from our studios in the heart of Silicon Valley Palo Alto California this is a cute conversation hello everyone welcome to this cube conversation here in Palo Alto California I'm John Fourier host of the cube we are in the cube studios we're here with Ranga Rao's Senior Director of Product Management Cisco Networking group and David link the CEO of science logic tell what their part is guys great to see you thanks I come in it glad to be here so you guys had a great event by the way symposium in DC thanks a lot of momentum yeah it was fun to watch he was there eight videos up on YouTube but you guys are classic partnership here with Cisco talk about the relationship you guys are meeting in the channel got a lot of joint customers a lot of innovation talk about the relationship between science logic and Cisco Cisco and science logic have been working together because our customers demand us to work together right so across more for more than 10 years science logic has been a strong part of for Cisco working across various different business units when we started working on ACI which is application centric infrastructure which is the product that my group works on we thought science logic was a perfect partner to work with and in fact some of our joint customers including Cisco IT which is a customer of science logic two came to the table and said we needed an integration with science logic so customers are a huge part of the genesis of the partnership and that's what keeps us going together and the fact that we have such strong synergies from a technology perspective makes it really easy for us to collaborate and the fact that we have both open platforms with strong api's makes it really easy for us to collaborate and this is the real haveá-- we're here to the chalk tracks around you know these API so this abstraction software layer zci has kind of gone the next level we covered that at Cisco live Dave we talked before about your value proposition you're on the front lines Cisco obviously has this new programmability model where their goal is to leverage the value the network abstract away the complexities and allow people to get more value out of it how is that working in what and how do you guys tie into Cisco it's really an ecosystem of technologies and partnerships that deliver outcomes for customers Cisco's advancing technology so fast we've seen an innovation sprint from Cisco it's actually causing us to sprint with them on behalf of their customers but ultimately we've had to introduce deep integrated monitoring across all the fabrics that they support for software-defined and that includes visibility into the ACCAC eye fabrics but it also goes through into the virtual machines the storage layers the operating systems the application layer so when you pull all of that together that's a day to challenge for the enterprise to make sure they're delivering outcomes to the customer that are above expectations recently we supported support for multi-site and multi pod ACI fabric we're working on a CI anywhere in the cloud we're really Cisco's extending the datacenter hyper-converged solutions to deliver value propositions no matter where the applications live so that's a huge step forward and then it causes operational initiatives to say how are we going to solve that problem for our customers no matter where the application lives so that's really where we're focused helping solve problems on that day to side of make all these technologies come to collect together to deliver a great outcome for the end-user and so they're enabling you with the with the ACI if a hyper converges to go out and do your thing yes so we instrument all those different really abstracted components because what we have with container management with Software Defined it's abstraction on top of core routes which and server and hypervisor technologies that bring it together in an intuitive way ultimately what we've seen from the enterprise and service providers is they really want infrastructure delivered as a service and that's really where Cisco's headed helping make that a reality with these products we just helped bring them together with the instrumentation analytics to operate them as one system you know ranking this is a great example of what we're seeing in this modern era with the data center on premises modernization growth of the cloud the advent of you know real hybrid cloud and private cloud as well as public cloud you guys are in a good position so I want to kind of dig into some talk tracks one you mentioned day two operates I've heard that term kicked around before cuz this is kind of speaks to this modernization in IT operations you know enabling an environment for you know Network compute storage to work seamlessly this is this is the real deal what is day to operations can you like define what that is yeah so our customers essentially go through the journey of building and network for some purpose to deliver an application or a service to their end users so the we think of the process of them building the network is day zero configuring the network for the particular operator a particular service as day one and everything that they deal with which is a lot of complexity which is they where they spend 80% of their time 90% of their budget has data operations which is a very complex domain so this is the area that we have been focusing within our business unit to make our customers lives easier with products that essentially solve some of these problems and collaborating with partners like science logic to make the operations of our customers much easier a important part of data operations is making sure that we provide the light right kind of abstractions for our customers initially customers used to configure switches on a switch by switch basis using command line interfaces with obscure commands what we have done within the data center as of like 2014 is brought in the application centric abstraction so customers can configure the network in the language of the application which is the intent interesting you know I'm old enough to remember those days of standing those networks up day one day zero on day one but I think day two has become really the new environment because day 2 operates was simply you know make sure the lights are on provision the switches top of racks all that stuff that went on and then you managed it you had your storage administrator all these things we're kind of static perimeter based security all that now is kind of thrown away so I think day two is almost like the reality of the situation because you now have micro services you've got apps and DevOps manding to have the agility and programmability the network so I got to ask is if that's true and you got cloud over the top happening this means that the software has to be really rock-solid because it's not getting less complex it's getting more complex so it's what is science logic fit in today too we've been focused on all these different technologies you bring together so from an intent based perspective Cisco's been really focused on intent based solutions but that lines up to a business service the business service is made up of a lot of different technologies that can come from many different locations to deliver you an application to you where you're super satisfied with an outcome its delivering productivity to you all the great things that you're hoping to experience when you interact with an application but behind the scenes there's a whole myriad of technologies that we instrument from a fault configuration performance analytics and really an analysis perspective to see all these multivariate data streams coming together in a hub where we can analyze them and understand the relationships the context of how all of those data feeds come together to enable a service so if we know that service view again no matter where the service is coming from in Cisco is now supporting ECI anywhere so that service could be sitting in a lot of different places today and we're seeing more and more hybrid applications and I think that's around for a long time to stay for good reasons security compliance and other reasons you've got to bring all that together and understand real time the real time operational viewpoint of how is it now and more so that proactive insight to know if you have an anomaly across any one of these performance variants how that may impact the service so is it going to be impacting the service and really help operations stay proactive I think that's where the DevOps and focuses right now look at evolution of DevOps gene King was on the cube said 3% of enterprises have adopted Ewa certainly there's the early adopters we all know who they are they're there DevOps cloud native from day one but really the adoption of DevOps is not yet there on mainstream is getting there but you're speaking to day two operations as kind of like operations you mentioned developers the apps that needs to be built to require all this infrastructure program ability this is where I think a CIS can I guess you need intrument ation so you need IT ops and you got to have program ability of the network but everyone's talking about automation so to me it sounds like there's an automation story in here if you got an instrument everything you got to have move beyond command line and configuring is that how does that fit it how's the automation finish yeah absolutely first of all within the ACI fabric we have we have a controller based approach so there's a single place of managing the entire infrastructure today we have customers who use two hundred-plus physicals which is being managed by a single point that's a huge amount of automation for provisioning the network from the perspective of managing the network the controller continuously looks at what's going on and essentially we have a product core network assurance engine which look which are which is a second pair of eyes which will tell you proactively if there are problems in the network right but a broader automation is needed where you can actually look at information from various different silos because network as important as we as cisco think is one part of the whole puzzle rate information comes from many different places so there's a platform that's needed where people can funnel in pieces of information from various different places and analyze that pieces of information figure out trends find the things that are of interest to them and operate in a data-driven fashion they want to get your thoughts on this next talk track around the impact of the cloud because if this happens the automations is pretty much agreed upon the industry therefore we've gotta automate things that are repetitive mundane tasks and certainly the network's a lot of command line stuff that can be automated away value will shift to other places but with the impact of cloud operation the operational side of the data center is looking more and more cloud like so in a way whether the debate of moving to the private cloud versus on-premises goes away and it becomes more of a cloud operation story on-premises multi-cloud on public clouds is kind of a new system this is the operational shift this is where all the action is talk about your perspective on this because this is kind of like you know it's not a simple saying lift and shift and moving into the cloud it's I want cloud like economics I want cloud like elasticity I want all that benefit on premises that's day two in my opinion would you agree I do and I think that's sometimes lost on the industry that we have a lot of clouds that we have to serve and for good purpose they're gonna live in different places but back to the earlier comment you've got to then pull information into a data hub I'll just call it in an architecture of data where you've got it from multiple sources whether it's clouds or private hyper-converged the wireless to the end-user all these different layers often that are being abstracted we've got to really understand how that relates to a user experience so when we think about what are the end results we're trying to achieve we're trying to be proactive so among the things that we're working on from a vision perspective instead of thinking about waiting for a system across any one of these tiers to have a fault where it tells you I've got a problem here's a trap here's a log I've experienced this problem we really want to do a lot more on the front end that performance analytics the anomaly detection to get across multivariate all these very 'it's mean this kind of performance health and in a performance score cisco has been investing heavily here we have as well jointly for some of our customers what I'd like to see in the future our vision is that you rely less on fault management and more on the proactive analytics side so that you understand anomalous behavior and how that could impact your experience as an end-user and fix it through automation before there is a problem so that's a very different thought I'd love to say our industry should in the future worry less about event correlation and more about predictive behavior so that's where we're spending a lot I don't like so wherever the false look for the goodness to I mean where's the zag lesion but you have to have all these data streams and you have to understand how they can textually relate to one another to make those important decisions and recommendations well you know I've always said this on the cube you can you know in this world of digital you can instrument everything so you soon it's going to be a matter of time for seeing what everything's happening but knowing what to look at it's kind of like what you're getting at yes hey Rach I talked about your your perspective because again and one of the things that Dave Volante and I just do many we talk about all the time on the cube is we debate this cloud conversation because I think my opinion is it's one big distributed architecture second operating system the cliff it's all the cloud they're all edges nodes and arcs on a distributed a dissenter certainly isn't going away but if everything is a network connection well that's the edge your data center you got this is you're in the business of networking right what's your take on all this because you know if it's a cloud operations it's a shift from the old IT to the new IT what's your perspective on this so the moniker that we have been using this year is that there's nothing centered about the data centers like you said there are workloads that reside in many different environments including the cloud so customers are demanding consistent operations and consistent management capabilities across this many different environments right so you're right the data center itself is turning out more to be like a cloud and we have even seen large cloud providers like offer solutions that sit within a customer's data center right so that's one area in which the words evolving another area is in terms of all the tools that are coming together to solve some of the operational problems to be more predictive and more proactive yeah you know I like to draw horns sometimes too many minute we keep on coin the term private cloud years ago and everyone was throwing hate at them you know on the way I don't know what's this private cloud nonsense if that's what's happening there's a private cloud it's a hybrid cloud multiple clouds you have public cloud and again you're gonna have multi purpose pick the right cloud for the workload kind of environment going on kind of like the way the tools business would but it's still platform so so guys thanks for coming in and sharing your insights I really appreciate that before we go take a minute to get the plug in for what you guys are working on give the company update what's going on you're hiring revenues up what's happening give us a state of the science logic what's going on so we had a great first quarter the best first quarter in the history of the company the health of the business is good I think the underlying theme is the transform of infrastructure is causing a lot of people to rethink the monitoring tooling as to how do we need to manage in this new operating environment you mentioned DevOps I think the real key there is the developer really wants to have the application be infrastructure aware and he needs good information coming from not 50 places but from a trusted place where he can make sure the application knows about how all the infrastructure that's supporting it no matter where it is is behaving and that's really the wind behind the sales driving our business we grew quarter-over-quarter sequentially with our subscription over a hundred percent in q1 so we're really thrilled with where the business is headed excited about the momentum and this is a really important partnership for us because everybody uses Cisco all of our enterprise customer service provider government customers Cisco is embedded in virtually every customer that we work with so we have to have the best support kind of that thought leadership of support for our customers for them to entrust management of those core applications through our platform right it gives a quick plug for the data center networking group what's happening there what's the the hot items what's the with give the plug quickly so very quickly I think the journey that we have been on is a CI any where to take a CI and its management and operations paradigm to many different environments we introduced support for AWS earlier in this year we are working on support for Azure and soon we'll have support for Google public clouds in all these environments we want our customers to have consistent experience and the way we get that is through solutions working with partners where we offer consistent solutions across all these environments for our customers and working with science logic as a very important partner to solve problems for our joint customers and you guys have always had a great Channel great ecosystem now you have not new for you to partner yeah we have like open API is open platform 65 plus partners that we work with so all customer focus well let me put you on the spot one last question got you here because your guru and networking and you know you've been around the block you've seen the different waves what's the biggest wake-up call that customers are having with respect to the old way of doing networking and the new way cuz clearly everyone has come to the realization that the perimeter based security model and static networking has to be more dynamic what's the big wake-up call that you think customers are seeing now with this new modern era I think customers are realizing more and more how important technologies part of it as part of their business sometimes it even drives the techni drives the business and helps customers make ditions on what's the right path to take for their business so what this applications become really important and the nerve center which is the network that supports the application becomes really important so customers are demanding us to build the best network possible to support this modern world that's continuously evolving so did you think a stab at that customer wake-up call what's your perspective on this what's the big R from your experience over the years you can't use tools that were built 20 years ago to continue operating global networks so we see a lot of the industry it's about a ten billion dollar total addressable market changing over because the market fit of the old tools that people have relied upon for many years aren't solving modern problems Oh guys thanks for the insight appreciating and good to see the partnership doing well thanks for coming into the cube studio we have Ranga Rao senior director of product management Cisco Networking group and David Lynch CEO of science logic here for cube conversation I'm Sean Fourier thanks for watching you [Music] you

>> Announcer: Live from Orlando, Florida. It's the CUBE. Covering Grace Hopper Celebration of Women in Computing. Brought to you by Silicon Angle Media. >> Welcome back everybody. Jeff Frick here with the Cube. We are winding down day three of the Grace Hopper Celebration of Women in Computing in Orlando. It's 18,000, mainly women, a couple of us men hangin' out. It's been a phenomenal event again. It always amazes me to run into first timers that have never been to the Grace Hopper event. It's a must do if you're in this business and I strongly encourage you to sign up quickly 'cause I think it sells out in about 15 minutes, like a good rock concert. But we're excited to have our next guest. She's Rachel Faber Tobac, UX Research at Course Hero. Rachel, great to see you. >> Thank you so much for having me on. >> Absolutely. So, Course Hero. Give people kind of an overview of what Course Hero is all about. >> Yup. So we are an online learning platform and we help about 200 million students and educators master their classes every year. So we have all the notes, >> 200 million. >> Yes, 200 million! We have all the notes, study guides, resources, anything a student would need to succeed in their classes. And then anything an educator would need to prepare for their classes or connect with their students. >> And what ages of students? What kind of grades? >> They're usually in college, but sometimes we help high schoolers, like AP students. >> Okay. >> Yeah. >> But that's not why you're here. You want to talk about hacking. So you are, what you call a "white hat hacker". >> White hat. >> So for people that aren't familiar with the white hat, >> Yeah. >> We all know about the black hat conference. What is a white hat hacker. >> So a "white hat hacker" is somebody >> Sounds hard to say three times fast. >> I know, it's a tongue twister. A white hat hacker is somebody who is a hacker, but they're doing it to help people. They're trying to make sure that information is kept safer rather than kind of letting it all out on the internet. >> Right, right. Like the old secret shoppers that we used to have back in the pre-internet days. >> Exactly. Exactly. >> So how did you get into that? >> It's a very non-linear story. Are you ready for it? >> Yeah. >> So I started my career as a special education teacher. And I was working with students with special needs. And I wanted to help more people. So, I ended up joining Course Hero. And I was able to help more people at scale, which was awesome. But I was interested in kind of more of the technical side, but I wasn't technical. So my husband went to Defcon. 'cause he's a cyber security researcher. And he calls me at Defcon about three years ago, and he's like, Rach, you have to get over here. I'm like, I'm not really technical. It's all going to go over my head. Why would I come? He's like, you know how you always call companies to try and get our bills lowered? Like calling Comcast. Well they have this competition where they put people in a glass booth and they try and have them do that, but it's hacking companies. You have to get over here and try it. So I bought a ticket to Vegas that night and I ended up doing the white hat hacker competition called The Social Engineering Capture the Flag and I ended up winning second, twice in a row as a newb. So, insane. >> So you're hacking, if I get this right, not via kind of hardcore command line assault. You're using other tools. So like, what are some of the tools that are vulnerabilities that people would never think about. >> So the biggest tool that I use is actually Instagram, which is really scary. 60% of the information that I need to hack a company, I find on Instagram via geolocation. So people are taking pictures of their computers, their work stations. I can get their browser, their version information and then I can help infiltrate that company by calling them over the phone. It's called vishing. So I'll call them and try and get them to go to a malicious link over the phone and if I can do that, I can own their company, by kind of presenting as an insider and getting in that way. (chuckling) It's terrifying. >> So we know phishing right? I keep wanting to get the million dollars from the guy in Africa that keeps offering it to me. >> (snickers) Right. >> I don't whether to bite on that or. >> Don't click the link. >> Don't click the link. >> No. >> But that interesting. So people taking selfies in the office and you can just get a piece of the browser data and the background of that information. >> Yep. >> And that gives you what you need to do. >> Yeah, so I'll find a phone number from somebody. Maybe they take a picture of their business card, right? I'll call that number. Test it to see if it works. And then if it does, I'll call them in that glass booth in front of 400 people and attempt to get them to go to malicious links over the phone to own their company or I can try and get more information about their work station, so we could, quote unquote, tailor an exploit for their software. >> Right. Right. >> We're not actually doing this, right? We're white hat hackers. >> Right. >> If we were the bad guys. >> You'd try to expose the vulnerability. >> Right. The risk. >> And what is your best ruse to get 'em to. Who are you representing yourself as? >> Yeah, so. The representation thing is called pre-texting. It's who you're pretending to be. If you've ever watched like, Catch Me If You Can. >> Right. Right. >> With Frank Abagnale Jr. So for me, the thing that works the best are low status pretext. So as a woman, I would kind of use what we understand about society to kind of exploit that. So you know, right now if I'm a woman and I call you and I'm like, I don't know how to trouble shoot your website. I'm so confused. I have to give a talk, it's in five minutes. Can you just try my link and see if it works on your end? (chuckling) >> You know? Right? You know, you believe that. >> That's brutal. >> Because there's things about our society that help you understand and believe what I'm trying to say. >> Right, right. >> Right? >> That's crazy and so. >> Yeah. >> Do you get, do you make money white hacking for companies? >> So. >> Do they pay you to do this or? Or is it like, part of the service or? >> It didn't start that way. >> Right. >> I started off just doing the Social Engineering Capture the Flag, the SECTF at Defcon. And I've done that two years in a row, but recently, my husband, Evan and I, co-founded a company, Social Proof Security. So we work with companies to train them about how social media can impact them from a social engineering risk perspective. >> Right. >> And so we can come in and help them and train them and understand, you know, via a webinar, 10 minute talk or we can do a deep dive and have them actually step into the shoes of a hacker and try it out themselves. >> Well I just thought the only danger was they know I'm here so they're going to go steal my bike out of my house, 'cause that's on the West Coast. I'm just curious and you may not have a perspective. >> Yeah. >> 'Cause you have niche that you execute, but between say, you know kind of what you're doing, social engineering. >> Yeah. >> You know, front door. >> God, on the telephone. Versus kind of more traditional phishing, you know, please click here. Million dollars if you'll click here versus, you know, what I would think was more hardcore command line. People are really goin' in. I mean do you have any sense for what kind of the distribution of that is, in terms of what people are going after? >> Right, we don't know exactly because usually that information's pretty confidential, >> Sure. when a hack happens. But we guess that about 90% of infiltrations start with either a phishing email or a vishing call. So they're trying to gain information so they can tailor their exploits for your specific machine. And then they'll go in and they'll do that like actual, you know, >> Right. >> technical hacking. >> Right. >> But, I mean, if I'm vishing you right and I'm talking to you over the phone and I get you to go to a malicious link, I can just kind of bypass every security protocol you've set up. I don't even a technical hacker, right? I just got into your computer because. >> 'Cause you're in 'Cause I'm in now, yup. >> I had the other kind of low profile way and I used to hear is, you know, you go after the person that's doin' the company picnic. You know Wordpress site. >> Yes. >> That's not thinking that that's an entry point in. You know, kind of these less obvious access points. >> Right. That's something that I talk about a lot actually is sometimes we go after mundane information. Something like, what pest service provider you use? Or what janitorial service you use? We're not even going to look for like, software on your machine. We might start with a softer target. So if I know what pest extermination provider you use, I can look them up on LinkedIn. See if they've tagged themselves in pictures in your office and now I can understand how do they work with you, what do their visitor badges look like. And then emulate all of that for an onsite attack. Something like, you know, really soft, right? >> So you're sitting in the key note, right? >> Yeah. >> Fei-Fei Li is talking about computer visualization learning. >> Right. >> And you know, Google running kagillions of pictures through an AI tool to be able to recognize the puppy from the blueberry muffin. >> Right. >> Um, I mean, that just represents ridiculous exploitation opportunity at scale. Even you know, >> Yeah. >> You kind of hackin' around the Instagram account, can't even begin to touch, as you said, your other thing. >> Right. >> You did and then you did it at scale. Now the same opportunity here. Both for bad and for good. >> I'm sure AI is going to impact social engineering pretty extremely in the future here. Hopefully they're protecting that data. >> Okay so, give a little plug so they'll look you up and get some more information. But what are just some of the really easy, basic steps that you find people just miss, that should just be, they should not be missing. From these basic things. >> The first thing is that if they want to take a picture at work, like a #TBT, right? It's their third year anniversary at their company. >> Right. Right. >> Step away from your work station. You don't need to take that picture in front of your computer. Because if you do, I'm going to see that little bottom line at the bottom and I'm going to see exactly the browser version, OS and everything like that. Now I'm able to exploit you with that information. So step away when you take your pictures. And if you do happen to take a picture on your computer. I know you're looking at computer nervously. >> I know, I'm like, don't turn my computer on to the cameras. >> Don't look at it! >> You're scarin' me Rachel. >> If you do take a picture of that. Then you don't want let someone authenticate with that information. So let's say I'm calling you and I'm like, hey, I'm with Google Chrome. I know that you use Google Chrome for your service provider. Has your network been slow recently? Everyone's network's been slow recently, right? >> Right. Right. >> So of course you're going to say yes. Don't let someone authenticate with that info. Think to yourself. Oh wait, I posted a picture of my work station recently. I'm not going to let them authenticate and I'm going to hang up. >> Interesting. All right Rachel. Well, I think the opportunity in learning is one thing. The opportunity in this other field is infinite. >> Yeah. >> So thanks for sharing a couple of tips. >> Yes. >> And um. >> Thank you for having me. >> Hopefully we'll keep you on the good side. We won't let you go to the dark side. >> I won't. I promise. >> All right. >> Rachel Faber Tobac and I'm Jeff Frick. You're watchin the Cube from Grace Hopper Celebration Women in Computing. Thanks for watching. (techno music)