(upbeat music) >> Hello, welcome to theCUBE studios of Palo Alto California for RSA conference keynote coverage and conference coverage. I'm Sean for your host of theCUBE. We're breaking down the keynote of RSA day one kickoff. We had Mark Nunnikhoven, who's the distinguished cloud strategist at Lacework. Mark former cube alumni and expert and security has been on many times before, Mark great to see you. Thanks for coming on and helping me break down RSA conference 2021 virtual this year. Thanks for joining. >> Happy to be here. Thanks for having me John. >> You know, one of the things Mark about these security conferences is that interesting, RSA was the last conference we actually did interviews physically face to face and then the pandemic went down and it was a huge shutdown. So we're still virtual coming back to real life. So and they're virtual this year, so kind of a turn of events, but that was kind of the theme this year in the keynote. Changing the game on security, the script has been flipped, connectivity everywhere, security from day one being reinvented. Some people were holding onto the old way some people trying to get on there, on the future wave. Clearly you got the laggards and you've got the innovators all trying to kind of, you know, find their position. This has been obvious in this keynote. What's your take? >> Yeah and that was exactly it. They use that situation of being that last physical security conference, somewhat to their advantage to weave this theme of resiliency. And it's a message that we heard throughout the keynote. It's a message we're going to hear throughout the week. There's a number of talks that are tying back to this and it really hits at the core of what security aims to do. And I think aims is really the right word for it because we're not quite there yet. But it's about making sure that our technology is flexible that it expands and adapts to the situations because as we all know this year, you know basically upended everything we assumed about how our businesses were running, how our communities and society was running and we've all had to adapt. And that's what we saw at the keynote today was they acknowledged that and then woven into the message to drive that home for security providers. >> Yeah and to me one of the most notable backdrops to the entire thing was the fact that the RSA continues to operate from the sell out when Dell sold them for alright $2 billion to a consortium, private privately private equity company, Symphony Technology Group. So there they're operating now on their own. They're out in the wild, as you said, cybersecurity threats are ever increasing, the surface area has changed with cloud native. Basically RSA is a 3000 person startup basically now. So they've got secure ID, the old token business we all have anyone's had those IDs you know it's pretty solid, but now they've got to kind of put this event back together and mobile world Congress is right around the corner. They're going to try to actually have a physical event. So you have this pandemic problem of trying to get the word out and it's weird. It's kind of, I found it. It's hard to get your hands around all the news. >> It is. And it's, you know, we're definitely missing that element. You know, we've seen that throughout the year people have tried to adapt these events into a virtual format. We're missing those elements of those sorts of happenstance run-ins I know we've run into each other at a number of events just sort of in the hall, you get to catch up, but you know as part of those interactions, they're not just social but you also get a little more insight into the conference. Hey, you know, did you catch this great talk or are you going to go catch this thing later? And we're definitely missing that. And I don't think anyone's really nailed this virtual format yet. It's very difficult to wrap your head around like you said, I saw a tweet online from one InfoSec analyst today. It was pointed out, you know, there were 17 talks happening at the same time, which you know, in a physical thing you'd pick one and go to it in a virtual there's that temptation to kind of click across the channels. So even if you know what's going on it's hard to focus in these events. >> Yeah the one conference has got a really good I think virtual platform is Docker con, they have 48 panels, a lot of great stuff there. So that's one of more watching closest coming up on May 27. Check that one out. Let's get into this, let's get into the analysis. I really want to get your thoughts on this because you know, I thought the keynote was very upbeat. Clearly the realities are presenting it. Chuck Robbins, the CEO of Cisco there and you had a bunch of industry legends in there. So let's start with, let's start with what you thought of Rowan's keynote and then we'll jump into what Chuck Robbins was saying. >> Sure yeah. And I thought, Rohit, you know, at first I questioned cause he brought up and he said, I'm going to talk about tigers, airplanes and sewing machines. And you know, as a speaker myself, I said, okay, this is either really going to work out well or it's not going to work out at all. Unfortunately, you know, Rohit head is a professional he's a great speaker and it worked out. And so he tied these three examples. So it was tiger king for Netflix, at World War II, analyzing airplane damage and a great organization in India that pivoted from sewing into creating masks and other supplies for the pandemic. He wove those three examples through with resiliency and showed adaptation. And I thought it was really really well done first of all. But as a cloud guy, I was really excited as well that that first example was Netflix. And he was referencing a chaos monkey, which is a chaos engineering tool, which I don't think a lot of security people are exposed to. So we use it very often in cloud building where essentially this tool will purposely blow up things in your environment. So it will down services. It will cut your communications off because the idea is you need to figure out how to react to these things before they happen for real. And so getting keynote time for a tool like that a very modern cloud tool, I thought was absolutely fantastic. Even if that's, you know, not so well known or not a secret in the cloud world anymore, it's very commonly understood, but getting a security audience exposure to that was great. And so you know, Rohit is a pro and it was a good kickoff and yeah, very upbeat, a lot of high energy which was great for virtual keynote. Cause sometimes that's what's really missing is that energy. >> Yeah, we like Rohit too. He's got some, he's got charisma. He also has his hand on the pulse. I think the chaos monkey point you're making is as a great call out because it's been around the DevOps community. But what that really shows I think and puts an exclamation point around this industry right now is that DevSecOps is here and it's never going away and cloud native and certainly the pandemic has shown that cloud scale speed data and now distributed computing with the edge, 5G has been mentioned, as you said, this is a real deal. So this is DevOps. This is infrastructure as code and security is being reinvented in it. This is a killer theme and it's kind of a wake-up call. What's your reaction to that? what's your take? >> Yeah, it absolutely is a wake-up call and it actually blended really well into a Rohit second point, which was around using data. And I think, you know, having these messages put out to the, you know, what is the security conference for the year always, is really important because the rest of the business has moved forward and security teams have been a little hesitant there, we're a little behind the times compared to the rest of the business who are taking advantage of these cloud services, taking advantage of data being everywhere. So for security professionals to realize like hey there are tools that can make us better at our jobs and make us, you know, keep or help us keep pace with the business is absolutely critical because like you said, as much as you know I always cringe when I hear the term DevSecOps, it's important because security needs to be there. The reason I cringe is because I think security should be built into everything. But the challenge we have is that security teams are still a lot of us are still stuck in the past to sort of put our arms around something. And you know, if it's in that box, I'm good with it. And that just doesn't work in the cloud. We have better tools, we have better data. And that was really Rohit's key message was those tools and that data can help you be resilient, can help your organization be resilient and whether that's the situation like a pandemic or a major cyber attack, you need to be flexible. You need to be able to bounce back. >> You know, when we actually have infrastructure as code and no one ever talks about DevOps or DevSecOps you know, we've, it's over, it's in the right place, but I want to get your thoughts and seeing if you heard anything about automation because one of the things that you bring up about not liking the word DevSecOps is really around, having this new team formation, how people are organizing their developers and their operations teams. And it really is becoming programmable and that's kind of the word, but automation scales it. So that's been a big theme this year. What are you hearing? What did you hear on the keynote? Any signs of reality around automation, machine learning you mentioned data, did they dig into automation? >> Automation was on the periphery. So a lot of what they're talking about only works with automation. So, you know, the Netflix shout out for chaos monkey absolutely as an automated tool to take advantage of this data, you absolutely need to be automated but the keynote mainly focused on sort of the connectivity and the differences in how we view an organization over the last year versus moving forward. And I think that was actually a bit of a miss because as you rightfully point out, John, you need automation. The thing that baffles me as a builder, as a security guy, is that cyber criminals have been automated for years. That's how they scale. That's how they make their money. Yet we still primarily defend manually. And I don't know if you've ever tried to beat, you know the robots that are everything or really complicated video games. We don't tend to win well when we're fighting automation. So security absolutely needs to step up. The good news is looking at the agenda for the week, taking in some talks today, while it was a bit of a miss and the keynote, there is a good theme of automation throughout some of the deeper dive sessions. So it is a topic that people are aware of and moving forward. But again, I always want to see us move fast. >> Was there a reason Chuck Robbins headlines or is that simply because there are a big 800 pound gorilla in the networking space? You know, why Cisco? Are they relevant security? Is that signaling that networking is more important? As of 5G at the edge, but is Cisco the player? >> Obviously Cisco has a massive business and they are a huge player in the security industry but I think they're also representative of, you know and this was definitely Chuck's message. They were representative of this idea that security needs to be built in at every layer. So even though, you know I live on primarily the cloud technologies dealing with organizations that are built in the cloud, there is, you know, the reality of that we are all connected through a multitude of networks. And we've seen that with work from home which is a huge theme this year at the conference and the improvements in mobility with 5G and other connectivity areas like Edge and WiFi six. So having a big network player and security player like Cisco in the keynote I think is important just because their message was not just about inclusion and diversity for skills which was a theme we saw repeated in the keynote actually but it was about building security in from the start to the finish throughout. And I think that's a really important message. We can't just pick one place and say this is where we're going to build security. It needs to be built throughout all of our systems. >> If you were a Cicso listening today what was your take on that? Were you impressed? Were you blown away? Did you fall out of your chair or was it just right down the middle? >> I mean, you might fall out of your chair just cause you're sitting in it for so long taken in a virtual event. And I mean, I know that's the big downside of virtual is that your step counter is way down compared to where it should be for these conferences but there was nothing revolutionary in the opening parts of the keynote. It was just, you know sort of beating the drum that has been talked about, has been simmering in the background from sort of the more progressive side of security. So if you've been focusing on primarily traditional techniques and the on-premise world, then perhaps this was a little a bit of an eye-opener and something where you go, wow, there's, you know there's something else out here and we can move things forward. For people who are, you know, more cloud native or more into that automation space, that data space this is really just sort of a head nodding going, yeap, I agree with this. This makes sense. This is where we all should be at this point. But as we know, you know there's a very long tail insecurity and insecurity organizations. So to have that message, you know repeated from a large stage like the keynote I think was very important. >> Well you know, we're going to be, theCUBE will be onsite and virtual with our virtual platform for Amazon web services reinforced coming up in Houston. So that's going to be interesting to see and you compare contrast like an AWS reinforce which is kind of the I there I think they had the first conference two years ago so it's kind of a new conference. And then you got the old kind of RSA conference. The question I have for you, is it a just a position of almost two conferences, right? You got the cloud native AWS, which is really about, oh shared responsibility, et cetera, et cetera a lot more action happening there. And you got this conference here seem come the old school legacy players. So I want to get your thoughts on that. And I want to get your take on just just the cryptographers panel, because, you know, as I'm not saying this as a state-of-the-art that the old guys saying get off my lawn, you know crypto, we're the crypto purists, they were trashing NFTs which as you know, is all the rage. So I, and Ron rivers who wrote new co-create RSA public key technology, which is isn't everything these days. Is this a sign of just get off my lawn? Or is it a sign of the times trashing the NFTs? What's your take? >> Yeah, well, so let's tackle the NFTs then we'll do the contrast between the two conferences. But I thought the NFT, you know Ron and Addie both had really interesting ways of explaining what an NFT was, because that's most of the discussion around the NFT is exactly what are we buying or what are we investing in? And so I think it was Addie who said, you know it was basically you have a tulip then you could have a picture of a tulip and then you could have something explaining the picture of the tulip and that's what an NFT is. So I think, you know, but at the same time he recognized the value of potential for artists. So I think there was some definitely, you know get off my lawn, but also sort of the the cryptographer panels is always sort of very pragmatic, very evidence-based as shown today when they actually were talking about a paper by Schnorr who debates, whether RSA or if he has new math that he thinks can debunk RSA or at least break the algorithm. And so they had a very logical and intelligent discussion about that. But the cryptographers panel in contrast to the rest of the keynote, it's not about the hype. It's not about what's going on in the industry. It's really is truly a cryptographers panel talking about the math, talking about the fundamental underpinnings of our security things as a big nerd, I'm a huge fan but a lot of people watch that and just kind of go, okay now's a great time to grab a snack and maybe move those legs a little bit. But if you're interested in the more technical deeper dive side, it's definitely worth taking in. >> Super fascinating and I think, you know, it's funny, they said it's not even a picture of a tulip it's s pointer to a picture of a tulip. Which is technically it. >> That was it. >> It's interesting how, again, this is all fun. NFTs are, I mean, you can't help, but get an Amber by decentralization. And that, that wave is coming. It's very interesting how you got a decentralization wave coming, yet a lot of people want to hang on to the centralized view. Okay, this is an architectural conflict. Is there a balance in your mind as a techie, we look at security, certainly as the perimeter is gone that's not even debate anymore, but as we have much more of a distributed computing environment, is there a need for some sensuality and or is it going to be all decentralized in your opinion? >> Yeah that's actually a really interesting question. It's a great set up to connect both of these points of sort of the cryptographers panel and that contrast between newer conferences and RSA because the cryptographers panel brought up the fact that you can't have resilient systems unless you're going for a distributed systems, unless you're spreading things out because otherwise you're creating a central point of failure, even if it's at hyper-scale which is not resilient by definition. So that was a very interesting and very valid point. I think the reality is it's a combination of the two is that we want resilient systems that are distributed that scale up independently of other factors. You know, so if you're sitting in the cloud you're going multi-region or maybe even multicloud, you know you want this distributed area just for that as Verner from AWS calls it, you know, the reduced blast radius. So if something breaks, not everything does but then the challenge from a security and from an operational point of view, is you need that central visibility. And I think this is where automation, where machine learning and really viewing security as a data problem, comes into play. If you have the systems distributed but you can provide visibility centrally which is something we can achieve with modern cloud technologies, you kind of hit that sweet spot. You've got resilient underpinnings in your systems but you as a team can actually understand what's going on because that was a, yet another point from Carmela and from Ross on the cryptographers panel when it comes to AI and machine learning, we're at the point where we don't really understand a lot of what's going on in the algorithm we kind of understand the output and the input. So again, it tied back to that resiliency. So I think that key is distributed systems are great but you need that central visibility and you only get there through viewing things as a data problem, heavy automation and modern tooling. >> Great great insight, Mark. Great, great call out there. And great point tied in there. Let me ask you a question on your take on the keynote in the conference in general as first day gets going. Do you see this evolving from the classic enterprise kind of buyer supplier relationship to much more of a CSO driven or CXO driven? I need to start building about my teams. I got to start hiring developers, not so much in operation side. I mean, I see InfoSec is these industries are not going away. People are still buying tools and stacking up the tool shed but there's been a big trend towards platforms and shifting left from a developer CICB pipeline standpoint which speaks to scale on the cloud native side and that distributed side. So is this conference hitting that Mark, or you still think there are more hardware and service systems people? What's the makeup? What's the take? >> I think we're definitely starting to a shift. So a great example of that is the CSA. The Cloud Security Alliance always runs a day one or day zero summit at RSA. And this year it was a CSO executive summit. And whereas in previous years it's been practitioners. So that is a good sign I think, that's a positive sign to start to look at a long ignored area of security, which is how do we train the next generation of security professionals. We've always taken this traditional view. We've, you know, people go through the standard you get your CISSP, you hold onto it forever. You know, you do your time on the firewall, you go through the standard thing but I think we really need to adjust and look for people with that automation capability, with development, with better business skills and definitely better communication skills, because really as we integrate as we leave our sort of protected little cave of security, we need to be better business people and better team players. >> Well Mark, I really appreciate you coming on here. A cube alumni and a trusted resource and verified, trusted contributor. Thank you for coming on and sharing your thoughts on the RSA conference and breaking down the keynote analysis, the RSA conference. Thanks for coming on. >> Thank you. >> Well, what we got you here to take a minute to plug what you're doing at Lacework, what you're excited about. What's going on over there? >> Sure, I appreciate that. So I just joined Lacework, I'm a weekend. So I'm drinking from the fire hose of knowledge and what I've found so far, fantastic platform, fantastic teams. It's got me wrapped up and excited again because we're approaching, you know security from the data point of view. We're really, we're born in the cloud, built for the cloud and we're trying to help teams really gather context. And the thing that appealed to me about that was that it's not just targeting the security team. It's targeting builders, it's targeting the business, it's giving them that visibility into what's going on so that they can make informed decision. And for me, that's really what security is all about. >> Well, I appreciate you coming on. Thanks so much for sharing. >> Thank you. >> Okay CUBE coverage of RSA conference here with Lacework, I'm John Furrier. Thanks for watching. (upbeat music)

>> Narrator: Live from San Francisco it's theCUBE covering RSA Conference 2020 San Francisco brought to you by SiliconANGLE media. >> Welcome back, everybody. Jeff Frick here with theCUBE. We are at the RSA 2020, a really special segment. As you can tell it's really quiet here, it's not like normal CUBE action, we are here before the expo hall even opens on Thursday morning with a very special guest, we pulled them away from a crazy busy week if not more, it's Rohit Ghai the president of RSA, Rohit great to see you again. >> Always a pleasure, thanks Jeff. >> Absolutely, so I was really looking forward to this, I was really impressed by the opening keynotes, first it rolled out George Takei, that's a pretty bold move even more bold is to try to follow him up. >> Totally (laughing) >> So congratulations, and you know, that was pretty brave. >> I appreciate it, thank you. That was quite a, you know, quite a hurdle to got to follow George Takei. >> Right, and I just want to get kind of these other things that were kind of bubbling above the surface out of the way you know, a big piece of news, I think a week it came out before the show is that RSA was sold to Symphony I believe? >> Rohit: Symphony Technology Group. >> Right, so give us a little bit of the story there. >> Absolutely, so you know we entered into a definitive agreement, Symphony Technology Group acquiring RSA from Dell Technologies. What this does is this it basically clarifies the swim lanes for Dell Technologies to focus on intrinsic security and RSA can focus on managing digital and cyber risk, and you know, we are excited about the opportunity to become agile and independent and you know, kind of play in a smaller company setting to pursue our future, so we are super excited to be part of Symphony. >> Yeah, that's great, and the other thing that's kind of a pall, I mean just to put it out there is the corona virus thing. And you know, Mobile World Congress, a completely different show but a big show, probably the first big show of our industry this year was canceled. A hundred thousand plus people, so I just am just wondering if you can share kind of what were some of your thoughts and the team's thoughts 'cause we were all curious to see well how is this going to happen, there was a couple of drop outs but I think it's been a very good week. >> It has been a great week, you know what I'll say is it was a demonstration of resilience on part of the attendees, you know when we analyzed the situation what we noted was about 82 plus percent of our attendees are from the Americas right, so there was a core set of attendees that were perhaps not as impacted in terms of travel, et cetera, so we decided to move forward, we've been in close collaboration with the CDC and the mayor's office right here, Major London Breed's office right here is SF to make sure it's going to be a safe event for everyone and you know, the team put together a great kind of set of measures to make sure everyone has hand sanitizer. >> Great, great. >> And you know, we made sure we did what was needed to manage the risk and ensure resilience through this sort of you know very global risk that is playing out, so very proud of the team, and we garnered 40 thousand plus attendees despite you know, despite the coronavirus issue. >> You know, good job I am sure it was touch and go and a real sensitive situation and I can tell you a lot of other people and event organizers you know, were getting ready to head into a very busy event season, it's what we do and so, you know nice kind of lead indicator from you to execute with caution. >> I appreciate it, thank you. >> So let's jump into the fun stuff. So your key note was not really talking that much about bad guys and technology and this and that, you talked about story telling and you got very much into kind of the human element, which is the theme this year, but really the role of stories, the importance of stories, and most importantly for the security industry to take back their story and not let it get away from them. >> You summed it up really well Jeff, and you know what I said is hey if the theme of the conference is the human element, let's explore what intrinsically makes us human and the point, you know you've all know that it is stories that makes us human and I feel we've lost control of the narrative as an industry and as such we need to take that back and make sure we clarify the role of all the human characters in our story because until we do that, until we change our story we have no shot at changing our reality. >> Right, but you're kind of in a weird spot right, it's the classic spy dilemma. You can't necessarily tell people what you know because then they'll know that you know it and you might not be able to get more or better information down the road, so as you said in you keynote you don't necessarily have the ability to celebrate your wins, and a DDoS attack thwarted doesn't make the news. I keep thinking it's like ref in a game or like a offensive lineman in football you only hear about them on that one play when they get the holding call, not the 70 other plays were they did their job. >> Rohit: Totally, totally. >> So it's a unique challenge though >> It is, it is a challenge, it is not an easy problem and you know, there is a couple of recipes that I put out there for us to consider as an industry is you know, recipe one is we can celebrate our successes at a collective level right so, just like we put out breach reports, et cetera, in terms of what the statistics are, where the breaches are animating from we can talk about defensive strategies that are working at a collective level as an industry and share that sort of best practices recipes to win, that would be a fine start. I think another area, another point that I made was that we don't have to win for the hacker to lose. 71% of the breaches were motivated by financial gains, right, and as such if we, despite breaches, which is not a win for us, if we deny financial gain to the hackers we make them lose and they are subject to the same laws of economics, they have a profit and loss statement, they are spending resources for gain and when we deny them gain we make them lose, so those are a couple of ideas on how we can begin to change the narrative. >> Right. So the other piece of the human part is the rise of the bots, right, and the raise of AI and the rise of these increasingly smart and sophisticated machines. I think I saw one of those reports that we talk about on air was you know that people are an increasingly targeted group we hear it all the time, we hear about social engineering. As that gets more complicated, how does the role of people change? 'Cause clearly they can't monitor tens and tens and hundreds of thousands of concurrent attacks all the time. >> Absolutely, so you know the bad guys are using AI you know I cited the example of a deep fake audio clip that actually duped the CEO into initiating a wire transfer so they are using all these sophisticated attacks so to your point, we cannot rely on the end user to discern through these very sophisticates. It's unfair for us to think of them as the first line of defense, we have to on the IT side, we have to bring in technology, make the technology more usable, so you don't have to pay attention to this one millimeter by one millimeter lock at the corner of the browser to realize whether a web interaction is safe or not. We need to make more usable software, we need to do a better job of managing and reducing vulnerabilities to reduce the attack surface so IT has to step up in that regard, and then on the security teams I think they have to step up to use AI to detect bot initiated attacks so we are not leaning on the human to discern what is an anomalous interaction and what could be a phishing or a smishing attack, et cetera, you know we need to bring AI to fight the good fight on our behalf. >> Right. So the other kind of angle on that I thought was really interesting, Wendy's keynote, a couple of keynotes after yours from Cisco talked about, you know, a theme we see over and over in tech which is really kind of the democratization of security and get it out of just the hallowed halls of the super billion CSOCs and technologists that are just security and open it up to everybody so make them part of the solution and not those pesky people that keep clicking on links that they are not supposed to. >> Absolutely. She did a great job of kind of making that point and you know the way I think about it is again we need to move from a culture of elitism to a culture of inclusion. Until we really get the steaming going, not just within the security professionals which we are doing a better job of certainly in the industry, but we have to team with the user, the IT and the business teams in order to have a shot at tipping the balance in our favor. >> Yeah, it's really funny 'cause that kind of democratization theme is something that we see kind of across many levels of technology, whether it's in big data, can get away from the data scientists, in doing your own reports, in having access to your own marketing material and you know, so it's kind of funny that now we are just hearing it here I guess the last bastion of we're the smartest people in the room, no no, you need to use all the brain power. >> All the brain power. I use the phrase let's stop being STEM snobs and let's be more inclusive, and you know garner the entire spectrum of the diverse talent pool that we have available and you know making the point, perhaps a provocative point, that the cyber talent gap, a bit of it might be actually self-inflicted because we have been in this sort of elitism mindset. >> Right, and I think one of the themes that you talked about in you keynote was because of kind of the elite mindset we only want to focus on the elite challenges and in fact it's not the hardest challenges that are necessarily the most dangerous or the ones that are more frequently used, it doesn't have to be the craziest hardest way in. >> It absolutely does not. The point I made was preparing for the worse does not prepare you for the likely and the statistics are overwhelming. 60% of the breaches were on the back of six stolen credentials. That's a pretty table stakes basic issue that ought to be just taken off the table, and if we take care of the basics then we can focus our energy on the corner cases but let's first prepare for the likely before we get to the worst situations. >> Right. So Rohit I'm just curious to get your take as you have been here for the last couple of days, you know you did a whole lot of work getting into that keynote and getting this thing up and off the ground but you've had a couple of days to be here walked around, talked to a lot of customers and clients, partners, I wonder if there is anything that's kind of come up as a theme that you either didn't expect or kind of reinforced some of thoughts that you had coming into this week. >> Absolutely. I think if I would've net it out Jeff what I'm sensing is there is a whole movement to shift security left, which is this whole idea of IT stepping up as the first line of defense, reduce cyber exposure, take care of patching, multi-factor authentication, reduce the attack surface intrinsic security right so DevOps and SecDevOps take care of it right up front before the apps even get built right, then there is another movement to shift things right which is take care of the new aspects of the attack surface right, what the hacker always take advantage of are the areas where they sense we are unprepared and for a long time they've seen us being unprepared in terms of reducing the attack surface and then they go after the new aspects of the attack surface and what are those? IT, IoT, OT, data as an attack surface and the Edge right, so these are areas were there is a lot of activity, a lot of innovation, you know, on the floor here if you walk the corners shifting left shifting right as in all the new aspects of the attack surface. I am seeing a lot of conversations, a lot of innovation is that area. >> Yeah. Well, there's certainly no shortage of innovation in the companies here and in fact I think it's probably one of the biggest challenges that I think of from a virus perspective is to walk this floor and to figure it all out 'cause I don't know how many thousand of vendors there are but there's really big ones and there is lot's of little ones like you said tucked in the corner in kind of the cutting edge of the innovation. What advice do you give to people who is their first time coming to RSA? >> Yes, I think you know, it's a huge challenge for customers, there's 14 of every category. I think the customers what they have to see is they have to think about the recipe rather they have to focus not on the tool but the concept behind the tool, and think about the architecture right and they should seek out vendors that take this platform approach. It is, you know, the market hasn't consolidated that much where they can just go to a few vendors but when they build that architecture they should choose vendors that behave well as a puzzle piece in the jigsaw puzzle that our customers are having to assemble together right, that they are investing in the API integrations on the edges so they can slot in and be part of a broader solution. That's a key, key criteria that customers should utilize in their selection of the vendors. >> Yes, that's good. That's good advice, and they should be listening. So Rohit, thanks again for your time. Congratulations on a week and I hope you get that weekend of absolutely nothing coming up in just a couple of days that you talked about. >> I absolutely do. The joke I made was, you know, the only time I'm okay being labeled as useless is the weekend after RSA conference. So, I fully look forward to being useless over this weekend, it's been a great week and thank you again for having me. >> All right, two more days, 48 hours. All right, thanks again. He's Rohit, I'm Jeff, you're watching theCUBE. We're at RSA 2020, the year we're going to know everything with the benefit of hindsight. We're not quite there yet but we're trying yo get a little closer. Thanks for watching, we'll see you next time. (upbeat music)