(bright music) >> Hello, everyone. Welcome back to live coverage day two or day one, day two for theCUBE, day one for the event. I'm John Furrier, host of theCUBE. It's the keynote analysis segment. Adam just finished coming off stage. I'm here with Dave Vellante and Zeus Kerravala, with principal analyst at ZK Research, Zeus, it's great to see you. Dave. Guys, the analysis is clear. AWS is going NextGen. You guys had a multi-day analyst sessions in on the pre-briefs. We heard the keynote, it's out there. Adam's getting his sea legs, so to speak, a lot of metaphors around ocean. >> Yeah. >> Space. He's got these thematic exploration as he chunked his keynote out into sections. Zeus, a lot of networking in there in terms of some of the price performance, specialized instances around compute, this end-to-end data services. Dave, you were all over this data aspect going into the keynote and obviously, we had visibility into this business transformation theme. What's your analysis? Zeus, we'll start with you. What's your take on what Amazon web service is doing this year and the keynote? What's your analysis? >> Well, I think, there was a few key themes here. The first one is I do think we're seeing better integration across the AWS portfolio. Historically, AWS makes a lot of stuff and it's not always been easy to use say, Aurora and Redshift together, although most customers buy them together. So, they announce the integration of that. It's a lot tighter now. It's almost like it could be one product, but I know they like to keep the product development separately. Also, I think, we're seeing a real legitimization of AWS in a bunch of areas where people said it wasn't possible before. Last year, Nasdaq said they're running in the cloud. The Options Exchange today announced that they're going to be moving to the cloud. Contact centers running the cloud for a lot of real time voice. And so, things that we looked at before and said those will never move to the cloud have now moved to the cloud. And I think, my third takeaway is just AWS is changing and they're now getting into areas to allow customers to do things they couldn't do before. So, if you look at what they're doing in the area of AI, a lot of their AI and ML services before were prediction. And I'm not saying you need an AI, ML to do prediction, was certainly a lot more accurate, but now they're getting into generative data. So, being able to create data where data didn't exist before and that's a whole new use case for 'em. So, AWS, I think, is actually for all the might and power they've had, it's actually stepping up and becoming a much different company now. >> Yeah, I had wrote that post. I had a one-on-one day, got used of the transcript with Adam Selipsky. He went down that route of hey, we going to change NextGen. Oh, that's my word. AWS Classic my word. The AWS Classic, the old school cloud, which a bunch of Lego blocks, and you got this new NextGen cloud with the ecosystems emerging. So, clearly, it's Amazon shifting. >> Yeah. >> But Dave, your breaking analysis teed out the keynote. You went into the whole cost recovery. We heard Adam talk about macro at the beginning of his keynote. He talked about economic impact, sustainability, big macro issues. >> Yeah. >> And then, he went into data and spent most of the time on the keynote on data. Tools, integration, governance, insights. You're all over that. You had that, almost your breaking analysis almost matched the keynote, >> Yeah. >> thematically, macro, cost savings right-sizing with the cloud. And last night, I was talking to some of the marketplace people, we think that the marketplace might be the center where people start managing their cost better. This could have an impact on the ecosystem if they're not in in the marketplace. So, again, so much is going on. >> What's your analogy? >> Yeah, there's so much to unpack, a couple things. One is we get so much insight from theCUBE community plus your sit down 101 with Adam Selipsky allowed us to gather some nuggets, and really, I think, predict pretty accurately. But the number one question I get, if I could hit the escape key a bit, is what's going to be different in the Adam Selipsky era that was different from the Jassy era. Jassy was all about the primitives. The best cloud. And Selipsky's got to double down on that. So, he's got to keep that going. Plus, he's got to do that end-to-end integration and he's got to do the deeper business integration, up the stack, if you will. And so, when you're thinking about the keynote and the spirit of keynote analysis, we definitely heard, hey, more primitives, more database features, more Graviton, the network stuff, the HPC, Graviton for HPC. So, okay, check on that. We heard some better end-to-end integration between the elimination of ETL between Aurora and Redshift. Zeus and I were sitting next to each other. Okay, it's about time. >> Yeah. >> Okay, finally we got that. So, that's good. Check. And then, they called it this thing, the Amazon data zones, which was basically extending Redshift data sharing within your organization. So, you can now do that. Now, I don't know if it works across regions. >> Well, they mentioned APIs and they have the data zone. >> Yep. And so, I don't know if it works across regions, but the interesting thing there is he specifically mentioned integration with Snowflake and Tableau. And so, that gets me to your point, at the end of the day, in order for Amazon, and this is why they win, to succeed, they've got to have this ecosystem really cranking. And that's something that is just the secret sauce of the business model. >> Yeah. And it's their integration into that ecosystem. I think, it's an interesting trend that I've seen for customers where everybody wanted best of breed, everybody wanted disaggregated, and their customers are having trouble now putting those building blocks together. And then, nobody created more building blocks than AWS. And so, I think, under Adam, what we're seeing is much more concerted effort to make it easier for customers to consume those building blocks in an easy way. And the AWS execs >> Yeah. >> I talked to yesterday all committed to that. It's easy, easy, easy. And I think that's why. (Dave laughing) Yeah, there's no question they've had a lead in cloud for a long time. But if they're going to keep that, that needs to be upfront. >> Well, you're close to this, how easy is it? >> Yeah. >> But we're going to have Adrian Cockcroft (Dave laughing) on at the end of the day today, go into one analysis. Now, that- >> Well, less difficult. >> How's that? (indistinct) (group laughing) >> There you go. >> Adrian retired from Amazon. He's a CUBE analyst retiree, but he had a good point. You can buy the bag of Lego blocks if you want primitives >> Yeah. >> or you can buy the toy that's glued together. And it works, but it breaks. And you can't really manage it, and you buy a new one. So, his metaphor was, okay, if the primitives allow you to construct a durable solutions, a lot harder relative to rolling your own, not like that, but also the simplest out-of-the box capability is what people want. They want solutions. We call Adam the solutions CEO. So, I think, you're going to start to see this purpose built specialized services allow the ecosystem to build those toys, so that the customers can have an out-of-the box experience while having the option for the AWS Classic, which is if you want durability, you want to tune it, you want to manage it, that's the way to go for the hardcore. Now, can be foundational, but I just see the solutions things being very much like an out-of-the-box. Okay, throw away, >> Yeah. >> buy a new toy. >> More and more, I'm saying less customers want to be that hardcore assembler of building blocks. And obviously, the really big companies do, but that line is moving >> Yeah. >> and more companies, I think, just want to run their business and they want those prebuilt solutions. >> We had to cut out of the keynote early. But I didn't hear a lot about... The example that they often use is Amazon Connect, the call center solution. >> Yeah. >> I didn't hear a lot to that in the keynote. Maybe it's happening right now, but look, at the end of the day, suites always win. The best of breed does well, (John laughing) takes off, generate a couple billion, Snowflake will grow, they'll get to 10 billion. But you look at Oracle, suites work. (laughs) >> Yeah. >> What I found interesting about the keynote is that he had this thematic exploration themes. First one was space that was like connect the dot, the nebula, different (mumbles) lens, >> Ocean. >> ask the right questions. (Dave laughing) >> Ocean was security which bears more, >> Yeah. >> a lot more needed to manage that oxygen going deep. Are you snorkeling? Are you scuba diving? Barely interesting amount of work. >> In Antarctica. >> Antarctica was the performance around how you handle tough conditions and you've got to get that performance. >> Dave: We're laughing, but it was good. >> But the day, the Ocean Day- >> Those are very poetic. >> I tweeted you, Dave, (Dave laughing) because I sit on theCUBE in 2011. I hate hail. (Dave laughing) It's the worst term ever. It's the day the ocean's more dynamic. It's a lot more flowing. Maybe 10 years too soon, Dave. But he announces the ocean theme and then says we have a Security Lake. So, like lake, ocean, little fun on words- >> I actually think the Security Lake is pretty meaningful, because we were listening to talk, coming over here talking about it, where I think, if you look at a lot of the existing solutions, security solutions there, I describe 'em as a collection of data ponds that you can view through one map, but they're not really connected. And the amount of data that AWS holds now, arguably more than any other company, if they're not going to provide the Security Lake, who is? >> Well, but staying >> Yeah. >> on security for a second. To me, the big difference between Azure and Amazon is the ecosystem. So, CrowdStrike, Okta, Zscaler, name it, CyberArk, Rapid7, they're all part of this ecosystem. Whereas Microsoft competes with all of those guys. >> Yes. Yeah. >> So it's a lot more white space than the Amazon ecosystem. >> Well, I want to get you guys to take on, so in your reaction, because I think, my vision of what what's happening here is that I think that whole data portion's going to be data as code. And I think, the ecosystem harvests the data play. If you look at AWS' key announcements here, Security Lake, price performance, they're going to optimize for those kinds of services. Look at security, okay, Security Lake, GuardDuty, EKS, that's a Docker. Docker has security problems. They're going inside the container and looking at threat detection inside containers with Kubernetes as the runtime. That's a little nuance point, but that's pretty significant, Dave. And they're now getting into, we're talking in the weeds on the security piece, adding that to their large scale security footprint. Security is going to be one of those things where if you're not on the inside of their security play, you're probably going to be on the outside. And of course, the price performance is going to be the killer. The networking piece surprise me. Their continuing to innovate on the network. What does that mean for Cisco? So many questions. >> We had Ajay Patel on yesterday for VMware. He's an awesome middleware guy. And I was asking about serverless and architectures. And he said, "Look, basically, serverless' great for stateless, but if you want to run state, you got to have control over the run time." But the point he made was that people used to think of running containers with straight VMs versus Fargate or Knative, if you choose, or serverless. They used to think of those as different architectures. And his point was they're all coming together. And it's now you're architecting and calling, which service you need. And that's how people are thinking about future architectures, which I think, makes a lot of sense. >> If you are running managed Kubernetes, which everyone's doing, 'cause no one's really building it in-house themselves. >> No. >> They're running it as managed service, skills gaps and a variety of other reasons. This EKS protection is very interesting. They're managing inside and outside the container, which means that gives 'em visibility on both sides, under the hood and inside the application layer. So, very nuanced point, Zeus. What's your reaction to this? And obviously, the networking piece, I'd love to get your thought. >> Well, security, obviously, it's becoming a... It's less about signatures and more of an analytics. And so, things happen inside the container and outside the container. And so, their ability to look on both sides of that allows you to happen threats in time, but then also predict threats that could happen when you spin the container up. And the difficulty with the containers is they are ephemeral. It's not like a VM where it's a persistent workload that you can do analysis on. You need to know what's going on with the container almost before it spins up. >> Yeah. >> And that's a much different task. So, I do think the amount of work they're doing with the containers gives them that entry into that and I think, it's a good offering for them. On the network side, they provide a lot of basic connectivity. I do think there's a role still for the Ciscos and the Aristas and companies like that to provide a layer of enhanced network services that connects multicloud. 'Cause AWS is never going to do that. But they've certainly, they're as legitimate network vendor as there is today. >> We had NetApp on yesterday. They were talking about latency in their- >> I'll tell you this, the analyst session, Steven Armstrong said, "You are going to hear us talk about multicloud." Yes. We're not going to necessarily lead with it. >> Without a mention. >> Yeah. >> But you said it before, never say never with Amazon. >> Yeah. >> We talk about supercloud and you're like, Dave, ultimately, the cloud guys are going to get into supercloud. They have to. >> Look, they will do multicloud. I predict that they will do multicloud. I'll tell you why. Just like in networking- >> Well, customers are asking for it. >> Well, one, they have the, not by design, but by defaulter and multiple clouds are in their environment. They got to deal with that. I think, the supercloud and sky cloud visions, there will be common services. Remember networking back in the old days when Cisco broke in as a startup. There was no real shortest path, first thinking. Policy came in after you connected all the routers together. So, right now, it's going to be best of breed, low latency, high performance. But I think, there's going to be a need in the future saying, hey, I want to run my compute on the slower lower cost compute. They already got segmentation by their announcements today. So, I think, you're going to see policy-based AI coming in where developers can look at common services across clouds and saying, I want to lock in an SLA on latency and compute services. It won't be super fast compared to say, on AWS, with the next Graviton 10 or whatever comes out. >> Yeah. >> So, I think, you're going to start to see that come in. >> Actually, I'm glad you brought Graviton up too, because the work they're doing in Silicon, actually I think, is... 'Cause I think, the one thing AWS now understands is some things are best optimized in Silicon, some at software layers, some in cloud. And they're doing work on all those layers. And Graviton to me is- >> John: Is a home run. >> Yeah. >> Well- >> Dave, they've got more instances, it's going to be... They already have Gravitons that's slower than the other versions. So, what they going to do, sunset them? >> They don't deprecate anything ever. So, (John laughing) Amazon paid $350 million. People believe that it's a number for Annapurna, which is like one of the best acquisitions in history. (group laughing) And it's given them, it's put them on an arm curve for Silicon that is blowing away Intel. Intel's finally going to get Sapphire Rapids out in January. Meanwhile, Amazon just keeps spinning out new Gravitons and Trainiums. >> Yeah. >> And so, they are on a price performance curve. And like you say, no developer ever wants to run on slower hardware, ever. >> Today, if there's a common need for multicloud, they might say, hey, I got the trade off latency and performance on common services if that's what gets me there. >> Sure. >> If there's maybe a business case to do that. >> Well, that's what they're- >> Which by the way, I want to.... Selipsky had strong quote I thought was, "If you're looking to tighten your belt, the cloud is the place >> Yeah. >> to do it." I thought >> I tweeted that. >> that was very strong. >> Yeah. >> Yeah. >> And I think, he's right. And then, the other point I want to make on that is, I think, I don't have any data on this, but I believe believe just based on some of the discussions I've had that most of Amazon's revenue is on demand. Paid by the drink. Those on demand customers are at risk, 'cause they can go somewhere else. So, they're trying to get you into optimized pricing, whether it's reserved instances or one year or three-year subscriptions. And so, they're working really hard at doing that. >> My prediction on that is that's a great point you brought up. My prediction is that the cost belt tightening is going to come in the marketplace, is going to be a major factor as companies want to get their belts tighten. How they going to do that, Dave? They're going to go in the marketplace saying, hey, I already overpaid a three-year commitment. Can I get some cohesively in there? Can I get some of this or that and the other thing? >> Yep. >> You're going to start to see the vendors and the ecosystem. If they're not in the marketplace, that's where I think, the customers will go. There are other choices to either cut their supplier base or renegotiate. I think, it's going to happen in the marketplace. Let's watch. I think, we're going to watch that grow. >> I actually think the optimization services that AWS has to help customers lower spend is a secret sauce for them that they... Customers tell me all the time, AWS comes in, they'll bring their costs down and they wind up spending more with them. >> Dave: Yeah. >> And the other cloud providers don't do that. And that has been almost a silver bullet for them to get customers to stay with them. >> Okay. And this is always the way. You drop the price of storage, you drop the price of memory, you drop the price of compute, people buy more. And in the question, long term is okay. And does AWS get commoditized? Is that where they're going? Or do they continue to thrive up the stack? John, you're always asking people about the bumper sticker. >> Hold on. (John drowns out Dave) Before we get the bumper sticker, I want to get into what we missed, what they missed on the keynote. >> Yeah, there are some blind spots. >> I think- >> That's good call. >> Let's go around the horn and think what did they miss? I'll start, I think, they missed the developer productivity angle. Supply chain software was not talked about at all. We see that at all the other conferences. I thought that could have been weaved in. >> Dave: You mean security in the supply chain? >> Just overall developer productivity has been one of the most constant themes I've seen at events. Who are building the apps? Who are the builders? What are they actually doing? Maybe Werner will bring that up on his last day, but I didn't hear Adam talk about it all, developer productivity. What's your take in this? >> Yeah, I think, on the security side, they announced security data lake. I think, the other cloud providers do a better job of providing insights on how they do security. With AWS, it's almost a black hole. And I know there's a careful line they walk between what they do, what their partners do. But I do think they could be a little clearer on how they operate, much like Azure and GCP. They announce a lot of stuff on how their operations works and things like that. >> I think, platform across cloud is definitely a blind spot for these guys. >> Yeah. >> I think, look at- >> But none of the cloud providers have embraced that, right? >> It's true. >> Yeah. >> Maybe Google a little bit >> Yeah. >> and Microsoft a little bit. Certainly, AWS hasn't at this point in time, but I think, they perceive the likes of Mongo and Snowflake and Databricks, and others as ISVs and they're not. They're platform players that are building across clouds. They're leveraging, they're building superclouds. So, I think that's an opportunity for the ecosystem. And very curious to see how Amazon plays there down the stream. So, John, what do you think is the bumper sticker? We're only in day one and a half here. What do you think so far the bumper sticker is for re:Invent 2022? >> Well, to me, the day one is about infrastructure performance with the whole what's in the data center? What's at the chip level? Today was about data, specialized services, and security. I think that was the key theme here. And then, that's going to sequence into how they're going to reorganize their ecosystem. They have a new leader, Ruba Borno, who's going to be leading the charge. They've integrated all their bespoke fragmented partner network pieces into one leadership. That's going to be really important to hear that. And then, finally, Werner for developers and event-based services, micro services. What that world's going on, because that's where the developers are. And ultimately, they build the app. So, you got infrastructure, data, specialized services, and security. Machine learning with Swami is going to be huge. And again, how do developers code it all up is going to be key. And is it the bag of Legos or the glued toy? (Dave chuckles) So, what do you want? Out-of-the-box or you want to build your own? >> And that's the bottom line is connecting those dots. All they got to be is good enough. I think, Zeus, to your point, >> Yep. >> if they're just good enough, less complicated, the will keep people on the base. >> Yeah. I think, the bumper stickers, the more you buy, the more you're saving. (John laughing) Because from an operational perspective, they are trying to bring down the complexity level. And with their optimization services and the way their credit model works, I do think they're trending down that path. >> And my bumper sticker's ecosystem, ecosystem, ecosystem. This company has 100,000 partners and that is a business model secret weapon. >> All right, there it is. The keynote announced. More analysis coming up. We're going to have the leader of (indistinct) coming up next, here on to break down their perspective, you got theCUBE's analyst perspective here. Thanks for watching. Day two, more live coverage for the next two more days, so stay with us. I'm John Furrier with Dave Vellante and Zeus Kerravala here on theCUBE. Be right back. (bright music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> When Facebook changed its name to Meta last fall, it catalyzed a chain reaction throughout the tech industry. Software firms, gaming companies, chip makers, device manufacturers, and others have joined in hype machine. Now, it's easy to dismiss the metaverse as futuristic hyperbole, but do we really believe that tapping on a smartphone, or staring at a screen, or two-dimensional Zoom meetings are the future of how we work, play, and communicate? As the internet itself proved to be larger than we ever imagined, it's very possible, and even quite likely that the combination of massive processing power, cheap storage, AI, blockchains, crypto, sensors, AR, VR, brain interfaces, and other emerging technologies will combine to create new and unimaginable consumer experiences, and massive wealth for creators of the metaverse. Hello, and welcome to this week's Wiki Bond Cube Insights, powered by ETR. In this "Breaking Analysis" we welcome in cyber expert, hacker gamer, NFT expert, and founder of ORE System, Nick Donarski. Nick, welcome, thanks so much for coming on theCUBE. >> Thank you, sir, glad to be here. >> Yeah, okay, so today we're going to traverse two parallel paths, one that took Nick from security expert and PenTester to NFTs, tokens, and the metaverse. And we'll simultaneously explore the complicated world of cybersecurity in the enterprise, and how the blockchain, crypto, and NFTs will provide key underpinnings for digital ownership in the metaverse. We're going to talk a little bit about blockchain, and crypto, and get things started there, and some of the realities and misconceptions, and how innovations in those worlds have led to the NFT craze. We'll look at what's really going on in NFTs and why they're important as both a technology and societal trend. Then, we're going to dig into the tech and try to explain why and how blockchain and NFTs are going to lay the foundation for the metaverse. And, finally, who's going to build the metaverse. And how long is it going to take? All right, Nick, let's start with you. Tell us a little bit about your background, your career. You started as a hacker at a really, really young age, and then got deep into cyber as a PenTester. You did some pretty crazy stuff. You have some great stories about sneaking into buildings. You weren't just doing it all remote. Tell us about yourself. >> Yeah, so I mean, really, I started a long time ago. My dad was really the foray into technology. I wrote my first program on an Apple IIe in BASIC in 1989. So, I like to say I was born on the internet, if you will. But, yeah, in high school at 16, I incorporated my first company, did just tech support for parents and teachers. And then in 2000 I transitioned really into security and focused there ever since. I joined Rapid7 and after they picked up Medis boy, I joined HP. I was one of their founding members of Shadowlabs and really have been part of the information security and the cyber community all throughout, whether it's training at various different conferences or talking. My biggest thing and my most awesome moments as various things of being broken into, is really when I get to actually work with somebody that's coming up in the industry and who's new and actually has that light bulb moment of really kind of understanding of technology, understanding an idea, or getting it when it comes to that kind of stuff. >> Yeah, and when you think about what's going on in crypto and NFTs and okay, now the metaverse it's you get to see some of the most innovative people. Now I want to first share a little bit of data on enterprise security and maybe Nick get you to comment. We've reported over the past several years on the complexity in the security business and the numerous vendor choices that SecOps Pros face. And this chart really tells that story in the cybersecurity space. It's an X,Y graph. We've shown it many times from the ETR surveys where the vertical axis, it's a measure of spending momentum called net score. And the horizontal axis is market share, which represents each company's presence in the data set, and a couple of points stand out. First, it's really crowded. In that red dotted line that you see there, that's 40%, above that line on the net score axis, marks highly elevated spending momentum. Now, let's just zoom in a bit and I've cut the data by those companies that have more than a hundred responses in the survey. And you can see here on this next chart, it's still very crowded, but a few call-outs are noteworthy. First companies like SentinelOne, Elastic, Tanium, Datadog, Netskope and Darktrace. They were all above that 40% line in the previous chart, but they've fallen off. They still have actually a decent presence in the survey over 60 responses, but under that hundred. And you can see Auth0 now Okta, big $7 billion acquisition. They got the highest net score CrowdStrike's up there, Okta classic they're kind of enterprise business, and Zscaler and others above that line. You see Palo Alto Networks and Microsoft very impressive because they're both big and they're above that elevated spending velocity. So Nick, kind of a long-winded intro, but it was a little bit off topic, but I wanted to start here because this is the life of a SecOps pro. They lack the talent in a capacity to keep bad guys fully at bay. And so they have to keep throwing tooling at the problem, which adds to the complexity and as a PenTester and hacker, this chaos and complexity means cash for the bad guys. Doesn't it? >> Absolutely. You know, the more systems that these organizations find to integrate into the systems, means that there's more components, more dollars and cents as far as the amount of time and the engineers that need to actually be responsible for these tools. There's a lot of reasons that, the more, I guess, hands in the cookie jar, if you will, when it comes to the security architecture, the more links that are, or avenues for attack built into the system. And really one of the biggest things that organizations face is being able to have engineers that are qualified and technical enough to be able to support that architecture as well, 'cause buying it from a vendor and deploying it, putting it onto a shelf is good, but if it's not tuned properly, or if it's not connected properly, that security tool can just hold up more avenues of attack for you. >> Right, okay, thank you. Now, let's get into the meat of the discussion for today and talk a little bit about blockchain and crypto for a bit. I saw sub stack post the other day, and it was ripping Matt Damon for pedaling crypto on TV ads and how crypto is just this big pyramid scheme. And it's all about allowing criminals to be anonymous and it's ransomware and drug trafficking. And yes, there are definitely scams and you got to be careful and lots of dangers out there, but these are common criticisms in the mainstream press, that overlooked the fact by the way that IPO's and specs are just as much of a pyramid scheme. Now, I'm not saying there shouldn't be more regulation, there should, but Bitcoin was born out of the 2008 financial crisis, cryptocurrency, and you think about, it's really the confluence of software engineering, cryptography and game theory. And there's some really powerful innovation being created by the blockchain community. Crypto and blockchain are really at the heart of a new decentralized platform being built out. And where today, you got a few, large internet companies. They control the protocols and the platform. Now the aspiration of people like yourself, is to create new value opportunities. And there are many more chances for the little guys and girls to get in on the ground floor and blockchain technology underpins all this. So Nick, what's your take, what are some of the biggest misconceptions around blockchain and crypto? And do you even pair those two in the same context? What are your thoughts? >> So, I mean, really, we like to separate ourselves and say that we are a blockchain company, as opposed to necessarily saying(indistinct) anything like that. We leverage those tools. We leverage cryptocurrencies, we leverage NFTs and those types of things within there, but blockchain is a technology, which is the underlying piece, is something that can be used and utilized in a very large number of different organizations out there. So, cryptocurrency and a lot of that negative context comes with a fear of something new, without having that regulation in place, without having the rules in place. And we were a big proponent of, we want the regulation, right? We want to do right. We want to do it by the rules. We want to do it under the context of, this is what should be done. And we also want to help write those rules as well, because a lot of the lawmakers, a lot of the lobbyists and things, they have a certain aspect or a certain goal of when they're trying to get these things. Our goal is simplicity. We want the ability for the normal average person to be able to interact with crypto, interact with NFTs, interact with the blockchain. And basically by saying, blockchain in quotes, it's very ambiguous 'cause there's many different things that blockchain can be, the easiest way, right? The easiest way to understand blockchain is simply a distributed database. That's really the core of what blockchain is. It's a record keeping mechanism that allows you to reference that. And the beauty of it, is that it's quote unquote immutable. You can't edit that data. So, especially when we're talking about blockchain, being underlying for technologies in the future, things like security, where you have logging, you have keeping, whether you're talking about sales, where you may have to have multiple different locations (indistinct) users from different locations around the globe. It creates a central repository that provides distribution and security in the way that you're ensuring your data, ensuring the validation of where that data exists when it was created. Those types of things that blockchain really is. If you go to the historical, right, the very early on Bitcoin absolutely was made to have a way of not having to deal with the fed. That was the core functionality of the initial crypto. And then you had a lot of the illicit trades, those black markets that jumped onto it because of what it could do. The maturity of the technology though, of where we are now versus say back in 97 is a much different world of blockchain, and there's a much different world of cryptocurrency. You still have to be careful because with any fed, you're still going to have that FUD that goes out there and sells that fear, uncertainty and doubt, which spurs a lot of those types of scams, and a lot of those things that target end users that we face as security professionals today. You still get mailers that go out, looking for people to give their social security number over during tax time. Snail mail is considered a very ancient technology, but it still works. You still get a portion of the population that falls for those tricks, fishing, whatever it might be. It's all about trying to make sure that you have fear about what is that change. And I think that as we move forward, and move into the future, the simpler and the more comfortable these types of technologies become, the easier it is to utilize and indoctrinate normal users, to be able to use these things. >> You know, I want to ask you about that, Nick, because you mentioned immutability, there's a lot of misconceptions about that. I had somebody tell me one time, "Blockchain's Bs," and they say, "Well, oh, hold on a second. They say, oh, they say it's a mutable, but you can hack Coinbase, whatever it is." So I guess a couple of things, one is that the killer app for blockchain became money. And so we learned a lot through that. And you had Bitcoin and it really wasn't programmable through its interface. And then Ethereum comes out. I know, you know a lot about Ether and you have solidity, which is a lot simpler, but it ain't JavaScript, which is ubiquitous. And so now you have a lot of potential for the initial ICO's and probably still the ones today, the white papers, a lot of security flaws in there. I'm sure you can talk to that, but maybe you can help square that circle about immutability and security. I've mentioned game theory before, it's harder to hack Bitcoin and the Bitcoin blockchain than it is to mine. So that's why people mine, but maybe you could add some context to that. >> Yeah, you know it goes to just about any technology out there. Now, when you're talking about blockchain specifically, the majority of the attacks happen with the applications and the smart contracts that are actually running on the blockchain, as opposed to necessarily the blockchain itself. And like you said, the impact for whether that's loss of revenue or loss of tokens or whatever it is, in most cases that results from something that was a phishing attack, you gave up your credentials, somebody said, paste your private key in here, and you win a cookie or whatever it might be, but those are still the fundamental pieces. When you're talking about various different networks out there, depending on the blockchain, depends on how much the overall security really is. The more distributed it is, and the more stable it is as the network goes, the better or the more stable any of the code is going to be. The underlying architecture of any system is the key to success when it comes to the overall security. So the blockchain itself is immutable, in the case that the owner are ones have to be trusted. If you look at distributed networks, something like Ethereum or Bitcoin, where you have those proof of work systems, that disperses that information at a much more remote location, So the more disperse that information is, the less likely it is to be able to be impacted by one small instance. If you look at like the DAO Hack, or if you look at a lot of the other vulnerabilities that exist on the blockchain, it's more about the code. And like you said, solidity being as new as it is, it's not JavaScript. The industry is very early and very infantile, as far as the developers that are skilled in doing this. And with that just comes the inexperience and the lack of information that you don't learn until JavaScript is 10 or 12 years old. >> And the last thing I'll say about this topic, and we'll move on to NFTs, but NFTs relate is that, again, I said earlier that the big internet giants have pretty much co-opted the platform. You know, if you wanted to invest in Linux in the early days, there was no way to do that. You maybe have to wait until red hat came up with its IPO and there's your pyramid scheme folks. But with crypto it, which is again, as Nick was explaining underpinning is the blockchain, you can actually participate in early projects. Now you got to be careful 'cause there are a lot of scams and many of them are going to blow out if not most of them, but there are some, gems out there, because as Nick was describing, you've got this decentralized platform that causes scaling issues or performance issues, and people are solving those problems, essentially building out a new internet. But I want to get into NFTs, because it's sort of the next big thing here before we get into the metaverse, what Nick, why should people pay attention to NFTs? Why do they matter? Are they really an important trend? And what are the societal and technological impacts that you see in this space? >> Yeah, I mean, NFTs are a very new technology and ultimately it's just another entry on the blockchain. It's just another piece of data in the database. But how it's leveraged in the grand scheme of how we, as users see it, it can be the classic idea of an NFT is just the art, or as good as the poster on your wall. But in the case of some of the new applications, is where are you actually get that utility function. Now, in the case of say video games, video games and gamers in general, already utilize digital items. They already utilize digital points. As in the case of like Call of Duty points, those are just different versions of digital currencies. You know, World of Warcraft Gold, I like to affectionately say, was the very first cryptocurrency. There was a Harvard course taught on the economy of WOW, there was a black market where you could trade your end game gold for Fiat currencies. And there's even places around the world that you can purchase real world items and stay at hotels for World of Warcraft Gold. So the adoption of blockchain just simply gives a more stable and a more diverse technology for those same types of systems. You're going to see that carry over into shipping and logistics, where you need to have data that is single repository for being able to have multiple locations, multiple shippers from multiple global efforts out there that need to have access to that data. But in the current context, it's either sitting on a shipping log, it's sitting on somebody's desk. All of those types of paper transactions can be leveraged as NFTs on the blockchain. It's just simply that representation. And once you break the idea of this is just a piece of art, or this is a cryptocurrency, you get into a world where you can apply that NFT technology to a lot more things than I think most people think of today. >> Yeah, and of course you mentioned art a couple of times when people sold as digital art for whatever, it was 60, 65 million, 69 million, that caught a lot of people's attention, but you're seeing, I mean, there's virtually infinite number of applications for this. One of the Washington wizards, tokenized portions of his contract, maybe he was creating a new bond, that's really interesting use cases and opportunities, and that kind of segues into the latest, hot topic, which is the metaverse. And you've said yourself that blockchain and NFTs are the foundation of the metaverse, they're foundational elements. So first, what is the metaverse to you and where do blockchain and NFTs, fit in? >> Sure, so, I mean, I affectionately refer to the metaverse just a VR and essentially, we've been playing virtual reality games and all the rest for a long time. And VR has really kind of been out there for a long time. So most people's interpretation or idea of what the metaverse is, is a virtual reality version of yourself and this right, that idea of once it becomes yourself, is where things like NFT items, where blockchain and digital currencies are going to come in, because if you have a manufacturer, so you take on an organization like Nike, and they want to put their shoes into the metaverse because we, as humans, want to individualize ourselves. We go out and we want to have that one of one shoe or that, t-shirt or whatever it is, we're going to want to represent that same type of individuality in our virtual self. So NFTs, crypto and all of those digital currencies, like I was saying that we've known as gamers are going to play that very similar role inside of the metaverse. >> Yeah. Okay. So basically you're going to take your physical world into the metaverse. You're going to be able to, as you just mentioned, acquire things- I loved your WOW example. And so let's stay on this for a bit, if we may, of course, Facebook spawned a lot of speculation and discussion about the concept of the metaverse and really, as you pointed out, it's not new. You talked about why second life, really started in 2003, and it's still around today. It's small, I read recently, it's creators coming back into the company and books were written in the early 90s that used the term metaverse. But Nick, talk about how you see this evolving, what role you hope to play with your company and your community in the future, and who builds the metaverse, when is it going to be here? >> Yeah, so, I mean, right now, and we actually just got back from CES last week. And the Metaverse is a very big buzzword. You're going to see a lot of integration of what people are calling, quote unquote, the metaverse. And there was organizations that were showing virtual office space, virtual malls, virtual concerts, and those types of experiences. And the one thing right now that I don't think that a lot of organizations have grasp is how to make one metaverse. There's no real player one, if you will always this yet, There's a lot of organizations that are creating their version of the metaverse, which then again, just like every other software and game vendor out there has their version of cryptocurrency and their version of NFTs. You're going to see it start to pop up, especially as Oculus is going to come down in price, especially as you get new technologies, like some of the VR glasses that look more augmented reality and look more like regular glasses that you're wearing, things like that, the easier that those technologies become as in adopting into our normal lifestyle, as far as like looks and feels, the faster that stuff's going to actually come out to the world. But when it comes to like, what we're doing is we believe that the metaverse should actually span multiple different blockchains, multiple different segments, if you will. So what ORE system is doing, is we're actually building the underlying architecture and technologies for developers to bring their metaverse too. You can leverage the ORE Systems NFTs, where we like to call our utility NFTs as an in-game item in one game, or you can take it over and it could be a t-shirt in another game. The ability for having that cross support within the ecosystem is what really no one has grasp on yet. Most of the organizations out there are using a very classic business model. Get the user in the game, make them spend their money in the game, make all their game stuff as only good in their game. And that's where the developer has you, they have you in their bubble. Our goal, and what we like to affectionately say is, we want to bring white collar tools and technology to blue collar folks, We want to make it simple. We want to make it off the shelf, and we want to make it a less cost prohibitive, faster, and cheaper to actually get out to all the users. We do it by supporting the technology. That's our angle. If you support the technology and you support the platform, you can build a community that will build all of the metaverse around them. >> Well, and so this is interesting because, if you think about some of the big names, we've Microsoft is talking about it, obviously we mentioned Facebook. They have essentially walled gardens. Now, yeah, okay, I could take Tik Tok and pump it into Instagram is fine, but they're really siloed off. And what you're saying is in the metaverse, you should be able to buy a pair of sneakers in one location and then bring it to another one. >> Absolutely, that's exactly it. >> And so my original kind of investment in attractiveness, if you will, to crypto, was that, the little guy can get an early, but I worry that some of these walled gardens, these big internet giants are going to try to co-op this. So I think what you're doing is right on, and I think it's aligned with the objectives of consumers and the users who don't want to be forced in to a pen. They want to be able to live freely. And that's really what you're trying to do. >> That's exactly it. You know, when you buy an item, say a Skin in Fortnite or Skin in Call of Duty, it's only good in that game. And not even in the franchise, it's only good in that version of the game. In the case of what we want to do is, you can not only have that carry over and your character. So say you buy a really cool shirt, and you've got that in your Call of Duty or in our case, we're really Osiris Protocol, which is our proof of concept video game to show that this all thing actually works, but you can actually go in and you can get a gun in Osiris Protocol. And if we release, Osiris Protocol two, you'll be able to take that to Osiris Protocol two. Now the benefit of that is, is you're going to be the only one in the next version with that item, if you haven't sold it or traded it or whatever else. So we don't lock you into a game. We don't lock you into a specific application. You own that, you can trade that freely with other users. You can sell that on the open market. We're embracing what used to be considered the black market. I don't understand why a lot of video games, we're always against the skins and mods and all the rest. For me as a gamer and coming up, through the many, many years of various different Call of Duties and everything in my time, I wish I could still have some this year. I still have a World of Warcraft account. I wasn't on, Vanilla, Burning Crusade was my foray, but I still have a character. If you look at it that way, if I had that wild character and that gear was NFTs, in theory, I could actually pass that onto my kid who could carry on that character. And it would actually increase in value because they're NFT back then. And then if needed, you could trade those on the open market and all the rest. It just makes gaming a much different thing. >> I love it. All right, Nick, hey, we're out of time, but I got to say, Nick Donarski, thanks so much for coming on the program today, sharing your insights and really good luck to you and building out your technology platform and your community. >> Thank you, sir, it's been an absolute pleasure. >> And thank you for watching. Remember, all these episodes are available as podcasts, just search "Breaking Analysis Podcast", and you'll find them. I publish pretty much every week on siliconangle.com and wikibond.com. And you can reach me @dvellante on Twitter or comment on my LinkedIn posts. You can always email me david.vellante@siliconangle.com. And don't forget, check out etr.plus for all the survey data. This is Dave Vellante for theCUBE Insights, powered by ETR, happy 2022 be well, and we'll see you next time. (upbeat music)

>> From The Cube Studios in Palo Alto in Boston, bringing you data-driven insights from The Cube in ETR. This is "Breaking Analysis" with Dave Vellante >> The pandemic not only accelerated the shift to digital but it also highlighted a rush of cyber criminal sophistication, collaboration, and chaotic responses by virtually every major company in the planet. The SolarWinds hack exposed supply chain weaknesses and so-called island hopping techniques that are exceedingly difficult to detect. Moreover, the will and aggressiveness of well-organized cybercriminals has elevated to the point where incident responses are now met with counter attacks, designed to both punish and extract money from victims via ransomware and other criminal activities. The only upshot is the cybersecurity market remains one of the most enduring and attractive investment sectors for those that can figure out where the market is headed and which firms are best positioned to capitalize. Hello, everyone. And welcome to this week's Wikibon Cube Insights powered by ETR. In this "Breaking Analysis" we'll provide our quarterly update of the security industry, and share new survey data from ETR and the Cube community that will help you navigate through the maze of corporate cyber warfare. We'll also share our thoughts on the game of 3D chess that Okta CEO, Todd McKinnon, is playing against the market. Now, we all know this market is complicated, fragmented and fast moving. And this next chart says it all. It's an interactive graphic from Optiv, a Denver, Colorado-based SI that's focused on cybersecurity. They've done some really excellent research and put together this awesome taxonomy, and it mapped vendor names therein. And this helps users navigate the complex security landscape. And there are over a dozen major sectors, high-level sectors within the security taxonomy and nearly 60 subsectors. From monitoring, vulnerability assessment, identity, asset management, firewalls, automation, cloud, data center, sim, threat detection and intelligent endpoint network, and so on and so on and so on. But this is a terrific resource, and going to help you understand where players fit and help you connect the dots in the space. Now let's talk about what's going on in the market. The dynamics in this crazy mess of a landscape are really confusing sometimes. Now, since the beginning of cyber time, we've talked about the increasing sophistication of the adversary, and the back and forth escalation between good and evil. And unfortunately, this trend is unlikely to stop. Here's some data from Carbon Black's annual modern bank heist report. This is the fourth, and of course now, VMware's brand, highlights the Carbon Black study since the acquisition, and to catalyze the creation of VMware's cloud security division. Destructive malware attacks, according to the recent study are up 118% from last year. Now, one major takeaway from the report is that hackers aren't just conducting wire fraud, they are. 57% of the banks surveyed, saw an increase in wire fraud, but the cybercriminals are also targeting non-public information such as future trading strategies. This allows the bad guys to front-run large block trades and profit. It's become a very lucrative practice. Now the prevalence of so-called island hopping is up 38% from already elevated levels. This is where a virus enters a company supply chain via a partner, and then often connects with other stealthy malware downstream. These techniques are more common where the malware will actually self-form with other infected parts of the supply chain and create actions with different signatures, designed to identify and exfiltrate valuable information. It's a really complex problem. Of major concern is that 63% of banking respondents in the study reported that responses to incidents were then met with retaliation designed to intimidate, or initiate ransomware tax to extract a final pound of flesh from the victim. Notably, the study found that 75% of CISOs reported to the CIO, which many feel is not the right regime. The study called for a rethinking of the right cyber regime where the CISO has increased responsibility and a direct reporting line to the CEO, or perhaps the COO, with greater exposure to boards of directors. So, many thanks to VMware and Tom Kellerman specifically for sharing this information with us this past week. Great work by your team. Now, some of the themes that we've been talking about for several quarters are shown in the lower half of the chart. Cloud, of course is the big driver thanks to work-from-home and to the pandemic. And the interesting corollary of course, is we see a rapid rethinking of end point and identity access management, and the concept of zero trust. In a recent ESG survey, two thirds of respondents said that their use of cloud computing necessitated a change in how they approach identity access management. Now, as shown in the chart from Optiv, the market remains highly fragmented, and M&A is of course, way up. Now, based on our research, it looks like transaction volume has increased more than 40% just in the last five months. So let's dig into the M&A, the merger and acquisition trends for just a moment. We took a five-month snapshot and we were able to count about 80 deals that were completed in that timeframe. Those transactions represented more than $20 billion in value. Some of the larger ones are highlighted here. The biggest of course, being the Thoma Bravo, taking Proofpoint private for a $12 plus billion price tag. The stock went from the low 130s and is trading in the low 170s based on the $176 per share offer. So there's your arbitrage, folks. Go for it. Perhaps the more interesting acquisition was Auth0 by Optiv for 6.5 billion, which we're going to talk about more in a moment. There was more private equity action we saw as Insight bought Armis, an IOT security play, and Cisco shelled out $730 million for IMImobile, which is more of an adjacency to cyber, but it's going to go under Cisco security and applications business run by Jeetu Patel. But these are just the tip of the iceberg. Some of the themes that we see connecting the dots of these acquisitions are first, SIs like Accenture, Atos and Wipro are making moves in cyber to go local. They're buying SecOps expertise, as I say, locally in places like France, Germany, Netherlands, Canada, and Australia, that last mile, that belly to belly intimate service. Israeli-based startups chocked up five acquired companies in the space over the last five months. Also financial services firms are getting into the act with Goldman and MasterCard making moves to own its own part of the stack themselves to combat things like fraud and identity theft. And then finally, numerous moves to expand markets. Okta with Auth0, CrowdStrike buying a log management company, Palo Alto, picking up dev ops expertise, Rapid7 shoring up it's Coobernetti's chops, Tenable expanding beyond Insights and going after identity, interesting. Fortinet filling gaps in a multi-cloud offering. SailPoint extending to governance risk and compliance, GRC. Zscaler picked up an Israeli firm to fill gaps in access control. And then VMware buying Mesh7 to secure modern app development and distribution service. So tons and tons of activity here. Okay, so let's look at some of the ETR data to put the cyber market in context. ETR uses the concept of market share, it's one of the key metrics which is a measure of pervasiveness in the dataset. So for each sector, it calculates the number of respondents for that sector divided by the total to get a sense for how prominent the sector is within the CIO and IT buyer communities. Okay, this chart shows the full ETR sector taxonomy with security highlighted across three survey periods; April last year, January this year, and April this year. Now you wouldn't expect big moves in market share over time. So it's relatively stable by sector, but the big takeaway comes from observing which sectors are most prominent. So you see that red line, that dotted line imposed at the 60% level? You can see there are only six sectors above that line and cyber security is one of them. Okay, so we know that security is important in a large market. But this puts it in the context of the other sectors. However, we know from previous breaking analysis episodes that despite the importance of cyber, and the urgency catalyzed by the pandemic, budgets unfortunately are not unlimited, and spending is bounded. It's not an open checkbook for CSOs as shown in this chart. This is a two-dimensional graphic showing market share in the horizontal axis, or pervasiveness in net score in the vertical axis. Net score is ETR's measurement of spending velocity. And we've superimposed a red line at 40% because anything over 40%, we consider extremely elevated. We've filtered and limited the number of sectors to simplify the graphic. And you can see, in the sectors that we've highlighted, only the big four are above that 40% line; AI, containers, RPA, and cloud. They exceed that sort of 40% magic waterline. Information security, you can see that as highlighted and it's respectable, but it competes for budget with other important sectors. So this is of course creates challenges for organization, because not only are they strapped for talent as we've reported, they like everyone else in IT face ongoing budget pressures. Research firm, Cybersecurity Ventures estimates that in 2021, $6 trillion worldwide will be lost on cyber crime. Conversely, research firm, Cannolis peg security spending somewhere around $60 billion annually. IDC has at higher, around $100 billion. So either way, we're talking about spending between 1 to 1.6% annually of how much the bad guys are taking out. That's peanuts really when you consider the consequences. So let's double-click into the cyber landscape a bit and further look at some of the companies. Here's that same X/Y graphic with the companies ETR captures from respondents in the cybersecurity sector. That's what's shown on the chart here. Now, the usefulness of the red lines is 20% on the horizontal indicates the largest presence in the survey, and the magic 40% line that we talked about earlier shows those firms with the most elevated momentum. Only Microsoft and Palo Alto exceed both high watermarks. Of course, Splunk and Cisco are prominent horizontally. And there are numerous companies to the left of the 20% line and many above that 40% high watermark on the vertical axis. Now in the bottom left quadrant, that includes many of the legacy names that have been around for a long time. And there are dozens of companies that show spending momentum on their platforms, i.e above single digits. So that picture is like the first one we showed you, very, very crowded space. But so let's filter it a bit and only include companies in the ETR survey that had at least 100 responses. So an N of 100 or greater. So it was a little easier to read but still it's kind of crowded when you think about it. Okay, so same graphic, and we've superimposed the data that determined the plot position over in the bottom right there. So there's net score and shared in, including only companies with more than 100 N. So what does this data tell us about the market? Well, Microsoft is dominant as always, it seems in all dimensions but let's focus on that red line for a moment. Some of the names that we've highlighted over the past two years show very well here. First, I want to talk about Palo Alto Networks. Pre-COVID as you might recall, we highlighted the valuation divergence between Palo Alto and Fortinet. And we said Fortinet was executing better on its cloud strategy, and Palo Alto was at the time struggling with the transition especially with its go-to-market and its Salesforce compensation, and really refreshing its portfolio. But we told you that we were bullish on Palo Alto Networks at the time because of its track record, and the fact that CIOs consistently told us that they saw Palo Alto as a thought leader in the space that they wanted to work with. They said that Palo Alto was the gold standard, the best, especially larger company CISOs. So that gave us confidence that Palo Alto, a very well-run company was going to get its act together and perform better. And Palo Alto has just done just that. As we expected, they've done very well and rapidly moving customers to the next generation of platforms. And we're very impressed by the company's execution. And the stock has generally reflected that. Now, some other names that hit our radar in the ETR data a couple of years ago, continue to perform well. CrowdStrike, Zscaler, SailPoint, and CloudFlare. Now, CloudFlare just reported and beat earnings but was off, the stock fell on headwinds for tech overall, the big rotation. But the company is doing very well and they're growing rapidly and they have momentum as you can see from the ETR data. Now, we put that double star around Proofpoint to highlight that it was worthy of fetching $12.5 billion from private equity firm. So nice exit there, supporting the continued consolidation trend that we've predicted in cybersecurity. Now let's turn our attention to Okta and Auth0. This is where it gets interesting, and is a clever play for Okta we think, and we want to drill into it a bit. Okta is acquiring Auth0 for big money. Why? Well, we think Todd McKinnon, Okta CEO, wants to run the table on identity and then continue to expand as TAM has to do that, to justify his lofty valuation. So Okta's ascendancy around identity and single sign-on is notable. The fragmented pictures that we've shown you, they scream out for simplification and trust, and that's what Okta brings. But it competes with some major players, most notably Microsoft with active directory. So look, of course, Microsoft is going to dominate in its massive customer base, but the rest of the market, that's like (indistinct) wide open. And we think McKinnon saw the opportunity to go dominate that sector. Now Okta comes at this from an enterprise perspective bringing top-down trust to the equation, and throwing a big blanket over all the discreet SaaS platforms and unifying employee access. Okta's timing was perfect. It was founded in 2009, just as the massive SaaSifiation trend was happening around CRM and HR, and service management and cloud, et cetera. But the one thing that Okta didn't have that Auth0 does is serious developer chops. While Okta was crushing it with its enterprise sales strategy, Auth0 was laser-focused on developers and building a bottoms up approach to identity. By acquiring Auth0, Okta can dominate both sides of the barbell and then capture the fat middle. So yes, it's a pricey acquisition, but in our view, it's a great move by McKinnon. Now, I don't know McKinnon personally, but last week I spoke to Arun Shrestha, who's the CEO of security specialist, BeyondID, they're a platinum services partner of Okta. And they're a zero trust expert. He worked for Okta for a number of years and shared with me a bit about McKinnon's style, and think big approach. Arun said something that caught my attention. He said, firewalls used to be the perimeter, now people are. And while that's self-serving to Okta and probably BeyondID, it's true. People, apps and data are the new perimeter, and they're not in one location. And that's the point. Now, unfortunately, I had lined up an interview with Diya Jolly, who was the chief product officer at Okta and a Cube alum for this past week, knowing that we were running this segment in this episode but she unfortunately fell ill the day of our interview and had to cancel. But I want to follow up with her, and understand how she's thinking about connecting the dots with Auth0 with devs and enterprises and really test our thesis there. This is a really interesting chess match that's going on. Let's look a little deeper into that identity space. This chart here shows some of the major identity players. It has some of the leaders in the identity market, and is a breakdown at ETR's net score. Now net score comprises five elements. The lime green is, we're adding the platform new. The forest green is we're spending 6% or more relative to last year. The gray is flat send plus or minus flat spend, plus or minus 5%. The pinkish is spending less. And the bright red is we're exiting the platform, retiring. Now you subtract the red from the green, and that gets you the result for net score which you can see super-imposed on the right hand chart at the bottom, that first column there. The far column is shared in which informs and indicates the number of responses and is a proxy for presence in the market. Oh, look at the top two players in terms of spending momentum. Now SailPoint is right there, but Auth0 combined with Okta's distribution channel will extend Okta's lead significantly in our view. And then there's Microsoft. Now just a caveat, this includes all of Microsoft's security offerings, not just identity, but it's there for context. And CyberArk as well includes this acquisition of adaptive, but also other parts of CyberArk's portfolio. So you can see some of the other names that are there, many of which you'll find in the Gartner magic quadrant for identity. And as we said, we really like this move by Okta. It combines positive market forces with lead offerings from very well-run companies that have winning DNA and passionate people. Now, to further emphasize what's happening here, take a look at this. This chart shows ETR data for Okta within SailPoint and CyberArk accounts. Out of the 230 CyberArk and SailPoint customers in the dataset, there are 81 Okta accounts. That's a 35% overlap. And the good news for Okta is that within that base of SailPoint and CyberArk accounts, Okta is shown by the net score line, that green line has a very elevated spending in momentum. And the kicker is, if you read the fine print in the right hand column, ETR correctly points out that while SailPoint and CyberArk have long been partners with Okta, at the recent Octane21 event, Okta's big customer event, The company announced that it was expanding into privileged access management, PAM, and identity governance. Hello, and welcome to co-opetition in the 2020s. Now, our current thinking is that this bodes very well for Okta and CyberArk and SailPoint. Well, they're going to have to make some counter moves to fend off the onslaught that is coming. Now, let's wrap up with what has become a tradition in our quarterly security updates. Looking at those two dimensions of net score and market share, we're going to see which companies crack the top 10 for both measures within the ETR dataset. We do this every quarter. So here in the left, we have the top 20, sorted by net score spending momentum and on the right, we sort by shared N. So it's again, top 20, which informs, shared N informs the market share metric or presence in the dataset. That red horizontal lines, those two lines on each separate the top 10 from the remaining 10 within those top 20. And our method, what we do is we assign four stars to those companies that crack the top 10 for both metrics. So again, you see Microsoft, Palo Alto Networks, Okta, CrowdStrike, and Fortinet. Fortinet by the way, didn't make it last quarter. They've kind of been in and out and on the bubble, but company is very strong, and doing quite well. Only the other four did last quarter. They were the same for last quarter. And we give two stars to those companies that make it in both categories within the top 20 but didn't make the top 10. So Cisco, Splunk, which has been steadily decelerating from a spending momentum standpoint, and Zscaler, which is just on the cusp. We really like Zscaler and the company has great momentum, but that's the methodology. That is what it is. Now you can see, we kept Carbon Black on the right most chart, it's like kind of cut off, it's number 21. Only because they're just outside looking in on net score. You see them there, they're just below on net score, number 11. And VMware's presence in the market we think, that Carbon Black is right really worth paying attention to. Okay, so we're going to close with some summary and final thoughts. Last quarter, we did a deeper dive on the SolarWinds hack, and we think the ramifications are significant. It has set the stage for a new era of escalation and adversary sophistication. Now, major change we see is a heightened awareness that when you find intruders, you'd better think very carefully about your next moves. When someone breaks into your house, if the dog barks, or if you come down with a baseball bat or other weapon, you might think the intruder is going to flee. But if the criminal badly wants what you have in your house and it's valuable enough, you might find yourself in a bloody knife fight or worse. Well, what's happening is intruders come to your company via island hopping or insider subterfuge or whatever method. And they'll live off the land stealthily using your own tools against you so that you can't find them so easily. So instead of injecting new tools in that send off an alert, they just use what you already have there. That's what's called living off the land. They'll steal sensitive data, for example, positive COVID test results when that was really, really sensitive, obviously still is, or other medical data. And when you retaliate, they will double-extort you. They'll encrypt your data and hold it for ransom, and at the same time threaten to release the sensitive information, crushing your brand in the process. So your response must be as stealthy as their intrusion, as you marshal your resources and devise an attack plan. And you face serious headwinds. Not only is this a complicated situation, there's your ongoing and acute talent shortage that you tell us about all the time. Many companies are mired in technical debt, that's an additional challenge. And then you've got to balance the running of the business while actually effecting a digital transformation. That's very, very difficult, and it's risky because the more digital you become, the more exposed you are. So this idea of zero trust, people used to call it a buzzword, it's now a mandate along with automation. Because you just can't throw labor at the problem. This is all good news for investors as cyber remains a market that's ripe for valuation increases and M&A activity, especially if you know where to look. Hopefully we've helped you squint through the maze a little bit. Okay, that's it for now. Thanks to the community for your comments and insights. Remember I publish each week on wikibon.com and siliconangle.com. These episodes, they're all available as podcasts. All you got to do is search breaking analysis podcasts, put in the headphones, listen when you're in your car, or out for your walk or run, and you can always connect on Twitter @DVellante, or email me at david.vellante@siliconangle.com. I appreciate the comments on LinkedIn and in Clubhouse, please follow me, so you're notified when we start a room and riff on these topics and others. And don't forget to check out etr.plus for all the survey data. This is Dave Vellante for The Cube Insights powered by ETR. Be well, and we'll see you next time. (light instrumental music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> Application performance management AKA APM, you know it's been around since the days of the mainframe. Now, as systems' architectures became more complex, the technology evolved to accommodate client-server, web-tier architectures, mobile and now of course, cloud-based systems. A spate of vendors have emerged to solve the sticky problems associated with ensuring consistent and predictable user experiences. The market has grown, I mean it's decent size, it's about $5 billion globally. It's growing at a consistent 10% CAGR. It's got a variety of established companies and new entrants that are attacking this space. Hi everyone, welcome to this week's Wikibon Cube Insights powered by ETR. My name is Dave Vellante and today, we welcome back ETR's Erik Bradley, who was the chief engagement strategist at Aptiviti which is the holding company of our data partner, ETR. Erik, my friend, great to see you. Thanks so much for coming on and spending some time with us. >> Oh, always enjoy it Dave. Great to see you too and I'm just glad I got some fresh material for ya. >> As always, you have fresh data. Now, Erik just recently hosted an ETR VENN session and on this particular topic, APM. Now VENNs are an open round table, they're exclusively available to ETR's clients and what we do is we sometimes come in theCUBE and we summarize those sessions in our Breaking Analysis. Now Erik, yo let's start with a summary slide here, guys, if you could bring that up, we just want to make a couple of points and... So as I said Erik, I mean this started back, you know in the System/390 days. Now, distributed systems and cloud of course create a lot more complexity, you got data that's really fragmented. You got user data, you got application data, you have infrastructure data and it gets complicated and you've got guys in lab coats having to come in and diagnose these stuff, lot of tribal knowledge. What are you seeing in the space? >> Well yeah, you know to start back, you know it's funny when the panel I hosted, one of the guys even brought up Tivoli, how long ago that was right? Then of course you get, you know you have the solar winds and you had people like that trying to just kind of monitor your network. You know what we've heard a lot about now is infrastructure has really become code-based. So when that happens, you really start wondering to yourself the lines are blurring between infrastructure and application because at the end of the day, what you're really monitoring is code. So it has gotten incredibly complex, you have OnPrem, you have hybrid, you have multi-cloud approach so it has gotten extremely complex and there's also now a third wave of next-gen vendors getting involved in the mix as well. As you're aware, New Relic and Datadog, obviously, Splunk has been in logging and monitoring for a long time. You also had some of the traditional players throw their hat in the ring through acquisition, that you know AppDynamics gobbled up by Cisco and obviously Splunk trying to continue to reinvent themselves a little bit by SignalFx. So it is a very crowded, complex space, it is a complicated problem but it's also a problem that needs to be solved. You know, we were looking at, you said in your intro about, it's only about a $5 billion market right now but there's been a lot of data out there from industry analysts saying that that's going to grow quite handsomely over the next five years and it could get up to 13, 14, 15 billion. And when I asked my panel about that, I had one gentleman say without a doubt, they see the next 10 years that spending in this space will continue. And when you pry and ask why, they simply state that digital transformation is not going to stop, it's marching forward, whether anyone likes it or not and as it does, monitoring is going to be critical, it's only going to increase and increase and increase. So right now, to your point, it's a small market but it's a growing market and there's a lot of entrance in there and their whole goal is to reduce this complexity that you're talking about. >> Now, one of the things we heard from the panel, guys if you bring up that same slide again, you know the third point on that slide was what's closely tied to digital transformation. You heard a number of individuals say, "Look, your digital business is critical, it's all about monitoring your applications and your data and your infrastructure. And we heard a lot that they wanted a, a single pane of glass and you made a number of points about the market. What are your thoughts on both the digital transformation, maybe the COVID acceleration of that mandate and that notion of a single pane of glass, is that aspirational or is it, in your view, something that is actually technically feasible? >> Not only is it technically feasible, it has to happen. It's going to be demanded by the large enterprise, they can't continue to monitor hundreds and hundreds of applications. They need something that not only can give them observability through their entire stack, but they need to be able to view it in one way, there's enough fatigue in monitoring and logging. And actually it goes even further than one pane of glass, they're demanding that these systems can now actually employ machine learning algorithms to be proactive. It's not enough to just say, "Okay, I observed this," you have to let me know that this may happen in the future and what to do about it. So not only is it feasible, it's something that is being demanded by the end-user market and the players that survive are the ones that already have that in their roadmap. >> Now, as we always like to do in these sessions, we're going to bring up some ETR data and we like to position the companies. So what we do is, we're going to bring up some of the pure players, pure-play companies and you can see them on this slide. But Erik, and when we talk about companies in this space, they are well over a dozen. It's just again for reference, you know it's Cisco with AppD, you mentioned that before Dynatrace is one of the leaders, New Relic has been around for awhile and is doing well, Splunk, Datadog. Now of course, and we're not showing them here, AWS, Microsoft and Google cause they just sort of, they pollute the chart. But so I want to start with the guys that are on this view and maybe talk about a few. Elastic came up a lot, certainly AppD came up a little, Dynatrace was obviously mentioned, especially in large organizations. Lot of conversations about New Relic. So let's go through them. Where do you want to start here? >> Yeah there's a lot to go through and we did spend the majority of the panel talking about the individual players, the differences between them and also what we thought their longer term prospects were but yeah, we'll go through each one. I think maybe to start with, let's go back in time a little bit, right? Cisco is a wonderful acquirer, they do a great job at M&A. A lot of companies will acquire something and let it die on the vine. Cisco has proven recently that they are reinventing themselves as a full platform play, whether that be through, you know, kind of, their networking reach or whether it be through the security. And AppDynamics is one of those that actually kind of gives you a little bit of both with being able to monitor. It is a great play for people that are already involved with Cisco. Now, I don't think you're going to see too many people that are non-Cisco customers run out and buy it. There you're going to see some of them, maybe the pure plays or one of my guests called the third wave of vendors. And that third wave is really about a Datadog and a New Relic. Let's talk about Datadog first. >> Yeah let's bring that back up guys, if you would. Now let me just, sorry to interrupt you Erik (indistinct) The vertical axis here is net score, that's the ETR's primary metric, and that's an indication of spending velocity, the higher, the better. And on the horizontal axis is market share. Now we're showing the July data, the October data is in the field, you know once ETR releases that to its clients, then we'll share that with you. But the first thing that jumps out at me is other than Elastic Erik, I mean, I'm not blown away by the spending momentum in this space but let's talk about that and then some of your thoughts on the specific vendors. >> Yeah, you know I'll go back because you asked a little bit about the digital transformation, I don't think I answered it fully. So to your comment about maybe not being impressed with the spend, I think this is one where the spend is going to come, kind of as a laggard because you're not going to rush out and go buy the software to monitor until you've built out the, what needs to be monitored. So as we're seeing this increase in the digital transformation, and I think you and I had a conversation in the past, but when COVID first hit and I did a series of panels, we had one person say that this virus is going to increase digital transformation by five to 10 years. Now that was an amazing statement. Basically, if you were on the fence, if you didn't, if you weren't already heading down to digital transformation, you needed to play catch up quickly. So now that you are doing that right, now that you're moving from OnPrem to a multicloud or a hybrid cloud environment, you have to get observability, you have to get monitoring into it. So now these players start to play catch up and this is where you're going to see the proof of concepts and you're going to see people trying to decide which direction they're going to take their company. Now back to the actual vendors. I believe that there is some differentiation, right? So we'll just take, for instance, Splunk. Splunk is obviously probably the biggest boy on the block when it comes to just straight up logging and monitoring. They've leveraged that big boy position to really, you know, add some costs, kind of intimidate their customers they've been compared in the past of the type of things that Oracle used to do from their cost perspective. And that's opened up some new competition, Datadog is one of those. According to my panel, Datadog is viewed more for logging and monitoring than it is truly full end-to-end observability throughout your entire network and application system. So that is one of the areas that's there. Now, to stay on those two names for a quick second, Splunk obviously has some holes in what they're trying to offer, they went out and tried to buy SignalFx to fill one of those holes. Now according to my panel again, did a great job filling that hole, problem is if you have a boat with three holes, you can't put your fingers everywhere. So they think, hey listen, Splunk scrape, they're going to keep the company they have and I know that we can talk a little bit more about valuations and the equity side later, but I think it's very clear that their sales and revenue are trending flat to down, whereas some of these other names still have great acceleration in their sales. So Splunk and Datadog both are really facing pressure from Elastic or generally just open-source. >> I was struck by the panel and how much emphasis they, how much complaining they did about Splunk pricing. Generally, I feel like hey, if your price is too high is the biggest objection, that's actually not a bad thing for a company but the way they kept hitting on it and said, "Hey, we're actively looking for alternatives" and Datadog was one of those and given the momentum that Datadog has, I don't think that that's necessarily a positive. But you know Splunk has a lot of loyal customers but you know to your point if you go back to the slide, Elastic came up very, very strong and they are head and shoulders from a spending momentum above the rest of the crowd here. >> Right. And you know, so you're right. If the only problem with a vendor or a technology is cost, usually you live with it because that means it's giving you what you need. So okay, it's expensive but it's also the best in breed and that's where Splunk has been for a very long time. And I think they're resting on their laurels knowing that. Enter Elastic and you say to these guys, the panel, I asked them, well okay, you can make Elastic work but is it truly a viable alternative from a technology standpoint? And the answer to that was not only is it viable, it's half the price. So if you can bring something in that can do the job the same and it's half the cost, it's really difficult not to at least try. And I had one of the other gentlemen who was a Datadog customer said, "Listen, we love Datadog, we were a huge customer and then I started getting enormous bills and I just switched over to open-source, I switched to Elastic, I switched to Kibana, I switched to Kafka and I can do this search myself. Now the difference is not every enterprise has the human skillset to do so and I'm not saying Splunk's going to turn around to disappear tomorrow, not even close. Because there is a difference in spending that money with the vendor or spending that money developing the human skillset to use open-source. But the bigger backdrop here is there are more alternatives than there used to be, there's more competition and the space is getting very crowded. >> Yeah, comment on open-source. I mean open-source is free like a puppy. But the thing about that, and we had one of the panelists was a very senior consultant, exclusively work with very large companies, he told a story about one of the companies years ago, he came in to solve a problem. The problem was they had 70% availability and then they had no visibility on their infrastructure and there's really no great, no good monitor, they get them up to whatever, five nines or two, three nines or wherever they got them to, but dramatic improvement. And so, but he said, "Look it, I work with companies with billions of dollars, $3 billion IT budgets so they don't rely on open-source for this stuff, they're happy to spend." But there's a huge market, particularly in the mid size where we heard that New Relic plays in a big way, it might be more receptive to open-source. >> Couple of great points there Dave, honestly. I'm going to jump over to the use case that was given by that person who was in a healthcare role. And essentially the part I didn't write into my summary was that his CEO was two days away from shutting down the entire business because he was so frustrated that he had no observability and Dynatrace was the one that was able to step in and fix that. And this gentleman did say that the majority of the companies that he does work with which are all in the Fortune 100, Dynatrace has a stranglehold in that spot. So that's really interesting to note. Now on the flip side, when pushed a little bit more later in the panel, he said, "Dynatrace is sort of resting on its laurels from a product roadmap standpoint and that's going to open up the possibility of a New Relic getting in," a transition to New Relic as you mentioned on their small to medium sized business. They recently launched a new pricing strategy which is basically a free version to get you involved to kind of get their hooks into you and see if you can work it out. And basically what they're trying to do there I think is, you know, make up for their lack of marketing. As you saw the panel that we spoke about said, "New Relic's technology is fantastic." They have the ability to provide a single pane of glass which is the Holy Grail in this space and they have the ability to provide machine learning and proactive type of ability which again are the two things that all of the end-users are asking for. The problem is that most people might not be aware of it because New Relic doesn't have as flashy a marketing department, they don't have the dollars as much as the others to go out there and compete with the Splunk and Dynatrace and Cisco. But from a roadmap perspective, it was almost unanimous that our panel agreed, New Relic is by far, one of the leaders from a functionality standpoint. >> Yeah, if you guys bring that slide up one more time, the X Y. I mean, I look at where New Relic is and I'm like wow, I'm surprised. I mean this company, I mean they were the hot company for awhile and I think still have the capability. You're talking about the technology. NRDB, New Relic database is like, it kicks ass. In fact, you know Erik, somebody brought up in the panel that they thought that snowflake could compete in this market because essentially Snowflake's positioning is this data cloud. But you know, here's New Relic, they have a purpose-built database specifically for monitoring an APM so you would think that with that technology, they could really make some moves. And then I just want to bring in two other companies to the mix here. Honeycomb who I think even their founder and former CEO now CTO, she coined the term I believe, observability. And there's another company that is run by Jeremy Burton, company's called Observe, okay (indistinct) and it's funded by the Silicon Valley Mafia. So that's going to be an interesting one to watch, they're coming out, well they're out of stealth but they're doing a launch on October 7th. So I think those are two companies that could disrupt this space and I would expect to see, as you said, it's a latent momentum in net score from a dataset standpoint because people are trying to plug the holes cause of COVID, you know security, work from home, that pivot and now it's really on to digital transformation and that's where APM really comes in. >> It really does and again, it comes back to that comment someone made a long time ago that everything's becoming code as software eats the world and everything becomes code, you need the ability to kind of monitor that code, enter Honeycomb. And as you know, we have two different studies at ETR, one of them is for emerging technology. Honeycomb is in our emerging technology study that's more of a private series B to series E round stage whereas our main study is for companies that are pre IPO or already public. But Honeycomb is a little bit different in my opinion, that they're focused very much so on the developers or the software engineers. They're a very microservices oriented type of product whereas some of the other ones may have started as an infrastructure monitoring and then kind of work their way backward into application. But Honeycomb certainly needs to be observed and it's funny when you talk about that, the one thing I think is, "Oh great, more players." The crowded space gets even more crowded. And I think well you know, kind of foreshadowing something you and I will be speaking about in a little bit but there's a lot of players in this space and there's a lot of other possible interest in there. You mentioned Snowflake. It actually wasn't brought up from our panelists, it was a question that came from one of my clients that said, "Hey, I'm curious, can snowflake play in this space?" And the panel thought about it for a second and said, "There's absolutely no reason why they can't, they most certainly can." And we all know the cash they have so I mean the easiest way to play in that would maybe be to buy some of the technology, integrate it in and yeah, they have that portability. And if I can real quickly, they've just, one of the things that came out that was so important about this, we haven't spoken about the vendors is, is the public cloud. The public cloud offers this. They offer monitoring, they'll give it to you for free. If I'm going to run Kubernetes at Google, I'm going to get the monitoring for free which is super nice, right? But if I have an enterprise that has multicloud or hybrid cloud, and I'm working outside of that public cloud silo, it doesn't work. This is the exact conversation you and I had about Snowflake. AWS Redshift's fantastic but it doesn't work outside of AWS. So if every one of our enterprises continues on the digital transformation, they need portability. They have to be able to go across any architecture structure and that's why these independent providers are really starting to gain steam when you would think they could never compete with the public cloud. >> Yeah man, that's a great point. And we've talked about this in the context of Snowflake that who are you going to trust with your multi-cloud strategy? Are you going to trust AWS? Are you going to trust Google? Yeah, okay, they got Anthos but we kind of know why they're taking that posture. Microsoft, look, I'm probably going to partner with somebody who can, who's maybe I have a relationship with them with my OnPrem and that is really sort of agnostic to the various clouds so I'm glad you brought that up. And you know the point you're making about Honeycomb is a good one and I'll add that, again, it gets more complex with microservices and containers, that's spinning them up, spinning them down. Sometimes these, first of all, these microservices, sometimes aren't that micro and second of all, you're sometimes talking about hundreds of thousands of containers so it's a really increasingly complex environment. All right. What I want to do is-- >> You didn't even touch on serverless, we'll do that some other day. >> Oh, yeah, I mean absolutely. A hundred percent, right. So, now let's take a look at some of the valuations, guys if you bring that up for me. So I put this little chart together and it's always instructive. Now I like to, simple guy Erik so I like to... So you see, the company, I take a trailing 12-month revenue and then the market cap as of 9/25. And then just a simple revenue multiple, just to get a sense, it's not a hardcore valuation model but it's interesting and there usually is a correlation to the growth rate, I just pulled that off the latest quarterly growth rate. I mean, look at Datadog. I mean that's like Snowflake pre IPO valuations. I mean you're really, right around there with smaller revenue, smaller growth rate, Snowflakes up in the whatever 120% range but well eye-popping. You know the same valuation as Splunk, I mean that's just amazing. What do you make of this data? >> Well, you know I was an equity analyst for almost 15 years on the Wall Street side. So the, my first caveat is a trailing revenue to the multiple is not always the same because people are looking at what the forward expected revenue will be but I actually do see the correlation here. And when you brought this up, my eyes popped open. I do not understand why Datadog has a 27 billion market cap on a trailing 350 million in revenue. I just don't know if their forward looking growth really warrants that and at the same time, then you look at a Splunk, right? I mean they have two and a half billion in revenue but their growth rate's down and truthfully, when I see a -5% growth rate, I don't know why you weren't at 12% sales either. I would argue that there's quite a few names on here that could be in for a reckoning, ETR actually as far back as a year ago caught this in our data and said, "Hey, there's some inflection points here and I think investors need to pay attention to them." And since we came out with the July report, a lot of these names we're talking about, despite insane valuations in the equity markets are flat to down. And, you know I do think that, hey if they stay stagnant and their technology is right but it's a crowded space, I think we're really leading to the point where as one of my panelists said, this industry is ripe for consolidation. These players are not all going to be here in 12 months, it's that simple. >> Yeah and by the way, thank you for mentioning that as a former equity analyst, you were right (indistinct) 12 months, it's kind of the rear-view mirror. But I'll tell you, two reasons why I do that. One is, I put the growth rate in there so you can pick your own growth rate and your own forward revenue. The other is it's really easy for me to get TTM off a Yahoo as opposed to >> Right exactly. >> And so truth be told. But, guys bring that back up one more time cause I want to make a point about New Relic. I mean I think they are potentially right for an M&A because they got great technology. Now remember Elliot Management is in there and when Elliot's is in there, stuff's going to happen. They're going to start cleaning house, they're going to really create changes, they don't just get in in a big way and sit back and watch, they are extremely active. And the New Relic, leader in this space, great technology, great heritage. So either they got to clean up and get that valuation back up maybe as you pointed out, little bit better marketing posture, et cetera or they get taken out. >> Yeah and let's think about the two things that coincide, right? You have one of the world's best activist funds get involved in Elliot Management. And as you said, they don't get involved to just sort of watch or observe as we're talking about here today, they are very active in trying to get some sort of a, you know, corporate action done. And at the same time, all of a sudden New Relic comes out with a new pricing model. They're trying to create a moat around the small to medium business, right? They're trying to grow their footprint. Now the great thing about getting involved in small to medium businesses, it starts off for free but you grow with them. So I don't think those two are a coincidence, let me just put it that way. I think that they're coming in, they're trying to entrench themselves in a new market and set themselves up for future growth and I truly believe that based on the product roadmap and the feedback we were getting from the end-users in my panel, New Relic has the ability to look across all architecture, it has the ability to provide a single pane of glass and it has the ability to incorporate machine learning for proactive response. Their roadmap is fantastic, they have an active manager inside as an investor, I don't think they're going to be around for much, much longer. And obviously that you look around and you wonder who the acquirers will be and it might be one of the major cloud players. >> Yeah that would be interesting. I mean it gives them a play in a multicloud world and either they're going to just use that for their own advantage or they will actually see that as an opportunity, we'll be itching to watch. Alright, anything we didn't cover that you want to touch on or give us your final thoughts, please Erik. >> You know I would also just sort of mention a little bit about Splunk. This is a company that has a tremendous amount of revenue, a tremendous installed customer base but many, many times we've seen it before and Oracle is the greatest example. They kind of forget about their customers and they don't treat them properly. And I can't tell you how many people I have mentioned to me said, "Hey when this all went down in the viral pandemic and I went to Splunk and I asked for a little bit of pricing flexibility, I asked for this, I asked for that and they just wouldn't give it to me." And I wrote an article once called (indistinct) never forget similar to an elephant. And when they come out the other side, they're going to find a way to replace them. And today I also wrote an article that it was our 200th interview and I entitled it, The Splunk Funk. And basically it's about all the alternatives that are now out there, not just open source, but other vendors, even the vulnerability management players like a Rapid7, like a Tenable are getting into this space now. Fortinet, which one guy called "Fortaeverything" is a company that's really expanding. So I would just really kind of caution some of those vendors out there that don't rest on your laurels, don't take your customers for granted because sooner or later, they're going to be in a position to bite the back. >> Well I'll say this about Splunk, I've been following the company since the early part of last decade and I've done a lot of Cube interviews at their shows. They do have a passionate, passionate customer base, they got the experts that run around with that crazy hat and I've seen Splunk killers emerge for the last decade and so... But I think your point is right. I mean they've, the SignalFx acquisition was something that, it was a hole to fill and it gets them into a subscription-based model, they're going through that transition now. But I think they have some real gravity with their customer base. So, all right, let me summarize. For years, the application monitoring and management, it's really relied on alerts, logs, traces and even what I call tribal knowledge. In that world of pre-distributed systems, that was fine, like I said a trace can tell you what was going on. But things have begotten much more complicated architecturally with cloud and mobile and they're really changing fast now. Erik mentioned serverless, we talked about containers. So, today it's much harder to understand the customer experience because it's difficult to get a full picture of the data. And what I mean by that is that the user data, the application data, the infrastructure data, they're all fragmented and the Holy Grail solution really takes all this disparate data, it ingests it, it transforms it. Connects the dots if you will, across clouds, Onprem and then it shapes it, brings in machine intelligence, really creating an organic systems view that can proactively tell you that there's a problem coming. And finally, nearly absolute Nirvana is doing this in a way that non-technical people are going to be able to understand the true user experience. You know in theory, this is going to allow organizations to remediate in 110th the time with much, much lower costs and that's going to be critical in this world of digital transformation. So thank you Erik, really appreciate you coming on today. >> Always enjoy it Dave, it's always great talking to you and hopefully we'll do it again soon. >> All right, I can't wait. And thank you everybody for watching this episode of theCUBE Insights powered by ETR. Remember these episodes, they're all available on podcasts. We publish weekly on wikibon.com and siliconangle.com so you got to check that out. And don't forget, go to etr.plus for all the survey action. Would appreciate if you kindly comment on my LinkedIn post or tweet me @dvellante or email at david.vellante@siliconangle.com This is Dave Vellante. Thanks so much to Erik Bradley, be well and we'll see you next time. (bouncy music)

(upbeat music) >> From theCUBE studios in Palo Alto, in Boston, connecting with thought leaders all around the world. This is a Cube conversation. >> Hi everybody, this is Dave Vellante. And as you know, I've been running a CxO series in this COVID economy. And as we go into the post-isolation world, really want to focus and expand our scope and really look at startups. And of course, we're going to look at startups, let's follow the money. And I want to start with the investor. Mark Roberge is here. He's the managing director at Stage 2 capital. He's a professor at the Harvard Business School, former CRO over at HubSpot. Mark, great to see you. Thanks for coming on. >> Yeah, you bet, Dave. Thanks for having me. >> So I love that, you know... looking at your career a little bit, on your LinkedIn and following some of your videos, I love the fact that you did, and now you teach and you're also applying it with Stage 2 Capital. Tell us a little bit more about both of your career and Stage 2. >> Yeah, I mean, a lot of it's a bit serendipitous, especially last 10 years, but I've always had this learn, do, teach framework in my, in mind as I go through the decades of my career, you know, like you're probably like 80% learning in your twenties, early thirties and you know, 20% doing. Then, you know, I think my thirties was like leading the HubSpot sales team, a lot of doing, a little bit of teaching, you know, kind of hopping into different schools, et cetera, and also doing a lot of, some writing. And now like, I'm teaching it. I think investing kind of falls into that too, you know, where you've got this amazing opportunity to meet, the next generation of, of extraordinary entrepreneurs and engage with them. So yeah, that, that has been my career. You know, Dave, I've been a, passionate entrepreneur since 22 and then, the last one I did was HubSpot and that led to just an opportunity to build out one of the first sales teams in a complete inside environment, which opened up the doors for a data driven mindset and all this innovation that led to a book that led to recruitment on HBS's standpoint, to like come and teach that stuff, which was such a humbling honor to pursue. And that led to me a meeting my co-founder, Jay Po, of Stage 2 Capital, who was a customer to essentially start the first VC fund, running back by sales and marketing leaders, which was his vision. But when he proposed it to me, addressed a pretty sizeable void, that I saw, in the entrepreneur ecosystem that I thought could make a substantial impact to the success rate of startups. >> Great, I want to talk a little bit about how you guys compete and what's different there, but you know, I've read some of your work, looked at some of your videos, and we can bring that into the conversation. But I think you've got some real forward-thinking for example, on the, you know, the best path to the upper right. The upper right, being that, that xy-axis on growth and adoption, you know, do you go for hyper-growth or do you go for adoption? How you align sales and marketing, how you compensate salespeople. I think you've got some, some leading-edge thinking on that, that I'd love for you to bring into the conversation, but let's start with Stage 2. I mean, how do you compete with the big guys? What's different about Stage 2 Capital? >> Yeah, I mean, first and foremost, we're a bunch of sales and marketing and execs. I mean, our backing is, a hundred plus CROs, VPs of marketing, CMOs from, from the public companies. I mean, Dropbox, LinkedIn, Oracle, Salesforce, SurveyMonkey, Lyft, Asana, I mean, just pick a unicorn, we probably have some representation from it. So that's, a big part of how we compete, is most of the time, when a rocket ship startup is about to build a sales team, one of our LPs gets a call. And because of that, we get a call, right. And, and so there's, we're just deep in, in helping... So first off, assess the potential and risks of a startup in their current, go to market design, and then really, you know, stepping in, not just with capital, but a lot of know-how in terms of, you know, how to best develop this go-to-market for their particular context. So that's a big part of our differentiation. I don't think we've ever lost a deal that we tried to get into, you know, for that reason, just because we come in at the right stage, that's right for our value prop. I'd say Dave, the biggest, sort of difference, in our investing theme. And this really comes out of like, post HubSpot. In addition to teaching the HBS, I did parachute into a different startup every quarter, for one day, where you can kind of like assess their go-to-market, looking for, like, what is the underlying consistency of those series A businesses that become unicorns versus those that flatline. And if I, you know, I've now written like 50 pages on it, which I, you know, we can, we can highlight to the crew, but the underlying cliffnotes is really, the avoidance of a premature focus on top line revenue growth, and an acute focus early on, on customer attention. And, I think like, for those of you, who run in that early stage venture community these days, and especially in Silicon Valley, there's this like, triple, triple, double, double notion of, like year one, triple revenue, year two, triple revenue, year three, double revenue, year four, double revenue, it's kind of evolved to be like the holy grail of what your objectives should be. And I do think like there is a fraction of companies that are ready for that and a large amount of them that, should they pursue that path, will lead to failure. And, and so, we take a heavy lens toward world-class customer retention as a prerequisite, to any sort of triple, triple, double, double blitzscaling type model. >> So, let me ask you a couple of questions there. So it sounds like your LPs are heavily, not only heavily and financially invested, but also are very active. I mean, is that a, is that a fears thing? How active are the LPs in reality? I mean, they're busy people. They're they're software operators. >> Yeah. >> Do they really get involved in businesses? >> Absolutely. I mean, half of our deals that we did in fund one came from the LPs. So we get half of our funnel, comes from LPs. Okay. So it's always like source-pick-win-support. That's like, what basically a VC does. And our LPs are involved in every piece of that. Any deal that we do, we'll bring in four or five of our LPs to help us with diligence, where they have particular expertise in. So we did an insuretech company in Q4, one of our LPs runs insurance practice at Workday. And this particular play he's selling it to big insurance companies. He was extremely helpful, to understand that domain. Post investment, we always bring in four or five LPs to go deeper than I can on a particular topic. So one of our plays is about to stand up in account based marketing, you know, capability. So we brought in the CMO, a former CMO at Rapid7 and the CMO at Unisys, both of which have, stood in, stood up like, account based marketing practices, much more deeply, than I could. You know of course, we take the time to get to know our LPs and understand both their skills, and experiences as well as their willingness to help, We have Jay Simons, who's the President of Atlassian. He doesn't have like hours every quarter, he's running a $50 billion company, right? So we have Brian Halligan, the CEO of HubSpot, right? He's running a $10 billion company now. So, we just get deal flow from them and maybe like an event once or twice a year, versus I would say like 10 to 20% of our LPs are like that. I would say 60% of them are active operators who are like, "You know what? I just miss the early days, and if I could be active with one or two companies a quarter, I would love that." And I would say like a quarter of them are like semi-retired and they're like, they're choosing between helping our company and being on the boat or the golf course. >> Is this just kind of a new model? Do you see having a different philosophy where you want to have a higher success rate? I mean, of course everybody wants to have a, you know, bat a thousand. >> Yeah. >> But I wonder if you could address that. >> Yeah. I don't think it, I'm not advocating slower growth, but just healthier growth. And it's just like an extra, it's really not different than sort of the blitzscaling oriented San Francisco VC, okay? So, you know, I would say when we were doing startups in the nineties, early 2000s before The Lean Startup, we would have this idea and build it in a room for a year and then sell it in parallel, basically sell it everywhere and Eric Ries and The Lean Startup changed all that. Like he introduced MVPs and pivots and agile development and we quickly moved to, a model of like, yeah, when you have this idea, it's not like... You're really learning, keep the team small, keep the burn low, pivot, pivot, pivot, stay agile and find product-market fit. And once you do that, scale. I would say even like, West Coast blitzscaling oriented VCs, I agree with that. My only take is... We're not being scientifically rigorous, on that transition point. Go ask like 10 VCs or 10 entrepreneurs, what's product-market fit, and you'll get 10 different answers. And you'll get answers like when you have lots of sales, I just, profoundly disagree with that. I think, revenue in sales has very little to do with product-market fit. That's like, that's like message-market fit. Like selling ice to Eskimos. If I can sell ice to Eskimos, it doesn't mean that product-market fit. The Eskimos didn't need the ice. It just means I was good at like pitching, right? You know, other folks talk about like, having a workable product in a big market. It's just too qualitative. Right? So, that's all I'm advocating is, that, I think almost all entrepreneurs and investors agree, there's this incubation, rapid learning stage. And then there's this thing called product-market fit, where we switch to rapid scale. And all I'm advocating is like more scientist science and rigor, to understanding some sequences that need to be checked off. And a little bit more science and rigor on what is the optimal pace of scale. Because when it comes to scale, like pretty much 50 out of 50 times, when I talk to a series A company, they have like 15 employees, two sales reps, they got to like 2 million in revenue. They raise an 8 million-dollar round in series A, and they hired 12 salespeople the next month. You know, and Dave, you and your brother, who runs a large sales team, can really understand how that's going to failure almost all the time. (Dave mumbles) >> Like it's just... >> Yeah it's a killer. >> To be able to like absorb 10 reps in a month, being a 50, it's just like... Who even does all those interviews? Who onboards them? Who manages them? How do we feed them with demand? Like these are some of the things I just think, warrant more data and science to drive the decisions on when and how fast to scale. >> Mark, what is the key indicator then, of product-market fit? Is it adoption? Is it renewal rates? >> Yeah. It's retention in my opinion. Right? So, so the, the very simple framework that I require is you're ready to scale when you have product-market and go to market-fit. And let's be, extremely precise, and rigorous on the definitions. So, product-market fit for me, the best metric is retention. You know, that essentially means someone not only purchased your offering, but experienced your offering. And, after that experience decided to repurchase. Whether they buy more from you or they renew or whatever it is. Now, the problem with it is, in many, like in the world we live inside's, it's like, the retention rate of the customers we acquire this quarter is not evident for a year. Right, and we don't have a year to learn. We don't have a year to wait and see. So what we have to do is come up with a leading indicator to customer retention. And that's something that I just hope we see more entrepreneurs talking about, in their product market fit journey. And more investors asking about, is what is your lead indicator to customer retention? Cause when that gets checked off, then I believe you have product-market fit, okay? So, there's some documentation on some unicorns that have flirted with this. I think Silicon Valley calls it the aha moment. That's great. Just like what. So like Slack, an example, like, the format I like to use for the lead indicator of customer retention is P percent of customers, do E event, in T time, okay? So, it basically boils it down to those three variables, P E T. So if we bring that to life and humanize it, 70% of the customers, we sign up, this is Slack, 70% of the customers who sign up, send 2000 team messages in 30 days, if that happens, we have product-market fit. I like that a lot more, than getting to a million in revenue or like having a workable product in a big market. Dropbox, 85% of customers, share one file in one hour. HubSpot, I know this was the case, 75% of customers, use five or more of the 25 features in the platform, within 60 days. Okay? P percent, do E event, in T time. So, if we can just format that, and look at that through customer cohorts, we often get visibility into, into true product market-fit within weeks, if not like a month or two. And it's scientifically, data-driven in terms of his foundation. >> Love it. And then of course, you can align sales compensation, you know, with that retention. You've talked a lot about that, in some of your work. I want to get into some of the things that stage two is doing. You invest in SaaS companies. If I understand it correctly, it's not necessarily early stage. You're looking for companies that have sort of achieved some degree of revenue and now need help. It needs some operational help and scaling. Is that correct? >> Yeah. Yeah. So it's a little bit broader in size, as any sort of like B2B software, any software company that's scaling through a sales team. I mean, look at our backers and look at my background. That's, that's what we have experience in. So not really any consumer plays. And yeah, I mean, we're not, we have a couple product LPs. We have a couple of CFO type LPs. We have a couple like talent HR LPs, but most of us are go-to-market. So we don't, you know, there's awesome seed funds out there that help people set up their product and engineering team and go from zero to one in terms of the MVP and find product-market fit. Right? We like to come in right after that. So it's usually like between the seed and the A, usually the revenue is between half a million and 1.5 million. And of course we put an extraordinary premium on customer retention, okay? Whereas I think most of our peers put an extraordinary premium on top line revenue growth. We put an extraordinary premium on retention. So if I find a $700,000 business that, you know, has whatever 50, 70 customers, you know, depending on their ticket size, it has like North of 90% local retention. That's super exciting. Even if they're only growing like 60%, it's super exciting. >> What's a typical size of investments. Do you typically take board seats or not? >> Yeah. We typically put in like between like seven hundred K, one and a half million, in the first check and then have, larger amounts for follow on. So on the A and the B. We try not to take board's seats to be honest with you, but instead the board observers. It's a little bit selfish in terms of our funds scale. Like the general counsel from other venture capitalists is of course, like, the board seat is there for proper governance in terms of like, having some control over expenditures and acquisition conversations, et cetera, or decisions. But a lot of people who have had experience with boards know that they're very like easy and time efficient when the company is going well. And there are a ton of work when the company is not going well. And it really hurts the scale, especially on a smaller fund like us. So we do like to have board observers seats, and we go to most of the board meetings so that our voice is heard. But as long as there's another fund in there that, has, world-class track record in terms of, holding proper governance at the board level, we prefer to defer to them on that. >> All right, so the COVID lock down, hit really in earnest in March, of course, we all saw the Sequoia memo, The Black Swan memo. You were, I think it HubSpot, when, you remember the Rest In Peace Good Times memo, came out very sort of negative, put up all over the industry, you know, stop spending. But there was some other good advice in there. I don't mean to sort of, go too hard on that, but, it was generally a negative sentiment. What was your advice to your portfolio companies, when COVID hit, what were you telling them? >> Yeah, I summarized this in our lead a blog article. We kicked off our blog, which is partially related to COVID in April, which has kind of summarize these tips. So yes, you are correct, Dave. I was running sales at HubSpot in '08 when we had last sort of major economic, destabilization. And I was freaking out, you know (laughs briefly) at the time we were still young, like 20, 30 reps and numbers to chase. And... I was, actually, after that year, looking back, we are very fortunate that we had a value prop that was very recession-proof. We were selling to the small business community, who at the time was cutting everything except new ways to generate sales. And we happen to have the answer to that and it happened to work, right? So it showed me that, there's different levels of being recession proof. And we accelerated the raise of our second fund for stage two with the anticipation that there would be a recession, which, you know, in the venture world, some of the best things you could do is close a fund and then go into a recession, because, there's more deals out there. The valuations are lower and it's much easier to understand, nice to have versus must have value props. So, the common theme I saw in talking to my peers who looked back in the '01 crisis, as well as the '08 crisis, a year later was not making a bolder decision to reorient their company in the current times. And usually on the go-to-market, that's two factors, the ICP who you're selling to, ideal customer profile and the CVP, what your message is, what's your customer value prop. And that was really, in addition to just stabilizing cash positions and putting some plans in there. That was the biggest thing we pushed our portfolio on was, almost like going through the exercise, like it's so hard as a human, to have put like nine months into a significant investment leading up to COVID and now the outcome of that investment is no longer relevant. And it's so hard to let that go. You know what I mean? >> Yeah. >> But you have to, you have to. And now it's everything from like, you spent two years learning how to sell to this one persona. And now that persona is like, gyms, retail and travel companies. Like you've got to let that go. (chuckle simultaneously) You know what I mean? Like, and, you know, it's just like... So that's really what we had to push folks on was just, you know, talking to founders and basically saying this weekend, get into a great headspace and like, pretend like you were parachuted into your company as a fresh CEO today. And look around and appreciate the world and what it is. What is this world? What are the buyers talking about? Which markets are hot, which markets are not, look at the assets that you have, look at your product, look at your staff, look at your partners, look at your customer base, and come up with a strategy from the ground up based on that. And forget about everything you've done in the last year. Right? And so, that's really what we pushed hard on. And in some cases, people just like jumped right on it. It was awesome. We had a residential real estate company that within two weeks, stood up a virtual open house module that sold like hotcakes. >> Yeah. >> That was fantastic execution. And we had other folks that we had to have like three meetings with to push them deep enough, to go more boldly. But that, was really the underlying pattern that I saw in past, recessions and something I pushed the portfolio on, is just being very bold on your pivots. >> Right? So I wanted to ask you how your portfolio companies are doing. I'm imagining you saw some looked at this opportunity as a tailwind. >> Yeah. >> You mentioned the virtual, open house, a saw that maybe were exposed, had, revenue exposure to hard-hit industries and others kind of in the middle. How are your portfolio companies doing? >> Yes, strong. I'm trying to figure out, like, of course I'm going to say that, but I'm trying to figure out like how to provide quant, to just demonstrate that. We were fortunate that we had no one, and this was just dumb luck. I mean, we had no one exclusively selling to like travel, or, restaurants or something. That's just bad luck if you were, and we're fortunate that we got a little lucky there, We put a big premium, obviously we had put a big premium on customer retention. And that, we always looked at that through our recession proof lens at all our investments. So I think that helped, but yeah, I mean, we've had, first off, we made one investment post COVID. That was the last investment on our first fund and that particular company, March, April, May, their results were 20% higher than any month in history. Those are the types of deals we're seeing now is like, you literally find some deals that are accelerating since COVID and you really just have to assess if it's permanent or temporary, but that one was exciting. We have a telemedicine company that's just like, really accelerating post COVID, again, luck, you know, in terms of just their alignment with the new world we're living in. And then, jeez! I mean, we've had, I think four term sheets, for markups in our portfolio since March. So I think that's a good sign. You know, we only made 11 investments and four of them, either have verbal or submitted term sheets on markups. So again, I feel like the portfolio is doing quite well, and I'm just trying to provide some quantitative measures. So it doesn't feel like a political answer. (Mark chuckles) >> Well, thank you for that, but now, how have you, or have you changed your sort of your thesis post COVID? Do you feel like your... >> Sure. >> Your approach was sort of geared towards, you know, this... >> Yeah. >> Post COVID environment? But what changes have you made. >> A little bit, like, I think in any bull market, generally speaking, there's just going to be a lot of like triple, triple, double, double blitzscaling, huge focus on top-line revenue growth. And in any down market, there's going to be a lot of focus on customer retention unit economics. Now we've always invested in the latter, so that doesn't change much. There's a couple of things that have changed. Number one, we do look for acceleration post COVID. Now, that obviously we were not, we weren't... That lens didn't exist pre-COVID, So in addition to like great retention, selling through a sales team, around the half million to a million revenue, we want to see acceleration since COVID and we'll do diligence to understand if that's a permanent, or a temporary advantage. I would say like... Markets like San Francisco, I think become more attractive in post COVID. There's just like, San Francisco has some magic happening there's some VC funds that avoid it, cause it's too expensive. There's some VC funds that only invest in San Francisco, because there's magic happening. We've always just been, you know... we have two portfolio companies there that have done well. Like we look at it and if it's too expensive, we have to avoid it. But we do agree that there's magic happening. I did look at a company last week. (chuckles inaudibly) So Dave, there are 300K in revenue, and their last valuation is 300 million. (both chuckle) >> Okay, so why is San Francisco more attractive, Mark? >> Well, I mean and those happened in Boston too. >> We looked at... (Mark speaks inaudibly) >> I thought you were going to tell me the valuations were down. (Dave speaks inaudibly) >> Here's the deal all right, sometimes they do, sometimes they don't and this is one, but in general, I think like they have come down. And honestly, the other thing that's happened is good entrepreneurs that weren't raising are now raising. Okay? So, a market like that I think becomes more attractive. The other thing that I think that happens is your sort of following strategies different. Okay so, there is some statistical evidence that, you know, obviously we're coming out of a bear market, a bullish market in, in both the public and the private equities. And there's been a lot of talk about valuations in the private sector is just outrageous. And so, you know, we're fortunate that we come in at this like post seed, pre-A, where it's not as impacted. It is, but not as or hasn't been, but because there's so many more multibillion-dollar funds that have to deploy 30 to 50 million per investment, there's a lot of heating up that's happened at that stage. Okay? And so pre COVID, we would have taken advantage of that by taking either all or some of our money off the table, in these following growth rounds. You know, as an example, we had a company that we made an investment with around 30 million evaluation and 18 months later, they had a term sheet for 500. So that's a pretty good return in 18 months. And you know, that's an expensive, you know, so that that's like, wow, you know, we probably, even though we're super bullish on the company, we may want to take off a 2X exposition... >> Yeah. >> And take advantage of the secondaries. And the other thing that happens here, as you pointed out, Dave is like, risk is not, it doesn't become de-risk with later rounds. Like these big billion dollar funds come in, they put pressure on very aggressive strategic moves that sometimes kills companies and completely outside of our control. So it's not that we're not bullish on the company, it's just that there's new sets of risks that are outside of the scope of our work. And so, so that that's probably like a less, a lesser opportunity post COVID and we have to think longer term and have more patient capital, as we navigate the next year or so of the economy. >> Yeah, so we've got to wrap, but I want to better understand the relationship between the public markets and you've seen the NASDAQ up, which is just unbelievable when you look at what's happening in main street, and the relationship between the public markets and the private markets, are you saying, they're sort of tracking, but not really identical. I mean, what's the relationship. >> Okay, there's a hundred, there's thousands of people that are better at that than me. Like the kind of like anecdotal thoughts that I, or the anecdotal narrative that I've heard in past recessions and actually saw too, was the private market, when the public market dropped, it took nine months roughly for the private market to correct. Okay, so there was a lag. And so there's, some arguments that, that would happen here, but this is just a weird situation, right? Of like the market, even though we're going through societal crazy uncertainty, turmoil and, and tremendous tragedy, the markets did drop, but they're pretty hot right now, specifically in tech. And so there's a number of schools of thoughts there that like some people claim that tech is like the utilities companies of the eighties, where it's just a necessity and it's always going to be there regardless of the economy. Some people argue that what's happened with COVID and the remote workplace have made, you know, accelerated the adoption of tech, the inevitable adoption, and others could argue that like, you know, the worst is still the come. >> Yeah. And of course, you've got The Fed injecting so much liquidity into the system, low interest rates, Mark, last question. Give me a pro tip for entrepreneurs. (Mark Sighs) >> I would say, like, we've talked a lot about, this methodology with, you know, customer retention, really focusing there, align everything there as opposed to top line revenue growth initially. I think that the extension I do at this point is, do your diligence on your investors, and what their thoughts are on your future growth plans to see if they're aligned. Cause that, that becomes like, I think a lot of entrepreneurs, when they dig into this work, they do want to operate around it. But that becomes that much harder when you have investors that think a different way. So I would just, you know, just always keep in mind that, you know, I know it's so hard to raise money, but you know, do the diligence on your investors to understand, what they'd like to see in the next two years and how it's aligned with your own vision. >> Mark is really great having you on. I'd love to have you back and as this thing progresses, and see how it all shakes out. It really a pleasure. Thanks for coming on. >> No, thanks, Dave. I appreciate you having me on. >> And thank you everybody for watching. This is Dave Vellante for The Cube. We'll see you next time. (music plays)

(upbeat music) >> Welcome to this special Cube conversation here in Palo Alto, California. I'm John Furrier, host of theCUBE, we have two special guests, Karim Toubba, CEO of Kenna Security, and Caroline Japic, CMO, Kenna Security. Great to see you guys, thanks for coming on, appreciate you taking the time, appreciate it. >> Thanks for having us. >> So RSA is coming up, big show, security's at the top of the list of all companies. You guys have a very interesting company. Risk based vulnerability management is like the core secret sauce, but there's a lot going on. Take a minute to talk about your company. What do you guys do? Why do you exist? >> Yeah, sure. Thanks for having us. Some, the security landscape as you very well know, pretty crowded space, a lot of different vendors, a lot of technologies that enterprises and organisations have to deal with. What we do has a lot of complexity behind it, but in an app practicality for enterprises is actually quite simple. They have many, many data sources that are finding problems for them, mapping to their attack surface, what are misconfigurations? Where are there vulnerabilities in your network or your host, where there vulnerabilities in your applications, we taking all of that data, specifically from 48 different data sources, we map it to what attackers are doing in the wild, run it through a lens of risk, and then enable the collaboration between I.T. and security, on what to focus on at the tip of the spear with a high degree of fidelity and efficacy so that they know that they can't fix everything, but prioritize the things that matter and are going to move the meter the most. >> So you guys have emerged as one of those kind of new models, the new guard of security, it's interesting, it's been around for 10 years, but yet a lot's changed in 10 years but a lot of evolving. Risk based vulnerability management is the buzzword, R-B- >> V-M >> Okay, really comes from the founder of the company. Why is this becoming an important theme? Because you got endpoints, you got all kinds of predictive stuff with data, you got surface area is growing, but what specifically about this approach makes it unique and popular? >> Yeah, I think what's happening is if you, to really answer that question, you have to look at two different ends of the spectrum in terms of the business, the security side and the IT DevOps and application development side. And at the core of that is what was largely traditional tension. If you think about security teams, operations teams, incident response teams, and if you sit down with them and understand what they do on a day to day basis, beyond the incident response and reaction side, they have a myriad of tools and technologies that discover problems, typically millions of issues. Then you go to the IT side, and the application and DevOps side, and they care about building the next application, making sure the systems are up and running. And what happens is they, we've gotten to the point where they can't possibly fix everything security is asking them to fix, and that's created a lot of tension, people have woken up, started to realize that that tension has to give way to collaboration. And the only way you can do that is enable security to detect all the problems, but then very quickly focus and prioritize on the things that matter, and then go to IT and then tell them specifically what to fix so that they have a high degree of precision and understanding, that the needle will be moved relative to what they're asking them to do. >> So is it the timing of the marketplace and the evolution of the business where it used to be IT that handled it, and now security has gotten broader in its scope, that there's now too many cooks in the kitchen, so to speak? >> Yeah, it's gotten broader in its scope, and there's also been a realization that if you think about the security problem statement, they find all the problems, but if you if you peel back the layers, you quickly realize, they own very little the remediation path. Who fixes-- >> John: They being IT? >> They being security. >> John: Okay. >> Yeah, so it's actually quite fascinating. If you think about who fixes a vulnerability on an operating system like Windows or Linux, it's the IT team. If you think about who fixes or upgrades a Java library or rewrites an application it's DevOps or the application developers, but security's finding all the problems. So they're realizing, as they deploy more tools, find more issues, and increase the amount of data, they've got to get very precise and really enable an entirely new way of collaborating with IT so that they can get them to focus on the things that matter the most. >> Karim, I want to dig into some of the complexity, but first want to get the Caroline on the brand, and the marketing challenge because it's almost an easy job in the sense, because there's a lot of security problems out there to solve, but it's also hard on the other side, is that, where's the differentiation? There's so many vendors out, there's a lot of noise. How are you looking at the marketplace? Because you guys are emerging in with nice, lift on the value proposition, you won some recent awards. How do you view the marketplace? RSA is going to be packed with vendors, it's going to be wall to wall, we get put in the corner, we are going to have small space for theCUBE, but there's a lot there and customers are being bombarded. How are you marketing the value proposition? >> You are right. There's so much noise out there, but we are very clear and precise on the value we bring to our customers, we also let our customers tell the story. So whether it's HSBC, or SunTrust, or Levi, we work with them very closely with those CSOs, with their head of IT to understand their challenges, and then to bring those stories to life so we can help other companies because our biggest challenge is that people just don't know that there's a better solution to this problem. This problem's been around a long time, it's getting worse every day, we're reading about the vulnerabilities that are happening on a regular basis, and we're here to let people know we can fix it, and we can do it in a pretty quick and painless way. >> You had mentioned before we came on camera that when you you're getting known, as the brand gets out there, but when you're in the deals, you win. Could you guys share some commentary on why that's the case? Why are you winning? >> Yeah, by the way, just to piggyback off that a little bit, there is a really interesting paradigm happening within the security space, if you look at the latest publications, I don't know, there are 1400 of us all buzzing around with the same words? I think what Caroline and the team have done an exceptional job on, particularly in relative to the positioning is, we don't want to scare people into looking at Kenna. We want to be more ethereal than that and make them understand that we're ushering in a new way away from tension to an era of collaboration with IT, DevOps and application teams. That's very different than telling somebody in your messaging, Hey, did you hear the latest attack that happened at XYZ? >> Yeah. >> That sort of fear and marketing through FUD, is creating a lot of challenges for organizations, and candidly, is making CISOs and other people in security close the door. >> I've definitely heard that, do you think that's happening a lot? >> I think that's happening a lot. I think we're sort of, I like to think that Caroline and the team are sort of at the forefront of leading that initiative, and you can, and we're doing it in every way possible to really sort of tell a much more positive story about how security can be smarter and spin in a positive light, and in fact, the technology is enabling that, so it's consistent. >> We live in dark times. Unfortunately, a lot of people like, if it bleeds, it leads, and that's a really kind of bad way to look at it. But back to your point about tension and collaborations, I think that's an interesting thread. There's a ton of tension out there, that's real, from the CISO's perspective. Because there's too many teams, I mean, you got, Blue Team, Red Team, IT, governance, compliance, full stack developers, app. So you have now too many teams, too many tools that have been bought and it's like, people have all these platforms, they're drowning in this. How do you guys solve that problem? >> Yeah, it's back to that point of collaboration, and what we've really found that's been interesting in solving that problem, because what we're doing if you step back, is, we're bringing in all these data sources, and where that tension comes in, if you unpack it a little bit, is from different people coming in with different data sources. So IT comes to the table about what to fix, with their own point of view, security comes with their own point of view, application teams come with their own point of view, governance and compliance comes with their point of view. What we do is we come in and even though we're technology, we're really aligning people in process. We're saying, "Look, we're going to to amass all that data, "we're going to very quickly use machine learning "and a bunch of algorithms to sift through "millions of pieces of data "and divine what actually matters." It's empirical, it's evidence based, and we align all the organizations around that filter through risks so that there's agreement on how to measure that, what to prioritize, what to action and what the results look like. And when it turns out that when you get a bunch of people across an organization, to get aligned around data that they all agree with as the source of truth, it gets much easier to get them to really focus on the things that ultimately matter. >> It's a single version of the truth, right? It's a single version that they all can work from. Security isn't telling IT, "This should be your priority today," when they say, "You don't know what my priorities are," is actually the data that's telling them what their priorities are by role, and that's really important and really gets past all the, the friction and the fighting in between the teams. >> Yeah, that's great point, back to my other question when I get back to you Caroline, is what is the success formula look like for you guys? Why are you winning? What are the feedback you're hearing from your customers? Because at the end of the day, references are important, but also, success is a tell sign. So what's the reasons behind the success? >> Yeah, I'll let Karim talk about being face to face with customers, because he does that all the time. But what we're saying is that, the customers are resonating with the story that we're telling, they understand they have the problem we're laying out in a very simple way for, to be able to solve their solution, and that's working. We've redone our positioning, our messaging, we've trained our sales team, people understand the value we can bring, and that's what we're communicating, and that's what's working. >> Karim, please add on that, I want to get more into this. >> Yeah, and on the customer side, what we see and I'll give you a pretty classic example for us with a very large bank that's a customer of ours. We actually started on the security side, right? We sold to their deputy CISO to deploy, and then eventually, they doubled down and then deployed globally across 64 countries. And that happened sponsored by the CIO. Now we're a security company, so you ask the question, well, why did that get driven in that structure? And why did that deal go down ultimately in that way? And what was the real value? The value to the security person was clear, I want to aggregate 10 to 12 different data sources, I want to prioritize, I want to collaborate with IT. The value to the CIO was the CIO happens to own all the application developers and all the IT people and the security people on a global basis. And so what they wanted to do, is they wanted to understand what the risk was for each of the lines of businesses they had within organization so that they can hold the business users accountable to paying a small tax for security, not just developing the next billion dollar high net worth application, which is extremely important to those businesses, but at the same time, ensuring that they're secure. And so that leverage when you start with security, and then branch out in other organizations, especially in large, multinational organizations, is really where the the real value comes into the platform. >> So if I hear you correctly, you come in for security, okay, we can get rid of the noise, help you out, check, win, and then the rest of the organization doesn't have security teams per se, >> Karim: Correct. >> Needs security to be built in from day one. >> Karim: Correct. >> You're providing a cross connect of value to the other teams? >> That's right. >> It's almost like, security is code, if you will. >> Karim: That's right. And nowhere is that more evident in our utilization statistics. So we're a SaaS platform, so of course we, like many other SaaS companies do a bunch of analytics on utilization of our customers, more often than not, in our large scale enterprises, we actually have more IT and non security users logging into Kenna, in a self service model, because they're the ones, back to the point you made earlier, that are actually driving the remediation path. >> Take us through how that works. So say I'm interested, okay, you sold me on it, great, I need the pain relief on the security side, I need the enablement and empowerment on the collaboration side, what do I do? Do I just plug my databases into you? Is it API driven? Are you on Amazon? Are you on Azure? What's cloud? What am I dealing with? Take me through the engagement. >> Yeah, so we're 100% cloud based platform. Multi cloud, so we can deploy in AWS, we can deploy in Google et cetera. And then what we do is we effectively through a bunch of API's called connectors that are transparent to the customers, we enable them to bring in their data. So this is everything from traditional scanning data like Qualys, Rapid7, Tenable, more, newer data like CrowdStrike, Tanium, DaaS SaaS, software composition analysis tools, WhiteHat, Veracode, Black Duck, Sonatype, you name it. The list goes on, specifically, there's about 48 of them. All of that is basically helps us understand what the totality of the attack surface is. That's very useful for security because they're using multiple tools. We then overlay what we call exploit and tell, this is the data that tells us about what attackers are doing in the wild. Specifically, we have 5 billion pieces of data that tell us about what vulnerabilities are being popped, what's the rate of change, what malware are they being embedded in? That use, that information is used through machine learning to help us prioritize and risk score each of the findings we get from the customer tools. And then where it pivots over to IT, is we then allow them to take all of that data and that metadata and asset criticality into what we call risk meters. So they're basically aligned with where, how IT operates. So for example, if you own all the Linux infrastructure in the cloud, you log in, you'll only see the risk across the infrastructure you own. Whereas if Caroline owns all the endpoint real estate across Windows, she logs in and understands what her risk is across Windows. And then we of course, integrate in the ticketing systems to drive the remediation and report up to executives and then over to security, about what the workflow you-- >> So you guys really focusing not so much on the security knock or the sock, it's more on indexing, if you will, for lack of a better description, the surface area, >> Karim: Correct. >> And getting that prepared from a visibility standpoint to acquire the data. >> Karim: That's right. >> And then leveraging that across-- >> Across the organizations, yeah. >> Did I get that, right? >> It's exactly right. And if you ask, if you again, double click deeper on that, what's fascinating to watch, so we have a an annual, or bi annual report that we do called prioritization or prediction, or P2P. And this is all of our customer data completely anonymized in a warehouse, and then we run a bunch of reports, and lot of the analytics we ran initially were around security. Now we're starting to pivot in IT. If you look at our latest report, one of the most interesting things I found in my time here is that the average large scale enterprise has actually no more than 10% remediation capacity, right? So what does that tell you? That tells you that 90% of the problems are going to go unsolved, which pinpoints why it's even more important to have specific prioritization on the things that matter. >> They solve the right 10%. >> At the right time too, >> At the right time. >> 10% capacity, operating capacity, assuming some automation that might take care of some of the low hanging fruit >> Exactly. >> Through DevOps or automation. You can focus on those 10% at the right time, which by the way, if you use that capacity for the wrong problems at the wrong time, it's wasted capacity. >> Karim: That's right. >> That's what you guys are trying to get at, right? >> Karim: That's exactly right, work smarter, not harder. >> So Kenna security, what's the vision? What's the next step? Why should someone care about working with you guys? Why is it important to engage you guys? What's the big deal? Is it the risk based vulnerability, kind of origination invention, which is the core or the DNA, or is it something bigger? What's the vision? What's the why? Yeah, well look for us, we started, our company was actually founded by a gentleman by the name Ed Bellis, who's the ex chief security officer at Orbitz, and he founded the company out of a need. We started very early in the traditional pure vulnerability space. This was like calling Classic Qualys, Rapid7, Tenable. We then expanded into the application world. So this is starting to take in, moving up stack if you will full stack, as the environment moves to cloud, as the environment moves to containers, as the environment moves to configuration management as the environment moves to a much more ephemeral state, that will drive an entirely new set of data sources that will drive an entirely different new set of priorities all aligned with the same model of risk. So our view of the future is that we are the platform that enables the organization to understand the totality of the attack surface, that enables collaboration across all the groups that deal with technology within enterprises, and allows them to really prioritize and understand risk in a way that not only fosters the collaboration, but gives you that return on investment that candidly ultimately CIOs are looking for. >> Caroline the story from a marketing perspective, what's the story you're trying to tell? >> We started this space, our founder Ed Bellis is the father of risk based vulnerability management and he loves it when I say that, but it's 100% true. We are continuing down this path, I mean, there are so many companies that have this problem that don't know that there's a better way to solve it. And so for now, our mission is to make sure that we're educating those people, they understand what's possible to do today, and then continuing from there, so. >> Well, I really appreciate you guys coming in and introducing and sharing more about Kenna Security, we've been seeing successes. I'm going to ask you about what you guys think about RSA, I'd love to get both you guys to weigh in. But before we get to the RSA kind of what's coming, take a quick minute to plug the company. What do you guys looking to do? You hiring? You just got some funding? Give the quick pitches. >> Yeah, sure, we did. We just closed $48 million series D round. We had all of our investors and a new investor, Sorenson Ventures come in. We also had two strategic investors, Citi and HSBC, because we do quite well, that very good validation. And we're also quite prominent in the financial services vertical, it helps that. And so for us, it's really about scaling, right? Scaling people, scaling the technology, scaling capabilities-- >> John: Across the board. >> Across the board. >> Engineering, obviously. >> Engineering, sales, geographies, it's really about getting the word out there and then being able to follow that up with the feed on the street that matter. >> We're definitely hiring, but we're also growing through OEMs. So we have a relationship with VMware, they're embedding us into their app defense products, and so if you buy app defense from VMware, you are buying Kenna whether you know it or not. >> So you're going to be an ingredient in other products. >> That's right. >> And or direct or indirect, probably some channel ecosystem opportunities? >> That's right. >> So we're growing on the technology partner OEM front, definitely interested in talking to companies that are interested on that front. >> We should do a whole segment on my fascination with what I call tier two or tier 1B clouds, specialty clouds, security clouds. So maybe do that another time. Okay, final question for you guys. RSA is coming this year 2020, and then a series of other events. Cloud Security has been a hot topic since re:Inforce last year was launched, we were there, kicking off theCUBE in security. What do you guys expect this year at RSA? What do you think the big themes are going to be? The hype? The meat on the bone? What's the real deal? What's the hype? What do you guys think is going to happen? >> Karim: I'll let you start. >> Yeah, I can tell you our theme is the right fight club. Because we are focused on the right fight that you need to have every day inside your enterprise. It's not focused on all the vulnerabilities that are hitting you because they're hundreds of thousands of them, millions of them, and there's going to be more every single day, it's about fighting the right fight. So if you come by our booth, you'll see that, it's going to be very exciting-- >> And of course, don't talk about the Fight Club vulnerabilities. (Karim laughs) >> You know the rules of the fight club. >> The first rule is to talk to Kenna about the right fight club. That is the first rule. >> That's cool. >> Yeah, I mean, it's interesting. Every, as you very well know, every year when people walk away from RSA, there's a few blogs that are written about what was the theme this year, I suspect this year's in security specifically, is going to be about AI driven security. We've been starting to see that for a while, it started to bleed into last year's event. I think for us in particular, we have a very particular point of view, and our book point of view is that doesn't matter if it's ML, if it's AI, or what type of algorithms you're running, the question is, what's the value? What is the value when you have 1400 people all screaming to get in the door of an organization? Everybody really has to begin to answer that question fundamentally. And I think the people that have that position in the market are the people that are going to be able to stand out. It's interesting, as always the hype with AI, but it's interesting, I was just trying to figure out when the term there is no perimeter was kind of first coined in theCUBE, I'm thinking probably about five years ago, it really became a narrative and then more recently, with the cloud, the perimeter is dead. Edge is out there. >> Karim: Right. >> So this is, what's the gestation period of real scalable security post perimeter is dead. It's interesting, is it years, is it seems to be hitting this year. It seems to be the point where, okay, I tried everything, now I've got to be data driven or figure out a way to map the surface area. >> That's right. >> End to end. Well, thanks to Kenna Security coming in, a solution for figuring out the vulnerabilities with a real invention. We're going to be covering security at RSA with Kenna Security and others. Thanks for watching, this is theCUBE. (upbeat music)

>> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at PagerDuty Summit 2017, the second year at this event in downtown San Francisco, downtown Pier 27 out on the water. Beautiful day outside, and we're really excited to have the CFO of this fast growing company. He's Steven Gatoff, as I said, CFO of PagerDuty. Steven, nice to see you. >> Right on, thanks. Good to be here. >> Absolutely. So you've been with the company since January, so relatively new and yet you've been here for a funding round, things are moving. We've just had Jennifer on, she's just always full of energy. So first off, welcome to the company. And what attracted you to PagerDuty? >> A lot, particularly the whole disruption, the whole notion of driving change. If not even defining a new industry. The ability, and kind of from a financial standpoint also of seeing a company and a product evolve from a very cool software tool to an operations platform. And that is something that I was lucky enough to do at my last company, at Rapid7, where it was a similar journey and value creation exercise of moving from tool to platform, and disrupting an industry. And we did it there in the security space, in cybersecurity, and it was a great run. And then I got lucky enough to get connected with Jennifer and the team here, and realized there was a similar journey, similar value prop, albeit in a much larger TAM across all of operations. >> It's funny the kind of stepping function of: Is it a feature or is it a tool? Or is it an application? And of course everybody wants to get to the platform play, but nobody's got a line-item that they need to purchase a new platform in Q4, 2017. So you really need to have that application focused to lay the groundwork for the platform play, but if you can make the transition, obviously a huge opportunity. >> So that's a great, we should have you engage with customers because that is spot on, particularly here, and I think that's some of the excitement about the summit, because it's really the first coming out, if you will, for us of digital operations management, where we have been so successful in the past at the tool level, with the practitioner, with helping make their lives better, and all of that value-creation around what they do, and then a little bit of the context, it's sometimes better to be a little lucky than smart with some hard investment and input that we've done in the product that has evolved to the platform notion, but as you you've heard and talked with people, it's starting to come to fruition. With the whole notion of decentralization of operations, of the whole disappearance of centralized command and control across organization. It's kind of a modern-day digital ops analogy to software rules the world. It's really digital and cloud rules the world. So people need to do their job, and they need to focus on what creates value, whether it's marketing or finance, or software development, and with all of the influx of tools that they use, whether it's applications or infrastructure, we have this neat little niche where we're able to provide people the visibility and the knowledge to know what's going on and how things are working so they can focus on what they do, and that's pretty cool. >> So everybody's a software company now, right? Everybody's delivering software wrapped in some type of product or service. We hear that all the time, but I'm just curious to get your perspective from a CFO. Obviously public company CFOs have very specific tasks that they are given based on regulations, governments and stuff, but you're not there yet, in terms of the company, so what are some of the things that a CFO does in this stage of a company where you can really impact the growth. What do you do day-to-day besides just filing quarterlies and these types of activities. >> Hopefully someone else is going to be focused on that. The most fun about the role and the real value-add is really providing support and insight and visibility to the rest of the company. So kind of an Uber service provider to our stakeholders, to our exec team, to our employees, to our board and investors, and what we're really trying to do is provide a CFO, provide visibility to what happened, how have we done, what has the performance been, what did we think it was going to be, and why did that happen, and then visibility going forward. What is the road ahead look like, financially? Where are we growing, how are we growing, how are we investing our funds, what kind of returns are we getting from a profile of investment of cost versus what it generates in revenue and yield. That's the fun part about bringing people along on that journey. Whether they're in finance or marketing, that people understand what we're investing in, what they're investing in, what the returns are from that, and how we grow in scale. >> Growing and scaling is really interesting, right? Because growing and scaling is a good thing, but there's also some bad parts of growing and scaling. There's the joke like B to C guy. Guess what: you just got to order from Wal-Mart, good news. Bad news: you just got to order from Wal-Mart. You better start building stuff. >> Be careful what you ask for. >> Managing growth is an interesting dynamic, because you don't want to get too far over your skis, and yet, especially here in Silicon Valley, where it's all about growth. You're not a big throwing-off-dividends, cash company, AT&T back in the day. So when you look at some of the factors, what are some of the things to think about that maybe people don't really think about when you're trying to map out your growth. You guys are going international, just put a few extra bucks in the bank. >> I'll tell ya, one of the most significant things that is very difficult, very easy and obvious to say and talk about, is the whole dynamic of introducing the ability for a company to scale and do things well in large format at low costs, low friction, and not become a bureaucracy. So not to introduce too much process, too much control, too much front-end prevention, while at the same time, making sure people are doing smart things, that you're doing smart business, that people aren't getting too far out over their skis on committing capital, or committing the company to do something. You want to support people by putting in the big three: people, process, and technology in a way that the company can grow without hindering growth. You see that in so many different areas as you grow and you start building up your finance functions and you put in ERP systems, so you don't want it to be too cumbersome. Similarly, you bring functions like legal in-house. In some companies I've been at, folks get really nervous. Like: Oh no, now we're going to have a no person killing deals. The nice thing that I've experienced here at PagerDuty is that the sales folks have really yearned and craved that input and leadership, saying "hey, when are we getting "a new head of legal, when are we getting a team "to come help us craft deals and drive things forward?" So it's a little bit of an art, less a science insofar as bringing in resources, putting in processes, putting in systems to help marketing, sales, engineering-- really those three, do their craft and do it well with less friction and without more bureaucracy and too much oversight. >> One more question. As you've seen the growth of open source, and API economy, and a platform versus an application where you get much more value by opening up the API to a broader community, and yet at the same time maybe you're not protecting quite the same level of IP protection which, before, everything was kept in-house. We had no open source projects, and it was all of our IP. But really, the former is proving to be a much more valuable way to go to market. As you've seen that evolve, what's your take on it? Obviously you got a good ecosystem that is developing here. There's a big expo hall upstairs. It's a very different way to build value. >> It is, and in my humble opinion, it's really based on the user, and for me that's the most significant metric of value creation. At the end of the day, how many users do you have on your platform? And if you look at it from that perspective, the driver to getting users to come into the platform is an open, high integration, user-based focus on what they can use, not a walled garden approach. So the value comes in what you're able to do, not the propriety of your code. In that regard, having a high integration-- the whole PagerDuty text stack is about integrating with 200+ different applications and pieces of infrastructure so that users can, therefore, get the greatest value from everything else they're investing in and spending on. So you've created a valuable company like RedHat and other folks have, based on the ultimate of open source, where you provide a valuable service that is not necessarily the propriety of your code-- to your point, intellectual property, Albeit, there's a pretty decent amount there, it's really the competitive advantage, the time to market, the heavy lifting and steep curve on being able to integrate everything that's out there, correlate what's out there, too, which is a difficult task and takes a lot of time and money to learn and get good at, and that in and of itself is a tremendous amount of value to users. >> Well, Steven, great insights and enjoy your journey. I'm sure Jennifer will keep you movin' and hustlin' down the road. Thanks for taking a few minutes out of your day. >> Thank you. >> All right, he's Steven, I'm Jeff, you're watching theCUBE. We're at PagerDuty Summit 2017 in San Francisco. Thanks for watching. (upbeat music)