(upbeat music) >> Announcer: Live from Las Vegas, it's The Cube covering Dell Technologies World 2018. Brought to you by Dell EMC and its ecosystem partners. (soft electronic music) >> And welcome back here on The Cube which, of course, is the flagship broadcast of Silicon Angle TV. Proud to be here at Dell Technologies World 2018. We've been live Monday, now today Tuesday, back live again tomorrow. Hope you join us for all three days of coverage. Along with Keith Townsend, I'm John Walls. We're joined by Jim Franklin who's the director of solution management at Dell EMC. Jim, good to see you this afternoon. >> Hey, nice to see you as well. >> How's the show been for you so far? >> Fantastic, and there's always a lot of energy at Dell World. It's always exciting to be around, see our partners, our customers, hear our executives speak, gives us some clarity on what we're doing at my level. [Men Laugh] So it's a fun time, it's energetic, it's Vegas. >> Get's ya. >> Good combination right? >> Yeah, so. (laughs) Get you energized. >> So before we jump in, what are you hearing from customers now? Because we've been talking to a lot of folks in your shoes at Dell and just kind of curious what are people bending your ear about? What are they most curious about? >> Yeah, so a lot of our customers and our partners are interested in, I'll call them hot trends. So what from my perspective are we seeing, where are there problems? So for that, things like how do I continue to try and outpace the data that keeps coming, because like death and taxes, the data keeps growing and growing and growing so they're looking at it going, how do I start to consume all this data? Can you help out? Hey but what about this cloud and how do I make the cloud a reality? Several of them haven't actually even started on a cloud strategy, so they're saying, hey what's the best way to look at that? And then they're looking at it saying, if they're the infrastructure guy or if they're the backup administrator, they're saying, how do I actually flip my economic model from a cost model to a profit model? So these are the sorts of conversations we're seeing, not only with our customers, but our partners are trying to help them out as well. >> So take us back. Let's go to the most simple or at least maybe the most elementary stage and say they're not even thinking of a cloud strategy yet or they're just now embarking on that. >> Jim: Just sniffing out. >> Yeah, walk us through that. What do you do because you would think by now obviously, their awareness is viable. We should be there, but they don't know where to go. >> So most customers know that this is now trusted technology, a trusted operating model. The problem has to be is how do you actually get there? What does that journey look like and what choices do I have? So even those early adopters that jumped out to public cloud for sort of a quick fix, we see them especially for my area, which is business critical applications, SAP Oracle, Splunk, they're coming back to an on-premise cloud for reasons like being able to recover out of that or this now they've discovered is their intellectual property and there's a little bit of reluctance just to go send that out to sort of an unknown place, so we see a lot of customers that are not bringing it back, but they now learn how that economic model can work, so they're trying to go in with sort of a cloud mentality. So still do the operational, the show back, the charge back, but maybe bring that in house, so you're more comfortable with it, so you can innovate on that. >> So as we're talking about these traditional, mission-critical apps, SAP, Splunk, Oracle Suite, these applications that are very rigid. The cash register, SAP, the cash register of the world. We don't want to change, you get the product guy. He's like, hey we want access to the mission-critical data. We want to be able to change it on the fly. You have the SAP guys going back and saying, no, no, no. >> Jim: Wait a minute, yeah. >> Wait a minute, we'll give you N+1 environment to develop in and then you prove to us, but it takes nine months to get an N+1 environment so you can do the development. How is Dell EMC, Dell Technologies, helping solve that agility problem for these legacy applications? >> So the first thing that we have to do, if you're going to keep it on premise is we advise our customers, modernize the infrastructure, because a lot of times you'll come up on a server or a storage refresh, right? This is the plumbing, right? This is underneath the guts of the house. It's not exactly attractive stuff, so if you can actually move to speed based technologies, things like Flash, right, fantastic technology. If you can virtualize it, if you can start to consider scale out and scale up technologies that are ready to go. Software Define has been a boon for these things. SAP is now adopting this like Software Define. That's fantastic for our folks, I guess. You guys know the advantages of Software Define. It can spin up, spin out, scale up, scale, in a much more pragmatic, quicker way. So these are sort, see now we're entering into things like VX Rack, VX Rail, and they have the resiliency, the stability, the scale in order to support these applications. They're built now solid enough that you can trust them to run, so now you get those operational efficiencies, you get that ability to scale, you get the performance, and you get it at a little bit better price point as well, so I think that's where customers are starting to be less reluctant to move those big humongous SAP, Oracle workloads, because it can be trusted. It's now that technology's aged enough and is resilient enough, then now customers are doing it and they're doing it quite rapidly. >> So step two of this is once I get some agility, what I thought was, traditional rational, you know what, Dell should never move SAP to the cloud, because it's static, it doesn't change, and it's costly. Well I now have these use cases where I'm spinning up N+1s all the time and I'm bringing them down. That's elastic. That sounds like the cloud. How do you help make that transition? >> So SAP actually, as one of the trigger points is this move to HANA, the memory database. And the economic model was, it's a little pricey, that software, right? So SAP has actually gone in with a cloud-first mentality. So they've actually helped us out here. They've promoted them as, so HANA enterprise cloud, for instance, is a way for you to get in on HANA at a price point that's a little better, the subscription based model. And you can start to migrate some, like a BW app, something a little smaller. Remember back in the days when we first virtualized? You wouldn't virtualize your mission-critical app right off the bat. You picked something small that you could eat. We don't eat our meal one big hunk at a time, right, we eat little bites of it, so we're doing the same thing with-- >> Keith: Unless you have four brothers. >> What's that? Unless-- (laughs) >> You have four brothers. >> You eat quickly. >> You use those. >> You do it all, right. >> Or you get real quick with your elbows. So we advise our customers, take a small BW app that you got on Oracle right now, flop it over there, put it in the cloud. You'll be able to cost-justify this much, much better and then with the work on tangible use cases, start to pull in more data-rich, hydrate that really fast, awesome analytics engine, and start to use it for the power of good. It's a super hero. It's a super hero technology, so we want to invoke it. We want to bring it alive. We want to apply it towards new innovations and that's what our customers are doing now. Financial services, health care, the retail market. So now our customers are starting to say, hey how can I apply this super awesome, super hero technology to my retail space. How can I inflate my tires 5 PSI more so I save my company 10 million dollars? So these, all these use cases now are coming. Now I call this, my personal thing, I call it now cool IT. We're no longer in the trenches doing the plumbing for SAP, we're now moving on to cool IT where we can start to do data analytics, we can start to apply use cases, start to ingest more data, maybe that oil rig out there in the gulf, I can start to pull in more of that data, I can start to do analytics on it. I can start to show the business that I'm meaningful, that I am a profit center, I know what's going on. >> Yeah, what's from the big jump there in terms of opening people's eyes, opening a company's eyes to how rich that data is for them and how applicable it is and how actionable it is, because that's been one of the bugaboos, right? People were like, I got all this data, where there's treasure there. >> Jim: There is. >> You got to find it, you got to get there. >> Right, right. So that advancement, some of the technology, like HANA's a hardened database now, not hardened in terms of its access, but hardened in terms of the technology itself, so I can actually put more in it and ingest it. The other thing that's happened is we've moved out to the edge, things like the gateways and things like that. Now I can apply that technology, but I don't have to suck it all in. And we'll go back to the original point, the cloud has enabled a lot of this traffic, the data traffic to go out there and what we see our customers now doing is now they're able to actually quiesce the data and just, we always could do this, but it never came together in such a way that it was cohesive, that I could have universal translators of all this different data coming in and I could actually quiesce it. And now, to me, the part that always matters, the UI work, like I can actually visualize and then SAP, and Oracle, and all the, they can now make it visual. I think that's the key. So if I'm a CFO or I'm a CEO and I'm talking to my CIO and I don't need to talk about numbers. I can literally visualize the data on my screen, on my iPad or whatever device I have. That now, what we see with our eyes, is much more believable than what we hear with our ears. >> John: Absolutely. >> So you can see it. And that's, I think, that's the big differentiator I've seen is we don't do customer presentations anymore. We show them with their own data. So we used to do that design thinking way back in the day, but now you can actually apply that with the technology we have and I can visualize it. >> John: Seeing is believing, right? >> Immediately customers, you don't have to do a business justification. They see it. They see it right there in front of their own eyes. It's fantastic. >> So, talking about design theory or design approach, there has to be a point where industry-wide or even within your practice where you're at the 50, 60% of the solution for most customers and there's a customization point. Where are you guys at in that? Is it 50, 60, 70, 80% at that point? What-- >> Well that's what makes it fun for a guy like me, because in solutions we can validate, we can do performance optimization and that's, for the most part you're talking servers, network storage, stuff we've always done and we can optimize that to a large extent, but once you flip the script and you look from the application down, you can start to tune from that perspective, so we can get about 70, 80% of this well constructed. It's that last 20% where the customer's saying, hey I'm a financial services arm and I'm trying to catch the flashboys or the stock traders that are manipulating the market. Well that requires a new set of tools, right, a new set of approach to how to do this, how to analyze your data, how to introduce automation, so for us, the last mile, particularly with our SI partners, who are really good at doing this. SAP is really good at doing this design thinking session. We could sit down with a customer now, we could ask them where do they want to make money. How do you want to invest in IT so that your analytics is fully realized, your data is fully realized, and they have wonderful use cases. So now we're not talking about how does widget X work with application Y, we're talking about how do I apply this data in the direction of the use case you're trying to solve for and that's the last 20% or something like that. >> Is that where art meets science in a way? All of the sudden, like you said, you've got your 80%, this is the way it's going to be. >> Now, now. >> This stuff works. >> Now we're going to fine tune. >> Jim: Yeah. >> So there is some art maybe that comes into play there. >> There is. We found that it tends to be vertical specific and there is an art form to it, which is why our global system integrators are wonderful, because they're artists. We could go in with them and we could have that conversation. We could sit down for, you could even sit down just for a couple hours and pretty soon you're having a great conversation, understanding really what the customer's business is like and then targeting that particular use case and making it tangible. >> So that's pretty interesting. You say you sit down. Who exactly are you sitting down with, because traditionally Dell EMC, Dell Technologies, talked to the infrastructure group. You're talking about a completely different level. This sounds like application level folks, analysts, not the traditional Dell contact. >> Yeah, which makes us a little bit specialized. So you still want to sell to the back of the house, the infrastructure guys, the folks that are-- >> Keith: It's going to need a PowerMax. >> Right, and it's a completely different conversation though and I'll connect the two in just a minute, but we go in and we'll talk to the VP of applications, we'll talk to the DBA. These are the folks that actually, they're not worried about the widget, the disc behind it. We'll sell them a VMAX, or a PowerMax, excuse me, at the end of the day, but they're not so worried about that. They're worried about how do I get fiduciary responsibility out of this? How do I control my regulations? What do I do about data locality? How do I look at the pressure on that oil rig out in the Gulf of Mexico and make sure it's not going to burst? How do I proactively send out my maintenance man, not on every month, but when I know on the 5,000th open of that train door, that I need to proactively go do that, because at 5,000 open and closes, it's going to fail. We've done that with analytics. We know that. So for us, most of those conversations tend to be at the, you look for the DBA or the VP of applications or the CIO and in this way, this is the beauty of how this all, we're actually going in with the Rainmaker ISV. So we're going in with SAP, we're going in with Oracle, and now we combine what traditionally has been Dell, the infrastructure guys with SAP and we never used to call, we used to call six months detached from each other. Not anymore. Design thinking, IOT, use case, data analytics has brought us right together and we're in the glide path together now. It's a much different partnership now with those guys. >> Yeah, good recipe, right? >> It's fabulous. >> It really is. >> It's great, it's a fun time. >> Yeah I can tell, I can tell. And thank you for being with us. We appreciate the birds-eye view but as you said, this is kind of an exciting time, right? Because you're able to, you're transforming your business and other businesses at the same time. >> Jim: Yeah, best thing to do, yeah, love it. >> Very cool. Jim, thanks for being with us, appreciate your time. >> Yeah, appreciate it, thanks for having me. >> Joining us for Dell EMC. Back with more from Dell Technologies World 2018. We're live here in Las Vegas. (soft upbeat electronic music)

>> Announcer: Live from Washington, DC it's theCube covering .conf 2017 brought to you by Splunk. >> Welcome back here on theCube the flagship broadcast for Silicon Angle TV, glad to have you here at .conf 2017 along with Dave Vellante, John Walls. We are live in Washington, DC and balmy Washington, DC. It's like 88 here today, really hot. >> It's cooler here than it is in Boston, I here. >> Yeah, right, but we're not used to it this time of year. Brad Medairy now joins us he's an SVP at Booz Allen Hamilton and Brad, thank you for being with us. >> Dave: And another Redskins fan I heard. >> Another Redskins fan. >> It was a big night wasn't it? Sunday night, I mean we haven't had many of those in the last decade or so. >> Yeah, yeah, I became a Redskins fan in 1998 and unfortunately a little late after the three or four superbowls. >> John: That's a long dry spell, yeah. >> Are you guys Nats fans? >> Oh, huge Nats fan, I don't know, how about Brad, I don't want to speak for you. >> I've got a soft spot in my heart for the Nats, what's the story with that team? >> Well, it's just been post-season disappointment, but this year. >> This is the year. >> This is the year, although-- >> Hey, if the Redsox and the Cubs can do it. >> I hate to go down the path, but Geos worry me a little bit, but we can talk about it offline. >> Brad: Yeah, let's not talk about DC Sports. >> Three out of five outings now have not been very good, but anyway let's take care of what we can. Cyber, let's talk a little cyber here. I guess that's your expertise, so pretty calm, nothing going on these days, right? >> It's a boring field, you know? Boring field, yeah. >> A piece of cake. So you've got clients private sector, public sector, what's kind of the cross-pollination there? I mean, what are there mutual concerns, and what do you see from them in terms of common threats? >> Yeah, so at Booz Allen we support both federal and commercial clients, and we have a long history in cyber security kind of with deep roots in the defense and the intelligence community, and have been in the space for years. What's interesting is I kind of straddle both sides of the fence from a commercial and a federal perspective, and the commercial side, some of the major breaches really force a lot of these organizations to quickly get religion, and early on everything was very compliance driven and now it's much more proactive and the need to be much more both efficient and effective. The federal space is, I think in many cases, catching up, and so I've done a lot of work across .mil and there's been a lot of investment across .mil, and very secure, .gov, you know, is still probably a fast follower, and one of the things that we're doing is bringing a lot of commercial best practices into the government space and the government's quickly moving from a compliance-based approach to cyber security to much more proactive, proactive defense. >> Can you get, it's almost like a glacier sometimes, right, I mean there's a legacy mindset, in a way, that government does it's business, but I would assume that events over the past year or two have really prompted them along a little bit more. >> I mean there's definitely been some highly publicized events around breaches across .gov, and I think there's a lot of really progressive programs out there that are working to quickly you know, remediate a lot of these issues. One of the programs we're involved in is something called CDM that's run out of DHS, Continuous Diagnostic and Mitigation, and it's a program really designed to up-armor .gov, you know to increase situational awareness and provide much more proactive reporting so that you can get real-time information around events and postures of the network, so I think there's a lot of exciting activities and I think DHS and partnership with the federal agencies is really kind of spearheading that. >> So if we can just sort of lay out the situation in the commercial world and see how it compares to what's going on in gov. Product creep, right, there's dozens and dozens and dozens of products that have been installed, security teams are just sort of overwhelmed, overworked, response is too slow, I've seen data from, whatever, 190 days to 350 days, to identify an infiltration, nevermind remediate it, and so, it's a challenge, so what's happening in your world and how can you guys help? >> Yeah, you know it's funny, I love going out to the RSA conference and, you know, I watch a lot of folks in the space, walking around with a shopping cart and they meet all these great vendors and they have all these shiny pebbles and they walk away with the silver bullet, right, and so if they implement this tool or technology, they're done, right? And I think we all know, that's not the case, and so over the years I think that we've seen a lot of, a lot of organizations, both federal and commercial, try to solve a lot of the problems through, you know, new technology solutions, whether it's the next best intrusion detection, or if it's endpoint, you know, the rage now is EDR, MDR, and so, but the problem is at the end of the day, the adversaries live in the seams, and in the world that I grew up in focused a lot around counter-terrorism. We took a data-centric approach to finding advanced adversaries, and one of the reasons that the Booz Allen has strategically partnered with Splunk is we believe that, you know, in a data-centric approach to cyber, and Splunk as a platform allows us to quickly integrate data, independent of the tools because the other thing with these tool ecosystems is all these tools work really well within their own ecosystem, but as soon as you start to mix and match best of breed tools and capabilities, they tend to not play well together. And so we use Splunk as that integration hub to bring together the data that allows us to bring our advanced trade-craft and tech-craft around hunting, understanding of the adversaries to be able to fuse that data and do advanced detection and help our clients be a lot more proactive. >> So cyber foresight is the service that you lead with? >> Yeah, you know, one of the things, having a company that's been, Booz Allen I think now is 103 years old, with obvious deep roots in the federal government, and so we have a pedigree in defense and intelligence, and we have a lot of amazing analysts, a lot of amazing, what we call, tech-craft, and what we did was, this was many many years ago, and we're probably one of the best kept secrets in threat intelligence, but after maybe five or six years ago when you started to see a lot of the public breaches in the financial services industry, a lot of the financial service clients came to us and said, "Hey, Booz Allen, you guys understand the threat, you understand actors, you understand TTPs, help educate us around what these adversaries are doing. Why are they doing it, how are they doing it, and how can we get out in front of it?" So the question has always been, you know, how can we be more proactive? And so we started a capability that we, or we developed a capability called cyber foresight where we provided some of our human intelligence analysts and applied them to open-source data and we were providing threat intelligence as a service. And what's funny is today you see a lot of the cyber threat intelligence landscape is fairly crowded, when I talk to clients they affectionately refer to people that provide threat intelligence as beltway book reporters, which I love. (laughter) But for us, you know, we've lived in that space for so many years we have the analysts, the scale, the tradecraft, the tools, the technologies, and we feel that we're really well positioned to be able to provide clients with the insights. You know, early on when we were working heavily in the financial services sector, the biggest challenge a lot of our clients had in threat intelligence was, what do I do with it? Okay, so you're going to send me, what we call a Spot Report, and so hey we know this nation-state actor with this advanced set of TTPs is targeting my organization, so what, right? I'm the CISO, I'm the CIO, should I resign? Should I jump out the window? (laughter) What do I do? I know these guys are coming after me, how do I actually operationalize that? And so what we've spent a lot of time thinking about and investing in is how to operationalize threat intelligence, and when we started, you kind of think of it as a pitcher and a catcher, right? You know, so the threat intelligence provider throws those insights, but the receiver needs to be able to catch that information, be able to put it in context, process it, and then operationalize it, implement it within their enterprise to be able to stop those advanced threats. And so one of the reasons that we gravitated toward Splunk, Splunk is a platform, Splunk is becoming really, in our mind, one of the defacto repositories for IT and cyber data across our client space, so when you take that, all those insights that Splunk has around the cyber posture and the infrastructure of an enterprise, and you overlay the threat intelligence with that, it gives us the ability to be able to quickly operationalize that intelligence, and so what does that mean? So, you know, when a security operator is sitting at a console, they're drowning in data, and, you know, analysts, we've investigated tons of commercial breaches and in most cases what we see is the analyst, at some point, had a blinking red light on their screen that was an indicator of that particular breach. The problem is, how do you filter through the noise? That's a problem that this whole industry, it's a signal to noise ratio issue. >> So you guys bring humans to that equation, human intelligence meets analytics and machine intelligence, and your adversary has evolved, and I wonder if you can talk about that, it's gone from sort of hacktivists to organized crime and nation-states, so they've become much more sophisticated. How have the humans sort of evolved as well that your bridge to bear? >> Yeah, I mean certainly the bear to entry is lower, and so now we're seeing ransomware as a service, we're seeing attacks on industrial control systems, on IOT devices, you know, financial services now is extremely concerned about building control systems because if you can compromise and build a control system you can get into potentially laterally move into the enterprise network. And so our analysts now not only are traditional intelligence analysts that understand adversaries and TTPs, but they also need to be technologists, they need to have reverse engineering experience, they need to be malware analysts, they need to be able to look at attack factors in TTPs to be able to put all the stuff in context, and again it goes back to being able to operationalize this intelligence to get value out of it quickly. >> They need to have imaginations, right? I mean thinking like the bad guys, I guess. >> Yeah, I mean we spend a lot of time, we've started up a new capability called Dark Labs and it's our way to be able to unlock some of those folks that think like bad guys and be able to unleash them to look at the world through a different lens, and be able to help provide clients insights into attack factors, new TTPs, and it's fascinating to watch those teams work. >> How does social media come into play here? Or is that a problem at all, or is that a consideration for you at all? >> Well, you know, when we look at a lot of attacks, what's kind of interesting with the space now is you look at nation-state and nation-state activists and they have sophisticated TTPs. In general they don't have to use them. Nation-states haven't even pulled out their quote "good stuff" yet because right now, for the most part they go with low-hanging fruit, low-hanging fruit being-- >> Just pushing the door open, right? >> Yeah, I mean, why try to crash through the wall when you can just, you know, the door's not locked? And so, you know, when you talk about things like social media whether it's phishing, whether it's malware injected in images, or on Facebook, or Twitter, you know, the majority of tacts are either driven through people, or driven through just unpatched systems. And so, you know, it's kind of cliche, but it really starts with policies, training of the people in your organization, but then also putting some more proactive monitoring in place to be able to kind of start to detect some of those more advanced signatures for some of the stuff that's happening in social media. >> It's like having the best security system in the world, but you left your front door unlocked. >> That's right, that's right. >> So I wonder if, Brad, I don't know how much you can say, but I wonder if you could comment just generally, like you said, we haven't seen their best pitch yet, we had Robert Gates on, and when I was interviewing him he said, "You know, we have great offensive posture and security, but we have to be super careful how we use it because when it comes to critical infrastructure we have the most to lose." And when you think about the sort of aftermath of Stuxnet, when basically the Iranians said hey we can do this too, what's the general sort of philosophy inside the beltway around offense versus defense? >> You know, I think from, that's a great question. From an offensive cyber perspective I think where the industry is going is how do you take offensive tradecraft and apply it to defensive? And so by that I mean, think about we take folks that have experience thinking like a bad guy, but unleash them in a security operation center to do things like advanced hunting, and so what they'll do is take large sets of data and start doing hypothesis driven analytics where they'll be able to kind of think like a bad guy and then they'll have developers or techies next to them building different types of analytics to try to take their mind and put it into an analytic that you can run over a set of data to see, hey, is there an actor on your network performing like that? And so I think we see in the space now a lot of focus around hunting and red teaming, and I think that's kind of the industry's way of trying to take some of that offensive mentality, but then apply it on the defensive side. >> Dave: It just acts like kind of Navy Seal operations in security. >> Right, right, yeah. I mean the challenge is there's a finite set of people in the world that really, truly have that level of tradecraft so the question is, how do you actually deliver that at any level of scale that can make a difference across this broader industry. >> So it's the quantity of those skill sets, and they always say that the amazing thing, again I come back to Stuxnet, was that the code was perfect. >> Brad: Yeah. >> The antivirus guy said, "We've never seen anything like that where the code is just perfect." And you're saying it's just a quantity of skills that enables that, that's how you know it's nation-state, obviously, something like that. >> Yeah, I mean the level of expertise, the skill set, the time it take to be able to mature that tradecraft is many many years, and so I think that when we can crack the bubble of how we can take that expertise, deliver it in a defensive way to provide unique insights that, and do that at scale because just taking one of those folks into an organization doesn't help the whole, right? How can you actually kind of operationalize that to be able to deliver that treadecraft through things like analytics as a service, through manage, detection, and response, at scale so that one person can influence many many organizations at one time. >> And, just before we go, so cyber foresight is available today, it's something you're going to market with. >> Yeah, we just partnered with Splunk, it's available as a part of Splunk ES, it's an add-on, and it provides our analysts the ability to provide insights and be able to operationalize that within Splunk, we're super excited about it and it's been a great partnership with Splunk and their ES team. >> Dave: So you guys are going to market together on this one. >> We are partnered, we're going to market together, and delivering the best of our tradecraft and our intelligence analysts with their platform and product. >> Dave: Alright, good luck with it. >> Hey, thank you, thank you very much, guys. >> Good pair, that's for sure, yeah. Thank you, Brad, for being with us here, and Monday night, let's see how it goes, right? >> Yeah, I'm optimistic. >> Very good, alright. Coach Brad Medairy joining us with his rundown on what's happening at Booz Allen. Back with more here on theCube, you're watching live .conf 2017.

>> Narrator: Live from Washington, D.C., it's the Cube covering .conf 2017 brought to you by Splunk. (electronic music) >> Welcome back to our nation's capitol. Here in Washington, D.C., the Cube which is Silicon Angle TV's flagship broadcast, broadcasting live today and tomorrow from D.C. here at .conf 2017, Splunk's annual get-together. Along with Dave Vellante, I'm John Walls. Now, we're joined by Chidi Alams who is the Head of IT and Security for Heartland Jiffy Lube. We all know Jiffy Lube for sure. Chidi, thanks for being with us. Good to see you. >> Of course, thanks for having me. >> Before I jump in, I was looking at your, kind of the portfolio of responsibilities earlier. Information security, application development, database development, reporting services, enterprise PM, blah, on and on and on. When do you sleep, Chidi? >> I don't. (laughing) That's the easy answer. The reality is I also have two young children at home, so between work and the family life, I'm up all the time. >> John: I imagine so. >> But I would have it no other way. >> Dave: How old are your kids? >> Three and two. >> Oh, you won't sleep for a decade. >> Right. >> I know. >> Wait til they start driving. >> That's what they tell me. >> Then it gets even better or worse, depends on how you look at it. >> That's how you learn how to sleep on airplanes. (laughing) >> Well, let's look at the big picture of security at Jiffy Lube. Your primary concerns these days, I assume, are very much laser-focused on security and what you're seeing. What are the kinds of things that keep you up at night? Other than kids these days? >> So, we're a very large retailer and brand recognition is something that we're very proud of, however, with that comes a considerable amount of risk. So the bad guys are also aware of Jiffy Lube. They understand that as a retailer, we have credit cards, we have very sensitive data. When I started with Jiffy Lube about two and a half years ago, I started a program to focus not only on keeping the bad guys out, right, that's essentially table stakes in any security program, but also implementing a discipline approach around insider threat. Frankly, that's where Splunk has proved to be a significant value for our organization because now we have visibility with respect to both of those risks. Additionally, we've spent a lot of time just taking more of a risk-based approach to security. Quite often what happens, technologists tend to focus on implementing technology and kind of filling gaps that way. The first thing that we did was assess organizational risk based on our most critical assets. Once we were able to determine asset X, in most cases a data asset, was really critical to the organization, credit card data, we were able to build a unified solution and program to ensure that we protect not only our brand, but our customers' data all the time. >> So, first of all I'll say, I love Jiffy Lube. I'm a customer. I go there all the time. It's so convenient, great service. Generally, very customer service oriented, but I see your challenge with all this distributed infrastructure and retail shops around. I would imagine there's somewhat of a transient, some turnover in employee base. >> Chidi: Yeah. >> The bad guys can target folks and say, "Hey, here's a few bucks. "Let me in." So how do you use data and analytics? I'm sure you have all kinds of screening and all kinds of corporate policies around that that's sort of one layer, but it's multi-dimensional. So how do you use technology and data to thwart that risk internally? >> Sure. So I think the key there is having a holistic program. That's a term that's thrown around a lot, so for me, that means a clear focus on people-processed technology. As I mentioned earlier, the tendency is to start with your comfort zone, so with us as technologists, it's technology, but the people aspect, I have found in my career, is always the largest variable that you have to account for. So disgruntled employees. In retail, regardless of how robust and how strong a culture you create, you're always going to have higher turnover than any industry, particularly in the field. Having very tight alignment with HR, Operations, other stakeholders to ensure that, look, when someone leaves, we track that effectively. That's all data-driven, by the way, so that we're able to track the lifecycle of an employee not only on the positive side when they enter the organization, but when they exit. If the exit is immediate, we have triggers and data-driven events that alert us to that so we can respond immediately. Then, I mentioned insider threat. It's not just employees out in the field. Globally, insider threat is probably the biggest blind spots for organizations. Again, the focus is on the outside, so when we look at things like data exfiltration which is a risk in any large organization where there's a lot of change and transformation, you have to have a good baseline of activity that's going on and understand what activity is truly normal versus activity that could be anomalous and an indicator of a bad actor within the enterprise. We have all that visibility and more now with Splunk. >> What is the role that Splunk plays? How has that journey evolved? I don't know if you've been there long enough, but pre-Splunk, post-Splunk, maybe you could describe that. >> Yeah, so pre-Splunk we were very, very reactive. Let me answer that by providing a little more context about how we're leveraging Splunk. So Splunk Enterprise Security is our centralized hub. Data across the enterprise comes to Splunk Enterprise Security. We have a team of SOC analysts that work around the clock to monitor events that, again, could be indicators of something bad happening. So with that infrastructure in place, we've gone from a very reactive situation where we had analysts and engineers going to disparate systems and having to manually triangulate and figure out, hey, is this an event? Is this something worthy of escalation? How do we handle this? Now, we have a platform not only in Splunk, but with some other solutions that gives us data, one, that's actionable. It's not hard to aggregate data, but to make that data meaningful and expose only what's legitimate from a triage and troubleshooting perspective. So those are some of the things we've done that Splunk has played a role in that. >> Okay. Talk about the regime for cybersecurity within your organization. It used to be, oh, it's an IT problem. In your organization, is it still an IT problem? Is the balance of the organization taking more responsibility? Is there a top-down initiative? I wonder if you could talk about how you guys approach that? >> That's a great question because it speaks to governance. One of the things that I did almost immediately when I started with Jiffy Lube was worked very closely with the senior leadership team to define what proper governance looks like because with governance, you've got accountability. So what happens all too often is security is just this thing that's kind of under-the-table. It's understood we've got some technology and some processes and policies in place, however, the question of accountability doesn't arise until there is a problem, especially in the case of a breach and most certainly when that breach leads to front-page exposure which was something I was very concerned about, again, Jiffy Lube being a very large retailer. Worked very closely with the senior leadership team to first of all, identify the priorities. We can't boil the ocean, there are a lot of gaps. There were a lot of gaps, but working as a team, we said, "Look, these are the priorities." Obviously, customer data, that's everything. That's our brand. We want to protect our customers, right. It's not just about keeping their vehicles running as long as possible. We want to be good stewards of their data. So with that, we implemented a very robust data-management strategy. We had regular meetings with business stakeholders and education also played a critical role. So taking technology and security out of the dark room of IT and bringing it to the senior leadership team and then, of course, being a member of that senior leadership team and speaking to these things in a way that my colleagues in Operations or Finance or Supply Chain could readily connect with. Then, translating that to risk that they can understand. >> So it's a shared responsibility? >> Absolutely. >> A big part of security. You talked before about keeping the bad guys out. That's table stakes. Big part of security, at least this day and age, seems to be response, how effectively the organization responds and, as you well know, it's got to be a team sport. It's kind of a bro mod, but the response mechanism, is it rehearsed? It is trained? Can you describe that? >> Both. I agree, response is critical, so you have to plan for everything. You have to be ready. Some of the things that we've done: one, we created a crisis management team, an incident response team. We have a very deliberate focus and a disciplined approach to disaster recovery and business continuity which is often left out of security conversations. Which is fascinating because the classic security triad is confidentiality, integrity, and availability. So the three have to be viewed in light of each other. With that, we not only created the appropriate incident response teams and processes within IT, but then created very clear links between other parts of the business. So if we have a security event or an availability event, how do we communicate that internally? Who is in charge? Who manages the incident? Who decides that we communicate with legal, HR? What is that ecosystem look like? All of that is actually clearly defined in our security policy and we rehearse it at least twice a year. >> You know, we just had Robert Herjavec on from the Herjavec Group just a few minutes ago. He brought up a point I thought pretty interesting. He says, "Security, obviously, is a huge concern." Obviously, it's his focus, but he said, "A problem is that the bad guys, the bad actors, "are extremely inventive and innovative "and keep coming up with new entry points, "new intrusion points." That's the big headache is they invent these really newfangled ways to thwart our systems that were unpredicted. So how does that sit with you? You say you've got all of these policies in place, you've got every protocol aligned, and all-of-a-sudden the door opens a different way that you didn't expect. >> Yeah, one of my favorite topics that really speaks to the future and where I believe the industry is going. So traditionally, security has been very signature-based. In other words, we alert against known patterns of behavior that are understood to be malicious or bad. A growing trend is machine learning, artificial intelligence. In fact, at Jiffy Lube, we are experimenting with a concept that I refer to now as the security immune system. So leveraging machine data to proactively asses potential threats versus waiting for those threats to materialize and then kind of building that into our response going forward. I think a lot of that is still in the early phases, but I imagine that in the very near future that'll be a mandatory part of every security plan. We've got to go beyond two-dimensional signature-based to true AI, machine learning. Taking action, not just providing visibility via response and alerts, but taking action based on that data proactively in a way that might not include a human actor, at least initially. >> What's the organizational structure at your shop? Are you the de-facto CISO? >> Chidi: I am. >> And the CIO? >> Chidi: I am. I wear both hats. >> Yeah, so that's interesting. You know where I'm going with this. There's always the discussion about should you separate those roles. I can make a case for either way, that if you want the best security in IT, have the security experts managing that. The same time, people say, "Well, it's like the fox "watching the hen house and there's lack of transparency." I think I know where you fall on this, but how do you address the guys that say that function should be split? What's the advantage of keeping them together in your view? >> Yeah, so I think you have to marry best practice with the realities of a particular organization. That's the mistake that I think many make when they set about actually defining the appropriate org structure. There's no such thing as a copy and paste org structure. I actually believe, and I have no problem going on record with this, that the best practice does represent in reality a division between IT and security, particularly in larger organizations. Now, for us, that is more of a journey. What you do initially and your end-state are two different things, but the way you get there is incrementally. You don't go big bang out of the gate. Right now, they both roll up to me. Foreseeably, they will roll up to me, but that works best for the Jiffy Lube organization because of some interesting dynamics. The board of directors by the way, given the visibility of security, does have a say on that. Now that we're in transformation mode, they do want one person kind of overseeing the entire transformation of IT and security. Now, in the future, if we decide to split that up and I think we have to be at the right place as an organization to ensure that that transition is successful. >> I'm glad you brought up the board, Chidi, because to me, it's all about transparency. If the CIO can go to the board and say, "Hey, here's the deal. "We're going to get hacked, we have been hacked, "and here's what we're doing about it. "Here's our response routine," and in a transparent way has an open conversation with the board, that's different than historically. A lot of times CIOs would say, "Alright, we've got this covered," because failure meant fired. That's a mistake that a lot of boards made. Now, eventually, over time the board may decide, look, the job's too big to have one person which is kind of what you're ... But how do you feel about that? What's your sentiment on that transparency piece? How often do you meet with the board and what are the discussions like? >> Yeah, great topic. So, a few things. One, and you've hinted to this, it's very important for the CIO or the CISO to have board-level visibility, board-level access. I have that at Jiffy Lube. I've had to present to the board regarding the IT strategy. I think it's also important to be an effective communicator of risk. So when you're talking to the board, what I've done is I've highlighted two things and I believe this very strongly. As a security leader, you have to practice due care and due diligence. So due care represents doing your job within the scope of whatever your role is. Due diligence involves maintaining that over a period of time, including product evaluations. If you have due care and due diligence and you're able to demonstrate that, even if your environment is compromised, you have to have the enterprise including the board realize that as long as those two things are in place, then a security officer is doing his job. Now, what's fascinating is many breaches can be mapped back to a lack of due care and due diligence. That's why the security officer gets fired to be very blunt, but as long as you have those things and you articulate very clearly what that represents to the board and the senior leadership team, then I think you just focus on doing your job and continuing to communicate. >> John wanted to know if you had any Jiffy Lube coupons before we go. >> Yeah, 'cause in my car on the way home I thought I'd just jump in there. >> I'm all out, but I'll (laughs). >> You got one right down the street from the house. They probably know me all too well because I take the kids' cars there too. >> That's right. We'll hook you up, don't worry about it. >> We appreciate the time. >> Thank you. >> Thank you. A newly-converted Dallas Cowboys fan, by the way. >> That's right. Very proud. >> Perhaps here in Washington, we can work on that. >> We'll see about that. >> Alright, we'll see. Chidi, thanks for being with us. >> Thank you, appreciate it. >> Thank you very much. Chidi Alams from Heartland Jiffy Lube. Back with more here on the Cube in Washington, D.C. at .conf 2017 right after this. (electronic music)

>> Narrator: Live from Washington DC, it's the CUBE. Covering AWS Public Sector Summit 2017. Brought to you by Amazon Web Services and its partner Ecosystem. >> Welcome back here on the CUBE, the flagship broadcast of Silicon Angle TV along with John Furrier, I'm John Wallace. We're here at AWS Public Sector Summit 2017, the sixth one in its history. It's grown leaps and bounds and still a great vibe from the show for us. It's been packed all day John. >> It's the new reinvent for the public sector, so size wise it's going to become a behemoth very shortly. Our first conference, multi-year run covering Amazon, thanks to Theresa Carlson for letting us come and really on the front lines here, it's awesome. It's computing right here, edge broadcasting, we're sending the data out there. >> We are, we're extracting the signal from the noise as John always likes to say. Government, educations all being talked about here this week. And with us to talk about that is Max Peterson, he's a general manager at the AWS and Max, thank you for joining us, we appreciate that. >> Thank you for the invitation. >> And I knew we were in trouble with our next guest, cause I said this is John, I'm John, he said, this is Max and I'm Max. I said no you're not, I know better than that. Andre Pienaar who's a founder and chairman of C5 Consulting, Andre, thank you for being here on the CUBE. >> It's great pleasure being here. >> Alright let's just start off first off with core responsibilities and a little bit about C5 too for our audience. First off, if you would Max, tell us a little bit about your portfolio-- >> Sure. >> At AWS and then Andre, we'll switch over to C5. >> I think I might have the best job in the world because I get to work with government customers, educational institutions, nonprofits who are all working to try and improve the lives of citizens, improve the lives of students, improve the lives of teachers and basically improve the lives of people overall. And I do that all around the world. >> That is a good job. Yeah, Andre. >> Max will have to arm wrestle for who has got the best job in the world, because in C5, we have the privilege of investing into fast growing companies that are built on Amazon Cloud and that specializes in cyber security, big data and cloud computing and helps to make the world a safer place. >> I'm willing to say >> Hold on I think we have the best job. >> we both have the best job. >> Now wait a minute, we get to talk to the two of you, are you kidding? >> Yeah, I've got the best, we talk to all the smartest people like you guys and it can't get better than that. >> You're just a sliver of our great day. >> That's awesome, we have established we all have great jobs. >> Andre, so you hit cyber, obviously there is not a hotter topic, certainly in this city that is talked about quite a bit as you're well aware so let's just talk about that space in general and the kinds of things that you look for and why you have this interest and this association with AWS. >> So the AWS cloud platform is a game changer for cyber security. When we started investing in cyber security, and people considered cloud, one of their main concerns was do I move my data into the cloud and will it be secure? Today it's the other way around because of the innovation that AWS has been driving in the cyber security space. People are saying, we feel we are much more secure having the benefit of all innovation on the cloud platform in terms of our cyber security. >> And the investment thesis that you guys go after, just for the record, you're more on the growth side, what stage of investments do you guys do? >> We're a later stage investor so the companies we invest in are typically post revenue but fast growing in visibility and on profitability. >> So hot areas, cyber security, surveillance, smart cities, autonomous vehicles, I mean there's a data problem going on so you see data and super computing coming back into vogue. Back when I was a youngling in college, they called it data processing. The departments and mainframes, data processing and now you have more compute power, edge compute, now you have tons of data, how is all that coming in for and inching in the business models of companies. This is a completely different shift with the cloud. But you still need high performance computing, you still need huge amounts of data science operations, how do companies and governments and public sectors pull up? >> I think just the sheer volume of data that's being generated also by the emerging internet of things necessitates new models for storing and processing and accessing data and also for securing it. When big enterprises and governments think about cyber security, they really think about how do we secure the most valuable data that's in our custody and our stewardship and how do we meet that obligation to the people who have provided that data to us. >> How would you summarize the intrinsic difference between old way, new way? Old way being non-cloud and new way being cloud as we look forward? >> I think that was a pretty good summary right there. New way is cloud, old way is the legacy that people have locked up in their data centers and it's not just the hardware that is the legacy problem, the data is the legacy problem. Because when you have all that information built in silos around government, it makes it impossible to actually implement a digital citizen experience. You as a citizen would like to be able to just ask your question of government and let them sort out what your postal code was, what your benefits information was, right? You can't do that when you've got the data, much less the systems, locked up in a whole bunch of individual departments. >> Well merging of data, sharing data as an ethos and the cyber security world, where there's an ethos of hey, you know, we're going to help each other out because the more data, the more they can get patterns into the analytics which is a sharing culture. That's not really the way it is. I got governance, I got policy issues. >> Well policing is a good example. In the Washington DC area, there are 19 law enforcement agencies with arresting powers and that data is being kept in completely separate silos. Whereas if we're able to integrate and share that data, you will be able to draw some very useful predictive policing conclusions from that which can prevent and detect crime. >> That's a confidence issue and that's where your security point weighs in. Let me get back to what you said about the old way, new way thing. Another bottleneck or barrier, or just hurdle if you will, in cloud growth, has been cultural. Mindset of management and also operational practices, you have a waterfall development cycles or project management versus agile, which is different. That's a different cultural thing so you got all the best intentions in the world, people could raise their hand put stuff in the cloud, but if you can't scale out, you're going to be on this cadence where projects aren't going to get that ROI picture generated so the agility, how are you guys seeing that developing? >> I would tell you the first thing that it takes is leaders and that's what this conference is about. It's about telling the stories of customers who have seen the potential and who are now leaders. It takes something, it takes a spark to start it and the most powerful spark that we've seen, are customer testimonials, who come forward and they explain, hey I was doing this the old way. A lot of times for a cost reason or a new mandate, they have to come up with a new way to invent and they made that selection of the cloud and that's what so often changed the opportunity that they can address. Here's just using that data as an example, transport for London in the UK has a massive amount of data that comes from all of the journey information. They started their journey to the cloud four years ago and it started with the simple premise of I needed to save costs. They saved money and they were able to take that money and reprogram it now to figuring out how do we unlock the data to generate more information for commuters. Finally, they were able to take that learning and start spinning it into how do I actually improve the journey by using machine learning, artificial intelligence and big data techniques? Classic progression along the cloud. Save some money, reinvest the savings and then start delivering new innovation on that point. >> I was going to ask you the use cases. You jumped right in. Andre, can you just chime in and share your opinion on this or anecdotal or story or data around use cases that you see out there that can point to saying, that's game changing that's transformative, that's disruptive. >> Well one of the customer stories that Max referred to that was a real game changer in cyber security was when the CIA said that they were going to adopt the AWS cloud platform. Because people said if US Intelligence community has the confidence to feel secure on AWS cloud, why can't we? AWS have evolved cyber security from being an offering which is on top of the cloud and the responsibility of the client to something which is inside the cloud which involves a whole range of services and I think that's been a complete game changer. >> The CIA deal, Dave Velanto is not here, my partner in crime as well, I call it the shot heard all around the cloud, that was a seminal moment for AWS in chronicling your guys journey over the years but I've been following you guys since the barely birth days and how you've grown up, that was a really critical moment for AWS in the public sector so I want to ask you guys both a question, right now, 2017 here at public sector conference, what's the perception of AWS outside of the ecosystem? Clearly cloud is the new normal, we heard previously, I agree with that. But what's the perception of the viability, the production level? What's the progress part in the minds of the folks? How far are we in that journey cause this is a breakout year, this year. That was the shot heard around the cloud, now there seems to be a breakout year, almost a hockey stick pick up. >> It's another example of how it takes leadership and it was the shot heard round the cloud, what we're seeing though is now many, many people are picking up that lead and using it to their advantage. The National Cyber Security Center in the UK told a story today that's pretty much a direct follow on. They're now describing to their agencies what they should do to be safe on the cloud. They're not giving them a list of rules that they need to try and go check off. It's very much about enabling and it's very much about providing the right guidance and policy. It's unlocking it instead of using security as a blocker in that example. Much more than just that one example, all over the world-- >> But people generally think okay this is now viable. So in terms of the mind of the people out in the trenches, not in the front lines like here, thoughts on your view on the perception of the progress bar on AWS public sector. >> John, one of the best measures of how the AWS cloud is perceived is what's happening in the startup scene. 90% of all startups today get born on the Amazon cloud in the US. 70% of all startups in France gets born in AWS cloud. This is the future voting for cloud and saying this is where we want to be, this is where we can scale this is where we can grow-- >> If you can believe APIs will be the normal operational interface subsystems and data, then you essentially have a holistic distributed cloud, aka computer. That's the vision. So what's the challenge? What do you guys see as the challenge, is it just education, growth? You only have 10,000 people here, it's not like it's 30 yet. >> Well you heard one of the, or you hit on one of the things that's key and that's policy. You really do have to break through the old government bureaucracy and the old government mentality and help set the new policies. Whether it's economic policies that help enable small businesses to launch and use the cloud. Whether it's procurement policies that allow people to actually buy tech and use tech fast, or whether it's the basic policy of the country. The UK now has a policy of being digital native, cloud native. >> The ecosystem's interesting, Andre, you mentioned startup, because I think for me, challenge opportunity is to have Amazon scale up, to handle the tsunami of Ecosystem partners that could be as you said, we just talked to Fugue here. Amazing startup funded by New Enterprise Associates, NEA, they're kicking ass, they're just awesome. You go back 10 years ago, they wouldn't even be considered. >> Absolutely. >> So you've got an opportunity to jam everyone in the marketplace and let it be a free for all, it's kind of like a fun time. >> It's a great time and in the venture capital world, being architect on the Amazon cloud has become a badge of quality. So increasingly venture capital firms are looking for startups that run on the AWS cloud and use them in an innovative way. >> Well on the efficiency on the product side, but also leverage on the capital side. >> Exactly. You need less capital. >> Been a provision of data center, what? >> You need less capital and secondly, also, you can fail much faster and then still have space and time to build it and restart. I think failing faster is something from an investment point of view that is really attractive. >> John: Final question. >> John: Failing faster? >> Failing faster. Because what you don't want are the long drawn out deaths of businesses. Because that's a sure way to destroy value of money. >> I think the other part though is fix faster. >> Fix faster. >> And that's exactly what the cloud does so instead of spending an immense amount of time and energy trying to figuring out precisely what I need to build, I can come up with the basic idea, I can work quick, I can fail fast, but I can fix it fast. >> Alright, well you mentioned the golden time, the golden era, and I think you both have captured it, so I think both your jobs would be up there at the top of the shelf. >> Thank you John. >> You mentioned 19 agencies by the way here in DC that can arrest, I have parking tickets from every one of them. >> Andre: I'm glad they haven't arrested you yet John. >> No, that's the price you pay for living in this city. >> Thanks John and John. >> Max, Andre thank you very much. >> John and John thank you. >> Cheers. >> Back with more here from AWS Public Sector Summit 2017, live, Washington DC, you're watching the CUBE.