>>The cube presents, Dell technologies world brought to you by Dell. >>Welcome back to Dell technologies, world 2022. We're live in Vegas. Very happy to be here. Uh, this is the cubes multi-year coverage. This is year 13 for covering either, you know, EMC world or, uh, Dell world. And now of course, Dell tech world. My name is Dave Volante and I'm here with longtime Cub alum cube guest, Steve Kenon, the storage Alchemist, who's, uh, Beckett, Dell, uh, and his data protection role. And Tony Bryson is the chief information security officer of the town of Gilbert town in Arizona. Most, most towns don't have a CISO, but Tony, we're a thrilled, you're here to tell us that story. How did you become a CISO and how does the town of Gilbert have a CISO? >>Well, thank you for having me here. Uh, believe it or not. The town of Gilbert is actually the fourth largest municipality in Arizona. We serve as 281,000 citizens. So it's a fairly large enterprise. We're a billion dollar enterprise. And it got to the point where the, uh, cybersecurity concerns were at such a point that they elected to bring in their first chief information security officer. And I managed to, uh, be the lucky gentleman that got that particular position. >>That's awesome. And there's a, is there a CIO as well? Are you guys peers? Do you, how what's the reporting structure look like? >>We have a chief technology officer. Okay. I report through his office mm-hmm <affirmative> and then he reports, uh, directly to the town executive. >>So you guys talk a lot, you I'm sure you present a lot to the, to the board or wherever the governance structure is. Yeah, >>We do. I, I do quarterly report outs to the, I report through to the town council. Uh, let them know exactly what our cyber security posture is like, the type of threats that we're facing. As a matter of fact, I have to do one when I return to, uh, Gilbert from this particular conference. So really looking forward to that one, cuz this is an interesting time to be in cyber security. >>So obviously a sea. So Steve is gonna say, cyber's the number one priority, but I would say the CTO is gonna say the, say the same thing I would say the board is gonna say the same thing. I would also say Steve, that, uh, cyber and cyber resilience is probably the number one topic here at the show. When you walk around and you see the cyber demonstrations, the security demonstrations, they're packed, it's kind of your focus. Um, it's a good call. >>Yeah. <laugh> I'm the luckiest guy in storage, right? <laugh> um, yeah, there hasn't I in the last 24 months, I don't think that there's been a, a meeting that I've been to with a customer, no matter who's in the room where, uh, cyber resiliency, cybersecurity hasn't come up. I mean, it is, it is one of the hot topics in last night. I mean, Michael was just here. Uh, Michael Dell was just here last night. He came into the showroom floor, he came back, he took a look at what we were offering for cyber capabilities and was impressed. And, and so, so that's really good. >>Yeah. So I noticed, you know, when I talked to a lot of CIOs in particular, they would tell me that the pre pandemic, their cyber resiliency was very Dr. Focused, right. They really, it really wasn't an organizational resilience. It was a, if there's an oh crap moment, they could get it back in theory. And they sort of rethought that. Do you see you that amongst your peers, Tony? >>I think so. I think that people are quickly starting to understand that you just can't focus on, in, on protecting yourself from something that you think may never happen. The reality is that you're likely to see some type of cyber event, so you better be prepared for it. And you protect yourself against that. So plan for resiliency plan with making sure that you have the right people in place that can take that challenge on, because it's not a matter of if it's a matter of when >>I would imagine. Well, Steve, you and I have talked about this, that, you know, the data protection business used to be, we used to call it backup in recovery and security, which is a whole different animal, but they're really starting to come together. It's kind of an Adjay. I, I know you've got this, uh, Maverick report that, that you want to talk about. What, what is that as a new Gartner research? I, I'm not familiar with it. >>Yeah. So it's some very interesting Gartner research and what I think, and I'd be curious to, Tony's take on, especially after that last question is, you know, a lot of people are, are spending a lot of money to keep the bad actors out. Right. And Gardner's philosophy on this whole, um, it's, it's, you're going to get hacked. So embrace the breach, that's their report. Right. So what they're suggesting is you're spending a lot of money, but, but we're witnessing a lot of attacks still coming in. Are you prepared to recover that when it happens? Right. And so their philosophy is it's time to start thinking about the recovery aspects of, you know, if, if they're gonna get through, how do you handle that? Right. >>Well, so you got announcements this week, big one of the big four, I guess, or big five cyber recovery vault. It's been, you're enhancing that you guys are talking things like, you know, air gaps and so forth. Give us the overview of the news there. >>Yeah. So there's, uh, cyber recovery vault for AWS for the cloud. There is, uh, a lot of stuff we're doing with, uh, cyber recovery vault for, uh, Aw, uh, Azure also, right along with the cyber sense technology, which is the technology that scans the data. Once it comes in from the backup to ensure that it clean and can be recovered and you can feel confident that your recoveries look good, right? So now, now you can do that OnPrem, or you can do it through a colo. You can do it with in the cloud, or you can, uh, ask Dell technologies with our apex business services to help provide cyber recovery services wherever for you at your co at yet OnPrem or for you from the cloud. So it's kind of giving the customer, allowing them to keep that freedom of choice of how they want to operate, but provide them those same recovery capabilities. >>So Tony, give us paint us a picture without giving away too much for the bad guys. How, how you approach this, maybe are you using some of these products? What's your sort of infrastructure look like? >>Yeah. Without giving away the state secrets, um, we are heavily invested in the cyber recovery vault and cyber sense. Uh, it plays heavily in our strategy. We wanna make sure we have a safe Harbor for our data. And that's something that, that the Dell power protect cyber recovery vault provides to us. Uh, we're exceptionally excited about the, the development that's going on, especially with apex. We're looking at that, and that has really captured our imagination. It could be a game changer for us as a town because we're, we're a small organization transitioning to a midsize organization and what apex provides and what the Dell cyber recovery vault provides to us. Putting those two together gives us the elasticity we need as a small organization to expand quickly and deal with our internal data concerns. >>So cyber recovery as a service is what you're interested in. Let me ask you a question. Are you interested in a managed service or are you interested in managing it yourself? >>That's a great question, personally. I would prefer that we went with managed services. I think that from a manager's perspective, you get a bigger bang for the buck going with managed services. You have people that work with that technology all the time. You don't have to ramp people up and develop that expertise in house. You also then have that peace of mind that you have more people that are doing the services and it acts as a force multiplier for you. So from a dollar and cents perspective, it's the way that you want to go. When I start talking to my internal people, of course, there's that, that sense of fear that comes with the unknown and especially outsourcing that type of critical infrastructure, the there's some concern there, but I think that with education, with exposure, to some of the things that we get from the managed service, it makes sense for everybody to go that >>Route and, and you can, I presume sort of POC it and then expand it and then get more comfortable with it and then say, okay, when it's hardened and ready now, this is the, the Def facto standard across the organization. >>I suspect we'll end up in a hybrid environment to begin with where we'll some assets on site, and then we'll have some assets in the cloud. And that's again, where apex will be that, that big linchpin for us and really make it all work. How >>Important are air gaps? >>Oh, they're incredibly, incredibly, uh, needed right now. You cannot have true data of security without having an air gap. A lot of the ransomware that we see moves laterally through your organization. So if you have, uh, all your data backed up in the same data center that your, your backups and your primary data sources are in odds are they're all gonna get owned at the same time. So having that air gap solution in there is critical to having the peace of mind that allows the CISO to sleep at night. >>I always tell my crypto and NFT readers, this doesn't apply to data centers. You gotta air back air, air gap, your crypto, you know, when you're NFT. So how do you guys Steve deal with, with air gap? Can you explain the solutions? >>So in the, in the cyber recovery vault itself, it is driven through, uh, you've got one, uh, power protect, uh, appliance on one, one side in your data center, and then wherever your, your, your vaulted area is, whether it be a colo, whether it be on pre wherever it might be. Uh, we create a connection between between the two that is one directional, right? So we send the data to that vault. We call it the vault and, you know, we replicate a copy of your backup data. Once it lives over there, we make a copy of that data. And then what we do is with the cyber sense technology that Tony was talking about, we scan that data and we validate it against, with a whole cyber sense is built on IML machine learning. We look at a couple hundred different kind of profiles that come through and compare it to the, to the day before as backup and the day before that and understand kind of what's changing. >>And is it changing the right way? Right? Like there might be some reasons it it's supposed to change that way. Right. But things that look anomalous, we send up a warning when we let the people know that, you know, whoever's monitoring, something's going on. You might want to take a look. And then based on that, if there's whatever's happening in the environment, we have the ability to then recover that data back to the, to the original system. You can use the vault as a, as a clean room area, if you want to send people to it, depending on kind of what's going on in, in, in your main data center. So there's a lot of things we do to protect that. Do >>You recommend, like changing the timing of when you take, you know, snapshots or you do the same time every day, it's gotta create different patterns or >>I'll tell you that's, that's one thing to keep the, keep the hackers on their tow, right? It it's tough to do operationally, right? Because you kind that's processes. But, but the reality is if you really are that, uh, concerned about attacks, that makes a lot of sense, >>Tony, what's the CISOs number one challenge today? >>Uh, I, it has to be resilience. It has to be making sure your organization that if or when they get hit, that you're able to pick the pieces back up and get the operation back up as quickly and efficiently as possible. Making sure that the, the mission critical data is immediately, uh, recoverable and be able to be put back into play. >>And, and what's the biggest challenge or best practice in terms of doing that? Obviously the technology, the people, the process >>Right now, I would probably say it's it's people, uh, we're going through the, the, um, a period of, of uncertainty in the marketplace when it comes to trying to find people. So it is difficult to find the right people to do certain things, which is why managed services is so important to an organization of our size and, and what we're trying to do, where we are, are incorporating such big ideas. We need those manager services because we just can't find the bodies that can do some of this work. >>You got an interesting background, you a PhD in psychology, you're an educator, you're a golf pro and you're a CISO. I I've never met anybody like you, Tony <laugh>. So, thanks for coming on, Steve, give you the last word. >>Well, I think I, I think one of the things that Tony said, and I wanted to parlay this a little bit, uh, from that Gartner report, I even talked about people is so critical when it comes to cyber resiliency and that sort of thing. And one of the things I talked about in that embraced the breach report is as you're looking to hire staff for your environment, right, you wanna, you know, a lot of people might shy away from hiring that CSO that got fired because they had a cyber event. Right, right. Oh, maybe they didn't do their job. But the reality is, is those folks, because this is very new. I mean, of course we've been talking about cyber for a couple of years, but, but getting that experience under your belt and understanding what happens in the event. I mean, there are a lot of companies that run things like cyber ranges, resiliency, ranges to put people through the paces of, Hey, this is what have happens when an event happens and are you prepared to respond? I think there's a big set of learning lessons that happens when you go through one of those events and it helps kind of educate the people about what's needed. >>It's a great point. Failure used to mean fire right in this industry. And, and today it's different. The adversary is very well armed and quite capable and motivated that learning even during, even when you fail, can be applied to succeed in the future or not fail, I guess there's no such thing as success in your business. Guys. Thanks so much for coming on the cube. Really appreciate your time. Thank you. Thanks very >>Much. >>All right. And thank you for watching the cubes coverage of Dell tech world 2022. This is Dave Valenti. We'll be back with John furrier, Lisa Martin and David Nicholson. Two days of wall to wall coverage left. Keep it with us.