(upbeat music) >> Welcome to this CUBE conversation. I'm Dave Nicholson and we are recapping the Citrix launchpad series. This series presents announcements on LinkedIn live on a variety of subjects, specifically cloud, security, and work. Three topics that I think all of us are keenly aware of going through the last 18 months of the pandemic. Citrix has taken time to sort of regroup and look at ways that security can be improved so that it isn't a hindrance for members of staff, but instead offers a unified integrated way of dealing with security across all of the variety of situations we find ourselves in today. Everything from a mobile device in a cafe through actually working back in the office when we get the opportunity to, to accessing information on a company issued laptop in a home office, secured networks, unsecured networks, secured browsers, unsecured browsers, the permutations are nearly endless. So Citrix has taken an interesting point of view, starting from the perspective of zero trust, meaning everything must be authenticated. They apply contextualism to their strategies. So the context and the posture of the access, the device, the location, all of those matter so that security protocols are tailored to help enhance productivity and security instead of, again, being a hindrance. So I highly recommend you go to the Citrix launchpad site dedicated to security. Two senior Citrix execs, Tim and Joe, will go through great detail on the announcements, but let's recap a little bit from an overview perspective. The first is this idea of secure private access. You combine that with secure internet access, and now you have a package that allows this contextual security posture that can change and adapt based upon varying conditions. Additionally, they have announced a partnership with Google where all of these capabilities are built into the Chrome OS. So now you have a device level native support for these protocols. They're also talking about bot management as something that is critical to security, moving forward. Bots out fishing, you want to kill them. You don't want them getting into your system, but there are some bots that are okay that have poking around in your environment. So again, go into the details with Tim and Joe. Having said that, I am delighted to have a very special guest here. Friend of theCUBE, veteran of theCUBE, author, advisor, author of the book, Cyber Minds and Tech Executive, Shira Rubinoff, is going to join us in just a moment. (upbeat music) Hello, and welcome to this special CUBE conversation. I'm Dave Nicholson, and we are recapping the Citrix launchpad series with a focus on the topic of security. Now, whenever we're going to talk security on theCUBE, we have a CUBE veteran and smartest person on cybersecurity that we know, Shira Rubinoff. She's a cybersecurity executive author and advisor, specifically author of the excellent book on the subject, Cyber Minds. Shira, welcome back to theCUBE. >> Thank you. Pleasure to be here. >> How are you today? >> Doing great, always great to be on theCUBE and talk to you folks and certainly be part of something from Citrix. >> Well, that might be the last pleasant thing that we say, because we are surrounded by security threats. So are you ready to get serious? >> Oh, always with a smile, serious with a smile. >> So, one kind of overriding question that a lot of people have now, if you're an IT executive, you've experienced a complete change in the world from so many different angles, but how has the pandemic changed the way you think of security? What are the dynamics at play, things that are different now that we couldn't have anticipated maybe two or three years ago? >> Interesting question. Certainly, if we look at the scope and the ecosystem of the way that organizations operated, it was pretty much in the high 90% of people being in the office with just the few percentage being working from home. And that had to shift literally overnight to literally the flip side of it, having the multitude of the organization work from home, work remotely, and maybe the few people that had to be in the office were there. So all of a sudden organizations were left with this, how do we secure down our organization? How do we keep our employees safe? How do we keep our organization safe? How do we connect to the outside world? What do we do to maintain the proper cyber? That's call it cyber hygiene within an organization. And that's a topic that I talk about quite frequently. When you look at cybersecurity as a whole, we look at the cyber posture of an organization. We also have to break it down and say, what does an organization need to do to be fully cyber secure? So of course, the ongoing training and that had to shift as well. We have now training for the organization and employees, but also think about the consumers and who else is interacting with organizations. We have to switch how that is done. And that has to be ongoing in the global awareness, the cybersecurity of course is at top of mind. And then that would lead to us to zero trust. Zero trust is a massive, massive piece of cybersecurity need for organizations. We think about it as who needs the data is king. Whoever has the data, they rule the world. They own the organization, they do what they need to do. Zero trust, limited access, knowledge of who gets in, why they get in, the need to get in, and the need for that within organization. So zero trust is a very key component and Citrix is very focused on as well. We talk about updated security and patching and all that has to happen, think about remotely. So not only are we thinking about all these topics, we have to think about them going at warp speed with people that might be working remote, who also have other things they have to take care of. Maybe they're taking care of elderly parents, maybe they're having to watch their kids on zoom, making sure they're staying on zoom, and all sorts of things with school, and other maybe roommates who are working for other organizations, not having important information in the backgrounds of their zoom while they're having these important conversations with organizations. But also think about the multiple devices people are using. They may have an area that's set up properly in order to do their work, but then again, they have to be in another room at the same time. Oh, let me just grab my device. So the whole area of the multiple devices, the warp speed of working and not, let's call this pause. And this is one of the key elements that I would tell all organizations to stop and pause, to think about what you're doing before you do it. Give the headaches, but that was not interplayed when the height of the pandemic. The height of the pandemic, we were worried about what's going on? Need knowledge of information, where we're getting this information, downloading it, clicking on links. Then we're working at the same time, taking care of people. So all these things are happening simultaneously, leaving these open vectors for the tax surface to be that much more heightened for the bad actors to get in. >> So, you advise some of the largest companies in the world on this subject, and obviously you're not going to reveal any names or specifics, but as a general overall view from your perspective, how are we doing right now? Is the average large organization now sort of back on cruise control, having figured everything out for this new reality? On a scale of 1 to 10, how well are we executing against all of these changes? >> That's a great question. Let me talk about the global whole. I think organizations are actually doing really well. I think there was a quick ramp up to figure out how to get it done, but because of also the shift of sharing of information that some of these largest companies across the world, they came together to share information with bad actors, to share information about the tax, to share information about what to do if something happens, who's out there and buying together almost like a whole. So it wasn't each finger on its own. It's a hand as a whole looking at it from a stronger perspective. So I think that shift coupled with the fact of the knowledge and understanding of what companies needed to do in terms of locking down the organization, but also allowing and helping their employees, empowering them to get their work done, but get it done in a secure safe fashion. And I believe now, obviously, we all know, they obviously, but the ransomware attacks are now prevalent and they're becoming even more intense with the rise of 5G, a way that attacks could happen, the warp speed. We're now having to understand that being reactive is not enough, being proactive is something that is wonderful to see organizations are doing as well. It used to be okay, let's be reactive. If something happens, what do we do? Let's have a plan in place. But that's not good enough and we've seen that happen because these attacks are coming a warp speed. So the proactivity of these organizations that they've taken is applaudable in general. I can't talk for all the companies, but the ones that I've been consulting to and have interactions with, I'm pleasantly surprised and not surprised as well, that the way that they've taken their cyber posture so seriously, and where they focus in, not only on the organization as a whole, but their employees as individuals, what their needs are and being able to give them what they need to do their jobs well. >> Yeah, that makes sense. You can almost think of it like cybersecurity is a team sport and to the extent that all of that proactive work that an organization can do can be absolutely undermined if we don't do our parts as endpoints, as endpoint people. And when someone reads Cyber Minds, I think there's an undercurrent that I definitely sensed. And then when I looked more closely into your background, I realized that, yes, in fact, you do have a background in psychology. I want to shift to a question along that line, if you don't mind. Thinking about the psychology of people who have lived through the pandemic, this concept of our personal hygiene and our personal security has been in the forefront of our mind. As you leave the house, and there's hand sanitizer and masks and maybe gloves, we're very, very aware of this. How has that affected us from a cybersecurity team sport perspective? Has that made us better players on the field? What are your thoughts in that regard? >> I actually love that question. As we saw the pandemic heightened, everyone became hyper aware of their own personal, what's called cleanliness. And in terms of where they are, what they're doing, if they're masking, if they're putting on gloves, the sanitizers are everywhere, six feet apart. Everybody's thinking about that. It's a forefront. It became a way of life. And if you then do you shift that and you're saying, okay, let's look at the technology or the cybersecurity part of it, your own personal safety, your own personal cybersecurity. I think we failed a lot in that area. I think because of the fact, if you think about the human psychology and the pieces that people needed to know information, everybody was hungry for the latest and greatest information. What's going on? What are the stats? How many people? Just terrible, terrible pandemic with so many people getting sick. So many people dying and wanting to know, what is going on? what are the latest rule sets? What can I do? What else can I do to protect myself? What is my business doing? So we also had bad actors sending out the phishing attacks, heightened tremendously. There is information being sent out, click here for the latest here. This is Dr. Fauchi, his latest report. Everything going out there was not necessarily to help us, but to hurt us. And because of people's human psychology of thinking, I need to protect myself, so I need the information. The stop and pause is, is this the right information? Is this a safe place to go? But then there's also the other flip side of, if I'm not interacting, I'm not there. Think about the different generational people we have going on. Gen Z, millennials, all sorts of it. Everybody's all over social media. And everybody needs to and wants to have a presence there, certainly in this world. So putting out lots of information and being present was very critical 'cause people weren't in-person anymore. So people were interacting online, whether it being on social, whether it being telling people where they're going, what they're doing, what they're eating, what their favorite animal is, all sorts of things that they were doing. But they were giving over personal information that made have be utilized as passwords or ways to get to know somebody, to either do a spear phishing attack or any types of attacks to gather information to hurt, not just a personal to steal money or to steal someone's identity or to come in and hurt the company, but information was everywhere. So we were taking care of our personal cleanliness, but our cyber hygiene with our psychologies aspect of cybersecurity itself, I think took a big dive. And I think that people started becoming aware as these attack surfaces grew. There were also different types of attacks that were happening where phone calls were coming in and saying, somebody is breaking into your bank account. Just verify yourself, give me the last four digits. I need to know who you are. So playing on the human psyche of fear, somebody is trying to get you nervous. So what are you going to do? You're going to act quickly without thinking. Or all sorts of, I think we were talking earlier about extended warranties for different things. That also grew extensively, but how did they do that? They were gathering information, personal information to give you something you want. So if you're playing again on the human psychology of people, when people get what they want, they're more likely to give over something they may not give to somebody else anyway. And one of my biggest example or a strong example is back in the day with Candy Crush. If you think about that game, before you sign up for that game, you literally have to give over your kidney. You're giving over access to your camera, to your contacts. If you look back at the permissions you are giving, it's really unbelievable that everybody was clicking yes, because they wanted to play a game. So take that example and transfer that into real life. We were doing the same thing. So the importance of brushing up on that personal cyber hygiene and really understanding what people needed to do to heighten their own security themselves, less sharing on social, not giving over information that they shouldn't, not allowing a trusted source who isn't really a trusted source into it. Having strong zero trust, not just organizations, but for yourself was very important. >> Yeah now, did we, Chuck. Chuck's my producer. Did we get Shira's social security number and her date of birth? Shira, can you give us that? >> Sure, it's 555-55-5555. >> Excellent Aha, phishing attack. >> There you go, go for it. (laughs) >> So you think there could be a little bit of security fatigue that might come into play when we're thinking of living up to our responsibilities as those end points? >> I think there was just fatigue in general and people were tired of being locked in the house. People were tired of having everybody under the same roof all the time, 24/7. Trying to get work done, trying to get school done, taking care of people, what they needed to do, having groceries delivered, going into groceries, all the thoughts that they had to do that was just a way of life before that we all took for granted during the pandemic. It was just a whole shift. People were just antsy, jumpy. We needed to connect and we need to connect in any way we could. So all these open vectors became a problem that ended up hurting us rather than helping us. So this has been something that was a big mind shift as a pandemic continued. People started realizing what was going on and organizations took a good stand on educating the population and telling them, look, these are the things that are happening. This is what we need to do. Certainly a lot of the companies I'm working with did such a great job with that. Giving their employees the wherewithal of wanting to connect, but doing in a secure manner. Giving them the tools of what they needed to do personal, only also in their personal lives, not just for their work lives. So that was helpful too. And as we're coming out of it, hopefully continue to come completely out of it, we'll see the shift back into, let's take that stop and pause. Let's think what we're doing. >> Yeah, well, we are all looking back to whatever resemblance of normal we can get to. Shira, I can spend hours picking your brain on a variety of subjects. Unfortunately, we are coming to the end of our time together. Do you promise to come back? >> Certainly, a big fan of theCUBE. >> Well, fantastic. Shira Rubinoff, thank you so much for your time. This is Dave Nicholson with a very special CUBE conversation, signing out. Thanks for watching. >> Shira: Thank you too. (gentle music)

>> Hello and welcome to this special Cube Conversation. I'm Dave Nicholson, and we are recapping the Citrix Launchpad series with a focus on the topic of security. Now, whenever we're going to talk security on The Cube, we have a Cube veteran and smartest person on cybersecurity that we know Shira Rubinoff. She's a cyber security executive author and advisor, specifically author of the excellent book on the subject, 'Cyber Mines'. Shira welcome back to The Cube. >> Thank you. Pleasure to be here. >> How are you today? >> It's been great. Always great to be on The Cube and talk to you folks, and certainly be part of something from Citrix. >> Well, that might be the last pleasant thing that we say, because we are surrounded by security threats. So are you ready to get serious? >> Oh always. With a smile, serious with a smile. >> So, you know, one over kind of overriding question that a lot of people have now. If you're an IT executive you've experienced a complete change in the world from so many different angles, but how has the pandemic changed the way you think of security? What are the dynamics at play things that have, that are different now that we couldn't have anticipated maybe two or three years ago? >> Interesting questions. Certainly if we look at the scope and the ecosystem of the way that organizations operated, it was pretty much, you know, in the high 90% of people being in the office with just the few percentage being working from home. And that had to shift literally overnight to literally the flip side of it, having the multitude of the organization work from home, work remotely, and maybe the few people that had to be in the office were there. So all of a sudden organizations were left with this. How do we secure down our organization? How do we keep our employees safe? How do we keep our organization safe? How do we connect to the outside world? What do we do to maintain the proper cyber let's call it cyber hygiene with an organization. And that's a topic that I talk about quite frequently. When you look at cybersecurity as a whole, we look at the cyber posture of an organization. We also have to break it down and say, what does an organization need to do to be fully cyber secure? So of course the ongoing training and that had to shift as well. We have now training for the organization and employees, but also think about the consumers and who else is interacting with the organizations. We have to switch how that is done. And that has to be ongoing. And the global awareness of cybersecurity, of course, a top of mind. And then that would lead to also zero trust. Zero trust is a massive, massive piece of cybersecurity need for organizations. We think about it as who needs the data is king. Whoever has the data, they rule the world, right? They own the organization, they do what they need to do. Zero trust, limited access, knowledge of who gets in, why they get in, the need to get in and the need for that with an organization. So zero trust is a very key component of Citrix is very focused on as well. We talk about updated security and patching and all that has to happen. Think about remotely. So not only are we thinking about all these topics, we have to think about them going at warp speed with people that might be working remote, who also have other things they have to take care of. Maybe they're taking care of elderly parents. Maybe they're having to watch their kids on Zoom, making sure they're staying on Zoom and all sorts of things with school and other maybe roommates who are working for other organizations, not having important information in the backgrounds of their Zoom while they're having these important conversations with organizations. But also think about the multiple devices people are using. They may have an area that's set up properly in order to do their work, but then again, they have to be in another room at the same time. Oh, let me just grab my device. So the whole area of the multiple devices, the warp speed of working and not, let's call it this pause. And this is one of the key elements that I would tell all organizations to stop and pause to think about what you're doing before you do it. It's never headaches, but that was not interplayed. When the height of the pandemic, the height of the pandemic, we were worried about what's going on need knowledge of information, where we're getting this information, downloading it, clicking on links. Then we're working at the same time, taking care of people. So all these things are happening simultaneously, leaving open these open vectors for the tax surface to be that much more heightened for the bad actors to get in. >> So you advise some of the largest companies in the world on this subject, and obviously you're not going to reveal any names or specifics, but as a general overall view, from your perspective, how are we doing right now? Are, are, is the average large organization now sort of back on cruise control, having figured everything out for this new reality on a scale of one to 10, how well are we executing against all of these changes? >> That's a great question. Let me talk about the global whole. I think organizations are actually doing really well. I think there was a quick ramp up to figure out how to get it done, but because of also the shift of sharing of information that some of these largest companies across the world, they came together to share information with bad actors, to share information about the tax, to share information about what to do if something happens who's out there and buying together almost like a whole. So it wasn't, you know, each finger on its own. It's a hand as a whole looking at it from a stronger perspective. So I think that shift coupled with the fact of the knowledge and understanding of what companies needed to do in terms of locking down the organization, but also allowing and helping their employees, empowering them to get their work done, but get it done in a secure, safe fashion. And I believe now, you know, obviously we all know they obviously, but the ransomware attacks are now prevalent and they're becoming even more intense with the rise of 5G, the way that attacks could happen, the warp speed we're now having to understand that being reactive is not enough. Being proactive is something that is wonderful to see organizations are doing as well. It used to be okay, let's be reactive. If something happens, what do we do? Let's have a plan in place, but that's not good enough. And we've seen that happen because these attacks are coming at warp speed. So the proactivity of these organizations that they've taken is applaudable, you know, in general, you know, I can't talk for all the companies, but the ones that I've been consulting to and have interactions with, I'm pleasantly surprised and not surprised as well, that the way that they've taken their cyber posture so seriously, and where they focus in not only on the organization as a whole, but their employees as individuals, what their needs are and being able to give them what they need to do their jobs well. >> Yeah, that makes sense. When you can, you can almost think of it like, you know, cybersecurity is a team sport. And to the extent that all of that proactive work that an organization can do can be absolutely undermined if we don't do our parts as endpoints, as endpoint people. And you know, when someone reads cyber minds, I think it'd be, I think it's, there's an undercurrent that I definitely sensed. And then when I looked more closely into your background, I realized that, yes, in fact, you do have a background in psychology. I want to shift to kind of a question along along that line, if you don't mind. Think about the psychology of people who have lived through the pandemic, this concept of our personal hygiene and our personal security has been in the forefront of our mind. You leave the house and there's hand sanitizer and masks and maybe gloves. We're very, very aware of this. How has that affected us from a cybersecurity team sport perspective has that, has that made us better players on the field? What are your thoughts in that regard? >> I actually love that question. You know, as we saw the pandemic heightened, everyone became hyper aware of their own personal, well cleanliness. And in terms of where they are, what they're doing, if they're masking, if they're putting on gloves, the sanitizers are everywhere, six feet apart. Everybody's thinking about that. It's a forefront. It became a way of life. And if you, then you shift that and you're saying, okay, let's look at the technology, the cybersecurity part of it, your own personal safety, your own personal cybersecurity. I think we failed a lot in that area. I think because of the fact you think about the human psychology and the pieces that people need to know information, everybody was hungry for the latest and greatest information. What's going on? What are the stats? How many people? Just terrible, terrible pandemic with so many people getting sick. So many people dying and wanting to know what is going on? What are the latest rule sets? What are, what can I do? What else can I do to protect myself? What is my business doing? So we also have bad actors sending out the phishing attacks, heightened tremendously. There is information being sent out. Click here for the latest here. This is Dr. Fauci's latest report, everything going out there was not necessarily to help us, but to hurt us. And because of people's human psychology of thinking, I need to protect myself. So I need the information. The stop and pause is, is this the right information? Is this a safe place to go? But then there's also the other flip side of, if I'm not interacting, I'm not there. Think about the different generational people we have going on. Gen Z, millennials, all sorts of it. Everybody's all over social media. And everybody needs to and wants to have a presence there certainly in this world. So putting out lots of information and being, being present was very critical because people weren't in person anymore. So people were interacting online, whether it being on social, whether it be telling people where they're going, what they're doing, what they're eating, what their favorite animal is, all sorts of things that they were doing. But they were giving over personal information that made of be utilized as passwords or ways to get to know somebody, to either do a spear phishing attack or any types of attacks to gather information to hurt. Not just a personal to steal money or to steal someone's identity or to come in and hurt the company. But information was everywhere. So we were taking care of our personal cleanliness, but our cyber hygiene with our psychology's aspect of cybersecurity itself, I think took a big dive. And I think that people started becoming aware as these attack surfaces grew. There were also different types of attacks that were happening, where phone calls were coming in saying, somebody's breaking into your bank account. Just verify yourself, give me the last four digits. I need to know who you are. So playing on the human psyche of fear. Somebody is trying to get you nervous. So what are you going to do? You're going to act quickly without thinking or all sorts of, I think we were talking earlier about extended warranties for different things. You know, that has, that also grew extensively, but how did they do that? They were gathering information, personal information to give you something you want. So if you're playing again on the human psychology of people, when people get what they want, they're more likely to give over something they may not give to somebody else anyway. And one of my biggest example of a strong example is back in the day with Candy Crush. If you think about that game before you sign up for that game, you literally have to give over your kidney. You're giving over access to your camera, to your contacts. If you look back at the permissions you're giving, it's really unbelievable that everybody was clicking yes because they wanted to play a game. So take that example and transfer that into real life. We were doing the same thing. So the importance of brushing up on that personal cyber hygiene and really understanding what people needed to do to heighten their own security themselves. Less sharing on social, not giving over information that they shouldn't. Not allowing a trusted source, who isn't really a trusted source into it. Having strong zero trust, not just for organizations, but for yourself was very important. >> Yeah. Now did we Chuck, Chuck, Chuck's my producer. Did we get Shira's social security number and her date of birth? Shira, can you give us that? >> Sure, it's 5, 5, 5, 5, 5, 5, 5, 5. >> Excellent, ha! Phishing attack. >> There you go. Go for it. (both laughing) >> So, so you think there could be a little bit of security fatigue that might come into play. When, you know, when we're thinking of living up to our responsibilities as those end points. >> I think there was just fatigue in general. >> Yeah. >> People were tired of being locked in the house. People were tired of having everybody under the same roof all the time, 24/7, trying to get work done, trying to get school done, taking care of people, what they needed to do. Having groceries delivered, going into groceries, all the thoughts that they had to do, that was just a way of life before, that we all took for granted during the pandemic. It was just a whole shift. People were just antsy, jumpy. We needed to connect and we need to connect in any way we could. So all these open vectors became a problem that ended up hurting us rather than helping us. So this has been something that was a big mind shift. As the pandemic continued, people started realizing what was going on and organizations took a good stand on educating the population and telling them, look, these are the things that are happening. This is what we need to do. Certainly a lot of the companies I'm working with did such a great job with that, giving their employees the wherewithal of wanting to connect, but doing in a secure manner, giving them the tools of what they needed to do personal only, also in their personal lives, not just for their work lives. So that was helpful too. And as we're coming out of it, hopefully continue to come completely out of it, we'll see the shift back into let's take that stop and pause. Let's think what we're doing. >> Yeah, well, we are all looking back to whatever semblance of normal we can get to. Shira I could spend hours picking your brain on a variety of subjects. Unfortunately, we are coming to the end of our time together. Do you promise to come back? >> Certainly a big fan of The Cube. >> Well, fantastic. Shira Rubinoff thank you so much for your time. This is Dave Nicholson with a very special Cube Conversation signing out. Thanks for watching. >> (Shira) Thank you, Dave. (lively music)

>>Hi from San Francisco, it's the cube covering RSA conference, 2020 San Francisco, brought to you by Silicon angle media. >>You're welcome back. You're ready. Jeff Frick here with the cube. We are wrapping up Wednesday here at RSA 2020 Moscone center. It's the year we know everything. It's women in tech Wednesday and we're really excited that our next guest, she's been coming to the show for a very, very long time. She's really dialed into the community. She's an author. I got the whole as author, advisor, consultant, speaker. I could go on and on and on as you share. Rubinoff Shira, great to see you and welcome back to the cube. Oh, thank you so much. Pleasure to be here. Again, RSA 2020. A lot of kind of crazy stuff going on. The little coronavirus, you know, kind of impact, which is really interesting coming off of mobile world Congress, being in the event space and kind of seeing how this is gonna shake out. But the theme this year is the human element, which, uh, kind of plays right into your strengths. >>So just first get your kind of impressions of the show and really kind of that theme and kind of your take on why that's an important theme for RSA this year? >> Well, I think the human element has always been at the forefront. It's just now becoming accepted and put at the beginning of what people are really talking about. We talk about the people, the process and the technology all the time. When it comes to practice, everyone's really been focused on the security and the technology, but they forget the human elements and RSA this year is really focused on the human element being at the forefront. We have to realize there's a human creating the technology, a human at the end of the truck. Technology is trying to help and the glue between the process, how it all intersects together really depends on how people embrace it. And that was actually the premise for my book cyber Myers. >>So a plug for the book plug for the book cyber minds is a, a book is I view cybersecurity as the umbrella over all other technology. You need cybersecurity intersected in some way when you're dealing really with anything. But the human element really takes the forefront. So I really talk about cybersecurity and cyber hygiene and cyber elements within the book and cyber hygiene. I broke down into four categories which are training and that's ongoing training from the top down, being from the border and all the way down to the intern. Global awareness with an organization, keeping that culture going, a security and patching and digital transformation within the organization as well as zero trust. And I take that and I really continue with it throughout the book when we talk about blockchain, artificial intelligence, internet of things and cyber warfare and really showing how the human element is an integral part of everything we're doing in order to protect ourselves as a, as people, as an organization and just all support friends and sharing of information now is being, is completely critical. And it's being done because of that human element piece that's being embraced and understood >> lot a lot there. Right? So the human over the string, right? So it used to be per T E Z to identify a phishing attack. Right. You know, bad grammar and everything. A little bit of context and >>maybe the vocabulary wasn't quite right. That's not the way anymore. The sophistication of these attacks, the phishing attacks specifically at a friend in the, in the, in the real estate business, you know, and it was, it was an email from a banker that he does business with at a bank that he does business with around the transaction that he had knowledge about and doing a wire transfer. And it just was slightly mistimed where he, where he called the banker, his buddy and said, you know, did you, did you send this? So, you know, in the age of deep fakes, which is barely beginning in the age of this war, advanced AI for them to really put together these packages, um, and really infinite bandwidth, time and money. If you're really trying to pervade, I mean, how will the role of the human shift, you know, can we really expect them even with ongoing training to be sophisticated enough to keep up with these attacks? >>Well, I think it also boils down to real world examples and we have to really understand the demographics that we're working for. I think today it's the first time really in history that we have four generations working side by side in the workforce, so we have to understand that people learn differently. Training should be adjusted to the type of people that we're teaching, but fishing doesn't just boil down to clicking on links. Fishing teaches. Also, it boils down to tricking somebody, getting someone's trust, and it could come in many different forms. For example, think of social media. How do people connect? We're connecting for us social media on many different platforms. I'll give a very easy example. LinkedIn. LinkedIn is a business platform. We're all connected on LinkedIn. Why we connect on LinkedIn, because that's a social platform that people feel safe on because we're able to connect to each other in a business form. >>However, think of the person who's getting the first job with an organization, their first job in maybe their project manager and they're working for bank, a excited to be working for bank gay. Hey, I'm the list all the projects I'm working for. So here's now my resume on LinkedIn. I'm working on project a, B, C, D, and this is my manager I report to. Perfect. There's some information sitting there on LinkedIn. Now what else I will tell you is that you might have somebody who looking to get into that bank. What will they do? Let's look for the lowest hanging fruit. Ooh, this new project manager. Oh, I see. They're working on these projects and they're reporting into someone. Well, I'm not a project manager. I'm a senior project manager from a competing bank. I'm going to be friend them and tell them that I'm really excited about the work they're doing. So you're their social engineering your way into their friendship, into their good graces, into their trust. Once somebody becomes a trusted source, people share information freely. So people are putting too much information out there on social trusting to easily opening the door for more than a phishing attack. And things are just rapidly going out of control. Right. >>Well, it's funny. So one of my other favorite women in cyber is Rachel Tobik. Back, I don't know if you know Rachel, but she's famous for, you know, kind of live hacking at black hat, all social engineering, calling people up and just getting through and you know, she says she's basically undefeated. Um, this >>way if you're about the human elements, why do people act quickly? The biggest problem is people don't stop and pause. So if you think about, my background also is in psychology, psychology and business. So when you deal about the human element, it's panic. Let's set panic in. When you set panic in on a personal nature, people are quick to respond and quick over to give over information. If they feel it's pertinent to them, calling someone quickly, Hey your babysitter called, I need your social or anything like that. Set somebody into a spin. They're very quick to give over information cause they feel personal at risk when it comes to business and the business setting, it may not be as personal that way. That, so they kind of composite about the way people get in as through other social channels in ways that are more personal to individuals. >>So is that, is, is, is more sophistication around the human training element. Really the key as opposed to God knows how many vendors are in this, this building right now. I mean I, I feel so much for the buyer trying to sort it all out. Right? And there's big players in the established solutions that have been around forever. And then of course he get a spice with the startups that are cutting edge and doing new things when in fact all that goes out the window. If I can call the person up and say, you know, your house is on fire, please give me your, your password or your front door. Cause I gotta get the kids out. I mean I'm exaggerating to make a point, but is enough appreciation going into the human factors of training? Not on the technology side, but really the motivators for people to do things, um, to, to, to make, to try to please. Right. That's another great motivator to try to please. >>Well, right. Cause people like to be wanted. They like to be acknowledged. So they like to feel they're doing good. But again, it boils down to the people, the process and the technology. You can't have one without the other. You can't just focus on the people without focusing on the technology. But if you leave them as separate entities and you don't deal with the process in the middle, that glue, you're gonna leave yourself open. So they have to work hand in hand all the time. It's something that's a, it's a one plus one if you'll stand right at that perspective. So yes, you really need all of it together. >>The other thing that we hear over and over and over, right is just zero trust. The whole concept of zero trust. It's been around for a long time, which, which you know, you just assume that the bad guys are going to get in. Right? So then how do you try to find them quicker? How do you try to limit what they can get once they get in? So it's a really different kind of point of view to take a zero trust attitude on the assumption they're going to get it at some point and then try to mitigate the damage after the fact. >>So I look at zero trust from a little bit of a different perspective. I think zero trust is pertinent. Everyone should be using it because again, you're authenticating yourself, you're giving access only to that person for that specific task. But again, in organizations, if they say we're locking down everything all the time because we want to be secure, the employees are going to say, this is ridiculous. We don't have to be locked down for ABC. It makes no difference to us. What I say to organizations that are don't lock down things that don't need to be locked down, and when you do lock down something, it's important to have that three 60 dialogue with your employees. Explain why. Make them part of the solution, not part of the problem. If everyone's saying, Hey, you human, you're the weakest link. >>People are going to take offense at that and say, look, we know what we're doing. But if you make them part of the solution, Hey, we're in this together, let's make this part of the culture and they act as that with an organization you're going to have, they'll kill piece of ness so becomes just an ongoing everyday life living thing. Right. You brought that up. The windy neither from from Cisco is one of the keynotes on the first day and she was phenomenal. The basic, her basic premise was we as an industry have been to a kind of a not inclusive, exclusive like we own everything. We have all the control, we have all the answers, we know everything and her whole gist was no you don't. You don't have the context necessarily to make risk trade offs a benefit trade off. You don't necessarily have the context to see the softer stuff and really what you're saying really embrace everybody as part of the solution as opposed to trying to Creech people to do certain things and do and not do other things. >>I'm a little bit of both, right? Proper balance but also look at organizations today in the past would be, these are our solutions. We found out this Intel, you figure it out on your own and that it wasn't helping anybody. The idea now of sharing of information has become widely embraced certainly in the larger security companies at large and they really understand the value of it. So when I talk about, yes, you do have to lock down certain things and people do have to understand where the end points are, but they also need to understand that they are part of the solution and where the ends in the beginning. Let's shift gears a little bit from the people who back to the machines because the other thing that's happening really, really fast, right? As IOT. Yes, a lot of more edge devices, a lot of sensor devices. >>We saw what happened with, with some of the Alexa devices that was not very, was not very good. Um, so as you talk to your clients and, and, and, and people that read your book, how do you get them to think about IOT? How do you get them to think about this kind of machine to machine though? Of course that five G, which will just accelerate it at a, at a whatever, a hundred X, uh, speed to think about working. That is because we want API to API communication. We want machines to, to interface with each other. We want to remove that kind of human integration point a lot of times. But now you just opening up a boatload more of attack surfaces don't necessarily have the smartest machines is and often they can be compromised in ways that maybe people didn't think through before they connected them onto the internet. >>Well, it's also interesting when you talk about five G, it's not that we can do things at speed that speed, it's also bad actors could do things at that speed sales. So understand the portals of what your connectivity is, your third party software to whose, who has access, where are the access points, how are you going to protect those access points because the speed is that much quicker. We have to be that much more diligent. So yes, they're massive. Haas, really good positives. But there's also some negatives. So if we have to be diligent around those, it can be fabulous, but it could also be really, really dangerous for us. Sure. And it's coming right? It's coming. Right. So give us the, give us the 401 on the book. What's the, you know, kind of the top level themes for people to run out and get this? I saw some great reviews on Amazon. You're selling it upstairs, you know, what are kind of the really key takeaways here? >>Well, the key takeaways are really, again, cybersecurity is the umbrella over all of the technology. When you think of technology, cybersecurity is part of it. And when you look at cyber security, that comes from many different elements. It's not just a technology play, it's also a human element play. And the humans are an essential part of cybersecurity, whether you're securing for or securing too. It's just an interplay of both. So cyber mine's really touches upon all those concepts and all the latest and greatest emerging tech out there, as well as blockchain, AI, IOT, cyber warfare. Uh, think about it. It really just travels through. And I had some really amazing interviews with some top of the minds within the book that really adds tremendous value to it and grateful for them. >>Great. Well, I'm glad to finally get my own copies so I will be able to dig in and next time we talk I'll be digging deep into this book with you and getting a little bit more of that insight. I look forward to hearing your thoughts. Well, thanks. You're, hopefully you can kick your feet up a little bit tonight, but probably not. I'm sure you're busy, busy, busy. Well, thanks for stopping by. All right. She shear. I'm Jeff. You're watching the cube. We're at RSA 2020 at Moscone. Thanks for watching. We'll see you next time.

>> Live from Boston Massachusetts, it's theCUBE, covering AWS re:Inforce 2019. Brought to you by Amazon Web Services and its ecosystem partners. >> Hello everyone, welcome back to the live cube coverage here in Boston Massachusetts. This is theCUBE's coverage, I'm John Furrier with Dave Vellante. Special guest Shira Rubinoff, president of Prime Tech, Cybermind genius, VIP influencer. Love havin' her on. We are here at AWS re:Inforce, AWS inaugural event. Great to have you on, be host with us and to do more hosting and co-hosting with us as we bring the community cube to security. >> Excellent, I think this is the perfect conference to do that. >> Shira and Dave, so day one's in the books. We got another full day of coverage, a lot of action happening. I think the seminal point of this event is that you have Amazon Web Services. They already run the biggest event, re:Invent. They have summits all around the world. Some summits get huge numbers but this has been rebranded, re:Inforce, by design, this is not another summit, Dave, this is a game statement from Amazon. >> Well, Pat Gelsinger, several years ago, told us on theCube security's a do over, it's got to be reinvented and Amazon is reinforcing that message. And, rebuilding it from the ground up with developers and the security is code mindset. Your thoughts. >> Now certainly as technology advances, cloud security has to advance as well and the cloud is looking towards technology to know how to differentiate itself and continue to add to it and change up. And, as we talk about AWS, they secure the cloud and the customers have to secure in the cloud. Which is a very important piece because it almost lends itself. When people are talking about, how do you secure an environment and even if you look at organizations, there's a talk between the CIO, what's the role of a CIO and what's the role of a COO. Almost look at it like how AWS really positions itself. Securing the cloud, securing in the cloud, securing the industry itself, securing within the company. And, what AWS really has seen and really is doing is it's saying you got to work hand in hand, it has to be a partnership. And, a partnership is able to secure things much better than a one person. Because then you're putting the ownness on everybody and if everybody is actually thinking about security all the time, it's going to yield best security. >> And the things we heard, Shira, I want to get your thoughts on, encryption always on, everyone's watching, so, shared responsibility, these are the buzz words, reasoning. This is industry wide. I know you do a lot of traveling, do a lot of public speaking. You do a lot of work with some of the big companies and their transformations. What are you seeing? Because, you're out there getting the data, we got some data. What's the big trend, what's the macro trend right now, the most important story that needs to be told in this new reimagined security renaissance? >> Well, I think it's just that. I think that people are moving towards the cloud for the reasons of, one plus one equals three. You're going to have the security of the cloud and you're also going to have the security of the organization within the cloud. And the organizations are realizing today moving to the cloud they could have better overall security. So, that is the trend that I'm seeing, certainly from the larger companies out there and the smaller ones are building it from the ground up. They're saying, you know what, let's make it a solution that we're going to build, going right from day one and not putting band-aids on it to try to make it to secure after. So, they're really learning from the experts. >> Dave, I want to get your thoughts with Shira on this because all three of us do a lot of content. We make content for a living, we kind of think about that with users in mind, the audience. Well I overheard a couple of things at this event that I've been hearing at other events. Open ecosystems and the partner networks are developing. And so that makes a lot of sense, integration's a big part of security but I hear people saying, I want to meet more people, I wannna meet the person who runs, partners of that company. So, you have, I've seen for the first time a real hunger-- >> Yeah >> for social interaction at the events, more hunger for understanding who the other partners, not just what they sell-- >> You know what? >> but what's on their mind. >> So interesting, you bring that up and that's a very new piece we are seeing today. It used to be, this is my information and I'm not sharing it with you. I'm going to build something and you're going to have to guess what I'm doing because that's my secret sauce but companies were realizing that's not going to work. We need to collaborate, we need to share ideas. And the biggest companies are all banding together to share the best breed of technology and the best breed of way how to deal with security. Because, they realize that we're all trying to protect also from the same bad actors out there and they realize by collaborating, they're all stronger as a whole and stronger by themselves as well. So, this collaboration is a big deal and that's taking the trends forward >> Dave, what's your take on this? >> Well and it comes back to something we've talked about a lot today and over the years in theCube is this whole API economy. For decades, we've been trying to solve the distributed systems problem. You saw it in little pockets, obviously the internet, but it's in limited work loads. >> Amazon kind of did that. >> And Amazon has solved that problem. Massively scalable distributed systems and then, now it's okay, how do you secure it? So the shared responsibility model is very interesting and I think misunderstood. The number one problem we're hearing here, that customers are having is keeping up with Amazon because Amazon's moving at such a fast pace. That's so rare in the technology industry, where the vendors are always a little bit ahead of the customers but not light-years ahead. Amazon is just, like, pushing them out of the plane. And, so, I think the shared responsibility model is very important, I think it's misunderstood. >> Yes. >> I think people were expecting, oh, Amazon can take care of everything in the cloud and that's not the case. >> Correct. >> So-- >> Well if you're going to use the pushing out of the airplane analogy, you got to say, you got to make sure the parachute opens. >> Well. >> So when you pull the ripcord, this is what companies have to understand, that they got to be compatible with the way the architecture of cloud-native works and the right way to lift in shifts. So, there's a way to lift in shifts and there's a way not to lift in shifts. You can lift and shift infrastructure but you can't lift and shift entire workloads. >> Very true but also, making somebody responsible for their can of worms is important too. Because that also leads back to culture of the organization. If security is part of culture and they have responsibility as within the cloud that Amazon is pushing. You handle within the cloud, that's your wheelhouse, you do that, that's becoming something that becomes part of culture and is a everyday thing. Which, in turn I talk a lot about cyber-hygiene within organization, it's not just training, it's not just awareness, it's not just security and patching, and not just zero, there's also being aware of it and making it an everyday item, that has to be utilized. Amazon is right on the button with this. >> You know, I heard a phrase. >> Yeah. >> The best thing about doing these Cube interviews is that, you meet such smart people and learn a lot. But, I love the quote I heard from the co-founder of Sumo Logic. He was awesome and he said, "Process is a reflection of culture." And so in a digital transformation equation, which we all know, it's the cliche, people process technology. >> People process technology. >> People with talent gaps or skill gaps get it, technology plenty of tech, now, the process. >> Well, the process-- >> That's always the hardest nut to crack and most people won't give it up and they won't fight for it. >> Yeah. >> It's the most important. >> But, that's also the glue between the two. You're not going to have a secure environment if you're just dealing with security and you're not going to have a secure environment just dealing with the people. The process in the middle, the process, yes, the Canadian land of it. That's the glue between it. That's what makes it run and you have to get to that. As you were saying, you have to get to the process, you got to make that run well and then you nail the two together, that's full security. >> The other big thing here, not this conference but a theme that we've talked about for quite some time on theCube, is this notion of big tech. So it's been said that Amazon, Facebook, Google, maybe even Microsoft. Elizabeth Warren saying, break up big tech. Amazon, people have said, split AWS out from core Amazon retail. What do you guys think about that? Is that the right thing to do? >> No, I don't think it's the right thing to do. >> Why not? >> Like I said we had, Jimmy on earlier. They're not breaking any laws. And then, why would you want to take down what could be a competitive advantage for national security. >> Correct. >> AI is going to be, and machine learning, and the role of data is going to be a power source for good and also for safety. >> Of course. >> So why would you want to take the best companies, who are doing the best work, and handicap 'em, over one argument? That Facebook wasn't responsible in dealing with making billions of dollars in free cash flow. >> So the argument is-- >> And , in the election they broke democracy-- >> Okay, too big. That's not a good argument. >> No. >> Maybe, appropriating our data to sell more ads that should be looked at, don't you think? >> I just don't buy the tech for bad argument because, yes, some bad things have happened but the regulators and the law makers, you can't legislate what you don't understand, you can't regulate what you don't understand. So, as it's been coming out from the biggest minds in tech and in government, the law makers aren't smart enough yet. It's like they're in kindergarten, crayon outside the lines, they're tryin' to write. They don't even know what tech is, so. >> You know what, you've been taking about the Chernobyl, push the buttons, I feel like that's what public policy is putting forth. Just push the buttons now and blow it up. Rather, public policy should catch up, understand it and maybe set a framework and put in laws. So that we have a clear understanding. >> Our current government is like that scene in Chernobyl. >> Oh my god. >> That is exactly what's happening, Dave. You can apply that metaphor, just do it. >> The problem is there's no proper regulation yet. >> Right. >> You got to get everyone in the room and everybody has to agree, at least on a initial framework. We've started but we're no where near where we need to be. You have to look at safety of our nation and that's a big factor. I've gone to Congress, as a part of Cybersecurity Women, testifying for Congress and talking about this and they still don't have a handle. There's nobody who's running the ship. >> Describe what it was like there. >> Well, I went down with the executive woman for Women's Forum, which was an amazing group. We went down there, we talked to different people in Congress. They're very open to it and they realize that we really need to do something. The problem is it's very disorganized. Sadly, it's way too disorganized. Nobody knows who's calling the shots. There's a nice bunch of different groups that are working towards it but there's no one at the helm of it saying, all right, let's all fall into place and do it. Little pockets, doing little things, but not everybody banding together. That needs to change, that has to change. I'm hoping it's coming down to where it's going to be something. >> I think there's going to be a revolution in a positive way. Where again, back to my tech for good thing. I don't think people yet know how to articulate what tech for good is. There's plenty more use cases where tech could be used for good, than there are bad. Bad is always an early adopter before good. We've seen that in the web, the underbelly of multiple trends. But, the reality is, I see the bad as bad but I see so much more good going on that could be enabled. That's what I'm afraid of, that they litigate what's happening for bad and they screw the good. >> It's almost like technology, right? You have to be proactive, as well as reactive. Everybody is running to be reactive to a problem but no one was being proactive. Now, technology is understanding we have to be proactive, as well as reactive. Same like your saying, John, it has to happen from the front. >> All right, so, while you're here, I want to get you and Dave to weigh in on this, cause it's been near and dear to my heart for many years, over a decade. Humans and machines, this conversation's been discussed, here again, Dave, some of the smartest people in the industry are reiterating, Brian from, again, Sumo Logic, he's got a great view on this and there's others as well. The role of the human really is important, not just having machines do all this automation. It's not about job replacement, it's more the craft of creating outcomes that are going to be acceptable for defense, or for good, the human's critical. Your guys thoughts. >> Sure, so, we talk automation, right? People are afraid of that, they're saying, robots and machines are going to replace us. Not true. Downright it takes away menial tasks which will be giving jobs and actually creating jobs in a more meaningful way. I talk a lot about the human factors of technology and cybersecurity. Think about it, a human is developing technology to help a human, a human is using technology to hurt a human, what's the common factor? The human. We're dealing with people, they're not being replaced. There's always going to be humans there. So machines are going to help us with automation. It's going to help us with digital transformation, we'll throw the buzz words out there but they're actually meaningful, if you dial back and understand that. I think people are weary of it because they don't understand it. If they're not understanding, how it could actually help an organization, how it can be used right, then there's fear. So, we couple back to education. Education coupled with humans, machines, technology, we're going to have something very strong and really, really good. So, it's not something to be fearful of. It's something to educate yourself and be excited about and move along with technology, as it advances. >> Well, machines have always replaced humans, for various tasks. So, that's sort of natural. For the first time in history, we're replacing cognitive tasks and I think that's scares a lot of people. And, I think you're right on Shira, the answer is not to protect the past from the future, it's education. >> Correct. >> Because, innovation, we've talked about this, innovation comes from now a combination of things, it's not just Moore's law or new products that are coming out at some rapid pace. It's the combination of data, artificial intelligence, the cloud for scale. This combinatorial innovation is going to require new creativity, new thinking, and education is at the heart of that. So, I think the question is, what can public policy be to foster that? Are we teaching the right things? Is public policy and public and private partnerships fostering that type of innovation? And, so, I think there's reasons to be concerned in terms of productivity, impacts on wages, et cetera, et cetera. But, I'm an optimist, I think the future is very, very, bright. >> Okay, so, as we wrap down day one, great to have you on as a guest host, we're going to do a lot more coverage, so, we're going to be collaborating and we're going to initiate coverage of the security sector with theCube. You're going to start seeing us do a lot more events, distracting you from the noise, a lot more community involvement outreach, looking for participation and help from our friends, Cube alumni, the 8000 plus Cube alumni's that are out there, join us if you got some security chops, you know people in security have something to add, we're always open. We're here at re:Inforce. What's your guys thoughts here? I think it's a great event. I think it's going to be one of those moments, where we were present at creation, again, for another big wave, it's coming. Your thoughts about re:Inforce. >> Well, I think re:Inforce has found it's niche. I think it's needed. I think cloud security is being embraced. I think there's a real need for it. And, I think just highlighting those actions, that their taking is very much needed and we're going to see a lot more out of re:Inforce, for sure. >> Yeah, I agree, I mean critical mass here. I guess 8000 or so people that care about security, specifically care about cloud security, it's just going to get bigger and bigger and bigger. >> I mean, I was impressed by, first of all, that great cloud security across the board. I was really impressed by the amount of heavy hitters that are here and it's the heavy hitters that aren't the big exec brand names, the CEO of this company. You had the working CEOs of the startups, CEOs of the startups, the key biz dev people, the key marketing people-- >> CECOs >> and the CECOs are here, because they're investing. >> That's the pain point, they're feeling like they know. >> They're investing together and they're building out, in real time, it's really fast, a community around cloud security. >> So, it's interesting. So, you know, Andy Jassy's not here. You don't see Theresa. But, what you do see, is the CECO saying, I'm betting my business on the cloud, I can't scale without the cloud. I have to be at this show. And, your seeing, maybe, it's a little bit of Andy and Theresa, let go to grow and then sort of pyramid out. That innovation. >> Well, I saw Jassy at Public Sector Summit. I should of asked him this-- >> They can't be anywhere. >> I inferred from his response, when I did ask him if he's coming, is that in looking at how they're executing, they don't need the big guns here because the team's doing it. It's one of those, when you have organic chemistry coming together. You don't want the big execs being go do it. >> Sure >> You got to let it foster on it's own and that's why I'm impressed by the people here because they're the ones that are putting the sparks of creativity together, they're putting deals together, relationships are forming. That's how organic community is built. >> And, I don't think the people here want to hear, frankly, from Andy. They can hear from Andy at re:Invent. And, so, what they want to hear is the substance that they heard in the key notes today >> Security, call security. >> those are some serious-- >> Well for an inaugural event, this is amazing, right? For the sheer size of it, for a first time event is amazing and having the heavy hitters, like you said, really invested, and time, people don't have time. And to actually invest their time here and want to be here and want to learn and want to share. That speaks volumes. >> And, that's not to say Andy Jassy doesn't have substance. His key notes are among the best and there always-- >> But, you know, he's scripted >> super substantive >> But, here's the thing-- >> But, when it comes to security deep dives, you don't want to hear from him. You want to hear from somebody like Shmidt today. >> Well, some public information that I found out, that's now public is that there are a 100,000 security subscriptions in AWS marketplace. >> Wow. >> One million subscriptions paid for in AWS marketplace, as a whole. 100,000 plus security software buys there. >> Wow. >> Okay. That's huge. >> Yes >> Huge for a little cottage industry going on called Cloud Security. >> Look at the rate the industry's growing. Look at Cisco, we were just at Cisco a couple weeks ago. Cisco's a huge company, 40 billion dollar company. Their security practice is growing 21% a year. I mean, that's huge for a company that's growing basically single digits. >> Well, we'll have Josh on, sorry go ahead. >> Yeah, no, I said, just looking at all these large companies that we're all talking to and that we're dealing with, some that I'm consulting to. People are moving to the cloud and they're saying, that one of the big reasons or the reason, is for extra and more leveled security. So, I think cloud is going to be taking the forefront and I think it's going to be much bigger than people really think. >> And, customers are telling us, they want more innovation from the security vendor community and, again, that comes from cloud. The data comes from cloud, comes from machine intelligence. You put those things together-- >> Shira, great to have you on. Dave, as always profound insight, taking a red eye, you're an all day warrior. Energizer bunny. Cube coverage here, AWS re:Inforce, day one. Day two tomorrow, thanks for watching. >> Thank you. (techno music)

>> Announcer: Live from New York City It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> Hey welcome back everyone, this is theCUBE's coverage of CyberConnect 2017. Live here in New York City at the Grand Hyatt downtown on 42nd street. I'm John Furrier, my co-host Dave Vellante. This is Centrify's inaugural event that they're presenting and they're underwriting. It's the industry event between industry and government and really around the crisis of our generation which is cyber security and it's impact to the transformation to global society and our coverage here. Our next guest is Shira Rubinoff who is the President of SecureMySocial, which is really cutting edge human aspect of social engineering meets security. Primetech partners, Cybersecurity, IoT and an influencer but also doing some great work advising start-ups great participant in the community and certainly great to have you back on theCUBE. Thanks for joining us. >> Shira: Thank you, pleasure. >> So, you're in the front row. I saw you and Dave, I couldn't get a seat I was in the back of the bus here at the General Keith Alexanders keynote, among other great keynotes here. Really an inaugural event and inaugural events are great because it's the sign of the trends but also you know if they do a second even, it worked. Right, so you never know there's never going to be another event so an inaugural event means something. It means that the world has to the realization that the world is changed, the realities are here and that the old way isn't good enough. >> Shira: Yup. >> And you're in the middle of it. What's your thoughts? What's your reaction to the program? >> Well you know it's interesting, it also even goes back to the old technology days when you buy by brand. No ones going to fault you for buying the brand names. Everyone just went along with buying the trend, buying the brand. And as technology advanced itself as well we started seeing doing it the old way is just not going anywhere today. Especially with the millennials entering the workforce, how things are done, how people approach technology and security is very different. The human factors of information security is taking a front row today, in terms of security, in terms of the weakest link of the chain. Whether it being phishing, finding the entree into an organization through the human ... the weak link of the human, or in terms of tricking people for doing other things while they're downloading malware or even circumventing different technologies that are layered upon each other because there's just too many layers of security on each other and not making it easy for somebody to use the technology and keeping it strong. >> This year you bring up a good point about the human aspect of it. There's an old joke in IT where there's a fork with a cork in it and someone says why is that there? So they don't stick the fork in their eye. And that's a joke on the old system admin joke around human error, around updating. That's been around for a while, but now there's a whole other social engineering going on around the business of cyber attacks. Whether it's mafias or organized hacker units that do it for business, for profit to state governments where the social engineering around the human vulnerabilities are key. This isn't your area, it's your wheelhouse. What is the key thing that's happening? What should people be aware of? What's your analysis? >> Well I think people have to be careful of oversharing. I think there's many different entrees into finding, again when we talk about the human factors whether being government, whether being a technology company, whether being a seasuite, whether it being through social media. It's being trusted the wrong people, trusting the wrong sources, and just being open and not being over careful in checking your sources and making sure you're actually linking up whether it being on the LinkedIn. Also, I was talking to someone earlier that people were accepting LinkedIn invitations from non-trusted sources. And they seemed to look okay but again, a social engineering piece that comes in that allowed others in to actually see context and find a breech within an organization. Sometimes, somewhat like a government it can always be across all communities. >> So that's a very nuance point, lets take LinkedIn for example, mind if I picked on LinkedIn but Facebook I'm an oversharer so I'm probably being hacked 10 ways from Sunday but you can have whatever you want. But lets take LinkedIn as an example. A practitioner could say I work on the servers for Chase Bank and I handle the Apache whatever project. That's metadata that can be used against that person. He's putting it out there, he or she, for a job potentially to showcase their skills. Yet, the bad actors can use that and figure out what communities they're ... >> Exactly. >> And github their participants so it's a gesture signal point, that you ... Am I right, am I getting it right? >> Correct. Correct. And that's what some of the companies actually put allowances around what people are allowed to share on LinkedIn, however there's the double-edged sword because they're telling their employees do not overshare and say specifically what you're doing. The employee themselves are saying, hey I want to be open to recruiters to come find me because who knows what my next gig is. So they're going to over share what they're doing to show all the experience that they have so they're open to other job opportunities. >> This is a really interesting conflict, and again I'm torn because religiously I'm a big believer in the democratization of media and society but what you're talking about really is a counter against the democratization because that's based on sharing, which that's where open sources from and so this is going to be some sort of shift. >> Correct. Correct. Well, that also plays into the whole millennial shift. Of how it's approached through the workforce. Millennial generation share everything, everything is open. My whole life is opening itself up on social media. I want you to know what I'm having for breakfast because you might want to have it too. By the way, this is what I'm working on at work because you might find it interesting. Whether it being their boss or saying don't do this they're saying don't tell me what to do and I'm going to work from home half the time. It's millennial shift and we have to shift with it. It's going that route. >> So to what degree can we take bad human behavior out of the equation? Toiling, technology, maybe it's process education. >> Well I think it has to be many factors. You know, there has to be the education around it. There also has to be implementing the right technology. To warn users if they're doing things the wrong way. For example, my company SecureMySocial, we are a technology assisted self-monitoring company for allow for employers to give employees to self monitor across social media based on compliance organization real time warnings. So it would warn the employee if they the employee themselves would be doing something wrong. So implementing technologies of that sort whether being whatever the organization may be open to. So you have the education piece, you have the partnerships with the right technology companies, and you also have allowing the employees to have the right types of security around what they're doing themselves. Without being so involved in what they're doing because then they're going to have a big push back. So there's a very fine line you have to walk here. >> And the psychology is interesting you mention the millennials too, because that's their norm. >> Shira: Correct. And they want to be part of a tribe, right? >> Shira: Yes. >> So that the belonging aspect of social is becoming a norm. But now we have to have practices. So what do you, what's your vision of this? Because that probably won't stop, that's a behavior that will constantly be there. Is that going to come in a form of product? Solutions? A better identity? I mean ... >> Well it's going to come everywhere, if you look across all generations from the boomers, gen x, millennials. Things shift with the generations as it comes down the path. So certainly through technology is going to shift to, easy to use, no extra steps to download. As Centrify has, they want a one point to contact. They don't want to overlay technologies on technologies which is what I speak about a lot. My background is heavily in psychology and the human aspect. So make things as strong as they can be without cumbersome to the employee. You want them to use it, not break it, not go around it and not just throw it out the window. >> Gee, you're a great guest and music to our ears because as Dave knows, I've been on this rant for a long time. User experience is really about user expectations. And as expectations shift, that's kind of where the puck will be or whether you're skating through the puck or skating with the puck, as some people are. The question comes down to this young generation because General talked about this new cyber warfare but there's West Point, there's no Navy SEAL, and that's going to come from a gamer culture potentially or the younger generation, so I got to ask ya. Do you think that we're going to have a counter culture? Because in every revolution, take the 60's. We're the 50's parents now, right? We're the 50's generation, or are we? So I've been kind of speculating that I think we're on the cusp of a counter culture revolution. The summer of love of digital is coming. Or maybe not, what do you think? >> You know, I think it's very interesting the way it's shifting across generations. I think that the generation, our generation before us are trying to take this millennial generation and put them in a box and saying follow my rules or else you're out and the millennial generations like make me. So it's not going to happen that way. They're going to actually drive the force of how technology is going to be created and how the business world is actually going to react and act towards them and how things are going to flow after them. And just wait for the following generation, things are going to be a lot looser. >> So you think there's going to be some massive change being shifted from their expectations. >> Shira: Correct. Correct. Yes. >> Well, I feel like millennials are in for a great awakening because now they don't have a ton to lose. >> Shira: Yes. >> As they get older and accrue more wealth. >> John: Well millennials are generally lazy, right? (laughter) >> You've got to be careful when you say that. >> As my son would say, they're smart or they're lazy. >> They're the make me generation. >> Exactly >> Alright, fine. Be careful what you wish for. But is there a gamification involved. The psychology of getting humans to behave the way that you need them to behave in order to have good security practices. >> Yes, no I think that's a great question. I think that based on what the millennials are doing now and how the shift is happening through the gen x and millennials kind of intertwining the businesses and the way technology is created and moved forward. I think that it's going to somehow have to combine forces. I think there's going to have to be a little give and take. And I think as time progresses and things mature that it's going to be understood and it's going to be adapted by them and adopted by them, as well. >> So, talk a little bit more about your company. MySocial ... >> Shira: SecureMySocial, yes. >> What does it do? How does it help solve some of these issues? >> So SecureMySocial is just technology assisted self monitoring tool for employers to give employees to self monitor across social media, based on compliance and regulations of the organization. With real time warnings and auto-delete capabilities. Basically, the organization would buy it. Based on where a person would fall in the organization there will be specific rules set to apply to them. Whether it being group rule sets for C level people, marketing and the like, you don't want false positives. And they the people themselves would get a real time warning to their known device. But I will back track a little bit because most organizations, if not all today have certain criteria. What you can and can't do across social media. But the most of the problems, if not 98 or more percent of data loss or reputation happen outside of the office. It happens on lunch breaks, vacations, weekends. We can't monitor peoples personal accounts. So we're making the users themselves, they would get the real time warnings. There's nothing to download, nothing to install. They don't give over any personal information, yet they're protected and we're able to keep it across the whole thing. >> So it's an insurance policy for the employee saying, look here's a little notification because you know that if you say that drunk tweet, let's get real right or do something that's at a concert ... >> The CFO of Twitter mistakenly tweeted out the earnings of Twitter instead of doing a direct tweet. Things happen, mistakes happen. It's the human factors of it all. >> Dave: And your technology could have stopped that? >> We could have stopped it, we could have actually auto deleted it before it even went out. >> It's almost, I don't know if it's happening on the west coast, but around where I live there's all these ... There's speed signs going up. Tells you how fast you're going. >> It's like that angel on your shoulder saying, do you really want to do this? >> It might be 25 and you see it and you go, you're going too fast and it's flashing and you slow down, and it actually works. >> We use ways in California that's more ... >> It lets you know where the cops are. (John laughing) >> There's no cops! There's no cops around. >> I know that's the same, it's just more effective. You get there faster, you don't ... >> If you don't mind I'd like to ... >> It's this subliminal message, says hey whoa yo slow down. >> Like that angel on your shoulder tapping you on the shoulder letting you know. >> Like you said, it's the good angel. >> Now I just wanted to mention also a new venture actually launching at the end of the month. It's called Prime Tech Partners. We're an incubator here in New York City. Near the flat iron district. We're going to be launching the end of November. Focusing on augmented reality, cyber security, information security and e-commerce. Opening up to start-ups. And please check it out, Prime Tech Partners. >> Shira you did some great work, I got to ask you the question because start-ups are the canary in the coal mine. >> Shira: Yup. >> They'll tell you kind of what's happening, give you a barometer. What is going on in the start-up areas around security because there's now a range, diverse range opportunities from lock chain all the way to enterprise. >> Sheri: Sure. >> So, and everything in between. What's the chirping happening in the mines of the start-ups as they create new ventures. >> Well it's interesting because when you talk about what's out there we talk about almost like an umbrella. Sometimes people would put cyber security over the whole umbrella and then fit artificial intelligence, augmented reality, virtual reality, blockchain. Everything kind of falls under there. So, you know it's actually moving along with the system. There's a lot of artificial intelligences making a big play. IoT world, there's quite a bit of technology coming out there. All finding the whole problems and if you look at everything there's a lot of the human aspects of information security that they have to take into account when developing and when pushing it out because at the end of the day, it's all social engineering. It's the human factor, whatever you're creating. >> And we're seeing the same thing on theCUBE entries. We go to hundreds of shows a year. The trend is every part of the stack is impacted by this. >> Shira: Exactly. >> At the infrastructure low level, from multi factor authentication all the way up to Docker and Cooper and Eddies at the dev ops level, the app level. To wearables ... >> Well, wearables certainly. Right? Gaining some ones information. >> John: Geo information. >> Right. Well, here was an interesting ... I went into, I have a law firm that contacted me. They wanted me to some consulting for them. They implement this most beautiful, high-tech, gorgeous office. So I was in there talking to some of the partners and they were plugging in their new smart TV's and their smart fridges. Everything into their network. You don't have breech their network to get their information, we'll breech Sony! You breech into Sony, whatever whoever the manufacturer of the TV, the fridge, whatever it is. They're thinking IoT, well they can gain access into that law firm, gain information and just take all that information and utilize that. So there's so much thought to be put around even the IoT world, artificial intelligence. The human factor takes a step back. >> If it's a network device it can be hacked. >> Exactly. Yes. >> So is part of your mission just to make people aware of humans role in bad security practices? Is that a big part of this? >> Shira: Yes. >> This sort of shining a light on it. >> Yes, I think there's almost like a stop and pause. When you're creating a technology, whatever it is, and people are looking, Oh I'm going to make this stronger. I'm going to make this better, I'm going to make this faster. Oh here let me put another control over it, and here's another control, and by the way they have to go around this and do five things, we're going to have the best thing out there. They're not going to use it, they're going to break it and circumvent it. Stop, there's a person there. How are we going to make the person use this to the best capacity? How's it going to be strong without giving them all those extra layers? Anything you're doing, there's a person there. You got to stop and think and figure out how to utilize the best way. >> Shira, give us some predictions for next year, the end of the year, so predictions are coming. We had our meeting this week, or last week on our predictions, so we're going to put you in the hot seat. Your predictions for next year. Hot trends you expect to see. What are you expecting? What's your prediction for next year? Well, I think IoT is going to take a big forefront. Especially with the smarter cities, the smarter homes. As you're talking about the wearables. Artificial intelligence is going to kind of play into that as well, but I think the people are very excited about becoming let's quote unquote smart, no extra steps, right? When you have the no extra steps, remember you're opening yourself up for something, do it smart. But IoT is really expanding itself into every infrastructure whether it being utilizing, engineering. Whether it being cities itself, whether it being homes. And the wearables are also ... If you look at what's going on with Fitbit, then you have the next Apple and then there's something else every other day that you could put on yourself and you could get any information that you want. >> So people are connecting the IoT to the industrial side of their analog to digital. >> Exactly. Yes. Yes. And I think that's going to become a forefront in the next year. >> Right. What do you think of the event here, so far? >> I think the event is terrific. We've had some amazing speakers here and I think they're all highlighting the fact that we have to share expertise and really come together to bypass the problems that are out there and work as a unit, and certainly Centrify is doing a great job here. I'm very happy to be here. >> Great. Well, good luck with everything next year. Thanks for coming on theCUBE, we really appreciate it. >> Shira: Thank you. Happy to be here. That was commentary, great analysis. An opinion here on theCUBE, here at Centrify's event that they're underwriting for the industry as an industry event called CyberConnect presented by Centrify. I'm John Furrier with Dave Vellante, stay tuned for more live coverage here in New York City after this short break. (electronic music)