there's a lot of announcements, man, on your side vm where you got the moment and you got your announcements. What should customers pay attention to this reinvent Virtual 2020. >>So, do you wanna go first? >>No, man, it's your show. You go first. E >>I would encourage folks toe Really think about and plan the three weeks out. This this is the opportunity to really dive in and learn. Right? Reinvent is as as many of you know, this This is just a different type of conference. It's not American Conference. This is a learning conference, and and even virtually that doesn't change. And so I encourage. Look across the broad swath of things that we're doing. Learn about machine learning and what we're doing in that space. Learn about the new compute capabilities or container capabilities. Learn about you know what, what is most relevant to your business if you're looking about. Hey, I have an on premise data center, and I'm looking about how I extend into the cloud. There's a lot of new capabilities around BMC and AWS that makes sense, but there's also a lot of cool announcements around just other services. Um, that could be interesting. We have a ton of customers. They're giving talks. And learning from other customers is often the best way to really understand how you can get the most value out of the cloud. And so I encourage folks toe really kind of block that time. I think it's easy when your remote to get distracted by, you know, watching Netflix or answering emails or things like that. But this is this is a great opportunity to block that schedule. Find the time that you have to really spend time and dive into the sessions because we have a ton of great content on a lot of really cool launches coming up. >>Yeah, I'm just very quickly. I would like one of things I love about Amazon's culture and were similar. VM Ware is that sort of growth mindset. Learn it all and I'm looking forward myself personally to going to reinvent university. This is three weeks of learning, uh, listening to many of those those things. I learned a ton and I've tried to have my own sort of mindset of have being a learn it all as opposed to know it. Also these air incredible sessions and I would also reinforce what Matt said which is going find pure customers of yours that are in your same vertical. We're seeing enormous success in the key verticals Vienna plays in which itself called financial services public sector healthcare manufacturing, CPG retail. I mean, whatever it is so and many of those customers will be, uh, you know, doing virtual talks or we have case studies of use cases because often these sort of birds of a feather allow you to then plan your migration of modernization journey in a similar >>fashion, Matt Sanjay, always great to get the leaders of the two biggest companies in our world A, W s and VM where to share their perspectives. Uh, this year is gonna be different. I'm looking forward to, you know, really kinda stepping up and leaning into the virtual because, you know, we're gonna do three weeks of cube coverage. We have, like, special coverage days, Tuesday, Wednesday, Thursday for each of the three weeks that we're in. And we're gonna try to make this fun as possible. Keep everyone engaged on tryto navigate, help people navigate through the virtual world. So looking forward to having you guys back on and and sharing. Thanks for coming. I appreciate it. Thank you very much. Okay, this is the cubes. Virtual coverage of virtual reinvent 2020. I'm John for your host. Stay with us. Silicon angle dot com. The cube will be checking in with our live coverage in and out of the sessions and stay with us for more wall to wall coverage. Thanks for watching. Yeah,

>> Narrator: From around the globe. It's theCUBE with digital coverage of VMworld 2020, brought to you by VMware and its ecosystem partners. >> Hello, welcome back to theCUBE's coverage of VMworld 2020. This is theCUBE virtual with VMworld 2020 virtual. I'm John Furrier your host of theCUBE with Dave Vellante. It's our 11th year covering VMware. We're not in person, we're virtual, but all the content is flowing. Of course, we're here with Pat Galsinger, the CEO of VMware. Who's been on theCUBE all 11 years. This year virtual of theCUBE as we've been covering VMware from his early days in 2010, when theCUBE started 11 years later, Pat is still changing and still exciting. Great to see you. Thanks for taking the time. >> Hey, you guys are great. I love the interactions that we have, the energy, the fun, the intellectual sparring. And of course that audiences have loved it now for 11 years. And I look forward to the next 11 that we'll be doing together. >> It's always exciting cause we'd love great conversations. Dave and I like to drill in and really kind of probe and unpack the content that you're delivering at the keynotes, but also throughout the entire program. It is virtual this year, which highlights a lot of the cloud native changes. Just want to get your thoughts on the virtual aspect of VMworld, not in person, which is one of the best events of the year. Everyone loves it. The great community. It's virtual this year, but there's a slew of content. What should people take away from this virtual VMworld? >> Well, one aspect of it is that I'm actually excited about is that we're going to be well over a hundred thousand people, which allows us to be bigger, right? You don't have the physical constraints. You also are able to reach places like I've gone to customers and maybe they had 20 people attend in prior years. This year they're having a hundred, they're able to have much larger teams. Also like some of the more regulated industries where they can't necessarily send people to events like this, the international audience. So just being able to spread the audience much more broadly well, also our key messages a digital foundation for unpredictable world. And man, what an unpredictable world it has been this past year? And then key messages, lots of key products announcements technology, announcements partnership, announcements and of course in all of the VMworld, is that hands on (murmurs) interactions that we'll be delivering our virtual, you come to the VMware because the content is so robust and it's being delivered by the world's smartest people. >> Yeah. We've had great conversations over the years. And we've talked about hybrid clothing 2012, a lot of this stuff I looked back in lot of the videos was early on, we're picking out all these waves, but it was that moment four years ago or so, maybe even four, three, I can't even remember, seems like yesterday. You gave the Seminole keynote and you said, "This is the way the world's going to happen." And since that keynote I'll never forget was in Moscone. And since then you guys have been performing extremely well both on the business as well as making technology bets and is paying off. So what's next? I mean, you've got the cloud scale. Is it space? Is it cyber? I mean, all these things are going on. What is next wave that you're watching and what's coming out and what can people extract out of VMworld this year about this next wave? >> Yeah, one of the things I really am excited about I went to my buddy Jensen. I said, "Boy, we're doing this work and smart. Next We really liked to work with you and maybe some things to better generalize the GPU." And Jensen challenged me. Now, usually, I'm the one challenging other people with bigger visions, this time Jensen said, "Hey Pat, I think you're thinking too small. Let's do the entire AI landscape together. And let's make AI a enterprise classwork stowed from the data center to the cloud and to the Edge. And so I'm going to bring all of my AI resources and make VMware, And Tansu the preferred infrastructure to deliver AI at scale. I need you guys to make the GPS work like first class citizens in the vSphere environment, because I need them to be truly democratized for the enterprise. so that it's not some specialized AI development team, it's everybody being able to do that. And then we're going to connect the whole network together in a new and profound way with our Monterey Program as well being able to use the SmartNIC, the DPU as Jensen likes to call it. So now it's CPU, GPU and DPU, all being managed through a distributed architecture of VMware." This is exciting. So this is one in particular that I think we are now rearchitecting the data center, the cloud in the Edge. And this partnership is really a central point of that. >> Yeah, the Nvid thing's huge. And I know Dave, Perharbs has some questions on that. But I ask you a question because a lot of people ask me, is it just a hardware deal? I mean, talking about SmartNIC, you talking about data processing units. It sounds like a motherboard in the cloud, if you will, but it's not just hardware. Can you talk about the aspect of the software piece? Because again, Nvidia is known for GP use, we all know that, but we're talking about AI here. So it's not just hardware. Can you just expand and share what the software aspect of all this is? >> Yeah. Well, Nvidia has been investing in their AI stack and it's one of those where I say, this is Edison at work, right? The harder I work, the luckier I get. And Nvidia was lucky that their architecture worked much better for the AI workload, but it was built on two decades of hard work in building a parallel data center architecture. And they have built a complete software stack for all of the major AI workloads running on their platform. All of that is now coming to vSphere and Tansu, that is a rich software layer across many vertical industries. And we'll talk about a variety of use cases. One of those that we highlight at Vmworld is the university of California, San Francisco partnership UCSF one of the world's leading research hospitals, some of the current vaccine use cases as well, the financial use cases for threat detection and trading benefits. It really is about how we bring that rich software stack. this is a decade and a half of work to the VMware platform so that now every developer and every enterprise could take advantage of this at scale, that's a lot of software. So in many respects, yeah, there's a piece of hardware in here, but the software stack is even more important. >> So well on the sort of Nvidia the arm piece, there's really interesting, these alternative processing models. And I wonder if you could comment on the implications for AI inferencing at the Edge. It's not just as well processor implications, it's storage, it's networking. It's really a whole new fundamental paradigm. How are you thinking about that Pat? >> Yeah, we've thought about, there's three aspects, but what we said three problems that we're solving. One is the developer problem, what we said, now you develop once, right? And the developer can now say, "Hey, I want to have this new AI centric app and I can develop, and it can run in the data center on the cloud or at the Edge." You'll secondly, my operations team can be able to operate this just like I do all my infrastructure. And now it's VMs containers and AI applications and third, and this is where your question really comes to bear. Most significantly is data gravity, right? These data sets are big. Some of them need to be very low latency as well. They also have regulatory issues. And if I have to move these large regulated data sets to the cloud, boy, maybe I can't do that generally for my apps or if I have low latency heavy apps at the Edge, ah, I can't pull it back to the cloud or to my data center. And that's where the uniform architecture and aspects of the Monterey program, where I'm able to take advantage of the network and the SmartNIC that are being built, but also being able to fully represent the data gravity issues of AI applications at scale 'cause in many cases I'll need to do the processing, both the learning and the inference at the Edge as well. So that's a key part of our strategy here with Nvidia. And I do think is going to be a lock, a new class of apps because when you think about AI and containers, what am I using it for? Well, it's the next generation of applications. A lot of those are going to be Edge 5G based. So very critical. >> We got to talk about security now, too. I mean, I'm going to pivot a little bit here John if it's okay. Years ago you said security is a do over. You said that on theCUBE, It stuck with us. There's there's been a lot of complacency it's kind of, if it didn't broke, don't fix it, but COVID kind of broke it. That's why you see three mega trends. You've got cloud security, you see in Z scaler rocket, you got identity access management and I'll check, I think a customer of yours. And then you've got endpoint you're seeing CrowdStrike explode. You guys pay 2.7 billion I think for carbon black yet CrowdStrike has this huge valuation. That's a mega opportunity for you guys. What are you seeing there? How are you bringing that all together? You've got NSX components, EUC components. You've got sort of security throughout your entire stack. How should we be thinking about that? >> Well, one of the announcements that I am most excited about at Vmworld is the release of carbon black workload, this research we're going to take those carbon black assets and we're going to combine it with workspace one. We're going to build it in NSX. We're going to make it part of Tansu and we're going to make it part of vSphere. And carbon black workload is literally the vSphere embodiment of carbon black in an agentless way. Ans so now you don't need to insert new agents or anything. It becomes part of the hypervisor itself, meaning that there's no attack surface available for the bad guys to pursue, but not only is this an exciting new product capability, but we're going to make it free, right? And what I'm announcing at VMworld and everybody who uses vSphere gets carbon black workload for free for an unlimited number of VMs for the next six months. And as I said in the keynote today is a bad day for cybercriminals. This is what intrinsic security is about, making it part of the platform. Don't add anything on, just click the button and start using what's built into vSphere. And we're doing that same thing with what we're doing at the networking layer. This is the act, the last line acquisition. We're going to bring that same workload kind of characteristic into the container. That's why we did the Octarine acquisition. And we're releasing the integration of workspace one with a carbon black client, and that's going to be the differentiator. And by the way, CrowdStrike is doing well, but guess what? So are we, and like both of us are eliminating the rotting dead carcasses of the traditional AV approach. So there is a huge market for both of us to go pursue here. So a lot of great things in security. And as you said, we're just starting to see that shift of the industry occur that I promised last year in theCUBE. >> So it'd be safe to say that you're a cloud native in a security company these days? >> You all, absolutely. And the bigger picture of us, is that we're critical infrastructure layer for the Edge for the cloud, for the telco environment and for the data center from every end point, every application, every cloud. >> So Padagonia asked you a virtual question, we got from the community, I'm going to throw it out to you because a lot of people look at Amazon, The cloud and they say, "Okay, we didn't see it coming. We saw it coming. We saw it scale all the benefits that are coming out of cloud, Well-documented." The question for you is what's next after cloud, as people start to rethink, especially with COVID highlighting all the scabs out there. As people look at their exposed infrastructure and their software, they want to be modern. They want the modern apps. What's next after cloud. What's your vision? >> Well, with respect to cloud, we are taking customers on the multicloud vision, right? Where you truly get to say, "Oh, this workload, I want to be able to run it with Azure, with Amazon. I need to bring this one on premise. I want to run that one hosted. I'm not sure where I'm going to run that application." So develop it and then run it at the best place. And that's what we mean by our hybrid multicloud strategy is being able for customers to really have cloud flexibility and choice. And even as our preferred relationship with Amazon is going super well. We're seeing a real uptick. We're also happy that the Microsoft Azure VMware services now GA so they're in marketplace, our Google, Oracle, IBM and Alibaba partnerships in the much broader set of VMware cloud Partner Program. So the future is multicloud. Furthermore, it's then how do we do that in the Telco Network for the 5G build out, The Telco cloud? And how do we do that for the Edge? And I think that might be sort of the granddaddy of all of these because increasingly in a 5G world will be a nibbling Edge use cases. We'll be pushing AI to the Edge like we talked about earlier in this conversation, will be enabling these high bandwidth, with low latency use cases at the Edge, and we'll see more and more of the smart embodiment, smart cities, smart street, smart factory, or the autonomous driving. All of those need these type of capabilities. >> So there's hybrid and there's multi, you just talked about multi. So hybrid are data partner ETR, they do quarterly surveys. We're seeing big uptick in VMware cloud and AWS, you guys mentioned that in your call. we're also seeing the VMware cloud, VMware cloud Coundation and the other elements, clearly a big uptake. So how should we think about hybrid? It looks like that's an extension of on-prem maybe not incremental, maybe a share shift whereas multi looks like it's incremental, but today multi has really running on multiple clouds, but vision toward incremental value. How are you thinking about that? >> Yeah, so clearly the idea of multi is to link multiple. Am I taking advantage of multiple clouds being my private clouds, my hosted clouds. And of course my public cloud partners, we believe everybody will be running a great private cloud, picking a primary, a public cloud, and then a secondary public cloud. Hybrid then is saying, which of those infrastructures are identical so that I can run them without modifying any aspect of my infrastructure operations or applications. And in today's world where people are wanting to accelerate their move to the cloud, a hybrid cloud is spot on with their needs because if I have to refactor my applications it's a couple million dollars per app, And I'll see you in a couple of years. If I can simply migrate my existing application to the hybrid cloud, what we're consistently seeing is the time is one quarter and the cost is one eight, four less. Those are powerful numbers. And if I need to exit a data center, I want to be able to move to a cloud environment, to be able to access more of those native cloud services. Wow. That's powerful. And that's why for seven years now we've been preaching that hybrid is the future. It is not a waystation to the future. And I believe that more fervently today than when I declared it seven years ago. So we are firmly on that path that we're enabling a multi and a hybrid cloud future for all of our customers. >> Yeah. You addressed that like CUBE 2013. I remember that interview vividly was not a waystation. I got (murmurs) the answer. Thank you Pat, for clarifying than going back seven years. I love the vision. You're always got the right wave. It's always great to talk to you, but I got to ask you about these initiatives you seeing clearly last year or a year and a half ago, project Pacific name out almost like a guiding directional vision, and then put some meat on the bone Tansu and now you guys have that whole Cloud Native Initiative is starting to flower up thousand flowers are blooming. This year Project Monterrey has announced same kind of situation. You're showing out the vision. What are the plans to take that to the next level and take a minute to explain how project Monterey, what it means and how you see that filling out. I'm assuming it's going to take the same trajectory as Pacific. >> Yeah. Monetary is a big deal. This is rearchitecting The core of vSphere. It really is ripping apart the IO stack from the intrinsic operation of a vSphere and ESX itself, because in many ways, the IO we've been always leveraging the NIC and essentially virtual NICs, but we never leverage the resources of the network adapters themselves in any fundamental way. And as you think about SmartNICs, these are powerful resources now where they may have four, eight, 16, even 32 cores running in the smartNIC itself. So how do I utilize that resource? But it also sits in the right place in the sense that it is the network traffic cop. It is the place to do security acceleration. It is the place that enables IO bandwidth optimization across increasingly rich applications where the workloads, the data, the latency get more important both in the data center and across data centers to the cloud and to the Edge. So this rearchitecting is a big deal. We announced the three partners, Intel, Nvidia, Mellanox, and Penn Sandow that we're working with. And we'll begin the deliveries of this as part of the core vSphere offerings of beginning next year. So it's a big rearchitecting. These are our key partners. We're excited about the work that we're doing with them. And then of course our system partners like Dell and Lenovo, who've already come forward and says, "Yeah, we're going to be bringing these to market together with VMware." >> Pat, personal question for you. I want to get your personal take, your career, going back to Intel. You've seen it all, but the shift is consumer to enterprise. And you look at just recently snowflake IPO, the biggest ever in the history of wall street, an enterprise data's company. And the enterprise is now relevant. Enterprise feels consumer. We talked about consumerization of IT years and years ago, but now more than ever the hottest financial IPO enterprise, you guys are enterprise. You did enterprise at Intel. (laughs) You know the enterprise, you doing it here at VMware. The enterprise is the consumer now with cloud and all this new landscape. What is your view on this? Because you've seen the waves, and you've seen the historical perspective. It was consumer, was the big thing. Now it's enterprise, what's your take on all this? How do you make sense of it? Because it's now mainstream. what's your view on this? >> Well, first I do want to say congratulations to my friend Frank, and the extraordinary snowflake IPO, and by the way, they use VMware. So not only do I feel a sense of ownership 'cause Frank used to work for me for a period of time, but they're also a customer of ours. So go Frank, go snowflake. We're we're excited about that. But there is this episodic, this to the industry where for a period of time it is consumer-driven and CES used to be the hottest ticket in the industry for technology trends. But as you say, it is now shifted to be more business centric. And I've said this very firmly, for instance, in the case of 5G where I do not see consumer a faster video or a better Facebook, isn't going to be why I buy 5G. It's going to be driven by more business use cases where the latency, the security and the bandwidth will have radically differentiated views of the new applications that will be the case. So we do think that we're in a period of time and I expect that it's probably at least the next five years where business will be the technology drivers in the industry. And then probably, hey, there'll be a wave of consumer innovation and I'll have to get my black turtlenecks out again and start trying to be cool, but I've always been more of an enterprise guy. So I like the next five to 10 years better. I'm not cool enough to be a consumer guy. And maybe my age is now starting to conspire against me as well. >> Hey, Pat, I know you've got to go, but quick question. So you guys, you gave guidance, pretty good guidance, actually. I wondered have you and Zane come up with a new algorithm to deal with all this uncertainty or is it kind of back to old school gut feel? (laughs) >> Well, I think as we thought about the year as we came into the year and obviously, COVID smacked everybody, we laid out a model, we looked at various industry analysts, what we call the swoosh model, right? Q2, Q3 and Q4 recovery, Q1 more so, Q2 more so, and basically, we build our own theories behind that. We test it against many analysts, the perspectives, and we had vs and we had Ws and we had Ls and so on. We picked what we thought was really sort of grounded of the best data that we could put our own analysis, which we have substantial data of our own customer's usage, et cetera, and pick the model. And like any model, you put a touch of conservatism against it, and we've been pretty accurate. And I think there's a lot of things, we've been able to sort of, with good data good thoughtfulness, take a view and then just consistently manage against it and everything that we said when we did that back in March, sort of proven out incrementally to be more accurate. And some are saying, "Hey, things are coming back more quickly." And then, oh we're starting to see the fall numbers climb up a little bit. Hey, we don't think this goes away quickly. There's still a lot of secondary things to get flushed through the various economies, as stimulus starts tailoring off small businesses are more impacted and we still don't have a widely deployed vaccine. And I don't expect we will have one until second half of next year. Now there's the silver lining to that, as we said, which means that these changes, these faster to the future shifts in how we learn, how we work, how we educate, how we care for, how we worship, how we live, they will get more and more sedimented into the new normal relying more and more on the digital foundation. And we think ultimately that has extremely good upsides for us longterm, even as it's very difficult to navigate in the near term. And that's why we are just raving optimists for the longterm benefits of a more and more digital foundation for the future of every industry, every human, every workforce, every hospital, every educator, they are going to become more digital. And that's why I think going back to the last question, this is a business driven cycle, we're well positioned, and we're thrilled for all of those who are participating with VMworld 2020. This is a seminal moment for us and our industry. >> Pat, thank you so much for taking the time. It's an enabling model. It's what platforms are all about. You get that. My final parting question for you is whether you're a VC investing in startups or a large enterprise who's trying to get through COVID with a growth plan for that future. What is a modern app look like? And what does a modern company look like in your view? >> Well, a modern company would be that instead of having a lot of people looking down at infrastructure, the bulk of my IT resources are looking up at building apps. Those apps are using modern CICD data pipeline approaches built for a multicloud embodiment, right? And of course, VMware is the best partner that you possibly could have. So if you want to be modern, cool on the front end, come and talk to us. >> All right. Pat Galsinger the CEO of VMware here on theCUBE for VML 2020 virtual here with theCUBE virtual. Great to see you virtually Pat. Thanks for coming on. Thanks for your time. >> Hey, thank you so much. Love to see you in person soon enough, but this is pretty good. Thank you, Dave. Thank you so much. >> Okay. You're watching theCUBE virtual here for VMworld 2020. I'm John Furrier with Dave Vallente with Pat Gelsinger. Thanks for watching. (upbeat music)

>>From the cube studios in Palo Alto, in Boston, connecting with thought leaders all around the world. This is a cute conversation. Hi, welcome back. I'm Stu middleman. And this is a cube conversation digging in with, talking about what they're doing to help people. Yeah. Really bringing some of the networking ideals to cloud native environment, both know in the cloud, in the data centers program, Krishna penny. He is the vice president of software. Thanks so much for joining us. Thank you so much for talking to me. Alright, so, so Krishna the pin Sandow team, uh, you know, very well known in the industry three, uh, you innovation. Yeah. Especially in the networking world. Give us a little bit about your background specifically, uh, how long you've been part of this team and, uh, you know, but, uh, you know, you and the team, you know? Yeah. >>And Sando. Yup. Um, so, uh, I'm VP of software in Sandow, um, before Penn Sarno, before founding concern, though, I worked in a few startups in CME networks, uh, newer systems and Greenfield networks, all those three startups have been acquired by Cisco. Um, um, my recent role before this, uh, uh, this, this company was a, it was VP of engineering and Cisco, uh, I was responsible for a product called ACA, which is course flagship SDN tonic. Mmm. So I mean, when, why did we find a phone, uh, Ben Sandoz? So when we were looking at the industry, uh, the last, uh, a few years, right? The few trends that are becoming clear. So obviously we have a lot of enterprise background. We were watching, you know, ECA being deployed in the enterprise data centers. One sore point for customers from operational point of view was installing service devices, network appliances, or storage appliances. >>So not only the operational complexity that this device is bringing, it's also, they don't give you the performance and bandwidth, uh, and PPS that you expect, but traffic, especially from East West. So that was one that was one major issue. And also, if you look at where the intelligence is going, has been, this has been the trend it's been going to the edge. The reason for that is the motors or switches or the devices in the middle. They cannot handle the scale. Yeah. I mean, the bandwidths are growing. The scale is growing. The stateful stuff is going in the network and the switches and the appliances not able to handle it. So you need something at the edge close to the application that can handle, uh, uh, this kind of, uh, services and bandwidth. And the third thing is obviously, you know, x86, okay. Even a few years back, you know, every two years, you know, you're getting more transistors. >>I mean, obviously the most lined it. And, uh, we know we know how that, that part is going. So the it's cycles are more valuable and we don't want to use them for this network services Mmm. Including SDN or firewalls or load balancer. So NBME, mutualization so looking at all these trends in the industry, you know, we thought there is a good, uh, good opportunity to do a domain specific processor for IO and build products around it. I mean, that's how we started Ben signed off. Yeah. So, so Krishna, it's always fascinating to watch. If you look at startups, they are often yeah. Okay. The time that they're in and the technologies that are available, you know, sometimes their ideas that, you know, cakes a few times and, you know, maturation of the technology and other times, you know, I'll hear teams and they're like, Oh, well we did this. >>And then, Oh, wow. There was this new innovation came out that I wish I had add that when I did this last time. So we do, a generation. Oh, wow. Talking about, you know, distributed architectures or, you know, well, over a decade spent a long time now, uh, in many ways I feel edge computing is just, you know, the latest discussion of this, but when it comes to, and you know, you've got software, uh, under, under your purview, um, what are some of the things that are available for that might not have been, you know, in your toolkit, you know, five years ago. Yeah. So the growth of open source software has been very helpful for us because we baked scale-out microservices. This controller, like the last time I don't, when we were building that, you know, we had to build our own consensus algorithm. >>We had to build our own dishwasher database for metrics and humans and logs. So right now, uh, we, I mean, we have, because of open source thing, we leverage CD elastic influx in all this open source technologies that you hear, uh, uh, since we want to leverage the Kubernetes ecosystem. No, that helped us a lot at the same time, if you think about it. Right. But even the software, which is not open source, close source thing, I'm maturing. Um, I mean, if you talk about SDN, you know, seven APS bank, it was like, you know, the end versions of doing off SDN, but now the industry standard is an ADPN, um, which is one of the core pieces of what we do we do as Dean solution with DVA. Um, so, you know, it's more of, you know, the industry's coming to a place where, you know, these are the standards and this is open source software that you could leverage and quickly innovate compared to building all of this from scratch, which will be a big effort for us stocked up, uh, to succeed and build it in time for your customer success. >>Yeah. And Krishna, I, you know, you talk about open forum, not only in the software, the hardware standards. Okay. Think about things, the open compute or the proliferation of, you know, GPS and, uh, everything along that, how was that impact? I did. So, I mean, it's a good thing you're talking about. For example, we were, we are looking in the future and OCP card, but I do know it's a good thing that SEP card goes into a HP server. It goes into a Dell software. Um, so pretty much, you know, we, we want to, I mean, see our goal is to enable this platform, uh, that what we built in, you know, all the use cases that customer could think of. Right. So in that way, hardware, standardization is a good thing for the industry. Um, and then same thing, if you go in how we program the AC, you know, we at about standards of this people, programming, it's an industry consortium led by a few people. >>Um, we want to make sure that, you know, we follow the standards for the customer who's coming in, uh, who wants to program it., it's good to have a standards based thing rather than doing something completely proprietary at the same time you're enabling innovations. And then those innovations here to push it back to the open source. That's what we trying to do with before. Yeah. Excellent. I've had some, some real good conversations about before. Um, and, and the way, uh, and Tondo is, is leveraging that, that may be a little bit differently. You know, you talk about standards and open source, oftentimes it's like, well, is there a differentiator there, there are certain parts of the ecosystem that you say, well, kind of been commodified. Mmm. Obviously you're taking a lot of different technologies, putting them together, uh, help, help share the uniqueness. Okay. And Tondo what differentiates, what you're doing from what was available in the market or that I couldn't just cobbled together, uh, you know, a bunch of open source hardware and software together. >>Yeah. I mean, if you look at a technologist, I think the networking that both of us are very familiar with that. If you want to build an SDN solution, or you can take a, well yes. Or you can use exhibit six and, you know, take some much in Silicon and cobble it together. But the problem is you will not get the performance and bandwidth that you're looking for. Okay. So let's say, you know, uh, if you want a high PPS solution or you want a high CPS solution, because the number of connections are going for your IOT use case or Fiji use case, right. If you, uh, to get that with an open source thing, without any assist, uh, from a domain specific processor, your performance will be low. So that is the, I mean, that's once an enterprise in the cloud use case state, as you know, you're trying to pack as many BMCs containers in one set of word, because, you know, you get charged. >>I mean, the customer, uh, the other customers make money based on that. Right? So you want to offload all of those things into a domain specific processor that what we've built, which we call the TSC, which will, um, which we'll, you know, do all the services at pretty much no cost to accept a six. I mean, it's to six, you'll be using zero cycles, a photo doing, you know, features like security groups or VPCs, or VPN, uh, or encryption or storage virtualization. Right. That's where that value comes in. I mean, if you count the TCO model using bunch of x86 codes or in a bunch of arm or AMD codes compared to what we do. Mmm. A TCO model works out great for our customers. I mean, that's why, you know, there's so much interest in a product. Excellent. I'm proud of you. Glad you brought up customers, Christina. >>One of the challenges I have seen over the years with networking is it tends to be, you know, a completely separate language that we speak there, you know, a lot of acronyms and protocols and, uh, you know, not necessarily passable to people outside of the silo of networking. I think back then, you know, SDN, uh, you know, people on the outside would be like, that stands for still does nothing, right? Like networking, uh, you know, mumbo jumbo there for people outside of networking. You know what I think about, you know, if I was going to the C suite of an enterprise customer, um, they don't necessarily care about those networking protocols. They care about the, you know, the business results and the product Liberty. How, how do you help explain what pen Sandow does to those that aren't, you know, steeped in the network, because the way I look at it, right? >>What is customer looking? But yeah, you're writing who doesn't need, what in cap you use customer is looking for is operational simplicity. And then he wants looking for security. They, it, you know, and if you look at it sometimes, you know, both like in orthogonal, if you make it very highly secure, but you make it like and does an operational procedure before you deploy a workload that doesn't work for the customer because in operational complexity increases tremendously. Right? So it, we are coming in, um, is that we want to simplify this for the customer. You know, this is a very simple way to deploy policies. There's a simple way to deploy your networking infrastructure. And in the way we do it is we don't care what your physical network is, uh, in some sense, right? So because we are close to the server, that's a very good advantage. >>We have, we have played the policies before, even the packet leaves the center, right? So in that way, he knows his fully secure environment and we, and you don't want to manage each one individually, we have this, okay, Rockwell PSM, which manages, you know, all this service from a central place. And it's easy to operationalize a fabric, whether you talk about upgrades or you talk about, you know, uh, deploying new services, it's all driven with rest API, and you can have a GUI, so you can do it a single place. And that's where, you know, a customer's value is rather than talking about, as you're talking about end caps or, you know, exactly the route to port. That is not the main thing that, I mean, they wake up every day, they wake up. Have you been thinking about it or do I have a security risk? >>And then how easy for me is to deploy new, uh, in a new services or bring up new data center. Right. Okay. Krishna, you're also spanning with your product, a few different worlds out. Yeah. You know, traditionally yeah. About, you know, an enterprise data center versus a hyperscale public cloud and ed sites, hi comes to mind very different skillset for management, you know, different types of okay. Appointments there. Mmm. You know, I understand right. You were going to, you know, play in all of those environments. So talk a little bit about that, please. How you do that and, you know, you know, where you sit in, in that overall discussion. Yes. So, I mean, a number one rule inside a company is we are driven by customers and obviously not customer success is our success. So, but given said that, right. What we try to do is that we try to build a platform that is kind of, you know, programmable obviously starting from, you know, before that we talked about earlier, but it's also from a software point of view, it's kind of plugable right. >>So when we build a software, for example, at cloud customers, and they use BSC, they use the same set of age KPI's or GSP CRS, TPS that DSC provides their controller. But when we ship the same, uh, platform, what enterprise customers, we built our own controller and we use the same DC APS. So the way we are trying to do is things is fully leverage yeah. In what we do for enterprise customers and cloud customers. Mmm. We don't try to reinvent the wheel. Uh, obviously at the same time, if you look at the highest level constructs from a network perspective, right. Uh, audience, for his perspective, what are you trying to do? You're trying to provide connectivity, but you're trying to avoid isolation and you're trying to provide security. Uh, so all these constructs we encapsulated in APA is a, which, you know, uh, in some, I, some, some mostly like cloud, like APS and those APIs are, are used, but cloud customers and enterprise customers, and the software is built in a way of it. >>Any layer is, can be removed on any layer. It can be hard, right? Because it's not interested. We don't want to be multiple different offers for different customers. Right. Then we will not scale. So the idea when we started the software architecture, is that how we make it pluggable and how will you make the program will that customer says, I don't want this piece of it. You can put them third party piece on it and still integrate, uh, at a, at a common layer with using. Yeah. Yeah. Well, you know, Krishna, you know, I have a little bit of appreciation where some of the hard work, what your team has been doing, you know, a couple of years in stealth, but, you know, really accelerating from, uh, you know, the announcement coming out of stealth, uh, at the end of 2019. Yeah. Just about half a year, your GA with a major OEM of HPE, definitely a lot of work that needs to be done. >>It brings us to, you know, what, what are you most proud about from the work that your team's doing? Uh, you know, we don't need to hear any, you know, major horror stories, but, you know, there always are some of them, you know, not holes or challenges that, uh, you know, often get hidden yeah. Behind the curtain. Okay. I mean, personally, I'm most proud of the team that we've made. Um, so, uh, you know, obviously, you know, uh, our executors have it good track record of disrupting the market multiple times, but I'm most proud of the team because the team is not just worried about that., uh, that, uh, even delegate is senior technologist and they're great leaders, but they're also worried about the customer problem, right? So it's always about, you know, getting the right mix, awfully not execution combined with technology is when you succeed, that is what I'm most proud of. >>You know, we have a team with, and Cletus running all these projects independently, um, and then releasing almost we have at least every week, if you look at all our customers, right. And then, you know, being a small company doing that is a, Hmm, it's pretty challenging in a way. But we did, we came up with methodologists where we fully believe in automation, everything is automated. And whenever we release software, we run through the full set of automation. So then we are confident that customer is getting good quality code. Uh, it's not like, you know, we cooked up something and that they should be ready and they need to upgrade to the software. That's I think that's the key part. If you want to succeed in this day and age, uh, developing the features at the velocity that you would want to develop and still support all these customers at the same time. >>Okay. Well, congratulations on that, Christian. All right. Final question. I have for you give us a little bit of guidance going forward, you know, often when we see a company out and we, you know, to try to say, Oh, well, this is what company does. You've got a very flexible architecture, lot of different types of solutions, what kind of markets or services might we be looking at a firm, uh, you know, download down the road a little ways. So I think we have a long journey. So we have a platform right now. We already, uh, I mean, we have a very baby, we are shipping. Mmm Mmm. The platforms are really shipping in a storage provider. Uh, we are integrating with the premier clouds, public clouds and, you know, enterprise market, you know, we already deployed a distributed firewall. Some of the customers divert is weird firewall. >>So, you know, uh, so if you take this platform, it can be extendable to add in all the services that you see in data centers on clubs, right. But primarily we are driven from a customer perspective and customer priority point of view. Mmm. So BMW will go is even try to add more ed services. We'll try to add more storage features. Mmm. And then we, we are also this initial interest in service provider market. What we can do for Fiji and IOT, uh, because we have the flexible platform. We have the, see, you know, how to apply this platform, this new application, that's where it probably will go into church. All right. Well, Krishna not a penny vice president of software with Ben Tondo. Thank you so much for joining us. Thank you, sir. It was great talking to you. All right. Be sure to check out the cube.net. You can find lots of interviews from Penn Sundo I'm Stu Miniman and thank you. We're watching the cute.

>>Hi and welcome to another cube conversation this time from BMC helix immersion day at Santa Clara Marriott in Santa Clara, California. I'm Peter Burris, your host for today. One of the biggest challenges that every company faces as they try to think about how they're going to do more with digital services and operation in support of more complex business. And the need for greater simplicity is how to extend their ecosystem to include other sources of knowledge, other sources of insight about how a company can accelerate its journey to this new D S O M world. And to have that conversation, we've got a great partner, uh, here at BMCs helix immersion days. Rob graves is the vice president at data trend. Rob, welcome to the cube. >>Thank you Peter. Glad to be here. >>So tell us a little bit about data train. It's a, it's a BMC partner. You've been around for a long time, helping customers do some relatively important infrastructure things. Where are you guys today? >>Yeah, well I'll go back a little history. We've been in business since 1987. Same two owners, a lot of stability. They continue to drive the business for us. Um, heavy in the infrastructure space, really got started in the data center and a regional multi-site, uh, businesses, large enterprises in the hospitality, retail, financial services, et cetera, where we've grown up, um, started out like a lot of businesses selling hardware and pretty quickly as customers ask for higher value, have moved into consulting and broader services, really consider ourselves, uh, infrastructure centric systems integrator if that's a mouthful. That's really who we are and what we do. Um, as we have all of those consulting practices, more and more, we realized the need to understand our customer's environments better, oftentimes better than they even do. And came across a product called Tideway, which was launching the U S became one of their launch partners here in the U S and shortly thereafter BMC acquired them. So we became a BMC partner in 2009 and it's just been a great journey ever since. Um, at the time they were probably the most robust discovery tool and uh, uh, they've continued to keep that leadership since then. >>Well, let's pick up on that. So discovery is historically been a kind of a domain that was used mainly by an it group to have some, a little bit better understanding of what types of things they needed to do, a task needed to perform. But in a digital business, discovering digital assets becomes absolutely a strategic capability. So how has discovery of volved and then how are you using it to bring these new levels of value? >>It's a great question and it's a more and more essential as the world gets more complex and devices get more complex with cloud, with IOT and centers, Penn transient or right. It was one thing to, to be able to recognize I have these physical service servers here in my data center or maybe even in remote offices. Then, um, our friends at VMware came along and made everything virtual. So how do I manage a workload going from this physical device to another physical device? Fantastic. Actually one of my favorite Cuba, uh, interviews ever of old friend of mine, Pat Gelsinger, I just love watching all his cube interviews just came off of VMworld, very bright tastic love. But, um, they really got that going as cloud really started to, to launch, okay, now I've got application workloads, pieces of my it all over the place. Um, and keeping on top of that is just daunting. Right? And somebody's gotta give BMC a lot of credit, uh, as they've continued to remarket themselves and, and build capabilities. They are absolutely at the front of the curve, the BMC helix discovery product, um, all sorts of competitors, little startups through some very large players. But whenever we bring it into a customer, hands down, we're able to get more done. That comprehensive view of the infrastructure through the applications, through the business services. Um, we constantly come in and replace other products. Bring this back in. >>Well, one of the things that I've observed as a guy who has spent a lot of time watching the industry is, uh, technologies like discovery were especially important at the very largest enterprises because they had all these physical assets that they, that people were buying and installing and they never knew quite was what was on the network. And it was always like this thing was kind of, maybe it was appropriate for a mid size enterprise, but it didn't have the same numbers. But when you start introducing, as you said, virtualization or software robots or other transient assets and resources that are going to have a significant impact in how the business operates, the number of things that you have to stay on top of means it's now an appropriate set of technologies for virtually any size organization. Do you see that as well? >>Absolutely. And especially companies that have lots of locations, lots of sites complex it, I love that BMC jumped pretty early into extending the, the helix discovery into the IOT space. We do a lot of multisite deployments. Um, we're part of the, several of the large OEMs, IOT systems integration programs. And when you're starting to talk hundreds, thousands, even millions of devices out there, how do these companies, these users keep track of all that and make sure that they're operating properly? The security is a big issue. I mean, one of the best things I like about the helix discovery is, uh, how can you secure something you don't understand? I mean, I can't tell you how many times we've gone in with discovery. Uh, to handle one use case. Something as simple as, um, populating a CMDB or, uh, making sure that dr plan is, is solid or relocating a data center, which kind of the classic use cases of a discovery product. >>And you have the security guys come into the room just cause they're everywhere. They have to be watching everything, right? Then all of a sudden I, one of the large stock brokerages, all of a sudden the security guy jumped in the front room and said, stop, stop. What is that? And he points at our application map that came out of helix discovery. It's that, that should not be talking to that. Right. And uh, you know, basically found a big vulnerability just because of an application dependency that the security team wasn't aware of. Um, BMC has got quite a few good examples where they'll almost an accidental big security play happen just from a security guy being in the room and watching the output from discovery and seeing things that their tools had never shown them. >>And I do not want to be the guy that agitated the security guy in a meeting like that. So I was great. Isn't that the satellite board is pretty funny. So, so tell us a little bit about your customer base and how they are utilizing some of this new tooling, uh, to, uh, to extend current but also alter and change future types of business. >>Yeah, there's a, a variety of, uh, great stories. We typically play in larger enterprises, a lot of fortune one hundreds. Um, I'll, I'll leave some of the, uh, our good customers nameless, protect the guilty and the innocent. Right. But, uh, one of the large airlines, you know, went through an exercise of stamps, new dr capability. Uh, it's still wrapping that up. Um, they've had a number of unplanned outages based on new changes. They're doing a lot of change, modernizing applications, moving into new data centers. Screen new dr capabilities. You know, they thought they had decent understanding. Their environments went through their change control process. Oops. Didn't realize that other applications would depend on this server that we just did in the last upgrade on, um, took their line down for a couple of hours. You know, that's not good. Um, uh, bringing in these discovery tools very quickly, they've seen, Hey, I can prevent that. >>I can really understand in real time what's talking to what and make sure I avoid out. That's a big one. I mentioned some of the security conversations. Uh, something that we've been doing some innovation with BMC is getting to some of the discovery as a service type of capabilities and that's allowing us to do some what we're calling micro use cases. Even some simple challenges like, um, a network switch maintenance. Everyone wants to reduce the cost of, of hardware maintenance. What's really hard to discern with hundreds or even thousands of switches, which ones are supporting which workloads. So we can go into an environment and say, Hey, you've got a thousand network switches. You know, 500 of them are just supporting test. I want you to take those off 24 by seven, two hour support and really give them a real time mapping. And that's a money saver right there. That's been very difficult for them to figure out on their own. Um, because that connection from the infrastructure to the apps and the services that are being delivered. So there's a variety of different use cases like that. >>So when you think about where data trends is going to go and, uh, as your business expands in response to the new types of things that customers want to do, where do you think you're going to be spending your time with customers in say, three years? And how is this set of digital services and operations management tooling going to make it possible for you to deliver that service more reliably, more profitably, et cetera? >>Yeah, no, it's uh, it's interesting. Um, while we grew up in the data center, we touch a lot of, uh, large edge environments as well. And we're seeing more and more innovation coming at the edge. Uh, Sanjay from gen pack spoke earlier and you used a great phrase again, innovation at the edge, governance at the core, and it's really, um, something that, uh, we're seeing a lot. So new workloads out on the edge. Gotta be able to understand that, see what's out there, because more and more compute and analytics that can be done at the edge, not in your data center. That's a place we're putting a lot of focus right now. >>Rob graves, vice president of data trend. Thanks again for being on the queue. All right. You got it. Thank you. And once again, this is Peter Burris from the Santa Clara Marriott at BMCs helix immersion days. Thanks for watching. Until next time.

>>From New York city. It's the cube covering. Welcome to the new edge brought to you by systems. >>Okay, we'll come back. You're ready. Jeff Frick here with the cube. We're in downtown Manhattan at the top of Goldman Sachs, like 43 stories above the Hudson. It was a really beautiful view a couple hours ago, but the cloud has moved in and that's only appropriate cause it's cloud is a big theme of why we're here today. We're here for the Penn Zando event. It's called welcome to the new edge. They just come out of stealth mode after two and a half years, almost three years, raised a ton of money, got a really rockstar team and we're excited to have the CEO with us today to tell us a little bit about more what's going on. And that's prem Jane and again, the CEO of Penn Sandow prem. Great to see you. Nice to see you too. So everything we did running up to this event before we could get any of the news, we, we, we tried to figure out what was going on and all it kept coming up was NPLS, NPLS, NPLS, which I thought was a technology, which it is, but it's really about the team. Tell us a little bit about the team in which you guys have built prior and, and why you're such a, a well functioning and kind of forward thinking group of people. >>So I think the team is working together. Mario Luca, myself and Sony were working together since 1983 except for Sony. Sony joined us after the first company, which has crescendo, got acquired by Cisco in 1993 and since then four of us are working together. Uh, we have done many, uh, spinnings inside the Cisco and demo was the first one. Then we did, uh, uh, Nova systems, which was the second, then we did recently in CMA. Uh, and then after we left we thought we are going to retire, but we talked about it and we says, you know, there is still transitions happening in the industry and maybe we have few more years to go back to the, you know, industry and, and do something which is very challenging and, and uh, impacting. I think everything which we have done in the past is to create a impact in the industry and make that transition which is occurring very successful, >>which is really hard to do. And, and John Chambers who, who's on the board and spoke earlier today, you know, kind of talked about these 10 year cycles of significant change in our industry and you know, Clayton Christianson innovator's dilemma, it's really easy when you are successful at one of those to kind of sit on your laurels. In fact, it's really, really hard to kill yourself and go on to the next thing you guys have done this time and time and time again. Is there a unique chemistry in the way you guys look forward or you just, you just get bored with what you built and you want to build something new. I mean, what is some of the magic, because even John said, as soon as he heard that you were the team behind it, he was like, sign me up. I don't know what they're building but I don't really care cause I know these people can deliver. >>I think it's very good the, whenever you look at any startup, the most important thing which comes up as the team and you're seeing a lot of startup fails because the team didn't work together or they got their egos into this one. Since we are working for so long, they compliment each other. That's the one thing which is very important. Mario, Luca, myself, they come from engineering backgrounds. Sony comes from marketing, sales, uh, type of background and we all lady in terms of the brain, if you think about is the Mario behind the scene, Luca is really the execution machine and I'm, you can think like as a heart, okay. Putting this thing together. Uh, as a team, we work very complimentary with each other. It does not mean that we agree on everything, right? We disagree. We argue. We basically challenge each other. But one thing good about this particular team is that once we come to a conclusion, we just focus and execute. And team is also known to work with customers all the time. I mean, even when we started Penn Sando, we talked to many customers in the very beginning. They shape up our ideas, they shape up the directions, which is we are going and what transitions are occurring in the industries and all that. That's another thing which is we take customer very seriously in our thought process of building a product. >>So when you were thinking around sitting around the table, deciding whether you guys wanted to do it again, what were the challenges that you saw? What was the kind of the feedback loop that came in that, that started this? The, uh, the gym of the idea >>thing is also is that, uh, we had, we had developed so many different products as you saw today in the launch, eight or nine, uh, billion dollar product line and stuff like that. So we all have a very good system experience what is really needed, what transitions are occurring and stuff like that. When we started this one, we were not really sure what we wanted to do it, but in the last one when we did the, uh, NCMA, we realize that the enterprise thing, which we deliver the ACI solution for the enterprise, the realize that these services was the most complex way of incorporating into that particular architectures. So right from the beginning of interview realized that the, this particular thing is nobody has touched it, nobody thought about it out of the box thinking that how can you make it into a distributed fashion, which has also realized that cloud is going, everything distributed. >>They got away from the centralized appliances. So as the enterprise is now thinking of doing it cloud-like architectures and stuff like that. And the third thing which was really triggered us also, there was a company which is a new Poona which got acquired by Amazon in 2016 and we were looking at it what kinds of things they are doing and we said we can do much better architecturally and next generation, uh, architecture, which can really enable all the other cloud vendors. Some of them are our partners to make sure they can leverage that particular technologies and build the next generation cloud. And that's where this idea of new edge came in because we also saw that the new applications like IOT is five G's and artificial intelligence, machine learning, robotics or drones, you just name it intelligent devices, which is going to get connected. What is the best place to process them is at the edge or also at the backend with the application where the server is running these and that is another edge compute edge, right? >>In that particular sense. So our idea was to develop a product so that it can cover wide segment of the market, enterprise cloud providers, service borders, but focus very narrowly delivering these services into existing architectures. Also people who are building, building the next generation architectures. Right, so it's the distributed services platform or the distributed services architecture. So at its core for people that didn't make it today, what is it? It's basically is a distributed service platforms. The foundation of that is really our custom processor, which is we have designed is highly programmable. It's software defined so that all the protocols, which is typically people hardwired in our case is programmable. It's all programs which is we are writing the language which you selected as before and before extensions. The software stack is the major differentiated thing which is running on the top of this particular processor, which is we have designed in such a way that is hardware agnostics. >>The the, the capabilities which we have built is easily integrated into the existing environment. So if people already have cloud and they want to leverage our technologies, they can really deploy it in the enterprise. We are basically replacing lot of appliances, simplifying the architectures, making sure they can enable the service as they grow model, which is really amazing because right now they had to say firewall goes here, load balancer goes here, these a VPN devices goes there. In our case it's very simple. You put in every server of our technologies and our software stack and our Venice, which is our policy manager, which is sitting outside and it's based upon Kubernete X a architectures is basically a microservices, which is we are running and managing the life cycle of this particular product family and also providing the visibility and uh, uh, accountability in terms of exactly what is going on in that particular network. >>And it's all driven by intent-based architecture, which is policy driven, right? So software defined sitting on software defined Silicon. So you get the benefits of the Silicon, but it's also programmable Silicon, but it's still, you're sitting, you've got a software stack on top of that that manages that cloud and then the form factors as small as a Nick. Yes. So he can stick it in the HP HP server. Yeah. It specifically goes into any PCI slot in any server, uh, in the industry. Yes. It's amazing. Well, first incarnation, but, but, but, but, but that's a really simple implementation, right? Just to get radiation and easy to deploy. Right. And you guys are, you're yourself where involved in security that's involved in managing the storage. It's simple low power, which I thought was a pretty interesting attribute that you defined early on. Clearly thinking about edge and these distributed, uh, things all over the place. >>They're metal programmable. And then the other thing that was talked about a lot today was the observability. Yes. Um, why observability why was that so important? What were you hearing from customers that were really leading you down that path? Yeah, it's important. Uh, you know, surprisingly enough, uh, the visibility is one of the biggest challenge. Most of the data center faces today. A lot of people tried to do multiple different things, but they're never able to do it, uh, in, in the way we are doing it. One is that we don't run anything on the host. Some people have done it right on the train running the agent on the host. Some people have tried to run virtual machines on the those particular environment. In our case there's nothing which is running on the host site. It runs on our card and having end to end that visibility we can provide latency, very accurate latency to the, to the applications which is very important for these customers. >>Also, what is really going on there is the problem in the network. Isolation is another big thing. When something get lost they don't know where it got lost. We can provide that thing. Another important thing that you're doing, which is not being done in the industries. Everything which is we are doing is flow based means if I'm talking to you, there is a flow being set up between you and me and we are monitoring every flow and one of the advantages of our processor is we have four to eight gigabytes of memory, so we can keep these States, have these flows inside, and that gives a tremendous advantage for us to do lots of things, which as you can imagine going forward, we will be delivering it such as, for example, behavior of these flows and things from this point of view, once you understand the behavior of the flow, you can also provide lot of security features because if I'm not talking to you and suddenly I start talking to you and I know that there's something went wrong, right, right. >>And they should be able to look at the behavior analysis and should be able to tell exactly what's going on. You mean we want a real time snapshot of what's really happening instead of a instead of a sample of something that happened a little. No, absolutely. You're absolutely connected. Yeah. Yeah. Um, that's terrific. So you put together to accompany and you immediately went out and talked to a whole bunch of customers. I was amazed at the number of customers and partners that you had here at the launch. Um, was that for validation? Were you testing hypotheses or, or were there some things that the customers were telling you about that maybe you weren't aware of or maybe didn't get the right priority? I think it's all of the above. What you mentioned our, it's in our DNA by the way. You know, we don't design products, we don't design things without talking to customers. >>Validation is very important that we are on the right track because you may try to solve the customer problem, which is not today's problem. Maybe future's problem. Our idea was that then you can develop the product it was set on the shelf. We don't want to do that. We wanted to make sure that, that this is the hard problem customer is facing today. At the same time looking at it, what futuristic in their architecture is understanding the customers, how, what are they doing today, how they're deploying it. The use cases are understanding those very well and making sure that we are designing. Because when we design a seeker, when your designer processor, you know, you cannot design for one year, it has to be a longterm, right? And you need to make sure that we understand the current problems, we understand the future problems and design that in pretty much your spark and you've been in this space forever. >>You're at Cisco before. And so just love to get your take on exponential growth. You know, such an interesting concept that people have a really hard time grasping exponential growth and we're seeing it clearly with data and data flows and ultimately everything's got to go through the network. I mean, when you, when you think back with a little bit of perspective at the incredible increase in the data flow and the amount of data is being stored and the distribution of these, um, applications now out to the edge and store and compute and take action at the edge, you know, what do you think about, how do you, how do you kind of stay on top of that as somebody who kind of sees the feature relatively effectively, how do you try to stay on top of exponential curves? As you know, very valuable data is very important for anybody in any business. >>Whether it's financial, whether it's healthcare, whether it's, and it's becoming even more and more important because of machine learning, artificial intelligence, which is coming in to really process this particular data and predict certain things which is going to happen, right? We wanted to be close to the data and the closest place to be data is where the application is running. That's one place clears closest to the data at the edge is where data is coming in from the IOT devices, from the 5g devices, from the, you know, you know all kinds of appliances which is being classified under IOT devices. We wanted to be, make sure that we are close to the data, doesn't matter where you deploy and we want to be agnostic. Actually our technologies and architectures designed that this boundary is between North, South, East, West is going to go away in future cloud. >>A lot of things which is being done in the backend will be become at the edge like we talked about before. So we are really a journey which is just starting in this particular detectors and you're going to see a lot more innovations coming from us continuously in this particular directions. And again, based upon the feedback which you're going to get from cloud customers with enterprise customers, but they were partners and other system ecosystem partners, which is going to give us a lot of feedback. Great. Well again, thanks for uh, for having us out and congratulations to uh, to you and the team. It must be really fun to pull the covers off. absolutely. It is very historical day for us. This is something we were waiting for two years and nine months to see this particular date, to have our customers come on the stage and talk about our technologies and why they think it's very important. Thank you very much for giving me this opportunity to talk to you. Thank you. Alright, thanks prem. Thanks. He's prem. I'm Jeff. You're watching the cube where it depends. Sandow launch at the top of Goldman Sachs in downtown Manhattan. Thanks for watching. We'll see you next time.

>>From New York city. It's the cube covering. Welcome to the new edge brought to you by systems. >>Hey, welcome back everybody. Jeff, Rick here with the cube. We are in Manhattan at the top of Goldman Sachs. It is a great view if you ever get an opportunity to come up here, I think 43 floors over the Hudson you could see forever. But this is the cloud events. So the clouds are here and we're excited to be here is the Penn Penn Sandow launch in the name of the event is welcome to the new edge, which is a pretty interesting play. We hear a lot about edge but we haven't really heard of that company really focusing on the edge as their primary go to market activity and really thinking about the edge first. So we're excited to have the cofounder cube Olam and many time guests a Sony Gian Deni. She's the co founder and chief business officer. So many great to see you. Good to see you too. >>And our hosts here at Goldman Sachs is uh, Josh Matthews. He's a managing director of technology at Goldman. Josh. Great to see you. You too. And thank you and thanks for hosting us. Nice. A nice place to come to work every day. So great conversation today. Congratulations on the launch of the company over two years in stealth mode. Talk a little bit about that. What is it like to be in stealth mode for so long and you guys raised big money, you've got a big team, you're doing heavy duty technology. What's it been like to finally open up the curtains and tell everybody what you've been? >>It's clearly very interesting and exciting. Normally it's taken me nine months to deliver a baby this time it's been two and a half years of being instilled while we have been getting ready for this baby to come out. So it's phenomenally exciting that too to be sharing the stage with our customers and our investors and our strategic partners. >>Yeah, I thought it was pretty interesting that you're launching with customers and when you really told the story on stage of how early you engaged with Josh and his team, um, first I want to get your kinda your perspective. Why were you doing that so early and what did that ultimately do with some of the design decisions that you guys made? And then we'll come back to Josh as to, you know, his participation. >>So I think whenever you conduct technology transitions, having a sense from customers that have the ability to look out two to three years is very important because when you're capturing market transitions, doing it with customer inputs is far more relevant than going about it alone. Uh, the other key thing about this architectural shift is that it allows the flexibility for every customer to go take pieces of how they want to bring the cloud architectures and bring it into their environment. So understanding that use case and understanding the compelling reasons of what problems both technological and business can be solving and having that perspective into the product definition and the design and the influence that customers like Josh you've had is why we are sitting here and talking about them in production. Uh, as opposed to, yeah, we're thinking about where we are. We are looking at it from a proof of concept perspective. Right. >>And Josh, your, your perspective, you said earlier today that, you know, as long as a sign is involved, you're, you're, uh, you're happy to jump in and see what she's been working on. So how, >>you know, how did you get involved, how did they reach out to you and, and what is it like working on, you know, technology so early in its development that you get to actually have some serious influence? Well, it's an amazing opportunity, um, to get exactly what you want, um, exactly what you know is going to solve problems for the business here. Um, you know, and the other thing is, you know, we've worked with this team, uh, through almost every spinning. Uh, I think it was a little young for the, maybe the first one. Um, but, uh, otherwise this team has worked with them through at least 15 years or more. So we knew the track record for execution and then for us on this product, I mean, it was an opportunity because it's truly a startup. Um, you know, Sony and the team brought us in. >>Uh, we kind of just put out problems on the table that we were trying to solve and then, you know, they came up with the product and the idea and we were able to put together, you know, yeah, these are our priority one, two, three that we want to go for. And you know, we've just been developing alongside them. So both software and, you know, driving what the feature set is. Right. So what were some of those problems guys? Price seemed like forever ago when you started this conversation, but as you kind of looked forward a couple of years back that you could see that were coming, that you needed addressed. You know, it's funny, we started with kind of like, well we think containerization is going to be explosive and, and you know, really everything's on virtual machines or bare metal, mostly virtual machines. So one, you know, as containers come out, how do we track them, secure them, um, how do we even secure, uh, you know, the virtual machines and our environment cause they're, you know, over almost a quarter million of them. >>The idea of being able to put, um, network policy, that's I would say incorruptible, not actually on the server, but at, you know, that's why we use firewalls, right? So solving that security problem was number one. The other one was being able to have the telemetry to see what's happening, what's changing, um, and troubleshoot at, you know, at the network layer from every single server. Again, it's all about scale. Like things were just scaling and the throughput's going up, traditional methods of being able to see what's on your network. You can't look in the middle, it just can't keep up. It's just speeds and feeds. So being able to push those things to the edge. And then lastly, it really happened more, um, through the process here. But about a year and a half ago, um, we began segmenting our network the same way a 5g provider does with a technology called segment routing. >>And we just said, that's kind of our follow on technologies to, you know, put the network in the server and put this segment routing capability all the way out at the edge. So, you know, some things we foresaw and other things we've just developed. You know, it's been, it's been two and a half years. So, um, it's been a great partnership and you know, I think more, more features will come. Well Sony, you and the team, but it's been talked about all day long, have have a history of multiple times that you've kind of brought these big transformational technologies. Um, head what, what did you guys see a couple of years back and kind of this progression, you saw this opportunity >>to do something a little bit different than you've done in the past, which is actually go out, raise, raise around and uh, and do a real startup. What was the opportunity that you saw this? >>So we saw a number of challenges and opportunities. At the same time, we, we clearly saw that, uh, the cloud architectures that have been built by the leaders, like the incumbents like AWS today have a lot of the intelligence that is being pushed into their, their respective compute platforms. Uh, and we also noticed that at the same time, while that was what was needed to build the first generation of the cloud, the new age applications, and even as gardener has predicted that 75% of all enterprise data and applications will be processed at the edge by 2025. If that happens, then you need that intelligence at the edge. You need the ability to go do it where the action is, which is at the edge. And very consistently we found that the architectures, including scale out storage, we're also driving the need for this intelligence to be on in a scale-out manner. >>So if you're going to scale out computing, you need the services to be going hand in hand with that scale. Our computer architecture for the enterprises so they can simplify their architectures and bring the cloud models that have only existed in the cloud world, into their own data centers and their own private clouds. So there were these technology transitions we saw were coming down the pike. It's easier said now in 2019 it wasn't so simple in 2017 because we had to look at these multiple technology transitions. And surprisingly, when we call those things out, as we were shaping the company's strategy, getting validation of the use cases from customers like Josh was pivotally important because it was for the validating that this would be the direction that the enterprises and the cloud customers would be taking. So the reason you start with a vision, you start with looking at where the technology transitions are going to be occurring and getting the customers that are looking farther out validated plays a very important role so that you can go and focus on the biggest problems that you need to go and solve. Right, right. >>It just seems like the, the, the big problem, um, for most layman's is, is the old one, which, why networking exists in the first place, which is do you bring the data to the compute or do you bring the compute to the data? And now as you said, in kind of this hyper distributed world, um, that's not really a viable answer either one, right? Because the two are blended and have to be together so that you don't necessarily have to move one to the other or the other back the other direction. So, and then the second piece that you talked about over and over in your, in your presentation with security and you know, everybody talks about security all the time. Everybody gets hacked every day. Um, and there's this constant theme that security has to be baked in, you know, kind of throughout the process as opposed to kind of bolted on at the end. You guys took that approach from day, just speak >>it into the architecture. Yes. That was crucially important because when you are trying to address the needs of the enterprise, particularly in regulated markets like financial services, you want to be in a position where you have thought about it and baked it into the platform ground up. Uh, and so when we are building the program of a process, so we had the opportunity to go put the right elements on it. In order to make it tamper proof, we had to go think about encrypting all the traffic and communication between our policy manager and the distributed services platforms at the edge. We also then took it a step further to say, now if there were to be a bad actor that were to attack from an operating system vulnerability perspective, how do we ensure that we can contain that bad actor as opposed to being propagated over the infrastructure? So those elements are things you cannot bolt on at design time, or when you need to go put those into the design day one, right. Only on top of that foundation, then can you build a very secure set of services, whether it's encryption, whether it's distributed via services, so on and so forth. >>Uh, and Josh, I'm curious on your take as we've seen kind of software defined everything, uh, slowly take over as opposed to, you know, kind of single purpose machines or single purpose appliances, et cetera. Yep. Really a different opportunity for you to control. Um, but also to see a lot of talk today about, about policy management. A lot of talk about, um, observability and as you said now even segmentation of the networks, like you segment the nodes and you segment everything else. You know, how, how do you see this kind of software defined everything continuing to evolve and what does it enable you to do that you can't do with just a static device? I mean, the approach we took, um, we started like, you know, years ago, about six years ago was saying we can get computers, uh, deployed for our applications. No problem. Uh, and you know, at, at on demand and in our internal cloud, now we can do it as a hybrid cloud solution. >>One of the biggest problems we had in software defined was how do you put security policy, firewall policy, um, with that compute and in, you know, our industry, there's lots of segmentation for material nonpublic information. Um, compliance, you know, it could be internet facing, B2B facing. Uh, we do that today. We program various firewall vendors automatically. Uh, we allow our application developers to create, um, these policies and push them through as code and then program the firewall. What we were really looking to do here is distribute that. So we F day one in getting pen Sandow into production was to use our uh, our firewall system. It's called pinnacle. We, um, we programmed from pinnacle directly into the Penn Songdo Venice manager via API and then it, you know, uses its inventory systems to push those things out. So for us, software defined has been around, I like to call it the store front, but for the developer it's network policy, it's load balancing. >>Um, and, and that's really what they see. Those are the big products on the net. Everything else is just packet forwarding to them. So we wanted with pen Sandow at least starting with security to have that bar set day one and then get, you know, all the benefits of scale, throughput and having the policies close to the, on the edge. You know, we're back to talking about the edge. We want to right there with the, with the deployment, with the workload or the application. And that's, that's what we're doing right off the bat. Yeah. What are the things you mentioned in your talk was w is, you know, kind of in the theme of atomic computing, right? You want to get smaller and smaller units so that you can apply and redeploy based on wherever the workload is and in the change. And you said you've now been able to, you know, basically take things out of dedicated, you know, kind of a dedicated space, dedicated line and dedicated job so that you can now put them in a more virtualized situation. >>Exactly. Grab more resources as you need them. Well, you'd think the architecture, I mean even just theater of the mind is just, you're saying, I'm going to put this specific thing that I have to secure behind these firewalls. So it's one cabinet of computers or a hundred it's still behind a set of firewalls. It's a very North, South, you know, get in and get out here. You're talking about having that same level of security and I think that's novel, right? There hasn't been, if you look at virtual firewalls or you know, IP tables on Linux, I mean it's corruptible. It's, it's, it can be attacked on the computer. And once it's, you know, once you've been attacked in that, that that attack vector has been, you know, hit your, your compromised. This is a separate management plane. Um, you know, separate control plane. The server doesn't see it. >>That security is provided. It's at scale, it's East, West. The more computers that have the pen Sandow, you know, architecture inside of them, the, you know, the wider you can go, right. And then the North South goes away. I'm just curious to get your perspective. Um, as you know, everyone is a technology company. At the same time, technology budgets are going down, people are hard to hire. Uh, your data is growing exponentially and everything's a security threat. Yes. So as you get up in the morning, get ready to drive to work and you're drinking your coffee, I mean, how do you, you know, kind of communicate to make sure to senior management knows kind of what your objectives are in this, this kind of ongoing challenge to do more with less. And it, even though it's an increasingly strategic place or is it actually is what the company does now, it just happens to wrap it around your plane services or financial services or travel or whatever. >>Uh, I think your eye, and I had said it to John before, um, it has to come from that budget has to come from somewhere. So I think a combination of, of one that's less, well, I'll say the one that's easier to quantify is you're going to take budget from say appliance manufacturer and move it to a distributed edge and you're going to hopefully save some money while you do it. Um, you're going to do it at scale. You're gonna do it at, you know, high throughput and the security is the same or better. So that's, that's one, that's one place to take capital from. The other one is to say, can I use the next computer? Yes. Because I don't have to deploy these other new computers behind this stack of firewalls. Is there agility there? Is there efficiency, um, on my buying less servers and using, you know, more of what I have and doing it, you know, able to deploy faster. >>And it's harder to quantify. I think if you could, you know, over time, see I bought 20% less server, uh, capacity or, you know, x86 capacity, that's a savings. And the other one that's very hard to quantify, but it's always nice to have the development community. And we've had it recently where they say, Hey, this took me a month to deploy instead of a year. Um, and you know, the purchase cycles, uh, you know, for procurement and deployment, they're long, you know, in enterprise you want them to be quick, but they're really not. So all of those things add up. And that's the story. You know, I would tell, you know, any manager, right? Yeah, >>yeah. I think, you know, the old historic way that utilization rates were just so, so, so, so low between CPU and memory, everything else. Cause if nothing else, because to get another box, you know, could take a long time. Yeah. Well, final, final question for you, Tony. You talked about architectures and being locked into architectures and you and you talked about you guys are already looking forward, you know, to kind of your next rev, your next release, kind of your next step forwards. What, where do you see kind of the direction, don't give away any secrets, but um, you know, kind of where you guys going. What are your priorities now that you've launched? You got a little bit more money in the bank. >>Well, our biggest priorities will be to focus on customer success is to make sure that the customer journey is indeed replicable at scale, is to enable the partner's success. Uh, so in addition to Goldman Sachs, the ability to go and replicate it across the federated markets, whether it's global financial services, healthcare, federal, and partnering with each B enterprise so that they can on their platform, amplify the value of this architecture, not just on the compute platforms but on, in other areas. And the third one clearly is for our cloud customers is to make sure that they are in a position to build a world class cloud architecture on top of which then they can build their own, deliver their own services, their own secret sauces, uh, so that they can Excel at whatever that cloud is. Whether it's to become the leading edge platform as a service customer, whether it is to be the leading edge of software's a service platform customer. So it's all about the execution as a, as you heard in that room. And that's fundamentally what we're going to strive to be, is to be a great execution machine and keep our heads down and focused on making our customers and our partners very successful. >>Well, certainly, congratulations again to you and the team on the launch today. And Josh, thank you for hosting this terrific event and being an early customer. Yeah. Yeah. Happy to be. Alright. I'm Jetta. Sone. Josh, we're the topic. Goldman Sachs at the Penn Sandow the new welcome to the new edge. Thanks for watching. We'll see you next time.

>>Live from Copenhagen, Denmark. It's the cube covering new Tanex. Dot. Next 2019 brought to you by Nutanix. >>Welcome back everyone to the cubes live coverage of Nutanix dot. Next we are here in Copenhagen. I'm your host, Rebecca Knight, co-hosting alongside Stu Miniman. We are joined by Dhiraj Penn day. He is the CEO and founder of Nutanix. Thank you so much for returning to our program. You are a Cuba. Thank you. So I want to talk to you about what we're here to do is celebrate 10 years of Nutanix. Ben Gibson, when he was up there on the main stage, he's the head of marketing. He was talking about watching you backstage, saying that I saw in him a lot of pride and emotion because this is really your baby. You started 10 years ago. There's been a lot of nostalgia, uh, bringing up some of your first employees. There's even a picture of you poised with a ping pong ball ready to play a little beer pong back in the early days. So talk a little bit about what this means to you to be here 10 years after you founded this couple. >>Yeah. First of all, thank you so much for the opportunity to come here. Um, err, it looks like an era, 10 years as an error. We've built a family of customers and employees and partners and uh, yet it feels like a, we haven't achieved a thing. So, you know, to me the more I make it look like it's 2010 back again, you can go back to being like a startup again and you know, growing from here because you know, growth is a very relative term. You know, it's a, it's a mindset thing and um, I think the new day and age of multicloud and what we have to do to virtualize all these different silos that have been merged and to virtualize, simplify and integrate, you know, virtualize, simplify, integrate clouds is going to be a journey of a lifetime actually. >>Yeah. Deer Ridge. I think back to some of our earliest discussions, uh, you know, you would bring us in and talking about, you know, the, the, the challenge of our era is building software for the distributed architecture that we need. And that was as relevant in 2010 or 2012 as it is here in 2019. Um, HCI helps simplify that deployment of virtualization. We are definitely a point that we need to simplify. Cloud. Cloud is here, it's growing. The hybrid pieces are there. So maybe prednisone side, you know, kind of what's the same about the journey and some of it is, you know, making one click upgrades in today's environment is way more complex, uh, than, than it would have been back when it was just a, you know, an appliance. Yeah, yeah, absolutely. And I think talking >>about the whole concept of hyperconvergence initially started out as converging compute with storage. How do you keep them close together? Because, uh, machines need a locality, you know, applications need a local data because the network is the real enemy. And uh, the same was true of human performance. You know, like lots of teams, lots bureaucracy, very little autonomy. So when you brought data close to applications, application, people became autonomous, you know, they could do things on their own and that was the power of hyperconvergence. You know, you're able to provide performance to data and machines and you're able to provide performance to people because they became autonomous. I think that is not changing even in the hyperscaler data center environment and anything, the fact that you have to hop multiple switches to get to data. Uh, I think it's recreating the same problems that we started out this company with, you know, almost 10 years ago. >>In fact, if anything, the hyperscaler networks are worse than the networks that private clouds actually had or even on prem data centers had. So keeping data close to applications is, is relevant and it's fashionable one more time. And the fact that you can provide that autonomy to application folks to go launch their apps in the public cloud through this new architecture, using the bare metal service offerings to the public cloud where the bare metal offerings look like HP server or Dell server to us, I think recreates the same. So I think I'm a big proponent of the saying that says the more things change, the more they remain the same. And they actually look very much the same as 10 years ago. >>So how do you think that you describing the technolog technology, technological changes that have taken place, but really we're sort of back to where we started from, but how would you describe the ways, the differences in the ways that people work together, talking about the human beings who are actually using this technology? >>Well, uh, for one, uh, this notion of uh, converging teams and people is similar to the notion of converging, uh, machines, you know, hardware to pure software. I think, you know, what ever happened in our personal lives with the iPhone and the Android, uh, O S it's exactly what hyperconvergence data is. You know, we had all these gadgets and they were special special purpose, single purpose gadgets and we made them as apps and they were all together in this one, uh, sort of device. And then the device connected to cloud services. I think that's what happened in the enterprise computing as well. You know, compute, storage, networking, security, everything coming together as pure software is running the apps. And I think that has created the notion of generalists in it as well. Because as it matures, you can't have so many specialists. And just like in healthcare, you know, you can't have so many uh, specialist doctors when you need like a ton of primary care physicians and generalist practitioners and that's what it is going through as well. >>And so that's changing the skills that are in demand too from employers because you are looking for people who are sort of a mile wide and inch deep. >>Yeah. And in fact a, the inch deep is actually not a pejorative. I would say that it's a good thing because with automation and a lot of layering of software, you don't need to get deeper into the details. The weeds, especially if infrastructure computing goes, you know, what's our, is to really elevate it to go figure out things that really matter to the business, you know, which is applications and services as opposed to going and stitching together stuff that really can be done with pure software and a standardization. I know the level of standardization that operating models can bring with a commodity servers and fewer software select people go and do things that really are more relevant in this age actually. Yup. >>I was wondering if he did the close of the keynote, there was discussion of the tech preview of XY clusters. You and I've spoken a little bit off camera, uh, about this, but there is a lot of interest out there. You know, everything when you know, uh, Azure first announced Azure stack, it got everyone excited. Uh, to be honest, Rebecca and I were at the Microsoft, uh, one of the Microsoft shows last year and most of the attendees, we're really talking about it. So it's that kind of the buzz versus the reality of what customers are actually using. Where do you see, where are we with kind of that, that hybrid discussion and you know, why is Nutanix taking a slightly different approach, uh, than, than some of the others out there? >>Yeah, I mean, you know, this a hybrid cloud is another word for hyperconverged clouds and whatever HCI was in 2010 is what hybrid is today. So imagine 10 years from 2010 we're still talking about HCI, especially in the large enterprise as they won't barely begun to say look, private cloud equals at CA. I think that's been a sort of an epiphany moment for most of the CEOs of the global 2000 companies just in the last three years. You've been talking about it for 10 years now. So there's a bell curve of technology adoption. We are in the very early stages of what hyperconverged clouds will mean or what hybrid cloud should mean. I think doing it right is important because the market is large, you know, the ability to really move, uh, applications and infrastructure. I call them apps now, you know, the hypervisor is now in half because it can run in the Amazon platform, it can run in the Azure platform and that platform that they provided, billing identity, you know, recommendations and things of that nature. >>So on top of that, back from how do you go and in a put your app in the catalog, I think that's the overall, uh, sort of metaphor that I use. So in that sense, I don't look at the platform as a zero sum game for us. We just have to look at it as a platform where our apps can actually go and run. how does a company, you've grown quite a bit, but if you look at the overall market, you're still a small player compared to a Microsoft or Cisco or a Google out there. So we definitely think you have that opportunity to help simplify that, that cloud hyperconverged cloud experience as you said. Um, but uh, you know, how, how does the Nutanix, uh, get there? Yeah, I mean, I think, you know, um, and I say this to people who followed virtualization, the history of virtualization. >>Uh, when VMware was building virtualization, silver market was $55 billion. Storage was 30 billion, networking was 25 billion and not $110 billion market. When they meant to $4 billion, they just had to think about what does it mean to put a layer of software on top of all this stuff so people can drag and drop experience from one server to another from one storage array to another and so on. So there's enough value to add on top of that 110 billion with your own 4 billion in 2012 there are $4 billion company. Actually not right now. We're thinking about, okay, these things are the new platform. Where is the value in going and virtualizing simplifying and integrating the mall with a layer of software that becomes the new integration software for all things multi cloud. Yeah. So it's interesting when I connect the dots with that to Nutanix is going to be going through its own transformation and you've talked publicly a lot about, you know, you sit on the board of Adobe that moved from software scripted is challenging. >>What I want to understand is what does that end result of these subscription model? What does that mean for your customers and how they can, you know, change that relationship. Okay. I talked about this in my keynote as well. The why of subscription. I think the very fact that we've decoupled the entitlement, uh, from hardware was the first change for us. You know, the fact that software can live anywhere. And on top of that, what subscription delivers is this notion of residual value where you can say, look, if I have unused products and unused, uh, terms on, on some of these products, can I use them for other things? Actually. So it provides a very agile procurement framework that is very new to the world of infrastructure actually. And yet we've had a ton of shelfware in infrastructure in general and a on-prem software in general, even in the public cloud that a lot of shelfware do. I think the ability to really go and repurpose stuff for new things that you want to buy provides a lot of optionality to our customers. You know, subscription also is about bite sizing thing so you don't have to buy big things, you know, and delivering it in real time. So I think, uh, you will see more and more of a consumption model change towards subscription in the coming years. >>It talking about the value of Nutanix in this multi-cloud world and you're, and you're talking about how customers really want that optionality. We're here in Copenhagen. How would you say the U S customers are different from the European customers in terms of what they're looking for or are they different? You >>know, uh, they're very similar because there's ton of global companies out there who have local offices and such in the global 2000 has tentacles everywhere. Uh, I think in some ways where they do differ is when it comes to the partner community and the channel and the system integrators, they're actually more influential here in Europe and Asia Pacific than in the U S because most of the talent in the U S goes and works for companies like us. And, uh, most of the talent in Europe, in Asia Pacific, they work for the channel and the system integrators. So how we actually work with them and learn from them and educate them on the, on the transformation I think is basically the only thing that's different. All right. Steerage, uh, w one of the feedback I got from customers is something that I hear at the Amazon show. I'm inundated with so much new stuff, you know, I can't keep up with it. >>Um, what might you explain a little bit kind of the portfolio and also if you can just organizationally how you think of this. You know, when we hear, you know, Amazon does their two pizza teams and they scale is very different from a traditional software infrastructure companies. So it's a great, uh, a point in, one of my favorite sort of things to think about these days is how do you not sell things that sell an experience. It's very, very important to differentiate the two because you know, you can build a ton of things. And then the question is if you've left the integration as an exercise to the reader or to the customer and you're basically telling them, look, you can as well buy best of breed from other companies in integrated on your own. So the job of integration and to really sell an experiences has to be left, shifted to companies like us. >>And that's what we've been doing with our products. You know, we are really bringing them together. When you say all together now it's also about our products actually it's the portfolio around data, making sure that we are really bringing them all together. They can leverage each other. One sits on top of the other one tiers to the other. They can share common policy policy engines and things like that. I mean what we're doing with security for example, is bringing multicloud with the old world of micro segmentation. Actually, you know, there's a lot of integration that's going on yet we want to provide each of these GMs autonomy because you know, at some level, uh, they are all looking for individual use cases and workflows and they're looking for mastery, which is like how do I master, uh, what I do well with my customers, but in the purpose has to be more than their own actually know. >>And like you think about autonomy, mastery, purpose, you know, one of Dan Pink's philosophies of motivation are general managers. They're motivated if you give them amp, you know, autonomy, mastery and purpose. But at the end of the day, the purpose is customer driven. It's not driven by products is driven by customers. It's during my customer's experience rather than the general managers, things they're actually building to the customers. Just one followup. When I think about, you know, one of the challenges I hear inside customers and I thought we'd made more progress is still a lot of silos. I talked to customers that are like, well, you know, I, I've deployed Nutanix and I love it, but there's this group over here and they're doing something different and they're certified or they're starting to use it, or Oh my God, this developer team spun something up and didn't pay any attention. So, you know, it was supposed to get everything back under control and, and manage it and work with the business. >>But, you know, I feel like the customers haven't made a lot of progress on that journey in the last 10 years. What's your feedback from customers? It's very true. Look, I think, uh, what you just said is also about autonomy for the developers and autonomy for that other team and such. So you can't force fit everything into single size. You know, this one size fits all kind of a philosophy. That's where there's a bell curve of adoption in any technology. I mean, even today, if you think of the hyperscalers, you know, you might think that they have it all. They have 2% of the market, you know, and that's how big this market really is. So I think going back to understanding that each of these groups actually has skill sets that are different. They're used to doing things a certain way and unless you go and weave it with them, you know what I tell people is you want to walk to where the customer is before you walk with them to where you want them to be actually. >>So walking to where the customer is not going to the private cloud. You know, we could easily have said, look, let's banish all this. Let's build everything as an off prem cloud service 10 years ago. But he said, the market is not there yet. Similarly, we said we got to build appliances because right now the white box market is not there yet for the enterprise. Then when we came out of it, we said, look, the market is already there. Let's walk with them with pure software now subscription. We did the same with the underlying marginalization software below Nutanix. We said, let's walk the world where the customers, let's run on top of VMware if that's what it takes, and then walk with them to where we want them to be, which is an invisible hypervisor and such. So I think we've got to keep doing this. You know, where, let's remove the hubris from a innovation in Silicon Valley and a lot of hubris about these things that we know it all. I think when you try to go and understand and have the entity for the customer is when magical things happening. >>That's a fantastic note to end on a dear AJ, thank you so much for coming back on the cube. It's always a pleasure talking to you. Thank you. I'm Rebecca Knight for Stu Miniman. Stay tuned for more from Nutanix dot. Next.

>> from the Cosmopolitan Hotel in Las Vegas, Nevada. It's the Cube covering Cooper inspired 2019. Brought to you by Cooper. >> Hey, welcome to the Cube. Lisa Martin on the ground in Las Vegas at Cooper Inspired 19. Excited to welcome to the program. And gentlemen from Staples, a place I go to all the time we have Christy Oreo, VP of strategic sourcing. Hey, Chris, welcome to the Cube. >> Thank you. Glad to be here, >> So I was just a staples the other day getting office supplies. It's a go to Penn's files Folders, Inc et cetera. You name it. That is a place I think everybody on the planet knows. But I >> want to >> talk to you about the Staples business and how you guys now have control over 8000 suppliers. You've got this visibility in control, which I think every human wants and every element of life you know of 100% of your indirect spend under management. So given those big business outcomes, let's dissect that. Obviously, you're a cool customer. That's why you're here. Talk to us about a little bit about Staples. All the different suppliers you guys have, and some of the challenges that you came to Cooper to help erase >> Well, we had a lot of issues with Roque spend. Everybody was doing what they wanted in every location. We had no verification. We weren't consolidating our spend to get the best deals and get the best outcomes, lack of consistency, all the stuff you hear about. And since we've ruled out Cooper, we've got a lot of structure in place now, and we've got much better uniformity, much better consistency. We've dramatically lowered our costs through the use of the tool and some of the some of the rules that we've put in place as a result of of launching Cooper a couple years ago now. So we're really pleased with how it's helped us organize our business and really bring visibility to where we're spending money and showing us the opportunities and where we could go after her and save even more money. >> You know, you talk about rogue spending. >> One of >> the interesting disrupters of procurement and finance is consumer ization we all have. Whether we're going on staples dot com or something else, we're on Amazon. I need to buy this. We have this expectation as consumers in our private lives that we can get anything we want. We have to check with anybody. I one click. So then when we go in as business buyers, we sort of have the same mentality. But obviously the challenge there is, a lot of organizations don't have visibility into. Where has every single dollar going? How many different suppliers are we working with? Do we have duplicates triple kits everywhere to talk to me >> a little >> bit about the with a kind of cultural strategic shift that you guys are making now that you have this visibility? Well, >> everybody's happy with the results. That's >> always good right >> when he had his. When you have some success and you start to tell the story, then all of a sudden people's eyes get opened, and what's interesting is I don't think anyone does anything with malice. But if you have a general manager of a warehouse who believes that ex widget is what he needs to really Pel perform and do better, he's doing that with the right intentions. What he doesn't understand is everything else that's going on behind the scenes, and we have deals in place with suppliers and there's a level of consistency that we expect that our suppliers expecting that our customers expect and we can't have that experience be different. So once we can't explain that story and the tool helps us see where that spend is coming from, we go back. We have a conversation, and all of a sudden it's enlightening like, Oh, I didn't know. Now that I know Okay, I get it. Let me do what you want me to do or what you need me to do. So that's been the biggest shift I think is just sharing information and putting a spotlight on things when they come up and it happens even still. You know, we've rolled out now a little over two and 1/2 years ago, and we still have these things come up because you get new people and people change roles and, you know, as a business person there's folks I've done business with in the past that have earned my trust, and I want to do business with them again because I know what. When people get new roles, they do the same thing, and sometimes that's not what we need them to do. So once you explain the story and you tell them about it and you show him the results, they come onboard. It's phenomenal. >> Everything goes back to the user experience with customer, whether your customer is an individual buyer or a business of 20 people to a Fortune 500. Everybody in an organization is ultimately, in some form or fashion touching the customer. The customer experience is critical to delight the customer to drive higher customer lifetime value from that customer. Um, so having the employees onboard understanding we still want you to be able to manage your Ware house even more efficiently. But we need you to understand how we're gonna give you the tools to do it better. Ultimately, the end of the day, it's goes back to that customer and making sure you can keep extracting value from them. >> One of our core values is put the customer first, always, and that's at the heart of everything we do. It's not about buying things cheap. It's about buying things at the right value and giving the customer the best possible experience they can, so there may be less expensive ways to do it, but it may not deliver the outcomes we want, so it's not always about buying cheap. It's about buying and getting the best value for us so that we can deliver the right experience to our customers. >> Was that a >> mentality that staples had prior to bringing on Cooper? Or now? Because suddenly you're starting to You have visibility into everything you're going? Oh, cheaper isn't necessarily better in some of these areas. I think it's >> a It's a corporate philosophy that we've had. I think we we realize that people can shop anywhere for anything they wanted. Anytime. Cooper has helped highlight some some discrepancies that we've been able to kind of take out. I would say that Cooper's help with that, but it's also been just a core philosophy of the company for a long time. Cooper's helping us execute against >> that now, but you're right. Consumers can buy >> whatever it >> is. If it's a product like something you want to buy on Amazon or service. Maybe it's your Internet service provider. We have so much choice. Think vendors of any product testers that recognize that and sounds like Staples does. From a core cultural perspective. You're already in a better position to understand. I really need to find Tune everything under the hood here because they could go somewhere else like that. They can't. It's good to >> understand that. But Cooper gives us the data and the facts and the analytics to help prove out where we can make a change and where we can help the company and help our customers. So it's a combination of both. >> Let's Dig into that data was in one of the things that Robert seemed shared this morning was about. Since Cooper's been public, which was 2016 they have a five x increase in the amount of spend that is being managed in the Cooper platform. I think the number was is now 1.2 trillion dollars, a tremendous amount of data in this group of community that everybody can leverage and share. We often hear data is gold. It's the new oil it is and you're smiling if you can actually see it, right extracted value, Yes, talk to us about the amount of value that Staples is getting by this group of community with a ton of valuable data. >> I would say we're at the infancy of going into the Cooper community in terms of sharing information and gaining information. I'm excited about the little bit that I've seen, and I'm one of things I want to learn. Here is more about how it will work and how it can help us. What Rob shared this morning was very interesting to me, and I'm very excited to learn more about >> it. Sounds and you're right And even Cooper says, they're at the infancy of it. I think they have. A couple of 100 customers are starting to use the community to share intelligence. Eso It is early days, but it's also something that I think of when I go to events and we talk about, you know, devil's Community. It's a very collaborative that not only is it customer centric, also, supplier centric Staples is a supplier of a lot of other businesses. So imagine there's kind of double and did benefit. It's that could be gleaned by you guys from them. We hope so. >> I think we're you know, we're probably a more unique customer than many that Cooper has and that we are. We are a customer. We use the tools, we love the tool, but we're also a cellar to you guys and two other Cooper uses in the community. So we see both sides of the equation with Cooper, and it is interesting. T gain those insights and see how we can help both sides of the company. Help group is customers and our customers more >> if you look at >> the platform for procurement invoices, expenses. Heymans, where did you start a few years ago with Cooper and where are you now? In terms of all the different elements that are running through it? >> We started with a simple PIO management secure to pay. Then we instituted a no P o no pay policy, and everyone started using the tools. It really helped us change things We don't use it for. Expenses wear starting like, as I said, to start to use some of the analytics. I'm very interested in learning more about Cooper pay or out here virtual card usage. That's very interesting to me, so I'm curious to learn about that on. We'll see where we go from there. >> Cooper Pay was, I think I know it's just a few months ago in London, and we are excited to hear some more news about that tomorrow, how they're expanding that. But there's this visibility and control idea is so critical because of any type of organization. Whether it's a retailer manufacturer, it's a hospital. There's so much shatter, weighty going. But I t is really big challenge of reining in the cats, if you will in all these cats. Because we all know now that Robert likes cats. But it's one of the things that they're announced with Amazon is wow. I t can have access to buy all of this software, control it, deploy it, manage it through the Amazon marketplace. And you suddenly think, Wow, how procurement and t are gonna be aligning, joining forces and really affecting top line of of any industry. >> Yeah, I think in Staples are our relationship between procurement and our i t S t s department has been strong from day one. They were the biggest advocates of us getting the tool to help them gain control and kind of eliminates a lot of the shadow I t organizations issue. Does you mentioned so in our environment, we are excited about that. We embrace that we're trying. Thio forced that out. So we've always had that sort of very strong partnership with our I T team, and that's really what's helped progress the tool through the company with great success with them in the beginning. And then you start to tell the story, and more and more people are interested in. Wait a minute. You can help them save how much into the budget and where we can reallocate that money and what can I do with it? So it's been really exciting and sort of fun to be part of the transformation. >> And you guys have, what north of 17,000 users on the platform, >> today's wave? A lot, A lot. >> That's pretty quick >> adoption in a few years, a lot of people to train, to educate and and to have it become part of their normal everyday activities. >> Well, we're going through a relaunch now, and the Cooper team has been phenomenal in terms of training and helping my team with all the work that goes on behind the scenes that nobody sees and helping us develop training for all of our associates as we relaunch it, because we're really gonna change the tool. We were a couple of revisions behind Ah, now we're getting caught up. So there's a lot of change coming in September to my company and to Cooper and thrilled with the help that the Cooper team has given us the launch. This >> last question for you. Chris Staples, a 34 year young business. I was just talking with a gentleman from procurement and Lulu Lemon and much younger business. And you >> kind of think, Well, a younger business Have more nimble mind sets. Give your advice your best lessons learned to your peers >> at older, more established organizations, going through a change of really looking at getting complete visibility and all your spent advice to them. >> It's a bit of a cliche, but don't do what you did yesterday. You know, you've got to be open to change. You've got to let the you know, I always say, the month the numbers tell the story, and where is where you're spending too much and how do you fix that? And just because you love a supplier today doesn't mean you can't love somebody else just as much tomorrow. If they can deliver a better value, and a lot of times you can find out that your current supplier can give you a better value than you. Then you had before if you just start poking around a little bit. So my advice would be not to stick with the status quo. Just cause it's easy. Challenge yourself. Challenger team. Challenge the people you work with. Change is good. >> Change is good. Chorus. What a pleasure to have you on the Cube. Big. Thanks. So much for joining me. >> Thank you. Very nice. I appreciate it. >> All right. For Christie. Oreo. I'm Lisa Martin. You're watching the Cube from Kucha. Inspire 19. Thanks for watching.

(upbeat music) >> From our studios in the heart of Silicon Valley, Palo Alto, California, this is a CUBEConversation. >> Hi everyone, welcome to the special CUBEConversation. We're in Palo Alto, California, at theCUBE studio. I'm John Furrier, co-host of the CUBE. We're here with Chris Yeh. He's the co-founder and general partner of Blitzscaling Ventures, author of the book Blitzscaling with Reid Hoffman, founder of LinkedIn and a variety of other ventures, also a partner at Greylock Partners. Chris, great to see you. I've known you for years. Love the book, love Reid. You guys did a great job. So congratulations. But the big news is you're now a TV star as one of the original inaugural contestants on the Mental Samurai, just premiered on Fox, was it >> On Fox. >> On Fox, nine o'clock, on which days? >> So Mental Samurai is on Fox, Tuesdays at 9 p.m. right after Master Chef Junior. >> Alright. So big thing. So successful shows. Take us through the journey. >> Yeah. >> It's a new show, so it's got this kind of like Jeopardy vibe where they got to answer tough questions in what looks like a roller coaster kind of arm that moves you around from station to station, kind of jar you up. But it's a lot of pressure, time clock and hard questions. Tell us about the format. How you got that. Gives all the story. >> So the story behind Mental Samurai is it's from the producers of American Ninja Warrior, if you've ever seen that show. So American Ninja Warrior is a physical obstacle course and these incredible athletes go through and the key is to get through the obstacle course. If you miss any of the obstacles, you're out. So they took that and they translated it to the mental world and they said, okay, we're going to have a mental obstacle course where you going to have different kinds of questions. So they have memory questions, sequence questions, knowledge questions, all these things that are tapping different elements of intelligence. And in order to win at the game, you have to get 12 questions right in five minutes or less. And you can't get a single question wrong. You have to be perfect. >> And they do try to jar you up, to kind of scrabble your brain with those devices, it makes it suspenseful. In watching last night at your watch party in Palo Alto, it's fun to watch because yeah, I'm like, okay, it's going to be cool. I'll support Chris. I'll go there, be great and on TV, and oh my, that's pretty interesting. It was actually riveting. Intense. >> Yeah. You have that element of moving around from station to station and it's dramatic. It's kind of a theater presence. But what's it like in there? Give us some insight. You're coming on in April 30th so you're yet to come on. >> Yes. >> But the early contestants, none of them made it to the 100,000. Only one person passed the first threshold. >> Right >> Take us through the format. How many thresholds are there? What's the format? >> Perfect, so basically when a competitor gets strapped into the chair, they call it Ava, it's like a robot, and basically they got it from some company in Germany and it has the ability to move 360 degrees. It's like an industrial robot or something. It makes you feel like you're an astronaut or in one those centrifugal force things. And the idea is they're adding to the pressure. They're making it more of a challenge. Instead of just Jeopardy where you're sitting there, and answering questions and bantering with Alex Trebek, you're working against the clock and you're being thrown around by this robot. So what happens is first you try to answer 12 questions correctly in less than five minutes. If you do that, then you make it through to the next round, what they call the circle of samurai and you win $10,000. The circle of samurai, what happens is there are four questions and you get 90 seconds plus whatever you have left over from your first run, to answer those four questions. Answer all four questions correctly, you win $100,000 and the official title of Mental Samurai. >> So there's only two levels, circle of samurai but it gets harder. Now also I noticed that it's, their questions have certain puzzles and there's certain kinds of questions. What's the categories, if you will, what's the categories they offer? >> Yes, so the different categories are knowledge, which is just classic trivia, it's a kind of Jeopardy stuff. There's memory, where they have something on screen that you have to memorize, or maybe they play an audio track that you have to remember what happened. And then there's also sequence where you have to put things in order. So all these different things are represented by these different towers which are these gigantic television screens where they present the questions. And the idea is in order to be truly intelligent, you have to be able to handle all of these different things. You can't just have knowledge. You can't just have pop culture. You got to have everything. >> So on the candidates I saw some from Stanford. >> Yeah. >> I saw an athlete. It's a lot of diversity in candidates. How do they pick the candidates? How did you get involved? Did your phone ring up one day? Were you identified, they've read your blog. Obviously they've, you're smart. I've read your stuff on Facebook. How did you get in there? (laughs) >> Excellent question. So the whole process, there's a giant casting department that does all these things. And there's people who just cast people for game shows. And what happened with me is many years ago back in 2014, my sister worked in Hollywood when I was growing up. She worked for ER and Baywatch and other companies and she still keeps track of the entertainment industry. And she sent me an email saying, hey, here's a casting call for a new show for smart people and you should sign up. And so I replied to the email and said hey I'm Chris Yeh. I'm this author. I graduate from Stanford when I was 19, blah blah blah blah. I should be on your show. And they did a bunch of auditions with me over the phone. And they said we love you, the network loves you. We'll get in touch and then I never heard. Turns out that show never got the green light. And they never even shot that show. But that put me on a list with these various casting directors. And for this show it turns out that there was an executive producer of the show, the creator of the show, his niece was the casting director who interviewed me back in 2014. And she told her uncle, hey, there's this guy, Chris Yeh, in Palo Alto. I think would be great for this new show you're doing. Why don't you reach out to him. So they reached out to me. I did a bunch of Skype auditions. And eventually while I was on my book tour for Blitzscaling, I got the email saying, congratulations, you're part of the season one cast. >> And on the Skype interviews, was it they grilling you with questions, or was it doing a mock dry run? What was some of interview vetting questions? >> So they start off by just asking you about yourself and having you talk about who you are because the secret to these shows is none of the competitors are famous in advance, or at least very few of them are. There was a guy who was a major league baseball pitcher, there's a guy who's an astronaut, I mean, those guys are kind of famous already, but the whole point is, they want to build a story around the person like they do with the Olympics so that people care whether they succeed or not. And so they start off with biographical questions and then they proceed to basically use flash cards to simulate the game and see how well you do. >> Got it, so they want to basically get the whole story arc 'cause Chris, obviously Chris is smart, he passed the test. Graduate when he's 19. Okay, you're book smart. Can you handle the pressure? If you do get it, there's your story line. So they kind of look from the classic, kind of marketing segmentation, demographics is your storylines. What are some of the things that they said to you on the feedback? Was there any feedback, like you're perfect, we like this about you. Or is it more just cut and dry. >> Well I think they said, we love your energy. It's coming through very strongly to the screen. That's fantastic. We like your story. Probably the part I struggle the most with, was they said hey, you know, talk to us about adversity. Talk to us about the challenges that you've overcome. And I tell people, listen, I'm a very lucky guy. A lot of great things have happened to me in life. I don't know if there's that much adversity that I can really complain about. Other people who deal with these life threatening illnesses and all this stuff, I don't have that. And so that was probably the part I struggled the most with. >> Well you're certainly impressive. I've known you for years. You're a great investor, a great person. And a great part of Silicon Valley. So congratulations, good luck on the show. So it's Tuesdays. >> 9 p.m. >> 9 p.m. >> On fox. >> On Fox. Mental Samurai. Congratulations, great. Great to be at the launch party last night. The watch party, there'll be another one. Now your episode comes out on April 30th. >> Yes. So on April 30th we will have a big Bay area-wide watch party. I'm assuming that admission will be free, assuming I find the right sponsors. And so I'll come back to you. I'll let you know where it's going to be. Maybe we should even film the party. >> That's, well, I got one more question on the show. >> Yeah. >> You have not been yet on air so but you know the result. What was it like sitting in the chair, I mean, what was it personally like for you? I mean you've taken tests, you've been involved with the situation. You've made some investments. There's probably been some tough term sheets here and there, board meetings. And all that experience in your life, what was it compared to, what was it like? >> Well, it's a really huge adrenaline rush because if you think about there's so many different elements that already make it an adrenaline rush and they all combine together. First of all, you're in this giant studio which looks like something out of a space-age set with this giant robotic arm. There's hundreds of people around cheering. Then you're strapped into a robotic arm which basically makes you feel like an astronaut, like every run starts with you facing straight up, right? Lying back as if you're about to be launched on a rocket. And then you're answering these difficult questions with time pressure and then there's Rob Lowe there as well that you're having a conversation with. So all these things together, and your heart, at least for me, my heart was pounding. I was like trying very hard to stay calm because I knew it was important to stay clam, to be able to get through it. >> Get that recall, alright. Chris, great stuff. Okay, Blitzscaling. Blitzscaling Ventures. Very successful concept. I remember when you guys first started doing this at Stanford, you and Reid, were doing the lectures at Stanford Business School. And I'm like, I love this. It's on YouTube, kind of an open project initially, wasn't really, wasn't really meant to be a book. It was more of gift, paying it forward. Now it's a book. A lot of great praise. Some criticism from some folks but in general it's about scaling ventures, kind of the Silicon Valley way which is the rocket ship I call. The rocket ship ventures. There's still the other venture capitals. But great book. Feedback from the book and the original days at Stanford. Talk about the Blitzscaling journey. >> And one of the things that happened when we did the class at Stanford is we had all these amazing guests come in and speak. So people like Eric Schmidt. People like Diane Greene. People like Brian Chesky, who talked about their experiences. And all of those conversations really formed a key part of the raw material that went into the book. We began to see patterns emerge. Some pretty fascinating patterns. Things like, for example, a lot of companies, the ones that'd done the best job of maintaining their culture, have their founders involved in hiring for the first 500 employees. That was like a magic number that came up over and over again in the interviews. So all this content basically came forward and we said, okay, well how do we now take this and put it into a systematic framework. So the idea of the book was to compress down 40 hours of video content, incredible conversations, and put it in a framework that somebody could read in a couple of hours. >> It is also one of those things where you get lightning in a ball, the classic and so then I'd say go big or go home. But Blitzscaling is all about something new and something different. And I'm reading a book right now called Loonshots, which is a goof on moonshots. It's about the loonies who start the real companies and a lot of companies that are successful like Airbnb was passed over on and they call those loonies. Those aren't moonshots. Moonshots are well known, build-outs. This is where the blitzscaling kind of magic happens. Can you just share your thoughts on that because that's something that's not always talked about in the mainstream press, is that a lot of there blitzscaling companies, are the ones that don't look good on paper initially. >> Yes. >> Or ones that no one's talking about is not in a category or herd mentality of investors. It's really that outlier. >> Yes. >> Talk about that dynamic. >> Yeah, and one of the things that Reid likes to say is that the best possible companies usually sound like they're dumb ideas. And in fact the best investment he's been a part of as a venture capitalist, those are the ones where there's the greatest controversy around the table. It's not the companies that come in and everyone's like this is a no-brainer, let's do it. It's the companies where there's a big fight. Should we do this, should we not? And we think the reason is this. Blitzscaling is all about being able to be the first to scale and the winner take most or the winner take all market. Now if you're in a market where everyone's like, this is a great market, this is a great idea. You're going to have huge competition. You're going to have a lot of people going after it. It's very difficult to be the first to scale. If you are contrarian and right you believe something that other people don't believe, you have the space to build that early lead, that you can then use to leverage yourself into that enduring market leadership. >> And one of the things that I observed from the videos as well is that the other fact that kind of plays into, I want to get your reaction, this is that there has to be a market shift that goes on too because you have to have a tailwind or a wave to ride because if you can be contrarian if there's no wave, >> Right. >> right? so a lot of these companies that you guys highlight, have the wave behind them. It was mobile computing, SaaSification, cloud computing, all kind of coming together. Talk about that dynamic and your reaction 'cause that's something where people can get confused on blitzscaling. They read the book. Oh I'm going to disrupt the dry cleaning business. Well I mean, not really. I mean, unless there's something different >> Exactly. >> in market conditions. Talk about that. >> Yeah, so with blitzscaling you're really talking about a new market or a market that's transforming. So what is it that causes these things to transform? Almost always it's some new form of technological innovation, or perhaps a packaging of different technological innovations. Take mobile computing for example. Many of the components have been around for a while. But it took off when Apple was able to combine together capacitative touchscreens and the form factor and the processor strength being high enough finally. And all these things together created the technological innovation. The technological innovation then enables the business model innovation of building an app store and creating a whole new way of thinking about handheld computing. And then based on that business model innovation, you have the strategy innovation of blitzscaling to allow you to grow rapidly and keep from blowing up when you grow. >> And the spirit of kind of having, kind of a clean entrepreneurial segmentation here. Blitzscaling isn't for everybody. And I want you to talk about that because obviously the book's popular when this controversy, there's some controversy around the fact that you just can't apply blitzscaling to everything. We just talk about some of those factors. There are other entrepreneurialship models that makes sense but that might not be a fit for blitzscaling. Can you just unpack that and just explain, a minute to explain the difference between a company that's good for blitzscaling and one that isn't. >> Well, a key thing that you need for blitzscaling is one of these winner take most or winner take all markets that's just enormous and hugely valuable, alright? The whole thing about blitzscaling is it's very risky. It takes a lot of effort. It's very uncomfortable. So it's only worth doing when you have those market dynamics and when that market is really large. And so in the book we talk about there being many businesses that this doesn't apply to. And we use the example of two companies that were started at the same time. One company is Amazon, which is obviously a blitzscaling company and a dominant player and a great, great company. And the other is the French Laundry. In fact, Jeff Bezos started Amazon the same year that Thomas Keller started the French Laundry. And the French Laundry still serves just 60 people a day. But it's a great business. It's just a very different kind of business. >> It's a lifestyle or cash flow business and people call it a lifestyle business but mainly it's a cash flow or not a huge growing market. >> Yeah. >> Satisfies that need. What's the big learnings that you learned that was something different that you didn't know coming out of blitzscaling experience? Something that surprised you, something that might have shocked you, something that might have moved you. I mean you're well-read. You're smart. What was some learnings that you learned from the journey? >> Well, one of the things that was really interesting to me and I didn't really think about it. Reid and I come from the startup world, not the big company world. One of the things that surprised me is the receptivity of big companies to these ideas. And they explained it to me and they said, listen, you got to understand with a big company, you think it's just a big company growing at 10, 15% a year. But actually there's units that are growing at 100% a year. There's units that are declining at 50% a year. And figuring out how you can actually continue to grow new businesses quicker than your old businesses die is a huge thing for the big, established companies. So that was one of the things that really surprised me but I'm grateful that it appears that it's applicable. >> It's interesting. I had a lot of conversations with Michael Dell before, and before they went private and after they went private. He essentially was blitzscaling. >> Yeah. >> He said, I'm going to winner take most in the mature, somewhat declining massive IT enterprise spend against the HPs of the world, and he's doing it and VMware stock went to an all time high. So big companies can blitz scale. That's the learning. >> Exactly. And the key thing to remember there is one of the reasons why somebody like Michael Dell went private to do this is that blitzscaling is all about prioritizing speed over efficiency. Guess who doesn't like that? Wall street doesn't like because you're taking a hit to earnings as you invest in a new business. GM for example is investing heavily in autonomous vehicles and that investment is not yet delivering cash but it's something that's going to create a huge value for General Motors. And so it's really tough to do blitzscaling as a publicly traded company though there are examples. >> I know your partner in the book, Reid Hoffman as well as in the blitzscaling at Stanford was as visible in both LinkedIn and as the venture capitalist of Greylock. But also he was involved with some failed startups on the front end of LinkedIn. >> Yeah. >> So he had some scar tissue on social networking before it became big, I'll say on the knowledge graph that he's building, he built at LinkedIn. I'm sure he had some blitzscaling lessons. What did he bring to the table? Did he share anything in the classes or privately with you that you can share that might be helpful for people to know? >> Well, there's a huge number of lessons. Obviously we drew heavily on Reid's life for the book. But I think you touched on something that a lot of people don't know, which is that LinkedIn is not the first social network that Reid created. Actually during the dot-com boom Reid created a company called SocialNet that was one of the world's first social networks. And I actually was one of the few people in the world who signed up and was a member of SocialNet. I think I had the handle, net revolutionary on that if you can believe that. And one of the things that Reid learned from his SocialNet experience turned into one of his famous sayings, which is, if you're not embarrassed by your first product launch, you've launched too late. With SocialNet they spent so much time refining the product and trying to get it perfectly right. And then when they launched it, they discovered what everyone always discovers when they launch, which is the market wants something totally different. We had no idea what people really wanted. And they'd wasted all this time trying to perfect something that they've theoretically thought was what the market wanted but wasn't actually what the market wanted. >> This is what I love about Silicon Valley. You have these kind of stories 'cause that's essentially agile before agile came out. They're kind of rearranging the deck chairs trying to get the perfect crafted product in a world that was moving to more agility, less craftsmanship and although now it's coming back. Also I talked to Paul Martino, been on theCUBE before. He's a tribe with Pincus. And it's been those founding fathers around these industries. It's interesting how these waves, they start off, they don't get off the ground, but that doesn't mean the category's dead. It's just a timing issue. That's important in a lot of ventures, the timing piece. Talk about that dynamic. >> Absolutely. When it comes to timing, you think about blitzscaling. If you start blitzscaling, you prioritize speed over efficiency. The main question is, is it the right time. So Webvan could be taken as an example of blitzscaling. They were spending money wildly inefficiently to build up grocery delivery. Guess what? 2000 was not the right time for it. Now we come around, we see Instacart succeeding. We see other delivery services delivering some value. It just turns out that you have to get the timing right. >> And market conditions are critical and that's why blitzscaling can work when the conditions are right. Our days back in the podcast, it was, we were right but timing was off. And this brings up the question of the team. >> Yeah. >> You got to have the right team that can handle the blitzscaling culture. And you need the right investors. You've been on both sides of the table. Talk about that dynamic because I think this is probably one of the most important features because saying you going to do blitzscaling and then getting buy off but not true commitment from the investors because the whole idea is to plow money into the system. You mentioned Amazon, one of Jeff Bezos' tricks was, he always poured money back into his business. So this is a capital strategy, as well financial strategy capital-wise as well as a business trait. Talk about the importance of having that stomach and the culture of blitzscaling. >> Absolutely. And I think you hit on something very important when you sort of talk about the importance of the investors. So Reid likes to refer to investors as financing partners. Or financing co-founders, because really they're coming on with you and committing to the same journey that you're going on. And one of the things I often tell entrepreneurs is you really have to dig deep and make sure you do more due diligence on your investors than you would on your employees. Because if you think about it, if you hire an employee, you can actually fire them. If you take money from an investor, there's no way you can ever get rid of them. So my advice to entrepreneurs is always, well, figure out if they're going to be a good partner for you. And the best way to do that is to go find some of the entrepreneurs they backed who failed and talked to those people. >> 'Cause that's where the truth will come out. >> Well, that's right. >> We stood by them in tough times. >> Exactly. >> I think that's classic, that's perfect but this notion of having the strategies of the elements of the business model in concert, the financial strategy, the capital strategy with the business strategy and the people strategy, all got to be pumping that can't be really any conflict on that. That's the key point. >> That's right, there has to be alignment because again, you're trying to go as quickly as possible and if you're running a race car and you have things that are loose and rattling around, you're not going to make it across the finish line. >> You're pulling for a pit stop and the guys aren't ready to change the tires, (snapping fingers) you know you're out of sync. >> Bingo. >> Chris, great stuff. Blitzscaling is a great book. Check it out. I recommend it, remember blitz scale is not for anyone, it's for the game changers. And again, picking your investors is critical on this. So if you picked the wrong investors, blitzscaling will blow up in a bad way. So don't, don't, pick properly on the visa and pick your team. Chris, so let's talk about you real quick to end the segment and the last talk track. Talk about your background 'cause I think you have a fascinating background. I didn't know that you graduated when you're 19, from Stanford was it? >> Yes. >> Stanford at 19, that's a great accomplishment. You've been an entrepreneur. Take us through your journey. Give us a quick highlight of your career. >> So the quick highlight is I grew up in Southern California and Santa Monica where I graduated from Santa Monica High School along with other luminaries such as Rob Lowe, Robert Downey, Jr., and Sean Penn. I didn't go at the same time that they did. >> They didn't graduate when they were 17. >> They did not, (John laughing) and Charlie Sheen also attended Santa Monica High School but dropped out or was expelled. (laughing) Go figured. >> Okay. >> I came up to Stanford and I actually studied creative writing and product design. So I was really hitting both sides of the brain. You could see that really coming through in the rest of my career. And then at the time I graduated which was the mid-1990s that was when the internet was first opening up. I was convinced the internet was going to be huge and so I just went straight into the internet in 1995. And have been in the startup world ever since. >> Must love that show, Halt and Catch Fire a series which I love reminiscing. >> AMC great show. >> Just watching that my life right before my eyes. Us old folks. Talk about your investment. You are at Wasabi Ventures now. Blitzscaling Ventures. You guys looks like you're going to do a little combination bring capital around blitzscaling, advising. What's Blitzscaling Ventures? Give a quick commercial. >> So the best way to think about it is for the entrepreneurs who are actually are blitzscaling, the question is how are you going to get the help you need to figure out how to steer around the corners to avoid the pitfalls that can occur as you're growing rapidly. And Blitzscaling Ventures is all about that. So obviously I bring a wealth of experience, both my own experience as well as everything I learned from putting this book together. And the whole goal of Blitzscaling Ventures is to find those entrepreneurs who have those blitzscalable opportunities and help them navigate through the process. >> And of course being a Mental Samurai that you are, the clock is really important on blitzscaling. >> There are actually are a lot of similarities between the startup world and Mental Samurai. Being able to perform under pressure, being able to move as quickly as possible yet still be accurate. The one difference of course is in our startup world you often do make mistakes. And you have a chance to recover from them. But in Mental Samurai you have to be perfect. >> Speed, alignment, resource management, capital deployment, management team, investors, all critical factors in blitzscaling. Kind of like entrepreneurial going to next level. A whole nother lesson, whole nother battlefields. Really the capital markets are flush with cash. Post round B so if you can certainly get altitude there's a ton of capital. >> Yeah. And the key is that capital is necessary for blitzscaling but it's not sufficient. You have to take that financial capital and you have to figure out how to combine it with the human capital to actually transform the business in the industry. >> Of course I know you've got to catch a plane. Thanks for coming by in the studio. Congratulations on the Mental Samurai. Great show. I'm looking forward to April 30th. Tuesdays at 9 o'clock, the Mental Samurai. Chris will be an inaugural contestant. We'll see how he does. He's tight-lipped, he's not breaking his disclosure. >> I've got legal requirements. I can't say anything. >> Just say he's sticking to his words. He's a man of his words. Chris, great to see you. Venture capitalist, entrepreneur, kind of venture you want to talk to Chris Yeh, co-founder, general partner of blitzscaling. I'm John Furrier for theCUBE. Thanks for watching. (upbeat music)