>>Mhm Yes. Welcome to this cube conversation. I'm john Kerry host of the cube here in Palo alto California. We've got two great guests all the way from Ohio and here in the bay area with sequence securities is our focus on cloud growth companies. Sri and met a co founder and CTO of sequence security and Jason Kent hacker in residence at sequence security. We're gonna find out what that actually means in the second but this is a really important company in the sense of A P. I. S. As they are starting to be the connective tissue between systems and and data. Um you're starting to see more vulnerabilities, more risk but also more upside. So risk, reward is high. And anyone who's doing things in the cloud obviously deals with the A. P. I. So Trey and Jason. Thanks for let's keep conversation. >>Happy to be here >>guys. Let's let's talk about A P. I. Security. And but first before we get there trans what does sequence security do? What do you guys specifically build? And what do you sell >>sequences in the business protecting your web and um A P. I. S from various kinds of attacks? Uh We protect from business logic attacks, A P. I. Uh do your api inventory, uh also the detect and defend against things like a town taker. Where's fake account creation, scraping pretty much anything and everything. An application on a PDA is exposed to from from the Attackers. >>Jason. What do you what do you do there as hacker and residents? I also want to get your perspective on api security from the point of view of, you know, uh attack standpoint from a vector. How are people doing it? So first explain what you do and uh love the title hacker and residents. But also what does that actually mean from a security standpoint? >>Yeah. So we can't be in the business that we're in without having an adversarial approach to where our customers are deployed and how we look at them. So a lot of times I spend my time trying to be on the client's backdoors and and try to hit their A. P. I. S. With as many kinds of attacks that I can. It helps us understand how an attacker is going to approach a specific client as well as helps us tune for our machine learning models to make sure that we can defend against those kinds of things. Um as a hacker and residents, my mostly my position is client facing. But I do spend an awful lot of time being research and looking for the next api threat that's out there. >>You gotta stay ahead of the bad guys. But let's bring up some kind of cutting edge relevant topics. One is all over the news cycle. You heard peloton, very highly visible company, It represents that new breed of digital companies that have a new approach and it's absolutely doing very, very well. The new consumers like this product and you're seeing a lot more peloton, like companies out there that are leveraging technology, so they're fully integrated, they had an A. P. I. Issue recently. Um what does it mean? Is that, is that something we're gonna see more of these kind of leaks in these kind of vulnerabilities? What do you guys think about this political thing, >>You know, from an attacker's perspective as a really boring attack? Um, but it led to a huge amount of data leaking out. Same with, you know, the news has been been right with this lately, right, john Deere got hit. Um We've seen yet another credit bureau got hit right. Um and these attacks are coming off as fairly simple attacks that are dumping huge amounts of data, just proving that the FBI attack surface is really a great place to get a rich amount of data, but you have to have a good understanding of how the application works so you can spend a little bit of time on it. But once you've taken a look at how the data flows, you end up with, you know, pretty rich data set as an attacker. I go after them just by simply utilizing their products, utilizing the programs and understanding how they work. And then I drag out all the pieces that I think are going to be interesting and start plucking away at it. If I see a like a profile, for instance, that I can edit, I wonder can I edit someone else's profile. And this is how the peloton attack work. I'm logged in, I'm allowed to see my things, what other things can I see? And it turns out they can see everything. >>So we also saw a hack with clubhouse, which is the hot app now I think just opened up to android users, but they were simply calling it back and Agora, which is, you know, I've seen china, but once you've understood that the tokens work, once you understood what they were doing, you could essentially go in and figure things out. There seems to be like pretty like trivial stuff, but it gets exposed. No one kind of thinks it through. How does someone protect themselves against these things? Because that's the real issue, like just make it less secure. Our Api is gonna be more secure in the future. What can customers do about what do you guys to think about this? >>Yeah, but the reality is, I mean that's just uh too many babies out there. I mean if you see the transition that is happening and that is the transformation where it used to be like a one app or two apps before and now there are like hundreds and thousands of applications driven by the devops world, a child development and and what matters is, I mean the starting point really is you cannot protect what, you cannot see what used to be. Uh an up hosted in your data center is now being hosted in the cloud environments, in the virtual environments, in several less environments and coordinators, you name it, they're out there. So the key is really to understand your attack surface, that's your starting point. So you're you're tooling your applications need to uh I need to be able to provide that visibility that that that is needed to protect these applications and you can't rely just on your developers to do this for you. So you need a right tool that can secure these applications, >>Jason what's the steps that an attacker takes to uncover vulnerabilities? What goes through the mind of the attacker? Um I mean the old days you used to just do port scans and try to penetrate you get through the perimeter. Now with this no perimeter mindset, the surface area Schramm was talking about is huge. What what's going on the mind of the attacker here and the A P I S and vulnerabilities. >>So the very first thing that we do is we sign up for an account, we use the thing, right? We look at all the different endpoints. Um I've got scripts running in my attack tools that do things like show me comments uh in case the developer left some comments in there to tell me where things are. Um I basically I'm just going to poke around using it like a regular user, but in that I'm going to look for places. That makes sense to try to do an attack. So the login screen is a really easy thing. Everybody understands that you put in a user name, you put in a password, you can't go. What I'm gonna do is put in a bad username and a bad password. I'm gonna put in a good user name and a bad password and I'm gonna see what changes, what are the different things that your application is telling me. And so when we look at an application for flaws and ways to get to the data on the back end, all we're doing is seeing what data do you present me on standard use. And then I'm going to look at, well, how can I change these parameters or what are the things that I can change in my requests to get a different response? So in the early phases of an attack, Attackers are very difficult to a seat. Right. They just look like a regular user just doing regular things. It's when we decide. All right. I've found something that starts to get actually interesting and we start to try to pull data out. >>What are some of the common vulnerabilities and risks that you guys see in the A. P. I is when you look when you poke at them that people are are doing is that they're not really doing their homework. Doing good. Security designers are just more of tech risk. What's the most common vulnerabilities and risks? >>Well, so for me, I I've noticed a lot of the OAS KPI top 10, the first couple of things you see them on almost all applications, so broken object level authorization is the first one. It's mouthful. Um but basically all it is is I log onto the platform, I'm authorized to be there, but I can see someone else's stuff and that's exactly what happened in peloton. Um that and what we call insecure direct object reference where I don't have to be logged in, I can just make the request without any authentication and get information back. So those are pretty common areas um that you know people need to focus on, but there's a few others that are outside the top 10 that really make a lot more sense as a defender strains probably has a little better answer to me. >>Yeah. So um I'm like like we said um creating that inventories is key, but where are they being hostess? Another another aspect of things. So so when when Jason spoke about um like hackers are actually probing, trying to figure out what are the different entry points? It could be your production environment, it could be your QA environment staging environment and you're not even aware of, but once you've actually figured out those entry points, the next step of attack was like at peloton and and other places is really eggs filtering. Exfiltrate ng that that information. Right. Is it, is it the O P II information, ph I information um and and you don't want to exfiltrate as a hacker, just one person's information. You you're automating that business logic that is behind it ability to protect and defend against those kinds of attacks, giving that visibility, even though you might not have instrumented that application for for that kind of visibility is key. Once you are bubbling up those behaviors, then you can go ahead and and and protect from these kinds of attacks. And it could be about just simply enumerating through I. D. S. Uh that paladin might have or uh experience might have and just enumerate through that and exfiltrate the information behind it. So the tools need to be able to protect from those kinds of attacks out there. >>Yeah, I think I was actually on clubhouse when um that went down that hole enumerating through the I. D. S. Room I. D. S. And then the people just querying once they got an I. D. They essentially just sucked all the content out because they were just calling the back end. It was just like the most dumbest thing I've ever seen, but they didn't think about, I mean, you know, they were just rushing really fast. So So the question I have for transit and on a defense basis, people are going first party um with a P. I. S. A. P. I. First strategies because it's just some benefits there as we were talking about what do I need to do to protect myself? So I don't have that clubhouse problem or the pelton problem. Is there a Is there a playbook or is their software tools that I could use? How do I build? My apologies from day one and my principles around it to be good hygiene or good design? What's the what's the >>yeah. So aPI security is sort of a looking uh less known given that it's constantly evolving and changing. And the adoption of A P. S. Have gone up significantly. So what you need to start with effectively is the runtime security aspect of things. When a an aPI is live, how do I actually protected? And it ranges from simple syntactic protection things around people. Can can go ahead and break these ap is by providing sort of uh going after endpoints that you don't think exist anymore or going after certain functions by giving large values that they're not sort of coded to accept and so on so forth. Once you've done that runtime protection from a syntactic aspect, you also need to protect from a business logic aspect. I mean, mps will will expose uh information, interact with the customers and partners, what what business logic are they actually exposing and how can it be abused? Understanding that is another big aspects and then you can go ahead and protect from a runtime uh from a long time security perspective, once you've done that and understood that, well then you can start shifting lap things, invest in your uh sort of uh Dass tools or static analysis tools which can catch these things early so that they don't bubble up all the way, but none of them are actually silver bullets, right? So that you have a good uh time security tools, so I don't need to invest in dust or assessed whatever I have invested in my shift left aspect of things and uh and nothing will flow through. So you you need to start shifting left uh but covered all your bases properly, >>you can't shift left, there's nothing to shift from. I mean if you don't have that baseline foundation, what does that even mean to shift left and get that built into the Ci cd pipeline? So that's a great point. How does how does someone and some companies and teams set that foundation with the run time? Do you think it's a critical problem right now or most people are do a good job or they just get get lazy or just lose track of it or you know what, what's what's the common um, use case? Do you see behavior behaviorally inside these enterprises? >>Yeah. So what, what we're seeing is adoption of new technologies and environments um, and they're not um, well suited for the traditional way of doing that time. Security. Like if if you have an app running in your kubernetes environment, if you have an app running in in in a serval less environment, how do you actually protected with the traditional appliance based approach? So I think being able to get that visibility into these environments, understanding the the user behavior, how these applications are interacted with being able to differentiate from that uh, normal human behavior or even sometimes legitimate automation uh from from the malicious intents or or the the probing and the business logic attacks is key to understanding and defending these applications. >>Before we wrap up, I want to just get your expert opinion since you guys are both here around, you know, the next level of of innovation. Also you got cloud public cloud showed us a P. I. S are great. Now you're starting to see cloud operations, they call day two operations or whatever you call it A IOP. There's all kinds of buzz words are for it, but hybrid cloud and multi cloud, Edge five G. These are all basically pointing to distributed computing systems, basically distributed cloud. So that means more A P. I. Is gonna be out there. Um So in a way the surface area of a piece is increasing. What's your what's your view on this as a market? I mean, early days developing fast and what's, what's the, what's the landscape look like? What do you guys see from a attack and defense standpoint? >>Well, just from the attacker's perspective, you know, I see a lot more traffic going, what we call east west traffic, where it's traveling inside the application, it's a P is feeding a ps more data. Um, but what is really happening is we're trying to figure out how to hook third parties into our api is more and more. The john Deere attack was just simply their development api platform that they open up for other organizations to integrate with them. Um, you know, it's, it's very beneficial for John Deere to be able to say I planted this seed at an inch and a half of depth and later, uh, I harvested 280 bushels of corn off that acres. So I know that's perfect. I can feed that back to my seed guy. Well that kind of data flow that's going around from AP to AP means that there's far more attack surface and we're going to see it more and more. I I don't think that we're going to have less Ap is communicating in the near future. I think this is the foundation that we're building for what it's gonna look like for almost every business in the near term. >>I mean this is the plumbing of integration. I mean as people work with each other data transfer, data knowledge format, you mentioned syntax and all these basic things in computer science are coming to A PS which was supposed to be just a dumb pipe or just, you know, rest api those glory days now it's not there. They're basically, it's basically connections. >>Yeah. You're absolutely right. John, I mean like what Jason mentioned earlier, uh, in terms of the way the A. P. I. S are going to grow and the bad guys are going to go after it. You need to think like a bad guy, what are they going to go after? Uh, these assets that are going to be in the cloud, in your hybrid environment, in in your own prem environment. And, and it's, it's a flip of a switch where an internal API can be externally exposed or, or just a new api getting rolled out. So all those things you need to be able to protect, um, and get that visibility first and then being then protect these environments. >>That's awesome. You guys represent the new kind of company that's going to take advantage of the cloud scale and as people shift to the new structural change and people are re factoring security, This is an area that's going to be explosive in development. Obviously the upside is huge. Um Quickly before to end, you guys take a minute to give a plug for the company. Um This is pretty cool. I love love what you guys do. I think it's very relevant and cool at the same time. So sequence security. What are you guys doing funding hiring? What's the plug? Tell folks about it. >>Yeah. So uh we we we started about six years ago but we like starting in the the body defense space by focusing on obscenity ice. And from then we we've grown and we've grown significantly in terms of our customer base, the verticals that we're going after in financial retail social media, you name it, we are there because pretty much all these these uh articles depends on A. P. I. S. To interact with their customers. Uh We've we've raised our cities we last year we've we've grown our customer base. Uh Just in the last year when there was a lockdown people were all these retailers were transforming from brick and mortar to online. Social media also also grew and we grew with them. So >>Jason your thoughts. >>I think that sequence is his ability to scale out to any size environment. We've got a customer that does a billion and a half transactions a month. Um That are ap is from 1000 other clients of theirs. Being able to protect environments that are confusing and cloudy like that. Um Is really it makes what we do shine. We use a lot of machine learning models and ai in order to surface real problems. And we have a lot of great humans behind all of that, making sure that the bad guy maybe they're right now, but they're going away and we're going to keep them away. >>It's super, super awesome. I think it's a combination of more connections, distributed computing at large scale with a data problem. That's, that's playing out. You guys are solving great stuff and hey, you know when the cube studio ap I gets built, we're gonna need to call you guys up to to help us secure the cube data. >>Absolutely right. Absolutely. >>Hey, thanks for coming on the q Great uh, great insight and thanks for sharing about sequence. Appreciate you coming on, >>appreciate the time. >>Okay. It's a cube conversation here in Palo alto with remote guests. I'm john for your host. Thanks for watching. Yeah.

>> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're having a Cube conversation in our Palo Alto studio, the conference season hasn't got to full swing yet, so we can have a little bit more relaxed atmosphere here in the studio and we're really excited, as part of our continuing coverage for the Data Makes Possible sponsored by Western Digital, looking at cool applications, really the impact of data and analytics, ultimately it gets stored usually on a Western Digital hard drive some place, and this is a great segment. Who doesn't like talking about sports, and football, and advanced analytics? And we're really excited, I have John Pollard here, he is the VP of Business Development for Zebra Sports, John, great to see you. >> Jeff, thanks for having me. >> Absolutely, so before we jump into the fun stuff, just a little bit of background on Zebra Sports and Zebra Technologies. >> Okay well, first, Zebra Technologies is a publicly traded company, we started in the late 1960s, and really what we do is we track enterprise assets in industries typically like healthcare, retail, travel and logistics, and transportation. And what we've done is take that heritage and bring that over into the world of sports, starting four years ago with our relationship with the NFL as the official player tracking technology. >> It's such a great story of an old-line company, right? based in Illinois-- >> Yeah, Lincolnshire. >> Outside of Chicago, right? RFID tags, and inventory management, and all this kind of old-school stuff. But then to take that into this really dynamic world, A, of sports, but even more, advanced analytics, which is relatively new. And we've been at it for a few years, but what a great move by the company to go into this space. How did they choose to do that? >> Well it was an opportunity that just came to them through an RFP, the NFL had investigated different technologies to track players including optical and a GPS-based technologies, and now of course with Zebra, our location and technologies are based on RFID. And so we just took the heritage and our capabilities of really working at the edge of enterprises in those traditional industries from transactional moments, to inventory control moments, to analytics at the end, and took that model and ported it over to football, and it's turned out to be a very good relationship for us in a couple of ways. We've matured as a sports business over the four years, we've developed more opportunities to take our solutions, not just in-game but moving them into the practice facilities for NFL teams, but it's also opened up the aperture for other industries to now appreciate how we can track minute types of information, like players moving around on the football field, and translating it into usable information. >> So, for the people that aren't familiar, they can do a little homework. But basically you have a little tag, a little sensor, that goes onto the shoulder pads, right? >> There's two chips. >> Two chips, and from that you can tell where that player is all the time and how they move, how they fast they move, acceleration and all the type of stuff, right? >> Correct, we put two chips inside of the shoulder pads for down linemen, or people who play with their hands on the ground, we put a third chip between the shoulder blades. Those chips communicate with receiver boxes that have been installed across the perimeter or around the perimeter of a stadium, and they blink 12 times per second. And that does tell you who's on the field, where they are on the field, and in proximity to other players on the field. And once the play starts itself, we can see how fast they're going, we can calculate change of direction, acceleration and deceleration metrics, we can also see, as you know with football, interesting information like separation from a wide receiver in defensive back, which is critical when you're evaluating players' capabilities. >> So, this started about four years ago, right? >> Yes, we started our relationship with the league in-game, four years ago. >> Okay, so I'd just love to kind of hear your take on how the evolution of the introduction of this data was received by the league, received by the teams, something they'd never had before, right? Kind of a look and feel and you can look at film, but not to the degree and the tightness of tolerances that you guys are able to deliver. >> Well, like any new technology and information resource, it takes time to first of all determine what you want to do with that information, you have an idea when you start, and then it evolves over time. And so what we started with was tagging the players themselves and during the time, what we've really enjoyed in working with the NFL is that the league has to be very pragmatic and thoughtful when introducing new technologies and information. So they studied and researched the information to determine how much of this information do they share with the clubs, how much do they share with the fans and the media, and then what type of information sharing, what does that mean in terms of impact of the integrity of the game and fair competition. So, for the first two years it was more of a research and testing type of process, and starting in 2016 you started to see more of an acceleration of that data being shared with the clubs. Each club would receive their own data for in-game, and then we would start to see some of that trickle out through the NFL's Next Gen Stats brand banner on their NFL.com site. And so then we start to see more of that and then what I think we've really seen pick up pace certainly in 2017 is more utilization of this information from a media perspective. We're seeing it more integrated into the broadcasts themselves, so you have like kind of a live tracking set of information that keeps you contextually involved in the game. >> Right. And you were involved in advanced analytics before you joined Zebra, so you've been kind of in this advanced stats world for a while. So how did it change when you actually had a real-time sensor on people's bodies? >> Yeah it does feel a bit like Groundhog Day, right? I started more in the stats and advanced analytics when I worked for STATS LLC. In 2007, I developed a piece of software for the New Orleans Saints that they used to track observational statistics to game video. And it was a similar type of experience in starting in 2009 and introducing that to teams where it took about three or four years where teams started to feel like that new information resource was not a nice to have but a need to have, a premium ingredient that they could use for game planning, and then player evaluation, and also the technology could provide them some efficiencies. We're seeing that now with the tracking data. We just returned from the NFL Combine a couple weeks ago, and what I felt in all the conversations that we had with clubs was that there was a high level of appreciation and a lot of interest in how tracking data can help facilitate their traditional scouting and player evaluation processes, the technology itself how can it make the teams more efficient in evaluating players and developing game plans, so there's a lot of excitement. We've kind of hit that tipping point, if I may, where there's general acceptance and excitement about the data and then it's incumbent upon us as a partner with the league and with the teams for our practice clients to teach them how to use the analytics and statistics effectively. >> So I'm just curious, some of the specific data points that you've seen evolve over time and also the uses. I think you were talking about a little bit off camera that originally it was really more the training staff and it was really more kind of the health of the player. Then I would imagine it evolved to now you can actually see what's going on in terms of better analysis, but I would imagine it's going to evolve where coaches are getting that feedback in real-time on a per-play basis and are making in-game adjustments based on this real-time data. >> Well technically that's feasible today but then there's the rules of engagement with the league itself, and so the teams themselves, and the coaches, and the sideline aren't seeing this tracking data live, whether it be in the booth or on the sidelines. Now in a practice environment, that's what teams are using our system for. With inside of three seconds they're seeing real-time information show up about players during practice. Let's take an example, a player during practice who's coming back from injury. You might want to monitor their output during the week as they come back and they make sure that they're ready for the game on a week to week basis. Trainers are now able to see that information and take that over to a position coach or a head coach and make them aware of the performance of the player during practice. And I think sometimes people think with tracking data it's all about managing in the health of the player and making sure they don't overwork. Where really, the antithesis of that is you can actually also identify players who aren't necessarily reaching their maximum output that will help them build throughout the week from peak performance during a game. And so a lot of teams like to say okay, I have a wide receiver, I know their max miles per hour, is, let's use an example, 20.5 miles an hour. He hasn't hit his max yet during the entire week, so let's get him into some drills and some sessions, where he can start hitting that max so that we reduce the potential for injury on game day. >> Right, another area that probably a lot of people would never think is you also put sensors on the refs. So you know not only where the refs are, but are they in the right positions technically and kind of from a best practices to make the calls for the areas that they're trying to cover. >> Right. >> There's got to be, was their a union pushback on this type of stuff? I mean there's got to be some interesting kind of dynamics going on. >> Yeah as far as the referees, I know that referees are tagged and the NFL uses that information and correlates that with the play calls themselves. We're not involved in that process but I know they're utilizing the information. In addition to the referees I should add, we also have a tag in the ball itself. >> [Jeff] That's right. >> 2017 season was the first year that we had every single game had a tagged ball. Now that tagged information in the ball was not shared with the clubs yet, the league is still researching the information, like they did with the players' stuff. A couple years of research, then they decide to distribute that to the teams and the media. So we are tracking a lot of assets, we also have tags in the first down markers and the pylons and I'll just cut to the chase, there are people who will say okay, does that mean you can use these chips and this technology to identify first down marks or when a ball might break the plane for a potential touchdown? Technically you can do that, and that's something the league may be researching, but right now that's not part of our charter with them. >> Right, so I'm just curious about the conversations about the data and the use of the data. 'Cause as you said there's a lot of raw data, and there's kind of governance issues and rules of engagement, and then there's also what types of analytics get applied on top of that data, and then of course also it's about context, what's the context of the analytics? So I wonder if you could speak to the kind of the evolution of that process, what were people looking at when you first introduced this four years ago, and how has it moved over time in terms of adding new analytics on top of that data set? >> That's one of my favorite topics to talk about, when we first started with the league and engaging teams for the practice solution or providing them analytics, they in essence got a large raw data file of XY coordinates, you can imagine (laughs) it was a gigantic hard drive-- >> Even better, XY coordinates. >> And put it into a spreadsheet and go. There was some of that early on and really what we had to do through the power of software, is develop and application platform that would help teams manage and organize this data appropriately, develop the appropriate reports, or interesting reports and analysis. And over the last two or three years I think we've really found our stride at Zebra in providing solutions to go along with the capabilities of the technology itself. So at first it was strength and conditioning coaches, plowing through this information in great detail or analytics staffs, and what we've seen over the last 24 months is director of analytics now, personnel staff, coaches as well, a broadening group of people inside of a football organization start to use this data because the software itself allows them to do so. I'll give an example, instead of just tabular information, and charts and graphs, we now take the data and we can plot them into a play field schematic, which as you know as we talked off camera you're very familiar with football, that just automates the process of what teams do today manually, is develop play cards so they can do self-study and advanced scouting techniques. That's all automated today, and not only that, it's animated because we have the tracking information and we can merge that to game video. So we're just trying to make the tools with the software more functional so everybody in the organization can utilize it beyond strength and conditioning, which is important, but now we're broadening the aperture and appealing to everybody in the organization. >> Do you do, I can just see you can do play development too, if you plug in everybody's speeds and feeds, you have a certain duration of time, you can probably AB test all types of routes, and timing on drops and now you know how hard the guy throws the ball to come up with a pretty wide array of options, I would imagine within the time window. >> Exactly, a couple of examples I could give, when we meet with teams we have every player, let's say on a team and we know all the routes they ran during an entire season. So you can imagine on a visualization tool, you can imagine, it's like a spaghetti chart of different routes and then you start breaking down the scenarios of context like we talked about earlier, it's third down, it's in the red zone, it's receptions. And so that becomes a smaller set of lines that you see on the chart. I'll tell you Jeff, when we start meeting with teams at the Combine and we start showing them their X or a primary receiver, or their slot receiver tendencies visually, they start leaning forward a bit, oh my goodness, we spend way too much time on the same route when we're targeting for touch down passes. Or we're right-handed too much, we have to change that up. That's the most gratifying thing, is that you're taking a picture and you're really illuminating and those coaches who intrinsically know that, but once they see a visual cue, it validates something in their head that either they have to change or evolve something in their game plan or their practice regimen. >> Well, that's what I was going to ask, and you lead right into it is, what are some of the things that get the old-school person or the people that just don't get that, they don't get it, they don't have the time, they don't believe it, or maybe believe it but they don't have the time, they're afraid to understand. What are some of those kind of light bulb moments when they go okay, I get it, as you said, most of the time if they're smart, it's going to be kind of a validation of something they've already felt, but they've never actually had the data in front of them. >> Right, that's exactly right. So that, the first thing is just quantifying, providing a quantifiable empirical set of evidence to support what they intrinsically know as professional evaluators or coaches. So we always say that they data itself and the technology isn't meant to be a silver bullet. It's now a new premium ingredient that can help support the processes that existed in the past and hopefully provide some efficiency. And so that's the first thing, I think the visual, the example I showed about the wide receiver tendencies when they're thrown to in the red zone, that always gets people leaning forward a little bit. Also with running backs, third down in three plus yards, or third down in short situations, and my right-hander to left-hander when I'm on a certain hash. Again the visualization just allows them to really mark something in their head-- >> Just in the phase. >> Where it makes them really understand. Another example that's interesting is players who play on special teams who are also wide receivers, so as we know, linebackers and tight ends tend to be, and quarterbacks tend to be involved in special teams. Well is there an effect when they've covered kick offs and punts, a large amount of those in a game, did that affect them on side a ball play, for instance? Think about Julian Edelman two Superbowls ago, he played 93 snaps against the Atlanta Falcons. and when you look at the route-- >> [Jeff] He played 93 snaps? >> Yeah, between special, because it went into overtime, right? It was an offensive game-- >> And he's on all the-- >> He played a lot of snaps, he played 93 snaps. how does that affect his route integrity? Not only the types and quality of the route, but the depth and speed he gets to those points, those change over time. So this type of information can give the experts just a little bit more information to find that edge. And I have a great mentor of mine, I have to bring him up, Gill Brant, former VP of Personnel to Dallas Cowboys, with Tex Schramm and Tom Landry, he looks at this type of information and he says, what would a team pay for one more victory? >> So as we know, all coaches and professional organizations and college are looking for an edge, and if we can provide that with our technology through efficiencies and some type of support information resource then we're doing our job. >> I just wanted to, before I let you go, just the human factors on that. I mean, football coaches are notoriously crazy workers and, right, you can always watch more films. So now you're adding a whole new category of data and information. How's that being received on their side? Is it, are they going to have to put new staff and resources against this? I mean, there's only so many hours in a day and I can't help but think of the second tier or third tier coaches who are going to be on the hook for going through this. Or can you automate so much of it so it's not necessarily this additional burden that they have to take on? 'Cause I would imagine if the Cowboys are doing it, the Eagles got to do it, the Giants got to do it, and the Washington Redskins got to do it, right? >> Right, right, well each team as you might expect, their cultures are different. And I would say two or three years ago you started to see more teams hire literally by title, director of analytics, or director of football information, instead of sharing that responsibility between two or three people that already existed in the organization. So that staffing I think occurred a couple, two or three years ago or over the last two or three years. This becomes another element for those staffs to work with. But also along that process over the last two or three years is, really, I always try to say in talking to teams and I'll be on the road again here soon talking to clubs after pro days conclude, is forget about staffs and analytics and that idea. Do you want to be information driven, and do you want to be efficient? And that's something everybody can grasp onto, whether you're the strength and conditioning coach, personnel staff or scout, or a position coach, or a head coach, or a coordinator. So we try to be information driven, and then that seems to ease the process of people thinking I have to hire more people. What I really need to do is ask my people that are already in place to maybe be more curious about this information, and if we're going to invest in a resource that can help support them and make them more efficient, make sure we leverage it. And so that's our process that we work with, it varies by team, some teams have large, large expansive staffs. That doesn't necessarily mean, in my opinion the most effective staff is using information. Sometimes it's the organizations that run very lean with a few set of people, but very focused and moving in one direction. >> I love it, data for efficiency, right? In God we trust, everybody else bring data. One of my favorite lines that we hear over and over and over at these shows. >> In fact, I might borrow that next week. >> You could take that one, alright. >> Thank you, Jeff. >> Well John, thanks for taking a few minutes and stopping by and participating in this Western Digital program, because it is all about the data and it is about efficiency, so it's not necessarily trying to kill people with more tools, but help them be better. >> That's what we're trying to do, I appreciate the opportunity and love to talk to you more. >> Absolutely, well hopefully we'll see you again. He's John Pollard, I'm Jeff Frick, you're watching theCUBE from Palo Alto studios, thanks for watching, we'll see you next time. (Upbeat music)