(upbeat music) >> Hello, and welcome to this Cube Conversation kicking off 2022, I'm John Furrier, your host of theCUBE. We're with Loris Degioanni, Chief Technology Officer and founder of Sysdig. A company that's in the pioneering cloud native and cloud native security, open source, big part of the CNCF, CUBECon coverage. Of course, we know them as of that environment as well as DockerCon which we've covered many times. Sysdig is a very successful company. Loris, welcome to theCUBE Conversation. >> Thank you and thanks for having me. >> Well, we know a lot about you, but a lot of folks are learning about you guys with your success. Congratulations on the funding and the validation of your product, which is not a surprise. We've been saying on theCUBE open source has been powering innovation for some time and getting stronger, faster. The predictions in the Linux Foundation about this open source contributions continue to be blown away by their projections and more and more is coming. A new generation is upon us. Cloud Native, Edge, Kubernetes. All of these things are powering a modern application environment which is changing business. And under the covers, you guys are a big part of it. So take us through who Sysdig is, what you guys do for the folks out there and let's get into it. Obviously open source is a big part of it. Take us through who is Sysdig and what do you guys do. >> Yeah, Sysdig helps you run your software in the cloud in a way that is secure and confidently. We have a security solution that covers containers, cloud and Kubernetes. And we cover you in the life cycle of modern application. So the Sysdig security platform helps you secure application in a way that ranges from like shift left in CSD and finding vulnerabilities in your CSD pipeline to run time security that is very important in the cloud in particular with orchestrated infrastructures like the ones that are run by Kubernetes. And then of course, everything that has to do with the forensics, threat-hunting and so on. And the world is changing, security is changing, and Sysdig is one of the startups, one of the companies that is at the forefront of true modern cloud native security. >> So I got to ask you. Were you sitting in your backyard one day thinking, hey, I'm going to start a company? How did this all come together? I mean, the originator story, because we saw open source, we saw even more before CNCF was formed, you saw what cloud was doing. Again, we saw OpenStack and all these other things happening around technology. What was the driver behind the founding of Sysdig, and then how did that progress? Because again, there's an open source component here I want to get into. >> Yeah, and it's interesting that you say backyard because actually Sysdig was actually started in my backyard. Just outside of here. So the backyard metaphor is very, very fitting here. And in a general way, let's say I come from a background in open source for a very long time. Sysdig is my second company. My first company was called Case Technologies. It was the company behind an open source network analyzer called Wireshark, which is widely used by millions and millions of people around the world to do network troubleshooting and network analysis. And when we were doing network packets, we were using like the network devices to collect information. The data that is being transferred on the network has some very nice properties, it's rich. It's very deep. When you can see and decode what's happening on the network, you can understand what applications are doing, what the users are doing. I used to say, packets never lie, right? Because you could connect to the router and collect this data and they have a very good picture without any two instrument libraries to link, to install stuff and so on. And all of a sudden, we're moving to the cloud and the router that was like the vintage point for this beautiful way of doing security and visibility disappears. And you're renting instances that are floating in the Amazon cloud. And when the world changed that way from one point of view, I was sure that what we're doing before was useful and was powerful for the users. But I was also sure, okay, the world is going to change. The retrofitted solutions are not going to work. We can take our product, but then we have the innovator dilemma. We have a product that we cannot completely radically change. So I decided let's start from scratch. Let's start Sysdig. Let's try to understand actually what this cloud is going, where containers are going. There's this new Kubernetes thing that everybody's talking about. What does it mean to offer deep, rich, but at the same time lightweight and easy to deploy security and visibility for this kind of new way of writing software and that's how Sysdig was born. >> So if I remember correctly back in that timeframe, that couple you said you found a millions people using that application. If I remember correctly, that was software network monitoring. Is that true? Is that open source at that time? Was that an open project or was that? >> Yeah, like Wireshark is a network analyzer and the software that we're doing was heavily open source oriented and was mostly software and there were also potentially appliances because this was data center more kind of stuff. >> That was before cloud even came here. So again, defined data center software and defined clouds happening. So again, good segue into kind of where security, you mentioned footprints, you can track people with packets. So to your point, is this the tie into security, tell us how this fits in with open source and security with the software piece? >> Yeah, what Sysdig did essentially, the idea was let's learn from our prior life. I always say that every new wave of technology is built on the shoulders of the previous one. And you'd never reinvent anything. You just apply it and evolve it. And the same thing we did with Sysdig. So we learned what was working with our previous approaches that were based on observing the applications behavior by looking essentially at network traffic, but we adapted it to modern infrastructures. And open source was our mantra before with Wireshark and became our mantra with Sysdig. Sysdig, the company name comes from the open source tool that we released was the first thing that we released in our company. And then few years later with Falco, which now is the premier open source project that was created by Sysdig and is now part of the CNCF, it's an incubating project. And it's essentially the runtime security tool for containers, Kubernetes, and cloud. >> Take us through that Falco, because I think this is an important distinction on your success trajectory because CNCF has a nice playbook where companies can contribute to the CNCF at the same time, that creates an open environment for all, and then have a business model tied to it. This is kind of a new, not new, but this is a successful way to be open source and have a commercial opportunity. >> Yeah, and very much a substantial portion of our commercial product is let's say an extension of Falco. But let's say our approach was like, let's first produce something that is truly useful for the community and fits in the proper way with the ecosystem, with the rest of the ecosystem. Nowadays in every field security as well, you don't build any more a single solution. You build something that needs to fit very well in the stack. Kubernetes, Prometers, network meshes and DCO and this kind of stuff, these all fit together. So Falco, which is the runtime security component needs to fit as well. So initially our focus was like, okay, we need to fill the gap of runtime security for containers, for Kubernetes, and also for cloud. But we need to do that in a way that is community first and data really helps, but also engages and takes advantage of the users, of the broader community. At that point, going to the CNCF and telling the CNCF, hey, look, we developed these, are you interested in partnering with us and being essentially the organization behind this project, was very natural. And that's what we did in 2016, sorry, 2018. 2016 is when Falco started, 2018. And at that point, you know, it's a great partnership because the CNCF is really a great home for all of these projects and really makes it possible for the users to trust a project in a way that they know that even if the commercial banker, even if the original creators, even if the team rotates and changes and evolves, the end users can still use this project, trust this project and know that it's community driven. And it's been a great journey for us. >> How would you describe what Falco is and what are the key use cases? >> Yeah, Falco is, I compare it to the security camera for your containers, your house and your cloud infrastructure. So the same way that the security camera allows you to observe maybe what's happening in your home, even if you have a lock, is still useful to have a security camera, right? To understand when something breaks in what they're doing, when they do it, get an alarm when something better happens. Similarly, in software infrastructures, you can still have your lock, your firewall and so on, but then you use a security camera like Falco that is able to observe every single container, every single process, every single machine, every single network connection and so on. Keep an eye on it and then it has sort of a points-based system that includes a bunch of policies that come essentially pre-packaged that allow the users to detect when something dangerous or suspicious happens in the infrastructure. For example, I don't know somebody is spawning or sharing their radius container. Or somebody is logging in AWS without multi-factor authentication. Falco keeps a constant eye and lets you know, it gives you an alert when something like that happens. >> You know what I love about what you guys do and kind of highlights what we've been saying on theCUBE for many, many years is that the networking concepts of the older generations have been moving up the stack with cloud because you got rule engines, policy automation, all these things are now part of connected systems. So if you have the cloud, which is essentially a distributed computing, you have more networks, more connections. And so the networking paradigms of packets can be moved over to software, well, software maintenance, if you will, or anything, any middleware, whatever you want to call it. I mean, this is kind of a new paradigm. So, what's your reaction to that? I want to get your take on this because this is kind of really happening. >> Yeah, and you are absolutely right. And what us as a Falco community or as Sysdig as a company is exactly that. We're taking the concepts that were maybe at the base of the previous generation of the data center in terms of policies, in terms of one clause and we're sort of elevating them to what modern cloud is. To give you an example, I don't know if you remember, but a Falco was inspired by a tool called Snort and the company also was Sourcefire. Snort used to listen on the network, constantly observe the network traffic and the deploy policies to tell you, okay, somebody uploaded a file from China and this file contains a malware. Now we do this, but we're able to see inside containers. We have cloud context. We understand the regions. We understand Kubernetes namespace and all these kinds of stuff. So we're able to put so much more context and be so much closer to the user, but the concepts are the same. We're just, as I was saying, sitting on the shoulders of people before us that invented this and we're modernizing them. >> Well, this is what refactoring is all about. This is the benefit of the cloud. I think, this is why a lot of the cloud native success is happening because companies are realizing that they can actually not just re platform in the cloud, but actually refactor their business, completely different. Using other paradigms and not necessarily rip and replace or just cut and paste. They can take concepts and codify them in their workloads, not necessarily general purpose. So again, key cloud concept and only going to get stronger with the edge developing. So again, more and more complexity, connected complexity. >> Yeah, complexity that more and more you manage through automation, right? Which is another key concept in the cloud. So we are able as a market, as a community to have and manage more and more complex infrastructures because we have tools that are able to automate, to take care of stuff for us, to potentially remediate, which is another big theme in modern security for us and so on. And of course, again, companies like Sysdig, try to really read these in the plight, in a proper way that can be the most possible useful. >> And hackers love complexity, right? And love chaos. And so unless you tame that with really good software, this is the key challenge. >> You need to manage chaos and you need good software to help you manage chaos. >> All right, final question for you. How is Sysdig and the Falco community working with AWS? >> Yeah, in a number of ways. One of the beauties, as I was telling before of essentially being built on an open source project like Falco is that you can really work together with cloud providers like AWS with mutual advantage. For example, AWS and team members at Amazon have done many contributions to Falco and the Sysdig system and integrations and so on. We partnered as Falco community and Sysdig with AWS to offer proper support for Falco versus the products on Fargate, which is, managed containers are the future, are very powerful. Everybody wants to go there, but then you need to make sure that you are covered, you have security from the point of view of severability and so on. Sysdig and AWS work together on doing a P trace based implementation, this is a technical thing, but essentially it means that a tool like Falco can give you invitations, can be the security camera for Fargate as well. And in general way, Amazon is a great partner for us on a daily basis as a community and as a company. >> Loris, you've got a great company there. And again, it was great to see you guys grow from the beginning and the wave is here. As they say, in California, you guys are riding the right wave. And I think it's just the beginning. I think you're going to see more and more security be programmable, built in, automated, under the covers, invisible, but working. And I think the same is going to be true for data and other things. So a lot more to do. And again, it's distributed computing. We've seen this movie before, but not in this environment. So new tools are coming and you guys are a big part of it. Thank you so much for coming on theCUBE and sharing what you guys are doing and the technology behind Sysdig. Thanks for coming on. >> Thank you very much and thank you for the great conversation. >> Okay, this is theCUBE I'm John Furrier your host for Cube conversations with Sysdig's Loris Degioanni, CTO of Sysdig. Thanks for watching. (gentle music)

(radio calls) >> Announcer: From around the globe, its theCUBE covering Space & Cybersecurity Symposium 2020, hosted by Cal poly. Hello, welcome back to theCUBE virtual coverage with Cal Poly for the Space and Cybersecurity Symposium, a day four and the wrap up session, keynote session with the Lieutenant Governor of California, Eleni Kounalakis. She's here to deliver her keynote speech on the topic of California's role in supporting America's Cybersecurity future. Eleni, take it away. >> Thank you, John, for the introduction. I am Lieutenant Governor Eleni Kounalakis. It is an honor to be part of Cal Poly Space and Cybersecurity Symposium. As I speak kind of Pierre with the governor's office of business and economic development is available on the chat, too ready to answer any questions you might have. California and indeed the world are facing significant challenges right now. Every day we are faced with the ongoing COVID-19 pandemic and the economic downturn that is ensued. We have flattened the curve in California and are moving in the right direction but it is clear that we're not out of the woods yet. It is also impossible right now to escape the reality of climate change from the fire sparked by exceptionally rare, dry lightening events to extreme heat waves threatening public health and putting a strain on our electricity grid. We see that climate change is here now. And of course we've been recently confronted with a series of brutal examples of institutionalized racism that have created an awakening among people of all walks of life and compelled us into the streets to march and protest. In the context of all this, we cannot forget that we continue to be faced with other less visible but still very serious challenges. Cybersecurity threats are one of these. We have seen cities, companies and individuals paralyzed by attacks costing time and money and creating an atmosphere of uncertainty and insecurity. Our state agencies, local governments, police departments, utilities, news outlets and private companies from all industries are target. The threats around cybersecurity are serious but not unlike all the challenges we face in California. We have the tools and fortitude to address them. That is why this symposium is so important. Thank you, Cal Poly and all the participants for being here and for the important contributions you bring to this conference. I'd like to also say a few words about California's role in America's future in space. California has been at the forefront of the aerospace industry for more than a century through all the major innovations in aerospace from wooden aircraft, to World War II Bombers, to rockets and Mars rovers. California has played a pivotal role. Today, California is the number one state in total defense spending, defense contract spending and total number of personnel. It is estimated the Aerospace and Defense Industry, provides $168 billion in economic impact to our state. And America's best trained and most experienced aerospace and technology workforce lives here in California. The fact that the aerospace and defense sector, has had a strong history in California is no accident. California has always had strong innovation ecosystem and robust infrastructure that puts many sectors in a position to thrive. Of course, a big part of that infrastructure is a skilled workforce. And at the foundation of a skilled workforce is education. California has the strongest system of public higher education in the world. We're home to 10 university of California campuses, 23 California State university campuses and 116 California Community Colleges. All told nearly 3 million students are enrolled in public higher education. We also have world renowned private universities including the California Institute of Technology and Stanford University numbers one and three in the country for aerospace engineering. California also has four national laboratories and several NASA facilities. California possesses a strong spirit of innovation, risk taking and entrepreneurship. Half of all venture capital funding in the United States, goes to companies here in California. Lastly, but certainly no less critical to our success, California is a diverse state. 27% of all Californians are foreign born, 27% more than one in four of our population of 40 million people are immigrants from another country, Europe central and South America, India, Asia, everywhere. Our rich cultural diversity is our strength and helps drive our economy. As I look to the future of industries like cybersecurity and the growing commercial space industry, I know our state will need to work with those industries to make sure we continue to train our workforce for the demands of an evolving industry. The office of the lieutenant governor has a unique perspective on higher education and workforce development. I'm on the UC Board of Regents, the CSU Board of Trustees. And as of about two weeks ago, the Community Colleges Board of Governors. The office of the lieutenant governor is now the only office that is a member of every governing board, overseeing our public higher education system. Earlier in the symposium, we heard a rich discussion with Undersecretary Stewart Knox from the California Labor and Workforce Development Agency about what the state is doing to meet the needs of space and cybersecurity industries. As he mentioned, there are over 37,000 job vacancies in cybersecurity in our state. We need to address that gap. To do so, I see an important role for public private partnerships. We need input from industry and curriculum development. Some companies like Lockheed Martin, have very productive partnerships with universities and community colleges that train students with skills they need to enter aerospace and cyber industries. That type of collaboration will be key. We also need help from the industry to make sure students know that fields like cybersecurity even exist. People's early career interests are so often shaped by the jobs that members of their family have or what they see in popular culture. With such a young and evolving field like cybersecurity, many students are unaware of the job opportunities. I know for my visits to university campuses that students are hungry for STEM career paths where they see opportunities for good paying jobs. When I spoke with students at UC Merced, many of them were first generation college students who went through community college system before enrolling in a UC and they gravitated to STEM majors. With so many job opportunities available to STEM students, cybersecurity ought to be one that they are aware of and consider. Since this symposium is being hosted by Cal Poly, I wanted to highlight the tremendous work they're doing as leaders in the space and cybersecurity industry. Cal Poly California Cybersecurity Institute, does incredible work bringing together academia, industry and government training the next generation of cyber experts and researching emerging cybersecurity issues. As we heard from the President of Cal Poly, Jeff Armstrong the university is in the perfect location to contribute to a thriving space industry. It's close to Vandenberg Air Force Base and UC Santa Barbara and could be home to the future permanent headquarters of US Space Command. The state is also committed to supporting this space industry in the Central Coast. In July, the State of California, Cal poly US-based force and the others signed a memorandum of understanding to develop a commercial space port at Vandenberg Air Force Base and to develop a master plan to grow the commercial space industry in the region. Governor Newsom has made a commitment to lift up all regions of the state. And this strategy will position the Central Coast to be a global leader in the future of the space industry. I'd like to leave you with a few final thoughts, with everything we're facing. Fires, climate change, pandemic. It is easy to feel overwhelmed but I remain optimistic because I know that the people of the State of California are resilient, persistent, and determined to address our challenges and show a path toward a better future for ourselves and our families. The growth of the space industry and the economic development potential of projects like the Spaceport at Vandenberg Air Force Base, our great example of what we can look forward to. The potential for the commercial space industry to become a $3 trillion industry by mid century, as many experts predict is another. There are so many opportunities, new companies are going to emerge doing things we never could have dreamed of today. As Lieutenant General John Thompson said in the first session, the next few years of space and cyber innovation are not going to be a pony ride at the state fair, they're going to be a rodeo. We should all saddle up. Thank you. >> Okay, thank you very much, Eleni. I really appreciate it. Thank you for your participation and all your support to you and your staff. You guys doing a lot of work, a lot going on in California but cybersecurity and space as it comes together, California's playing a pivotal role in leading the world and the community. Thank you very much for your time. >> Okay, this session is going to continue with Bill Britton. Who's the vice president of technology and CIO at Cal Poly but more importantly, he's the director of the cyber institute located at Cal Poly. It's a global organization looking at the intersection of space and cybersecurity. Bill, let's wrap this up. Eleni had a great talk, talking about the future of cybersecurity in America and its future. The role California is playing, Cal Poly is right in the Central Coast. You're in the epicenter of it. We've had a great lineup here. Thanks for coming on. Let's put a capstone on this event. >> Thank you, John. But most importantly, thanks for being a great partner helping us get this to move forward and really changing the dynamic of this conversation. What an amazing time we're at, we had quite an unusual group but it's really kind of the focus and we've moved a lot of space around ourselves. And we've gone from Lieutenant General Thompson and the discussion of the opposition and space force and what things are going on in the future, the importance of cyber in space. And then we went on and moved on to the operations. And we had a private company who builds, we had the DOD, Department Of Defense and their context and NASA and theirs. And then we talked about public private partnerships from President Armstrong, Mr. Bhangu Mahad from the DOD and Mr. Steve Jacques from the National Security Space Association. It's been an amazing conference for one thing, I've heard repeatedly over and over and over, the reference to digital, the reference to cloud, the reference to the need for cybersecurity to be involved and really how important that is to start earlier than just at the employment level. To really go down into the system, the K through 12 and start there. And what an amazing time to be able to start there because we're returning to space in a larger capacity and it's now all around us. And the lieutenant governor really highlighted for us that California is intimately involved and we have to find a way to get our students involved at that same level. >> I want to ask you about this inflection point that was a big theme of this conference and symposium. It was throughout the interviews and throughout the conversations, both on the chat and also kind of on Twitter as well in the social web. Is that this new generation, it wasn't just space and government DOD, all the normal stuff you see, you saw JPL, the Hewlett Foundation, the Defense Innovation Unit, Amazon Web Services, NASA. Then you saw entrepreneurs come in, who were doing some stuff. And so you had this confluence of community. Of course, Cal Poly had participated in space. You guys does some great job, but it's not just the physical face-to-face show up, gets to hear some academic papers. This was a virtual event. We had over 300 organizations attend, different organizations around the world. Being a virtual event you had more range to get more people. This isn't digital. This symposium isn't about Central California anymore. It's global. >> No, it really has gone. >> What really happened to that? >> It's really kind of interesting because at first all of this was word of mouth for this symposium to take place. And it just started growing and growing and the more that we talk to organizations for support, the more we found how interconnected they were on an international scale. So much so that we've decided to take our cyber competition next year and take it globally as well. So if in fact as Major General Shaw said, this is about a multinational support force. Maybe it's time our students started interacting on that level to start with and not have to grow into it as they get older, but do it now and around space and around cybersecurity and around that digital environment and really kind of reduce the digital dividing space. >> Yeah, General Thompson mentioned this, 80 countries with programs. This is like the Olympics for space and we want to have these competitions. So I got great vision and I love that vision, but I know you have the number... Not number, the scores and from the competition this year that happened earlier in the week. Could you share the results of that challenge? >> Yeah, absolutely. We had 83 teams participate this year in the California Cyber Innovation Challenge. And again, it was based around a spacecraft scenario where a spacecraft, a commercial spacecraft was hacked and returned to earth. And the students had to do the forensics on the payload. And then they had to do downstream network analysis, using things like Wireshark and autopsy and other systems. It was a really tough competition. The students had to work hard and we had middle school and high school students participate. We had an intermediate league, new schools who had never done it before or even some who didn't even have STEM programs but were just signing up to really get involved in the experience. And we had our ultimate division which was those who had competed in several times before. And the winner of that competition was North Hollywood. They've been the winning team for four years in a row. Now it's a phenomenal program, they have their hats off to them for competing and winning again. Now what's really cool is not only did they have to show their technical prowess in the game but they also have to then brief and out-brief what they've learned to a panel of judges. And these are not pushovers. These are experts in the field of cybersecurity in space. We even had a couple of goons participating from DefCon and the teams present their findings. So not only are we talking technical, we're talking about presentation skills. The ability to speak and understand. And let me tell you, after reading all of their texts to each other over the weekend adds a whole new language they're using to interact with each other. It's amazing. And they are so more advanced and ready to understand space problems and virtual problems than we are. We have to challenge them even more. >> Well, it sounds like North Hollywood got the franchise. It's likethe Patriots, the Lakers, they've got a dynasty developing down there in North Hollywood. >> Well, what happens when there's a dynasty you have to look for other talent. So next year we're going global and we're going to have multiple states involved in the challenge and we're going to go international. So if North Hollywood pulls it off again next year, it's going to be because they've met the best in the world than defeated >> Okay, the gauntlet has been thrown down, got to take down North Hollywood from winning again next year. We'll be following that. Bill, great to get those results on the cyber challenge we'll keep track and we'll put a plug for it on our site. So we got to get some press on that. My question to you is now as we're going digital, other theme was that they want to hire digital natives into the space force. Okay, the DOD is looking at new skills. This was a big theme throughout the conference not just the commercial partnerships with government which I believe they had kind of put more research and personally, that's my personal opinion. They should be putting in way more research into academic and these environments to get more creative. But the skill sets was a big theme. What's your thoughts on how you saw some of the highlight moments there around skill sets? >> John, it's really interesting 'cause what we've noticed is in the past, everybody thinks skill sets for the engineering students. And it's way beyond that. It's all the students, it's all of them understanding what we call cyber cognizance. Understanding how cybersecurity works whatever career field they choose to be in. Space, there is no facet of supporting space that doesn't need that cyber cognizance. If you're in the back room doing the operations, you're doing the billing, you're doing the contracting. Those are still avenues by which cybersecurity attacks can be successful and disrupt your space mission. The fact that it's international, the connectivities, all of those things means that everyone in that system digitally has to be aware of what's going on around them. That's a whole new thought process. It's a whole new way of addressing a problem and dealing with space. And again it's virtual to everyone. >> That's awesome. Bill, great to have you on. Thank you for including theCUBE virtual, our CUBE event software platform that we're rolling out. We've been using it for the event and thank you for your partnership in this co-creation opening up your community, your symposium to the world, and we're so glad to be part of it. I want to thank you and Dustin and the team and the President of Cal Poly for including us. Thank you very much. >> Thank you, John. It's been an amazing partnership. We look forward to it in the future. >> Okay, that's it. That concludes the Space and Cybersecurity Symposium 2020. I'm John Furrier with theCUBE, your host with Cal Poly, who put on an amazing virtual presentation, brought all the guests together. And again, shout out to Bill Britton and Dustin DeBrum who did a great job as well as the President of Cal poly who endorsed and let them do it all. Great event. See you soon. (flash light sound)

>>covering the space and cybersecurity symposium 2020 hosted by Cal poly. Hold on. Welcome to this special presentation with Cal poly hosting the space and cybersecurity symposium, 2020 virtual, um, John for your host with the cube and Silicon angle here in our Palo Alto studios with our remote guests, we couldn't be there in person, but we're going to be here remotely. Got a great session and a panel for one hour topic preparing students for the jobs of today and tomorrow, but a great lineup. Bill Britain, Lieutenant Colonel from the us air force, retired vice president for information technology and CIO and the director of the California cyber security Institute for Cal poly bill. Thanks for joining us, dr. Amy Fisher, who's the Dean of the college of engineering at Cal poly and trunk fam professor and researcher at the U S air force Academy. Folks, thanks for joining me today. >>Our pleasure got a great, great panel. This is one of my favorite topics preparing students for the next generation, the jobs for today and tomorrow. We've got an hour. I'd love you guys to start with an opening statement, to kick things off a bill. We'll start with you. Well, I'm really pleased to be, to start on this. Um, as the director for the cybersecurity Institute and the CIO at Cal poly, it's really a fun, exciting job because as a Polytechnic technology, as such a forefront in what we're doing, and we've had a, a wonderful opportunity being 40 miles from Vandenberg air force base to really look at the nexus of space and cyber security. And if you add into that, uh, both commercial government and civil space and cybersecurity, this is an expanding wide open time for cyber and space. In that role that we have with the cyber security Institute, we partner with elements of the state and the university. >>And we try to really add value above our academic level, which is some of the highest in the nation and to really merge down and go a little lower and start younger. So we actually are running the week prior to this showing a cybersecurity competition for high schools or middle schools in the state of California, that competition this year is based on a scenario around hacking of a commercial satellite and the forensics of the payload that was hacked and the networks associated with it. This is going to be done using products like Wireshark autopsy and other tools that will give those high school students. What we hope is a huge desire to follow up and go into cyber and cyber space and space and follow that career path. And either come to Cal poly or some other institution that's going to let them really expand their horizons in cybersecurity and space for the future >>Of our nation. >>Bill, thanks for that intro, by the way, it's gonna give you props for an amazing team and job you guys are doing at Cal poly, that Dex hub and the efforts you guys are having with your challenge. Congratulations on that great work. Thank you >>Star team. It's absolutely amazing. You find that much talent in one location. And I think Amy is going to tell you she's got the same amount of talent in her staff. So it's, it's a great place to be. >>Amy flasher. You guys have a great organization down there, amazing curriculum, grazing people, great community, your opening statement. >>Hello everybody. It's really great to be a part of this panel on behalf of the Cal poly college of engineering here at Cal poly, we really take preparing students for the jobs of today and tomorrow completely seriously. And we claim that our students really graduate. So they're ready day one for their first real job, but that means that in getting them to that point, we have to help them get valuable and meaningful job experience before they graduate, but through our curriculum and through multiple internship or summer research opportunities. So we focus our curriculum on what we call a learn by doing philosophy. And this means that we have a combination of practical experience and learn by doing both in and out of the classroom. And we find that to be really critical for preparing students for the workforce here at Cal poly, we have more than 6,000 engineering students. >>We're one of the largest undergraduate engineering schools in the country. Um, and us news ranks us the eighth best undergraduate engineering program in the, in the country and the top ranked state school. We're really, really proud that we offer this impactful hands on engineering education that really exceeds that of virtually all private universities while reaching a wider audience of students. We offer 14 degree programs and really we're talking today about cyber and space. And I think most of those degree programs can really make an impact in the space and cybersecurity economy. And this includes not only things like Aero and cyber directly, but also electrical engineering, mechanical engineering, computer engineering, materials, engineering, even manufacturing, civil and biomedical engineering. As there's a lot of infrastructure needs that go into supporting launch capabilities. Our aerospace program graduates hundreds of aerospace engineers, and most of them are working right here in California. >>I'm with many of our corporate partners, including Northrop Grumman, Lockheed, Boeing, Raytheon space, X, Virgin, galactic JPL, and so many other places where we have Cal poly engineer's impacting the space economy. Our cybersecurity focus is found mainly in our computer science and software engineering programs. And it's really a rapidly growing interest among our students. Computer science is our most popular major and industry interest and partnerships are integrated into our curriculum. And we do that oftentimes through support from industry. So we have partnerships with Northrop Grumman for professorship and a cyber lab and from PG and E for critical infrastructure, cybersecurity lab, and professorship. And we think that industry partnerships like these are really critical to preparing students for the future as the field's evolving so quickly and making sure we adapt our facilities and our curriculum to stay in line with what we're seeing in industry is incredibly important. >>In our aerospace program, we have an educational partnership with the air force research labs. That's allowing us to install new high performance computing capabilities and a space environments lab. That's going to enhance our satellite design capabilities. And if we talk about satellite design, Cal poly is the founding home of the cube sat program, which pioneered small satellite capabilities. And we remain the worldwide leader in maintaining the cube set standard. And our student program has launched more cube sets than any other program. So here again, we have this learn by doing experience every year for dozens of aerospace, electrical, computer science, mechanical engineering students, and other student activities that we think are just as important include ethical hacking through our white hat club, Cal poly space systems, which does really, really big rocket launches and our support program for women in both of these fields like wish, which is women in software and hardware. >>Now, you know, really trying to bring in a wide variety of people into these fields is incredibly important and outreach and support to those demographics. Traditionally underrepresented in these fields is going to be really critical to future success. So by drawing on the lived experiences by people with different types of backgrounds, while we develop the type of culture and environment where all of us can get to the best solution. So in terms of bringing people into the field, we see that research shows, we need to reach kids when they're in late elementary and middle schools to really overcome that cultural bias that works against diversity in our fields. And you heard bill talking about the cyber cybersec, the California cybersecurity institutes a year late cyber challenge. There's a lot of other people who are working to bring in a wider variety of, uh, of people into the field, like girl Scouts, which has introduced dozens of new badges over the past few years, including a whole cybersecurity series of badges and a concert with Palo Alto networks. So we have our work cut out for us, but we know what we need to do. And if we're really committed to prep properly preparing the workforce for today and tomorrow, I think our future is going to be bright. I'm looking forward to our discussion today. >>Yeah, you got a flashy for great, great comment, opening statement and congratulations. You got the right formula down there, the right mindset, and you got a lot of talent and community as well. Thank thank you for that opening statement. Next step from Colorado Springs, trunk fam, who's a professor and researcher. The us air force Academy is doing a lot of research around the areas that are most important for the intersection of space and technology trunk. >>Good afternoon, first electric and Cal poli for the opportunity. And today I want to go briefly about cyber security in S application. Whenever we talk about cyber security, the impression is got yes, a new phew that is really highly complex involving a lot of technical area. But in reality, in my personal opinion, it is in be complex because involve many disciplines. The first thing we think about is computer engineering and computer networking, but it's also involving communication sociology, law practice. And this practice of cyber security goes in on the info computer expert, but it's also info everybody else who has a computing device that is connected to the internet. And this participation is obviously every body in today's environment. When we think about the internet, we know that is a good source of information, but come with the convenience of information that we can access. >>We are constantly faced in being from the internet. Some of them, we might be aware of some of them we might not be aware of. For example, when we search on the internet, a lot of time, our browser will be saved and gotten this site is not trusted. So we will be more careful. What about the sites that we trusted? We know getting those salad chicken sites, but they're not a hundred percent good at proof. What happened? It was all side, uh, attack by hacker. And then they will be a silent source that we might not be aware of. So in the reality, we need to be more practicing the, um, cyber security from our SIBO point of view and not from a technical point of view. When we talk about space application, we should know that all the hardware, a computer based tool by computer system and therefore the hardware and the software must go through some certification process so that they can be record that air with the flight. >>What the, when we know that in the certification process is focusing on the functionality of the hardware and software, but one aspect that is explicitly and implicitly required is the security of those components. And we know that those components have to be connected with the ground control station and be communication is through the air, through the layby or signal. So anybody who has access to those communication regular signal will be able to control the space system that we put up there. And we certainly do not want our system to be hijacked by a third party. >>I'm not going to aspect of cybersecurity is we try to design the space system in a very strong manner. So it's almost impossible to hack in, but what about some August week system that might be connected to so strong system? For example, the spare system will be connected to the ground control station and on the ground control station, we have the human controller in those people have cell phone. They are allowed to use cell phones for communication, but at the same time, they are connected to the internet, to the cell phone and their cell phone might be connected to the computer that control the flight software and hardware. So what I want to say is that we try to build strong system and we protected them, but there will be some weaker system that we could not intended, but exists to be connected to our strong system. And those are the points that hacker will be trying to attack. If we know how to control the access to those points, we will be having a much better system for the space system. And when we see the cybersecurity that is requiring the participation everywhere, it's important to Merck that there is a source of opportunity for students to engage the workforce. To concede the obviously student in engineering can focus their knowledge and expertise to provide technological solution, to protect the system that we view. But we also >>Have students in business who can focus to write a business plan to reach the market. We also have student in law who can focus policy governing the cyber security. And we also have student in education who can focus the expert. She should be saying how to teach cyber security practice and students can focus the effort to implement security measures and it implies job opportunity. >>Thank you trunk for those great comments, great technology opportunities, but interesting as well as the theme that we're seeing across the entire symposium and in the virtual hallways that we're hearing conversations and you pointed out some of them, dr. Fleischer did as well. And bill, you mentioned it. It's not one thing. It's not just technology, it's different skills. And, um, Amy, you mentioned that computer science is the hottest degree, but you have the hottest aerospace program in the world. I mean, so all of this is kind of balancing it's interdisciplinary. It's a structural change before we get into some of the, um, how they prepare the students. Can you guys talk about some of the structural changes that are modern now in preparing, um, in these opportunities because societal impact is a law potentially impact it's, it's how we educate there's no cross-discipline skillsets. It's not just get the degree, see out in the field bill, you want to start. >>Well, what's really fun about this job is, is that in the air force, uh, I worked in the space and missile business and what we saw was a heavy reliance on checklist format, security procedures, analog systems, and what we're seeing now in our world, both in the government and the commercial side, uh, is a move to a digital environment. And the digital environment is a very quick and adaptive environment. And it's going to require a digital understanding. Matter of fact, um, the, uh, under secretary of the air force for acquisition, uh, rev recently referenced the need to understand the digital environment and how that's affecting acquisition. So as, as both Amy, um, and trunk said, even business students are now in the >>Cybersecurity business. And, and so, again, what we're seeing is, is the change. Now, another phenomenon that we're seeing in the space world is there's just so much data. Uh, one of the ways that we addressed that in the past was to look at high performance computing. It was a lot stricter control over how that worked, but now what we're seeing these adaptation of cloud cloud technologies in space support, space, data, command, and control. Uh, and so what we see is a modern space engineer who asked to understand digital, has to understand cloud and has to understand the context of all those with a cyber environment. That's really changing the forefront of what is a space engineer, what is a digital engineer and what does a future engineer, both commercial or government? So I think the opportunity for all of these things is really good, particularly for a Polytechnic air force Academy and others that are focusing on a more, uh, widened experiential level of cloud and engineering and other capabilities. >>And I'll tell you the part that as the CIO, I have to remind everybody, all this stuff works for the it stuff. So you've got to understand how your it infrastructures are tied and working together. Um, as we noted earlier, one of the things is, is that these are all relays from point the point, and that architecture is part of your cybersecurity architecture. So again, every component has now become a cyber aware cyber knowledgeable, and in what we'd like to call as a cyber cognizant citizen, where they have to understand the context, patients chip software, that the Fleischer talk about your perspective, because you mentioned some of the things that computer science. Remember when I'm in the eighties, when I got my computer science degree, they call the software engineers, and then you became software developers. And then, so again, engineering is the theme. If you're engineering a system, there's now software involved, um, and there's also business engineering business models. So talk about some of your comments was, you mentioned, computer science is hot. You got the aerospace, you've got these multidisciplines you got definitely diversity as well. It brings more perspectives in as well. Your thoughts on these structural interdisciplinary things. >>I think this is, this is really key to making sure that students are prepared to work in the workforce is looking at the, the blurring between fields no longer are you just a computer scientist, no longer are you just an aerospace engineer? You really have to have an expertise where you can work with people across disciplines. All of these, all of these fields are just working with each other in ways we haven't seen before. And bill brought up data, you know, data science is something that's cross cutting across all of our fields. So we want engineers that have the disciplinary expertise so that they can go deep into these fields, but we want them to be able to communicate with each and to be able to communicate across disciplines and to be able to work in teams that are across disciplines. You can no longer just work with other computer scientists or just work with other aerospace engineers. >>There's no part of engineering that is siloed anymore. So that's how we're changing. You have to be able to work across those, those disciplines. And as you, as Tron pointed out, you know, ethics has to come into this. So you can no longer try to fully separate what we would traditionally have called the, the liberal arts and say, well, that's over there in general education. No ethics is an important part of what we're doing and how we integrate that into our curriculum. So it was communication. So is working on public policy and seeing where all of these different aspects tied together to make the impact that we want to have in the world. So it, you no longer can work solo in these fields. >>Great point. And bill also mentioned the cloud. One thing about the cloud that showed us as horizontal scalability has created a lot of value and certainly data is now horizontal Trung. You mentioned some of the things about cryptography for the kids out there. I mean, you can look at the pathway for career. You can do a lot of tech and, but you don't have to go deep. Sometimes you can go, you can go as deep as you want, but there's so much more there. Um, what technology do you see, how it's going to help students in your opinion? >>Well, I'm a professor in computer science, so I'd like to talk out a little bit about computer programming. Now we, uh, working in complex project. So most of the time we design a system from scratch. We view it from different components and the components that we have either we get it from or some time we get it from the internet in the open source environment, it's fun to get the source code and then work to our own application. So now when we are looking at a Logie, when we talk about encryption, for example, we can easily get the source code from the internet. And the question is, is safe to use those source code. And my, my, my question is maybe not. So I always encourage my students to learn how to write source score distribution, where that I learned a long time ago before I allow them to use the open source environment. And one of the things that they have to be careful, especially with encryption is be quote that might be hidden in the, in the source, get the download here, some of the source. >>So open source, it's a wonderful place to be, but it's also that we have to be aware of >>Great point before we get into some of the common one quick thing for each of you like to get your comments on, you know, the there's been a big movement on growth mindset, which has been a great, I'm a big believer in having a growth mindset and learning and all that good stuff. But now that when you talk about some of these things that we're mentioning about systems, there's, there's an, there's a new trend around a systems mindset, because if everything's now a system distributed systems, now you have space in cyber security, you have to understand the consequences of changes. And you mentioned some of that Trung in changes in the source code. Could you guys share your quick opinions on the, the idea of systems thinking, is that a mindset that people should be looking at? Because it used to be just one thing, Oh, you're a systems guy or galley. There you go. You're done. Now. It seems to be in social media and data. Everything seems to be systems. What's your take dr. Fleischer, we'll start with you. >>Uh, I'd say it's a, it's another way of looking at, um, not being just so deep in your discipline. You have to understand what the impact of the decisions that you're making have on a much broader, uh, system. And so I think it's important for all of our students to get some exposure to that systems level thinking and looking at the greater impact of the decision that they're making. Now, the issue is where do you set the systems boundary, right? And you can set the systems boundary very close in and concentrate on an aspect of a design, or you can continually move that system boundary out and see, where do you hit the intersections of engineering and science along with ethics and public policy and the greater society. And I think that's where some of the interesting work is going to be. And I think at least exposing students and letting them know that they're going to have to make some of these considerations as they move throughout their career is going to be vital as we move into the future. Bill. What's your thoughts? >>Um, I absolutely agree with Amy and I think there's a context here that reverse engineering, um, and forensics analysis and forensics engineering are becoming more critical than ever, uh, the ability to look at what you have designed in a system and then tear it apart and look at it for gaps and holes and problem sets, or when you're given some software that's already been pre developed, checking it to make sure it is, is really going to do what it says it's going to do. That forensics ability becomes more and more a skillset that also you need the verbal skills to explain what it is you're doing and what you found. So the communication side, the systems analysis, >>The forensics analysis side, >>These are all things that are part of that system >>Approach that I think you could spend hours on. And we still haven't really done great job on it. So it's a, it's. One of my fortes is the really the whole analysis side of forensics and it reverse engineering >>Try and real quick systems thinking. >>Well, I'd like to share with you my experience. When I worked in the space patient program at NASA, we had two different approaches. One is a down approach where we design it from the system general point of view, where we put components to complex system. But at the same time, we have the bottom up approach where we have Ken Chile who spent time and effort the individual component. And they have to be expert in those Chinese component. That might be general component the gallery. And in the space station program, we bring together the welcome up engineer, who designed everything in detail in the system manager who manage the system design from the top down. And we meet in the middle and took the idea with compromise a lot of differences. Then we can leave a display station that we are operating to be okay, >>Great insight. And that's the whole teamwork collaboration that, that was mentioning. Thanks so much for that insight. I wanted to get that out there because I know myself as a, as a parent, I'm always trying to think about what's best for my kids in their friends, as they grow up into the workforce. I know educators and leaders in industry would love to know some of the best practices around some of the structural changes. So thanks for that insight, but this topics about students and helping them prepare. Uh, so we heard, you know, be, be multiple discipline, broaden your horizons, think like systems top down, bottom up, work together as a team and follow the data. So I got to ask you guys, there's a huge amount of job openings in cybersecurity. It's well documented and certainly at the intersection of space and cyber, it's only gonna get bigger, right? You're going to see more and more demand for new types of jobs. How do we get high school and college students interested in security as a career at the flagship? We'll start with you in this one. >>I would say really one of the best ways to get students interested in the career is to show them the impact that it's going to have. There's definitely always going to be students who are going to want to do the technology for the technology sake, but that will limit you to a narrow set of students. And by showing that the greater impact that these types of careers are going to have on the types of problems that you're going to be able to solve and the impact you're going to be able to have on the world, around you, that's the word that we really need to get out. And a wide variety of students really respond to these messages. So I think it's really kind of reaching out at the, uh, the elementary, the middle school level, and really kind of getting this idea that you can make a big difference, a big positive difference in the field with some of these careers is going to be really critical. >>Real question, follow up. What do you think is the best entry point? You mentioned middle squad in here, elementary school. This comes, there's a lot of discussions around pipelining and we're going to get into women in tech and under-represented matters later, but you know, is it too early or what's the, what's your feeling on this? >>My feeling is the earlier we can normalize it the better the, uh, if you can normalize an interest in, in computers and technology and building an elementary school, that's absolutely critical. But the dropoff point that we're seeing is between what I would call like late elementary and early middle school. Um, and just kind of as an anecdote, I, for years ran an outreach program for girl Scouts in grades four and five and grade six, seven, and eight. And we had a hundred slots in each program. And every year the program would sell out for girls in grades four and five, and every year we'd have spots remaining in grades six, seven, and eight. And that's literally where the drop-off is occurring between that late elementary and that middle school range. So that's the area that we need to target to make sure we keep those young women involved and interested as we move forward. >>Bill, how are we going to get these kids interested in security? You mentioned a few programs you got. Yeah. I mean, who wants to, who wouldn't want to be a white hat hacker? I mean, yeah, that sounds exciting. Yeah. Great questions. Let's start with some basic principles though. Is let me ask you a question, John, a name for me, one white hat, good person hacker. The name who works in the space industry and is an exemplar for students to look up to, um, you, um, Oh man. I'm hearing really. I can't, I can't, I can't, I can't imagine because the answer we normally get is the cricket sound. So we don't have individuals we've identified in those areas for them to look up to. I was going to be snarky and say, most white hackers won't even use their real name, but, um, there's a, there's an aura around their anonymity here. >>So, so again, the real question is, is how do we get them engaged and keep them engaged? And that's what Amy was pointing out too. Exactly the engagement and sticking with it. So one of the things that we're trying to do through our competition on the state level and other elements is providing connections. We call them ambassadors. These are people in the business who can contact the students that are in the game or in that, uh, challenge environment and let them interact and let them talk about what they do and what they're doing in life would give them a challenging game format. Um, a lot of computer based training, um, capture the flag stuff is great, but if you can make it hands on, if you can make it a learn by doing experiment, if you can make it am personally involved and see the benefit as a result of doing that challenge and then talk to the people who do that on a daily basis, that's how you get them involved. >>The second part is as part of what we're doing is, is we're involving partnership companies in the development of the teams. So this year's competition that we're running has 82 teams from across the state of California, uh, of those 82 teams at six students team, middle school, high school, and many of those have company partners. And these are practitioners in cybersecurity who are working with those students to participate. It's it's that adult connectivity, it's that visualization. Um, so at the competition this year, um, we have the founder of Def con red flag is a participant to talk to the students. We have Vince surf as who is of course, very well known for something called the internet to participate. It's really getting the students to understand who's in this. Who can I look up to and how do I stay engaged with them? >>There's definitely a celebrity aspect of it. I will agree. I mean, the influencer aspect here with knowledge is key. Can you talk about, um, these ambassadors and, and, and how far along are you on that program? First of all, the challenge stuff is anything gamification wise. We've seen that with hackathons is just really works well. Grades, bonding, people who create together kinda get sticky and get very high community aspect to it. Talking about this ambassador thing. What does that industry is that academic >>Absolutely partners that we've identified? Um, some of which, and I won't hit all of them. So I'm sure I'll short changes, but, uh, Palo Alto, Cisco, um, Splunk, um, many of the companies in California and what we've done is identified, uh, schools, uh, to participate in the challenge that may not have a strong STEM program or have any cyber program. And the idea of the company is they look for their employees who are in those school districts to partner with the schools to help provide outreach. It could be as simple as a couple hours a week, or it's a team support captain or it's providing computers and other devices to use. Uh, and so again, it's really about a constant connectivity and, uh, trying to help where some schools may not have the staff or support units in an area to really provide them what they need for connectivity. What that does gives us an opportunity to not just focus on it once a year, but throughout the year. So for the competition, all the teams that are participating have been receiving, um, training and educational opportunities in the game of education side, since they signed up to participate. So there's a website, there's learning materials, there's materials provided by certain vendor companies like Wireshark and others. So it's a continuum of opportunity for the, >>You know, I've seen just the re randomly, just going to random thought, you know, robotics clubs are moving den closer into that middle school area, in fact Fleischer. And certainly in high schools, it's almost like a varsity sport. E-sports is another one. My son just combined made the JV at the college Dean, you know, it's big and it's up and serious. Right. And, um, it's fun. This is the aspect of fun. It's hands on. This is part of the culture down there you learn by doing, is there like a group? Is it like, um, is it like a club? I mean, how do you guys organize these bottoms up organically interest topics? >>So, so here in the college of engineering, uh, when we talk about learning by doing, we have learned by doing both in the classroom and out of the classroom. And if we look at the, these types of, out of the classroom activities, we have over 80 clubs working on all different aspects of many of these are bottom up. The students have decided what they want to work on and have organized themselves around that. And then they get the leadership opportunities. The more experienced students train in the less experienced students. And it continues to build from year after year after year with them even doing aspects of strategic planning from year to year for some of these competitions. So, yeah, it's an absolutely great experience. And we don't define for them how their learned by doing experiences should be, we want them to define it. And I think the really cool thing about that is they have the ownership and they have the interest and they can come up with new clubs year after year to see which direction they want to take it. And, you know, we will help support those clubs as old clubs fade out and new clubs come in >>Trunk real quick. Before we go on the next, uh, talk track, what, what do you recommend for, um, middle school, high school or even elementary? Um, a little bit of coding Minecraft. I mean, what, how do you get them hooked on the fun and the dopamine of, uh, technology and cybersecurity? What's your, what's your take on that? >>On, on this aspect, I like to share with you my experience as a junior high and high school student in Texas, the university of Texas in Austin organized a competition for every high school in Texas. If we phew from poetry to mathematics, to science, computer engineering, but it's not about with university of Texas. The university of Texas is on the serving SSN for the final competition that we divide the competition to be strict and then regional, and then spit at each level, we have local university and colleges volunteering to host it competition and make it fun. >>Also students with private enterprises to raise funding for scholarship. So students who see the competition they get exposed to so they can see different option. They also get a scholarship when they attend university in college. So I've seen the combination in competition aspect would be a good thing to be >>Got the engagement, the aspiration scholarship, you know, and you mentioned a volunteer. I think one of the things I'll observe is you guys are kind of hitting this as community. I mean, the story of Steve jobs and was, was building the Mac, they call it bill Hewlett up in Palo Alto. It was in the phone book and they scoured some parts from them. That's community. This is kind of what you're getting at. So this is kind of the formula we're seeing. So the next question I really want to get into is the women in technology, STEM, underrepresented minorities, how do we get them on cybersecurity career path? Is there a best practices there, bill, we'll start with you? >>Well, I think it's really interesting. First thing I want to add is if I could have just a clarification, what's really cool that the competition that we have and we're running, it's run by student from Cal poly. Uh, so, you know, Amy referenced the clubs and other activities. So many of the, uh, organizers and developers of the competition that we're running are the students, but not just from engineering. So we actually have theater and liberal arts majors and technology for liberal arts majors who are part of the competition. And we use their areas of expertise, set design, and other things, uh, visualization of virtualization. Those are all part of how we then teach and educate cyber in our game effication and other areas. So they're all involved in their learning as well. So we have our students teaching other students. So we're really excited about that. And I think that's part of what leads to a mentoring aspect of what we're providing, where our students are mentoring the other students. And I think it's also something that's really important in the game. Um, the first year we held the game, we had several all girl teams and it was really interesting because a, they, they didn't really know if they could compete. I mean, this is their, their reference point. We don't know if they did better than anybody. I mean, they, they knocked the ball out >>Of the park. The second part then is building that confidence level that they can going back and telling their cohorts that, Hey, it's not this thing you can't do. It's something real that you can compete and win. And so again, it's building that comradery, that spirit, that knowledge that they can succeed. And I think that goes a long way and an Amy's programs and the reach out and the reach out that Cal poly does to schools to develop. Uh, I think that's what it really is going to take. It. It is going to take that village approach to really increase diversity and inclusivity for the community. >>That's the flusher. I'd love to get your thoughts. You mentioned, um, your, your outreach program and the dropoff, some of those data, uh, you're deeply involved in this. You're passionate about it. What's your thoughts on this career path opportunity for STEM? >>Yeah, I think STEM is an incredible career path opportunity for so many people. There's so many interesting problems that we can solve, particularly in cyber and in space systems. And I think we have to meet the kids where they are and kind of show them, you know, what the exciting part is about it, right. But, you know, bill was, was alluding to this. And when he was talking about, you know, trying to name somebody that you can can point to. And I think having those visible people where you can see yourself in that is, is absolutely critical and those mentors and that mentorship program. So we use a lot of our students going out into California, middle schools and elementary schools. And you want to see somebody that's like you, somebody that came from your background and was able to do this. So a lot of times we have students from our national society of black engineers or a society of Hispanic professional engineers or our society of women engineers. >>We have over a thousand members, a thousand student members in our society of women engineers who were doing these outreach programs. But like I also said, it's hitting them at the lower levels too. And girl Scouts is actually distinguishing themselves as one of the leading STEM advocates in the country. And like I said, they developed all these cybersecurity badges, starting in kindergarten. There's a cybersecurity badge for kindergarten and first graders. And it goes all the way up through late high school, the same thing with space systems. And they did the space systems in partnership with NASA. They did the cybersecurity and partnership with Palo Alto networks. And what you do is you want to build these, these skills that the girls are developing. And like bill said, work in and girl led teams where they can do it. And if they're doing it from kindergarten on, it just becomes normal. And they never think, well, this is not for me. And they see the older girls who are doing it and they see a very clear path leading them into these careers. >>Yeah. It's interesting. You used the word normalization earlier. That's exactly what it is. It's life, you get life skills and a new kind of badge. Why wouldn't learn how to be a white, white hat hacker, or have fun or learn new skills just in, in the, in the grind of your fun day. Super exciting. Okay. Trung your thoughts on this. I mean, you have a diverse diversity. It brings perspective to the table in cybersecurity because you have to think like the other, the adversary, you got to be the white headed hippie, a white hat, unless you know how black hat thinks. So there's a lot of needs here for more, more, more points of view. How are we going to get people trained on this from under represented minorities and women? What's your thoughts? >>Well, as a member of, I took a professional society of directed pool in the electronic engineer. You have the, uh, we participate in the engineering week. We'll be ploy our members to local junior high school and high school to talk about our project, to promote the discovery of engineering. But at the same time, we also participate in the science fair that we scaled up flex. As the squad organizing our engineer will be mentoring students, number one, to help them with the part check, but number two, to help us identify talents so that we can recruit them further into the field of STEM. One of the participation that week was the competition of the, what they call future CV. We're still going, we'll be doing a CT on a computer simulation. And in recent year we promote ops smart CV where CT will be connected the individual houses to be added in through the internet. >>And we want to bring awareness of cybersecurity into competition. So we deploy engineer to supervise the people, the students who participate in the competition, we bring awareness, not in the technical be challenged level, but in what we've called the compound level. So speargun will be able to know what is, why to provide cyber security for the smart city that they are building. And at the same time, we were able to identify talent, especially talent in the minority and in the room. And so that we can recruit them more actively. And we also raise money for scholarship. We believe that scholarship is the best way to get students to continue education in Epic college level. So with scholarship, it's very easy to recruit them, to give you and then push them to go further into the cyber security Eylea. >>Yeah. I mean, you know, I see a lot of the parents like, Oh, my kid's going to go join the soccer team, >>Private lessons, and maybe look at a scholarship >>Someday. Well, they only do have scholarships anyway. I mean, this is if they spent that time doing other things, it's just, again, this is a new lifestyle, like the girl Scouts. And this is where I want to get into this whole silo breaking down because Amy, you brought this up and bill, you were talking about as well, you've got multiple stakeholders here with this event. You got, you know, public, you got private and you've got educators. It's the intersection of all of them. It's again, that those, if those silos break down the confluence of those three stakeholders have to work together. So let's, let's talk about that. Educators. You guys are educating young minds, you're interfacing with private institutions and now the public. What about educators? What can they do to make cyber better? Cause there's no real manual. I mean, it's not like this court is a body of work of how to educate cybersecurity is maybe it's more recent, it's cutting edge, best practices, but still it's an, it's an evolving playbook. What's your thoughts for educators, bill? We'll start with you. >>Well, I don't really, I'm going to turn it off. >>I would say, I would say as, as educators, it's really important for us to stay on top of how the field is evolving, right? So what we want to do is we want to promote these tight connections between educators and our faculty and, um, applied research in industry and with industry partnerships. And I think that's how we're going to make sure that we're educating students in the best way. And you're talking about that inner, that confluence of the three different areas. And I think you have to keep those communication lines open to make sure that the information on where the field is going and what we need to concentrate on is flowing down into our educational process. And that, that works in both ways that, you know, we can talk as educators and we can be telling industry what we're working on and what are types of skills our students have and working with them to get the opportunities for our students to work in industry and develop those skills along the way as well. >>And I think it's just all part of this is really looking at, at what's going to be happening and how do we get people talking to each other and the same thing with looking at public policy and bringing that into our education and into these real hands on experiences. And that's how you really cement this type of knowledge with students, not by not by talking to them and not by showing them, but letting them do it. It's this learn by doing and building the resiliency that it takes when you learn by doing. And sometimes you learn by failing, but you just up and you keep going. >>And these are important skills that you develop along the way >>You mentioned, um, um, sharing too. That's the key collaborating and sharing knowledge. It's an open, open world and everyone's collaborating feel private public partnerships. I mean, there's a real private companies. You mentioned Palo Alto networks and others. There's a real intersection there there's, they're motivated. They could, the scholarship opportunities, trunk points to that. What is the public private educator view there? How do companies get involved? What's the benefit for them? >>Well, that's what a lot of the universities are doing is to bring in as part of either their cyber centers or institutes, people who are really focused on developing and furthering those public private partnerships. That's really what my role is in all these things is to take us to a different level in those areas, uh, not to take away from the academic side, but to add additional opportunities for both sides. Remember in a public private partnership, all entities have to have some gain in the process. Now, what I think is really interesting is the timing on particularly this subject space and cyber security. This has been an absolute banner year for space. The Stanhope of space force, the launch of commercial partnership, leaving commercial platforms, delivering astronauts to the space station, recovering them and bringing back the ability of a commercial satellite platform to be launched a commercial platforms that not only launch, but return back to where they're launched from. >>These are things that are stirring the hearts of the American citizens, the kids, again, they're getting interested, they're seeing this and getting enthused. So we have to seize upon that and we have to find a way to connect that public private partnerships is the answer for that. It's not one segment that can handle it all. It's all of them combined together. If you look at space, space is going to be about commercial. It's going to be about civil moving from one side of the earth, to the other via space. And it's about government. And what's really cool for us. All those things are in our backyard. Yeah. That's where that public private comes together. The government's involved, the private sector is involved. The educators are involved and we're all looking at the same things and trying to figure out like this forum, what works best to go to the future. >>You know, if people are bored and they want to look for an exciting challenge, he couldn't have laid it out any clearer. It's the most exciting discipline. It hits everything. I mean, we just talk about space. GPS is everything we do is well tested. Do with satellites. >>I have to tell you a story on that, right? We have a very unique GPS story right in our backyard. So our sheriff is the son of the father of GPS for the air force. So you can't get better than that when it comes to being connected to all those platforms. So we, we really want to say, you know, this is so exciting for all of us because >>It gives everybody a job for a long time. >>You know, the kids that don't think tick toxic, exciting, wait til they see what's going on here with you guys, this program, trunk final word on this from the public side, you're at the air force. You're doing research. Are you guys opening it up? Are you integrating into the private and educational sectors? How do you see that formula playing out? And what's the best practice for students and preparing them? >>I think it's the same in athlete university CP in the engineering program will require our students to be final project before graduation. And in this kind of project, we send them out to work in the private industry. The private company got sponsor. Then they get the benefit of having an intern working for them and they get the benefit of reviewing the students as the prospective employee in the future. So it's good for the student to gain practical experience working in this program. Some, some kind of, we call that a core program, some kind, we call that a capstone program and the company will accept the students on a trial PRCS, giving them some assignment and then pay them a little bit of money. So it's good for the student to earn some extra money, to have some experience that they can put on their resume when they apply for the final of the job. >>So the collaboration between university and private sector is really important. We, when I joined a faculty, normally they already exist that connection. It came from. Normally it came from the Dean of engineering who would whine and dine with companies. We work relationship and sign up women, but it's approach to do a good performance so that we can be credibility to continue the relationship with those company and the students that we selected to send to those company. We have to make sure that they will represent the university. Well, they will go a good job and they will make a good impression. >>Thank you very much for great insight, trunk, bill, Amy, amazing topic. I'd like to end this session with each of you to make a statement on the importance of cybersecurity to space. We'll go Trung bill and Amy Truong, the importance of cybersecurity space statement. >>We know that it's affecting components that we are using and we are connecting to. And normally we use them for personal purpose. But when we connect to the important system that the government public company put into space, so it's really important to practice cyber security and a lot of time, it's very easy to know concept. We have to be careful, but in reality, we tend to forget to partnership the way we forget how to ride safely. And with driving a car, we have a program called defensive driving that requires every two or three years to get. We can get discount. >>We are providing the cyber security practice, not to tell people about the technology, but to remind them not practicing cybersecurity. And it's a requirement for every one of us, bill, the importance of cyber security to space. It's not just about young people. It's about all of us as we grow and we change as I referenced it, you know, we're changing from an analog world to a digital world. Those of us who have been in the business and have hair that looks like mine. We need to be just as cognizant about cybersecurity practice as the young people, we need to understand how it affects our lives and particularly in space, because we're going to be talking about people, moving people to space, moving payloads, data, transfer all of those things. And so there's a whole workforce that needs to be retrained or upskilled in cyber that's out there. So the opportunity is ever expensive for all of us, Amy, the importance of cybersecurity space, >>Uh, and the, the emphasis of cybersecurity is space. Just simply, can't be over emphasized. There are so many aspects that are going to have to be considered as systems get ever more complex. And as we pointed out, we're putting people's lives at stake here. This is incredibly, incredibly complicated and incredibly impactful, and actually really exciting the opportunities that are here for students and the workforce of the future to really make an enormous impact on the world around us. And I hope we're able to get that message out to students, to children >>Today. But these are my really interesting fields that you need to consider. >>Thank you very much. I'm John foray with the cube and the importance of cybersecurity and space is the future of the world's all going to happen in and around space with technology, people and society. Thank you to Cal poly. And thank you for watching the Cypress of computer security and space symposium 2020.

>> Announcer: From around the globe, it's theCUBE, covering Space and Cybersecurity Symposium 2020, hosted by Cal Poly. >> Everyone, welcome to this special presentation with Cal Poly hosting the Space and Cybersecurity Symposium 2020 virtual. I'm John Furrier, your host with theCUBE and SiliconANGLE here in our Palo Alto studios with our remote guests. We couldn't be there in person, but we're going to be here remote. We got a great session and a panel for one hour, topic preparing students for the jobs of today and tomorrow. Got a great lineup. Bill Britton, Lieutenant Colonel from the US Air Force, retired vice president for information technology and CIO and the director of the California Cybersecurity Institute for Cal Poly. Bill, thanks for joining us. Dr. Amy Fleischer, who's the dean of the College of Engineering at Cal Poly, and Trung Pham, professor and researcher at the US Air Force Academy. Folks, thanks for joining me today. >> Our pleasure. >> Got a great- >> Great to be here. >> Great panel. This is one of my favorite topics. >> Thank you for the opportunity. >> Preparing students for the next generation, the jobs for today and tomorrow. We got an hour. I'd love you guys to start with an opening statement to kick things off. Bill, we'll start with you. >> Well, I'm really pleased to be, to start on this as the director for the Cybersecurity Institute and the CIO at Cal Poly, it's really a fun, exciting job, because as a polytechnic, technology has such a forefront in what we're doing, and we've had a wonderful opportunity being 40 miles from Vandenberg Air Force Base to really look at the nexus of space and cybersecurity. And if you add into that both commercial, government, and civil space and cybersecurity, this is an expanding wide open time for cyber and space. In that role that we have with the Cybersecurity Institute, we partner with elements of the state and the university, and we try to really add value above our academic level, which is some of the highest in the nation, and to really merge down and go a little lower and start younger. So we actually are running the week prior to this showing a cybersecurity competition for high schools and middle schools in the state of California. That competition this year is based on a scenario around hacking of a commercial satellite and the forensics of the payload that was hacked and the networks associated with it. This is going to be done using products like Wireshark, Autopsy, and other tools that will give those high school students what we hope is a huge desire to follow up and go into cyber and cyberspace and space and follow that career path and either come to Cal Poly or some other institution that's going to let them really expand their horizons in cybersecurity and space for the future of our nation. >> Bill, thanks for that intro. By the way, I just want to give you props for an amazing team and job you guys are doing at Cal Poly, the DxHub and the efforts you guys are having with your challenge. Congratulations on that great work. >> Thank you. It's a rock star team. It's absolutely amazing to find that much talent at one location. And I think Amy's going to tell you, she's got the same amount of talent in her staff, so it's a great place to be. >> Dr. Amy Fleischer. You guys have a great organization down there, amazing curriculum, amazing people, great community. Your opening statement. >> Hello everybody. It's really great to be a part of this panel on behalf of the Cal Poly College of Engineering. Here at Cal Poly, we really take preparing students for the jobs of today and tomorrow completely seriously, and we can claim that our students really graduate so they're ready day one for their first real job. But that means that in getting them to that point, we have to help them get valuable and meaningful job experience before they graduate, both through our curriculum and through multiple internship or summer research opportunities. So we focus our curriculum on what we call a learn by doing philosophy. And this means that we have a combination of practical experience and learn by doing both in and out of the classroom. And we find that to be really critical for preparing students for the workforce. Here at Cal Poly, we have more than 6,000 engineering students. We're one of the largest undergraduate engineering schools in the country. And US News ranks us the eighth best undergraduate engineering program in the country and the top ranked state school. We're really, really proud that we offer this impactful hands-on engineering education that really exceeds that of virtually all private universities while reaching a wider audience of students. We offer 14 degree programs, and really, we're talking today about cyber and space, and I think most of those degree programs can really make an impact in the space and cybersecurity economy. And this includes not only things like aero and cyber directly, but also electrical engineering, mechanical engineering, computer engineering, materials engineering, even manufacturing, civil, and biomedical engineering, as there's a lot of infrastructure needs that go into supporting launch capabilities. Our aerospace program graduates hundreds of aerospace engineers and most of them are working right here in California with many of our corporate partners, including Northrop Grumman, Lockheed, Boeing, Raytheon, SpaceX, Virgin Galactic, JPL, and so many other places where we have Cal Poly engineers impacting the space economy. Our cybersecurity focus is found mainly in our computer science and software engineering programs, and it's really a rapidly growing interest among our students. Computer science is our most popular major, and industry interests and partnerships are integrated into our cyber curriculum, and we do that oftentimes through support from industry. So we have partnerships with Northrop Grumman for professorship in a cyber lab and from PG&E for critical infrastructure cybersecurity lab and professorship. And we think that industry partnerships like these are really critical to preparing students for the future as the field is evolving so quickly and making sure we adapt our facilities and our curriculum to stay in line with what we're seeing in industry is incredibly important. In our aerospace program, we have an educational partnership with the Air Force Research Labs that's allowing us to install new high-performance computing capabilities and a space environments lab that's going to enhance our satellite design capabilities. And if we talk about satellite design, Cal Poly is the founding home of the CubeSat program, which pioneered small satellite capabilities, And we remain the worldwide leader in maintaining the CubeSat standard, and our student program has launched more CubeSats than any other program. So here again we have this learn by doing experience every year for dozens of aerospace, electrical, computer science, mechanical engineering students, and other student activities that we think are just as important include ethical hacking through our white hat club, Cal Poly Space Systems, which does really, really big rocket launches, and our support program for women in both of these fields, like WISH, which is Women In Software and Hardware. Now, you know, really trying to bring in a wide variety of people into these fields is incredibly important, and outreach and support to those demographics traditionally underrepresented in these fields is going to be really critical to future success. So by drawing on the lived experiences by people with different types of backgrounds will we develop the type of culture and environment where all of us can get to the best solution. So in terms of bringing people into the field, we see that research shows we need to reach kids when they're in late elementary and middle schools to really overcome that cultural bias that works against diversity in our fields. And you heard Bill talking about the California Cybersecurity Institute's yearly cyber challenge, and there's a lot of other people who are working to bring in a wider variety of people into the field, like Girl Scouts, which has introduced dozens of new badges over the past few years, including a whole cybersecurity series of badges in concert with Palo Alto Networks. So we have our work cut out for us, but we know what we need to do, and if we're really committed to properly preparing the workforce for today and tomorrow, I think our future is going to be bright. I'm looking forward to our discussion today. >> Thank you, Dr. Fleischer, for a great comment, opening statement, and congratulations. You got the right formula down there, the right mindset, and you got a lot of talent, and community, as well. Thank you for that opening statement. Next up, from Colorado Springs, Trung Pham, who's a professor and researcher at the US Air Force Academy. He's doing a lot of research around the areas that are most important for the intersection of space and technology. Trung. >> Good afternoon. First I'd like to thank Cal Poly for the opportunity. And today I want to go briefly about cybersecurity in space application. Whenever we talk about cybersecurity, the impression is that it's a new field that is really highly complex involving a lot of technical area. But in reality, in my personal opinion, it is indeed a complex field because it involves many disciplines. The first thing we think about is computer engineering and computer networking, but it's also involving communication, sociology, law practice. And this practice of cybersecurity doesn't only involve computer expert, but it's also involve everybody else who has a computing device that is connected to the internet, and this participation is obviously everybody in today's environment. When we think about the internet, we know that it's a good source of information but come with the convenience of information that we can access, we are constantly facing danger from the internet. Some of them we might be aware of. Some of them we might not be aware of. For example, when we search on the internet, a lot of time our browser will be saying that this site is not trusted, so we will be more careful. But what about the sites that we trusted? We know that those are legitimate sites, but they're not 100% bulletproof. What happen if those site are attacked by a hacker and then they will be a silent source of danger that we might not be aware of. So in the reality, we need to be more practicing the cybersecurity from our civil point of view and not from a technical point of view. When we talk about space application, we should know that all the hardware are computer-based or controlled by by computer system, and therefore the hardware and the software must go through some certification process so that they can be rated as airworthy or flightworthy. When we know that in the certification process is focusing on the functionality of the hardware and software, but one aspect that is explicitly and implicitly required is the security of those components. And we know that those components have to be connected with the ground control station, and the communication is through the air, through the radio signal, so anybody who has access to those communication radio signal will be able to control the space system that we put up there. And we certainly do not want our system to be hijacked by a third party. Another aspect of cybersecurity is that we try to design the space system in a very strong manner so it's almost impossible to hack in. But what about some other weak system that might be connected to the strong system? For example, the space system will be connected to the ground control station, and on the ground control station, we have the human controller, and those people have cell phone. They are allowed to use cell phone for communication. But at the same time, they are connected to the internet through the cell phone, and their cell phone might be connected to the computer that control the flight software and hardware. So what I want to say is we try to build strong system and we've protected them, but there will be some weaker system that we could not intended but exists to be connected to our strong system, and those are the points the hacker will be trying to attack. If we know how to control the access to those weak points, we will be having a much better system for the space system. And when we see the cybersecurity that is requiring the participation everywhere it's important to notice that there is a source of opportunity for students who enter the workforce to consider. Obviously students in engineering can focus their knowledge and expertise to provide technological solution to protect the system that we view. But we also have students in business who can focus their expertise to write business plan so that they can provide a pathway for the engineering advances to reach the market. We also have student in law who can focus their expertise in policy governing the internet, governing the cybersecurity practice. And we also have student in education who can focus their expertise to design how to teach cybersecurity practice, and student in every other discipline can focus their effort to implement security measure to protect the system that they are using in their field. So it's obvious that cybersecurity is everywhere and it implies job opportunity everywhere for everybody in every discipline of study. Thank you. >> Thank you, Trung, for those great comments. Great technology opportunities. But interesting, as well, is the theme that we're seeing across the entire symposium and in the virtual hallways that we're hearing conversations, and you pointed out some of them. Dr. Fleischer did, as well. And Bill, you mentioned it. It's not one thing. It's not just technology. It's different skills. And Amy, you mentioned that computer science is the hottest degree, but you have the hottest aerospace program in the world. I mean, so all this is kind of balancing. It's interdisciplinary. It's a structural change. Before we get into some of the, how they prepare the students, can you guys talk about some of the structural changes that are modern now in preparing in these opportunities, because societal impact is a, law potentially impact, it's how we educate. There's now cross-discipline skill sets. It's not just get the degree, see you out in the field. Bill, you want to start? >> Well, what's really fun about this job is that in the Air Force, I worked in the space and missile business, and what we saw was a heavy reliance on checklist format, security procedures, analog systems, and what we're seeing now in our world, both in the government and the commercial side, is a move to a digital environment, and the digital environment is a very quick and adaptive environment, and it's going to require a digital understanding. Matter of fact, the undersecretary of Air Force for acquisition recently referenced the need to understand the digital environment and how that's affecting acquisition. So as both Amy and Trung said, even business students are now in the cybersecurity business. And so again, what we're seeing is the change. Now, another phenomenon that we're seeing in the space world is there's just so much data. One of the ways that we addressed that in the past was to look at high-performance computing. There was a lot stricter control over how that worked. But now what we're seeing is adaptation of cloud, cloud technologies in space support, space data, command and control. And so what we see is a modern space engineer who has to understand digital, has to understand cloud, and has to understand the context of all those with a cyber environment. That's really changing the forefront of what is a space engineer, what is a digital engineer, and what is a future engineer, both commercial or government. So I think the opportunity for all of these things is really good, particularly for a polytechnic, Air Force Academy, and others that are focusing on a more widened experiential level of cloud and engineering and other capabilities. And I'll tell you the part that as the CIO I have to remind everybody, all this stuff works with the IT stuff. So you've got to understand how your IT infrastructures are tied and working together. As we noted earlier, one of the things is that these are all relays from point to point, and that architecture is part of your cybersecurity architecture. So again, every component has now become a cyber aware, cyber knowledgeable, and what we like to call as a cyber cognizant citizen where they have to understand the context. (speaking on mute) >> (indistinct) software Dr. Fleischer, talk about your perspective, 'cause you mentioned some of the things about computer science. I remember in the '80s when I got my computer science degree, they called us software engineers and then you became software developers. And then, so again, engineering is the theme. If you're engineering a system, there's now software involved, and there's also business engineering, business models. So talk about some of your comments, 'cause you mentioned computer science is hot. You got the aerospace. You got these multi-disciplines. You got definitely diversity, as well, brings more perspectives in, as well. Your thoughts on these structural interdisciplinary things? >> I think this is really key to making sure that students are prepared to work in the workforce is looking at the blurring between fields. No longer are you just a computer scientist. No longer are you just an aerospace engineer. You really have to have an expertise where you can work with people across disciplines. All of these fields are just working with each other in ways we haven't seen before. And Bill brought up data. You know, data science is something that's cross-cutting across all of our fields. So we want engineers that have the disciplinary expertise that they can go deep into these fields, but we want them to be able to communicate with each other and to be able to communicate across disciplines and to be able to work in teams that are across disciplines. You can no longer just work with other computer scientists or just work with other aerospace engineers. There's no part of engineering that is siloed anymore. So that's how we're changing. You have to be able to work across those disciplines. And as you, as Trung pointed out, ethics has to come into this. So you can no longer try to fully separate what we would traditionally have called the liberal arts and say, well, that's over there in general education. No, ethics is an important part of what we're doing and how we integrate that into our curriculum. So is communication. So is working on public policy and seeing where all these different aspects tie together to make the impact that we want to have in the world. So you no longer can work solo in these fields. >> That's great point. And Bill also mentioned the cloud. One thing about the cloud that's showed us is horizontal scalability has created a lot of value, and certainly data is now horizontal. Trung, you mentioned some of the things about cryptography for the kids out there, I mean, you can look at the pathway for career. You can do a lot of tech, but you don't have to go deep sometimes. You can as deep as you want, but there's so much more there. What technology do you see that's going to help students, in your opinion? >> Well, I'm a professor in computer science, so I like to talk a little bit about computer programming. Now we are working in complex projects. So most of the time we don't design a system from scratch. We build it from different components, and the components that we have, either we get it from vendors or sometimes we get it from the internet in the open source environment. It's fun to get the source code and then make it work to our own application. So now when we are looking at cryptology, when we talk about encryption, for example, we can easily get the source code from the internet. And the question, is it safe to use those source code? And my question is maybe not. So I always encourage my students to learn how to write source code the traditional way that I learned a long time ago before I allow them to use the open source environment. And one of the things that they have to be careful especially with encryption is the code that might be hidden in the source that they downloaded. Some of the source might be harmful. It might open up back gate for a hacker to get in later. We've heard about these back gates back then when Microsoft designed the operating system with the protection of encryption, and it is true that is existing. So while open source code is a wonderful place to develop complex system, but it's also a dangerous place that we have to be aware of. >> Great point. Before we get into the comments, one quick thing for each of you I'd like to get your comments on. There's been a big movement on growth mindset, which has been a great big believer in having a growth mindset and learning and all that good stuff. But now when you talk about some of these things we're mentioning about systems, there's a new trend around a systems mindset, because if everything's now a system, distributed systems now you have space and cybersecurity, you have to understand the consequences of changes. And you mention some of that, Trung, in changes in the source code. Could you guys share your quick opinions on the of systems thinking? Is that a mindset that people should be looking at? Because it used to be just one thing. Oh, you're a systems guy or gal. There you go. You're done. Now it seems to be in social media and data, everything seems to be systems. What's your take? Dr. Fleischer, we'll start with you. >> I'd say it's another way of looking at not being just so deep in your discipline. You have to understand what the impact of the decisions that you're making have on a much broader system. And so I think it's important for all of our students to get some exposure to that systems level thinking and looking at the greater impact of the decision that they're making. Now, the issue is where do you set the systems boundary, right? And you can set the systems boundary very close in and concentrate on an aspect of a design, or you can continually move that system boundary out and see where do you hit the intersections of engineering and science along with ethics and public policy and the greater society. And I think that's where some of the interesting work is going to be. And I think at least exposing students and letting them know that they're going to have to make some of these considerations as they move throughout their career is going to be vital as we move into the future. >> Bill, what's your thoughts? >> I absolutely agree with Amy. And I think there's a context here that reverse engineering and forensics analysis and forensics engineering are becoming more critical than ever. The ability to look at what you have designed in a system and then tear it apart and look at it for gaps and holes and problem sets. Or when you're given some software that's already been pre-developed, checking it to make sure it is really going to do what it says it's going to do. That forensics ability becomes more and more a skillset that also you need the verbal skills to explain what it is you're doing and what you found. So the communication side, the systems analysis side, the forensics analysis side, these are all things that are part of system approach that I think you could spend hours on and we still haven't really done a great job on it. So it's one of my fortes is really the whole analysis side of forensics and reverse engineering. >> Trung, real quick, systems thinking, your thoughts. >> Well, I'd like to share with you my experience when I worked in the space station program at NASA. We had two different approaches. One is a compound approach where we design it from the system general point of view where we put components together to be a complex system. But at the same time, we have the (indistinct) approach where we have an engineer who spent time and effort building individual component and they have to be expert in those tiny component that general component they deliver. And in the space station program, we bring together the (indistinct) engineer who designed everything in detail and the system manager who managed the system design from the top down, and we meet in the middle, and together we compromised a lot of differences and we delivered the space station that we are operating today. >> Great insight. And that's the whole teamwork collaboration that Dr. Fleischer was mentioning. Thanks so much for that insight. I wanted to get that out there because I know myself as a parent, I'm always trying to think about what's best for my kids and their friends as they grow up into the workforce. I know educators and leaders in industry would love to know some of the best practices around some of the structural changes. So thanks for that insight. But this topic's about students and helping them prepare. So we heard be multiple discipline, broaden your horizons, think like systems, top down, bottom up, work together as a team, and follow the data. So I got to ask you guys, there's a huge amount of job openings in cybersecurity. It's well-documented. And certainly with the intersection of space and cyber, it's only going to get bigger, right? You're going to see more and more demand for new types of jobs. How do we get high school and college students interested in security as a career? Dr. Fleischer, we'll start with you on this one. I would say really one of the best ways to get students interested in a career is to show them the impact that it's going to have. There's definitely always going to be students who are going to want to do the technology for the technology's sake, but that will limit you to a narrow set of students, and by showing the greater impact that these types of careers are going to have on the types of problems that you're going to be able to solve and the impact you're going to be able to have on the world around you, that's the word that we really need to get out. And a wide variety of students really respond to these messages. So I think it's really kind of reaching out at the elementary, the middle school level, and really kind of getting this idea that you can make a big difference, a big positive difference in the field with some of these careers, is going to be really critical. >> Real question to follow up. What do you think is the best entry point? You mentioned middle. I didn't hear elementary school. There's a lot of discussions around pipelining, and we're going to get into women in tech and underrepresented minorities later. But is it too early, or what's your feeling on this? >> My feeling is the earlier we can normalize it, the better. If you can normalize an interest in computers and technology and building in elementary school, that's absolutely critical. But the drop-off point that we're seeing is between what I would call late elementary and early middle school. And just kind of as an anecdote, I for years ran an outreach program for Girl Scouts in grades four and five and grade six, seven, and eight. And we had 100 slots in each program. And every year the program would sell out for girls in grades four and five, and every year we'd have spots remaining in grades six, seven, and eight. And that's literally where the drop-off is occurring between that late elementary and that middle school range. So that's the area that we need to target to make sure we keep those young women involved and interested as we move forward. >> Bill, how are we going to get these kids interested in security? You mentioned a few programs you got. >> Yeah. >> I mean, who wouldn't want to be a white hat hacker? I mean, that sounds exciting. >> So yeah, great questions. Let's start with some basic principles, though, is let me ask you a question, John. Name for me one white hat, good person hacker, the name, who works in the space industry and is an exemplar for students to look up to. >> You? >> Oh man, I'm feeling really... >> I'm only, I can't imagine a figure- >> (indistinct) the answer because the answer we normally get is the cricket sound. So we don't have individuals we've identified in those areas for them to look up to. >> I was going to be snarky and say most white hackers won't even use their real name, but... >> Right, so there's an aura around their anonymity here. So again, the real question is how do we get them engaged and keep them engaged? And that's what Amy was pointing out to exactly, the engagement and sticking with it. So one of the things that we're trying to do through our competition on the state level and other elements is providing connections. We call them ambassadors. These are people in the business who can contact the students that are in the game or in that challenge environment and let 'em interact and let 'em talk about what they do and what they're doing in life. But give them a challenging game format. A lot of computer-based training, capture the flag stuff is great, but if you can make it hands-on, if you can make it a learn by doing experiment, if you can make it personally involved and see the benefit as a result of doing that challenge and then talk to the people who do that on a daily basis, that's how you get them involved. The second part is part of what we're doing is we're involving partnership companies in the development of the teams. So this year's competition that we're running has 82 teams from across the state of California. Of those 82 teams at six students a team, middle school, high school, and many of those have company partners, and these are practitioners in cybersecurity who are working with those students to participate. It's that adult connectivity. It's that visualization. So at the competition this year, we have the founder of Defcon Red Flag is a participant to talk to the students. We have Vint Cerf, who is, of course, very well-known for something called the internet, to participate. It's really getting the students to understand who's in this, who can I look up to, and how do I stay engaged with them? >> There's definitely a celebrity aspect of it, I will agree. I mean, the influencer aspect here with knowledge is key. Can you talk about these ambassadors, and how far along are you on that program? First of all, the challenge stuff is, anything gamification-wise, we've seen that with hackathons, it just really works well. Creates bonding. People who create together can get sticky and get very high community aspect to it. Talk about this ambassador thing. What is that, industry, is that academic? >> Yeah, absolutely. >> What is this ambassador thing? >> Industry partners that we've identified, some of which, and I won't hit all of 'em, so I'm sure I'll short change this, but Palo Alto, Cisco, Splunk, many of the companies in California, and what we've done is identified schools to participate in the challenge that may not have a strong STEM program or have any cyber program. And the idea of the company is they look for their employees who are in those school districts to partner with the schools to help provide outreach. It could be as simple as a couple hours a week, or it's a team support captain or it's providing computers and other devices to use. And so again, it's really about a constant connectivity and trying to help where some schools may not have the staff or support units in an area to really provide them what they need for connectivity. What that does is it gives us an opportunity to not just focus on it once a year, but throughout the year. So for the competition, all the teams that are participating have been receiving training and educational opportunities in the gamification side since they signed up to participate. So there's a website, there's learning materials, there's materials provided by certain vendor companies like Wireshark and others. So it's a continuum of opportunity for the students. >> You know, I've seen, just randomly, just got a random thought. Robotics clubs are moving then closer into that middle school area, Dr. Fleischer, and in certainly in high schools, it's almost like a varsity sport. E-sports is another one. My son just called me. "I made the JV at the college team." It's big and serious, right? And it's fun. This is the aspect of fun. It's hands-on. This is part of the culture down there. Learn by doing. Is there, like, a group? Is it, like, a club? I mean, how do you guys organize these bottoms-up organically interest topics? >> So here in the college of engineering, when we talk about learn by doing, we have learned by doing both in the classroom and out of the classroom. And if we look at these types of out of the classroom activities, we have over 80 clubs working on all different aspects, and many of these are bottom-up. The students have decided what they want to work on and have organized themselves around that. And then they get the leadership opportunities. The more experienced students train the less experienced students. And it continues to build from year after year after year with them even doing aspects of strategic planning from year to year for some of these competitions. Yeah, it's an absolutely great experience. And we don't define for them how their learn by doing experiences should be. We want them to define it. And I think the really cool thing about that is they have the ownership and they have the interest and they can come up with new clubs year after year to see which direction they want to take it, and we will help support those clubs as old clubs fade out and new clubs come in. >> Trung, real quick, before we go on the next talk track, what do you recommend for middle school, high school, or even elementary? A little bit of coding, Minecraft? I mean, how do you get 'em hooked on the fun and the dopamine of technology and cybersecurity? What's your take on that? >> On this aspect, I'd like to share with you my experience as a junior high and high school student in Texas. The university of Texas in Austin organized a competition for every high school in Texas in every field from poetry to mathematics to science, computer engineering. But it's not about the University of Texas. The University of Texas is only serving as a center for the final competition. They divide the competition to district and then regional and then state. At each level, we have local university and colleges volunteering to host the competition and make it fun for the student to participate. And also they connected the students with private enterprises to raise fund for scholarship. So student who see the competition is a fun event for them, they get exposed to different university hosting the event so that they can see different option for them to consider college. They also get a promise that if they participate, they will be considered for scholarship when they attend university and college. So I think the combination of fun and competition and the scholarship aspect will be a good thing to entice the student to commit to the area of cybersecurity. >> Got the engagement, the aspiration, scholarship, and you mentioned a volunteer. I think one of the things I'll observe is you guys are kind of hitting this as community. I mean, the story of Steve Jobs and Woz building the Mac, they called Bill Hewlett up in Palo Alto. He was in the phone book. And they scoured some parts from him. That's community. This is kind of what you're getting at. So this is kind of the formula we're seeing. So the next question I really want to get into is the women in technology, STEM, underrepresented minorities, how do we get them on cybersecurity career path? Is there a best practices there? Bill, we'll start with you. >> Well, I think it's really interesting. First thing I want to add is, if I could, just a clarification. What's really cool, the competition that we have and we're running, it's run by students from Cal Poly. So Amy referenced the clubs and other activities. So many of the organizers and developers of the competition that we're running are the students, but not just from engineering. So we actually have theater and liberal arts majors and technology for liberal arts majors who are part of the competition, and we use their areas of expertise, set design and other things, visualization, virtualization. Those are all part of how we then teach and educate cyber in our gamification and other areas. So they're all involved and they're learning, as well. So we have our students teaching other students. So we're really excited about that. And I think that's part of what leads to a mentoring aspect of what we're providing where our students are mentoring the other students. And I think it's also something that's really important in the game. The first year we held the game, we had several all-girl teams, and it was really interesting because A, they didn't really know if they could compete. I mean, this is their reference point. We don't know if. They did better than anybody. I mean, they just, they knocked the ball out of the park. The second part, then, is building that confidence level that can, going back and telling their cohorts that, hey, it's not this obtuse thing you can't do. It's something real that you can compete and win. And so again, it's building that camaraderie, that spirit, that knowledge that they can succeed. And I think that goes a long way. And Amy's programs and the reach out and the reach out that Cal Poly does to schools to develop, I think that's what it really is going to take. It is going to take that village approach to really increase diversity and inclusivity for the community. >> Dr. Fleischer, I'd love to get your thoughts. You mentioned your outreach program and the drop-off, some of those data. You're deeply involved in this. You're passionate about it. What's your thoughts on this career path opportunity for STEM? >> Yeah, I think STEM is an incredible career path opportunity for so many people. There's so many interesting problems that we can solve, particularly in cyber and in space systems. And I think we have to meet the kids where they are and kind of show them what the exciting part is about it, right? But Bill was alluding to this when he was talking about trying to name somebody that you can point to. And I think having those visible people where you can see yourself in that is absolutely critical, and those mentors and that mentorship program. So we use a lot of our students going out into California middle schools and elementary schools. And you want to see somebody that's like you, somebody that came from your background and was able to do this. So a lot of times we have students from our National Society of Black Engineers or our Society of Hispanic Professional Engineers or our Society of Women Engineers, which we have over 1,000 members, 1,000 student members in our Society of Women Engineers who are doing these outreach programs. But like I also said, it's hitting them at the lower levels, too, and Girl Scouts is actually distinguishing themselves as one of the leading STEM advocates in the country. And like I said, they developed all these cybersecurity badges starting in kindergarten. There's a cybersecurity badge for kindergartener and first graders. And it goes all the way up through late high school. The same thing with space systems. And they did the space systems in partnership with NASA. They did the cybersecurity in partnership with Palo Alto Networks. And what you do is you want to build these skills that the girls are developing, and like Bill said, work in girl-led teams where they can do it, and if they're doing it from kindergarten on, it just becomes normal, and they never think, well, this is not for me. And they see the older girls who are doing it and they see a very clear path leading them into these careers. >> Yeah, it's interesting, you used the word normalization earlier. That's exactly what it is. It's life, you get life skills and a new kind of badge. Why wouldn't you learn how to be a white hat hacker or have some fun or learn some skills? >> Amy: Absolutely. >> Just in the grind of your fun day. Super exciting. Okay, Trung, your thoughts on this. I mean, you have a diverse, diversity brings perspective to the table in cybersecurity because you have to think like the other guy, the adversary. You got to be the white hat. You can't be a white hat unless you know how black hat thinks. So there's a lot of needs here for more points of view. How are we going to get people trained on this from underrepresented minorities and women? What's your thoughts? >> Well, as a member of the IEEE Professional Society of Electrical and Electronic Engineers, every year we participate in the engineering week. We deploy our members to local junior high school and high school to talk about our project to promote the study of engineering. But at the same time, we also participate in the science fair that the state of Texas is organizing. Our engineer will be mentoring students, number one, to help them with the project, but number two, to help us identify talent so that we can recruit them further into the field of STEM. One of the participation that we did was the competition of the, what they call Future City, where students will be building a city on a computer simulation. And in recent year, we promote the theme of smart city where city will be connected the individual houses and together into the internet. And we want to bring awareness of cybersecurity into that competition. So we deploy engineer to supervise the people, the students who participate in the competition. We bring awareness not in the technical detail level, but in what we've call the compound level so student will be able to know what required to provide cybersecurity for the smart city that they are building. And at the same time, we were able to identify talent, especially talent in the minority and in the woman, so that we can recruit them more actively. And we also raise money for scholarship. We believe that scholarship is the best way to entice student to continue education at the college level. So with scholarship, it's very easy to recruit them to the field and then push them to go further into the cybersecurity area. >> Yeah, I mean, I see a lot of the parents like, oh, my kid's going to go join the soccer team, we get private lessons, and maybe they'll get a scholarship someday. Well, they only do half scholarships. Anyway. I mean, if they spent that time doing these other things, it's just, again, this is a new life skill, like the Girl Scouts. And this is where I want to get into this whole silo breaking down, because Amy, you brought this up, and Bill, you were talking about it, as well. You got multiple stakeholders here with this event. You've got public, you've got private, and you've got educators. It's the intersection of all of them. It's, again, if those silos break down, the confluence of those three stakeholders have to work together. So let's talk about that. Educators. You guys are educating young minds. You're interfacing with private institutions and now the public. What about educators? What can they do to make cyber better? 'Cause there's no real manual. I mean, it's not like this court is a body of work of how to educate cybersecurity. Maybe it's more recent. There's cutting edge best practices. But still, it's an evolving playbook. What's your thoughts for educators? Bill, we'll start with you. >> Well, I'm going to turn to Amy and let her go first. >> Let you go. >> That's fine. >> I would say as educators, it's really important for us to stay on top of how the field is evolving, right? So what we want to do is we want to promote these tight connections between educators and our faculty and applied research in industry and with industry partnerships. And I think that's how we're going to make sure that we're educating students in the best way. And you're talking about that inner, that confluence of the three different areas. And I think you have to keep those communication lines open to make sure that the information on where the field is going and what we need to concentrate on is flowing down into our educational process. And that works in both ways, that we can talk as educators and we can be telling industry what we're working on and what types of skills our students have and working with them to get the opportunities for our students to work in industry and develop those skills along the way, as well. And I think it's just all part of this really looking at what's going to be happening and how do we get people talking to each other? And the same thing with looking at public policy and bringing that into our education and into these real hands-on experiences. And that's how you really cement this type of knowledge with students, not by talking to them and not by showing them, but letting them do it. It's this learn by doing and building the resiliency that it takes when you learn by doing. And sometimes you learn by failing, but you just pick up and you keep going. And these are important skills that you develop along the way. >> You mentioned sharing, too. That's the key. Collaborating and sharing knowledge. It's an open world and everyone's collaborating. Bill, private-public partnerships. I mean, there's a real, private companies, you mentioned Palo Alto Networks and others. There's a real intersection there. They're motivated. They could, there's scholarship opportunities. Trung points to that. What is the public-private educator view there? How do companies get involved and what's the benefit for them? >> Well, that's what a lot of the universities are doing is to bring in as part of either their cyber centers or institutes people who are really focused on developing and furthering those public-private partnerships. That's really what my role is in all these things is to take us to a different level in those areas, not to take away from the academic side, but to add additional opportunities for both sides. Remember, in a public-private partnership, all entities have to have some gain in the process. Now, what I think is really interesting is the timing on particularly this subject, space and cybersecurity. This has been an absolute banner year for space. The standup of Space Force, the launch of commercial partnership, you know, commercial platforms delivering astronauts to the space station, recovering them, and bringing them back. The ability of a commercial satellite platform to be launched. Commercial platforms that not only launch but return back to where they're launched from. These are things that are stirring the hearts of the American citizens, the kids, again, they're getting interested. They're seeing this and getting enthused. So we have to seize upon that and we have to find a way to connect that. Public-private partnerships is the answer for that. It's not one segment that can handle it all. It's all of them combined together. If you look at space, space is going to be about commercial. It's going to be about civil. Moving from one side of the Earth to the other via space. And it's about government. And what's really cool for us, all those things are in our backyard. That's where that public-private comes together. The government's involved. The private sector's involved. The educators are involved. And we're all looking at the same things and trying to figure out, like this forum, what works best to go to the future. >> You know, if people are bored and they want to look for an exciting challenge, you couldn't have laid it out any clearer. It's the most exciting discipline. It's everything. I mean, we just talk about space. GPS is, everything we do is involved, has to do with satellites. (laughs) >> I have to tell you a story on that right? We have a very unique GPS story right in our backyard. So our sheriff is the son of the father of GPS for the Air Force. So you can't get better than that when it comes to being connected to all those platforms. So we really want to say, you know, this is so exciting for all of us because it gives everybody a job for a long time. >> You know, the kids that think TikTok's exciting, wait till they see what's going on here with you guys, this program. Trung, final word on this from the public side. You're at the Air Force. You're doing research. Are you guys opening it up? Are you integrating into the private and educational sectors? How do you see that formula playing out? And what's the best practice for students and preparing them? >> I think it's the same in every university in the engineering program will require our students to do the final project before graduation. And in this kind of project, we send them out to work in the private industry, the private company that sponsor them. They get the benefit of having an intern working for them and they get the benefit of reviewing the students as the prospective employee in the future. So it's good for the student to gain practical experience working in this program. Sometimes we call that a co-op program. Sometimes we call that a capstone program. And the company will accept the student on a trial basis, giving them some assignment and then pay them a little bit of money. So it's good for the student to earn some extra money, to have some experience that they can put on their resume when they apply for the final, for the job. So the collaboration between university and private sector is really important. When I join a faculty normally there already exist that connection. It came from normally, again, from the dean of engineering, who would wine and dine with companies, build up relationship, and sign up agreement. But it's us professor who have to do the (indistinct) approach to do a good performance so that we can build up credibility to continue the relationship with those company and the student that we selected to send to those company. We have to make sure that they will represent the university well, they will do a good job, and they will make a good impression. >> Thank you very much for a great insight, Trung, Bill, Amy. Amazing topic. I'd like to end this session with each of you to make a statement on the importance of cybersecurity to space. We'll go Trung, Bill, and Amy. Trung, the importance of cybersecurity to space, brief statement. >> The importance of cybersecurity, we know that it's affecting every component that we are using and we are connecting to, and those component, normally we use them for personal purpose, but when we enter the workforce, sometimes we connect them to the important system that the government or the company are investing to be put into space. So it's really important to practice cybersecurity, and a lot of time, it's very easy to know the concept. We have to be careful. But in reality, we tend to forget to to practice it the way we forget how to drive a car safely. And with driving a car, we have a program called defensive driving that requires us to go through training every two or three years so that we can get discount. Every organization we are providing the annual cybersecurity practice not to tell people about the technology, but to remind them about the danger of not practicing cybersecurity and it's a requirement for every one of us. >> Bill, the importance of cybersecurity to space. >> It's not just about young people. It's about all of us. As we grow and we change, as I referenced it, we're changing from an analog world to a digital world. Those of us who have been in the business and have hair that looks like mine, we need to be just as cognizant about cybersecurity practice as the young people. We need to understand how it affects our lives, and particularly in space, because we're going to be talking about people, moving people to space, moving payloads, data transfer, all of those things. And so there's a whole workforce that needs to be retrained or upskilled in cyber that's out there. So the opportunity is ever expansive for all of us. >> Amy, the importance of cybersecurity in space. >> I mean the emphasis of cybersecurity is space just simply can't be over emphasized. There are so many aspects that are going to have to be considered as systems get ever more complex. And as we pointed out, we're putting people's lives at stake here. This is incredibly, incredibly complicated and incredibly impactful, and actually really exciting, the opportunities that are here for students and the workforce of the future to really make an enormous impact on the world around us. And I hope we're able to get that message out to students and to children today, that these are really interesting fields that you need to consider. >> Thank you very much. I'm John Furrier with theCUBE, and the importance of cybersecurity and space is the future of the world's all going to happen in and around space with technology, people, and society. Thank you to Cal Poly, and thank you for watching the Cybersecurity and Space Symposium 2020. (bright music)

(dramatic orchestral music) >> Hey, welcome back everybody. Jeff Frick, here, at theCUBE. We're at the Palo Alto studios taking a very short break in the middle of the crazy fall conference season. We'll be back on the road again next week. But we're excited to take an opportunity to take a breath. Again, meet new companies, have CUBE conversations here in the studio, and we're really excited to have our next guest. He's Apurva Dave, the CMO of Sysdig. Apurva, great to see you. >> Thanks, Jeff, thanks for having me here. >> Yea, welcome, happy Friday. >> Appreciate it, happy Friday, always worth it. >> So give us kind of the 101 on Sysdig. >> Yep, Sysdig is a really cool story. It is founded by a gentleman named Loris Degioanni. And, I think the geeks in your audience will probably know Loris in a heartbeat because he was one of the co-creators of a really famous open source project called Wireshark. It's at 20 million users worldwide, for network forensics, network visibility, troubleshooting, all that great stuff. And, way back when, in 2012, Loris realized what cloud and containers were doing to the market and how people build applications. And he stepped back and said, "We're going to need "a totally new way to monitor "and secure these applications." So he left all that Wireshark success behind, and he started another open source project, which eventually became Sysdig. >> Okay. >> Fast-forward to today. Millions of people are using the open source Sysdig and the sister project Sysdig Falco to monitor and secure these containerized applications. >> So what did Sysdig the company delineate itself from Sysdig the open source project? >> Well, you know, that's part of the challenge with open source, it's like part of your identity, right. Open source is who you are. And, what we've done is, we've taken Loris's vision and made it a reality, which is, using this open source technology and instrumentation, we can then build these enterprise class products on top for security monitoring and forensics at scales that the biggest banks in the world can use, governments can use, pharma, healthcare, insurance, all these large companies that need enterprise class products. All based on that same, original open source technology that Loris conceived so many years ago. >> So would you say, so the one that we see all the time and kind of use a base for the open source model, you kind of, Hortonworks, it's really pure, open source Hadoop. Then you have, kind of, Mapbar, you know, it's kind of proprietary on top of Hadoop. And then you have Cloudera. It's kind of open core with a wrapper. I mean, how does the open piece fit within the other pieces that you guys provide? >> That's really a really insightful question because Loris has always had a different model to open source, which is, you create these powerful open source projects that, on their own, will solve a particular problem or use case. For example, the initial Sysdig open source project is really good at forensics and troubleshooting. Sysdig Falco is really good at runtime container security. Those are useful in and of themselves. But then for enterprise class companies, you operate that at massive scale and simplicity. So we add powerful user interfaces, enterprise class management, auditing, security. We bundle that all on top. And that becomes this Cloud-Native intelligence platform that we sell to enterprise. >> And how do they buy that? >> You can, as subscription model. You can use it either as software as a service, where we operate it for you, or you can use it as on-premise software, where we deliver the bits to you and you deploy it behind your firewall. Both of those products are exactly the same functionally, and that's kind of the benefit we had as a younger company coming to market. We knew when we started, we'd need to deliver our software in both forms. >> Okay and then how does that map to, you know, Docker, probably the most broadly known container application, which rose and really disturbed everything a couple years ago. And then that's been disturbed by the next great thing, which is Kubernetes. So how do you guys fit in within those two really well-known pieces of the puzzle? >> Yeah, well you know, like we were talking about earlier, there's so much magic and stardust around Kubernetes and Docker and you just say it to an IT person anywhere and either they're working on Kubernetes, they're thinking about working on Kubernetes, or they're wondering when they can get to working on Kubernetes. The challenge becomes that, once the stardust wears off, and you realize that yeah, this thing is valuable, but there's a lot of work to actually implementing it and operationalizing it, that's when your customers realize that their entire life is going to be upended when they implement these new technologies and implement this new platform. So that's where Sysdig and other products come in. We want to help those customers actually operationalize that software. For us, that's solving the huge gaps around monitoring, security, network visibility, forensics, and so on. And, part of my goal in marketing, is to help the customers realize that they're going to need all these capabilities as they start moving to Kubernetes. >> Right, certainly, it's the hot topic. I mean, we were just at VMworld, we've been covering VMworld forever, and both Pat and Sanjay had Kubernetes as parts of their keynotes on day one and day two. So they're all in, as well, all time for Amazon, and it goes without saying with Google. >> Yeah, so it's funny is, we released initial support for Kubernetes, get this, back in 2015. And, this was the point where, basically the world hadn't yet really, they didn't really know what Kubernetes was. >> Unless they watched theCUBE. >> Unless they watched-- >> They had Craig Mcklecky-- >> Okay, alright. >> On Google cloud platform next 2014. I looked it up. >> Awesome. Very nice-- >> Told us, even the story of the ship wheel and everything. But you're right, I don't think that many people were there. It was at Mission Bay Conference Center, which is not where you would think a Google conference would be. It's a 400 person conference facility. >> Exactly, and I think this year, CubeCon is probably going to be 7,000 people. Shows you a little bit of the growth of this industry. But, even back in 2015, we kind of recognized that it wasn't just about containers, but it was about the microservices that you build on top on containers and how you control those containers. That's really going to change the way enterprises build software. And that's been a guiding principle for us, as we've built out the company and the products. >> Well, way to get ahead of the curve, I love it. So, I see it of more of a philosophical question on an open source company. It's such an important piece of the modern software world, and you guys are foundationally built on that, but I always think about when you're managing your own resources. You know, how much time do you enable the engineers to spend on the open source piece of the open source project, and how much, which is great, and they get a lot of kudos in the ecosystem, and they're great contributors, and they get to speak at conferences, and it's good, it's important. Versus how much time they need to spend on the company stuff, and managing those two resource allocations, 'cause they're very different, they're both very important, and in a company, like Sysdig, they're so intimately tied together. >> Yeah, that last point to me is the biggest driver. I think some companies deal with open source as a side project that gives engineers an outlet to do some fun, interesting things they wouldn't otherwise do. For a company like Sysdig, open source is core to what we do. We think of these two communities that we serve, the open source community and the enterprise community. But it's all based on the same technology. And our job in this mix is to facilitate the activity going on in both of these communities in a way that's appropriate for how those communities want to operate. I think most people understand how an enterprise, you know, a commercial enterprise community wants to operate. They want Sysdig to have a roadmap and deliver on that roadmap, and that's all well and good. That open source element is really kind of new and challenging. Our model has always been that the core open source technology fuels our enterprise business, and what we need to do is put as much energy as we can into the open source, such that the community is inspired to interact with us, experiment, and give back. And if we do it right, two things happen. We see massive contribution from the community, the community might even take over our open source projects. We see that happening with Sysdig Falco right now. For us, our job then is to sit back, understand how that community is innovating, and how we can add value on top of it. So coming back all the way to your question around engineers and what they should be doing, step one, always contribute to the open source. Make our open source better, so that the community is inspired to interact with us. And then from there, we'll leverage all that goodness in a way that's right for our enterprise community. >> So really getting in almost like a flywheel effect. Just investing in that core flywheel and then spin off all kinds of great stuff. >> You got it, you know, my motto's always been like, if the open source is this thing off to the side, that you're wondering, oh, should our engineers be working on it, or shouldn't they, it's going to be a tough model to sustain long-term. There has to be an integrated value to your overall organization and you have to recognize that. And then, resource it appropriately. >> Right, so let's kind of come up to the present. You guys just had a big round of funding, congratulations. >> Yep, thank you. >> So you got some new cash in the bank. So what's next for Sysdig? Now you got this new powder, if you will, so what's on the horizon, where are you guys going next? Where are you taking the company forward? >> Great question, so, we just raised a $68.5 million Series D round, led by Inside Ventures and follow-on investors from our previous investors, Accel and Bane. 68.5 doesn't happen overnight. It's certainly been a set of wins since Loris first introduced those open source projects to releasing our monitoring product, adding our security product. In fact, earlier this year, we brought on a very experienced CEO, Suresh Vasudevan, who was the previous CEO of Nimble Storage, as a partner to Loris, so that they could grow the business together. Come this summer, we're having massive success. It feels like we've hit a hockey stick late last year, where we signed up some of the largest investment banks in the world, large government organizations, Fortune 500s, all the magic is happening that you hope for, and all of a sudden, we found these investors knocking at our door, we weren't actually even out looking for funds, and we ended up with an over-subscribed round. >> Right. >> So our next goal, like what are you going to do with all that money, is first of all, we're moving to a phase where, it's not just about the product, but it's about the overall experience with Sysdig the company. We're really building that out, so that every enterprise has an incredible experience with our product and the company itself, so that they're just, you know, amazed with what Sysdig did to help make Cloud-Native a reality. >> That's great and you got to bring in an extra investor, like in a crunch phase, you guys haven't had that many investors in the company, relatively a small number of participants. >> It's been very tightly held, and we like it that way. We want to keep out community small and tight. >> Well, Apurva, exciting times, and I'm sure you're excited to have some of that money to spend on marketing going forward. >> Well, we'll do our part. >> Well, thanks for sharing your story, and have a great weekend. I'm happy it's Friday, I'm sure you are, too. >> Thanks so much, have a great weekend. Thanks for having me. >> He's Apurva, I'm Jeff, you're watching theCUBE. It's theCUBE conversation in Palo Alto, we'll be back on the road next week, so keep on watching. See you next time. (dramatic orchestral music)

(cheerful music) >> Announcer: Live from Los Angeles, it's theCUBE! Covering Open Source Summit North America 2017. Brought to you by The Linux Foundation and Red Hat. >> Welcome back, and we're live here in Los Angeles. This is theCUBE's special coverage of Open Source Summit North America. I'm John Furrier with Stu Miniman. Two days of wall-to-wall coverage. Our next guest, Ed Warnicke, who is a distinguished consulting engineer with Cisco. Welcome to theCUBE. >> Glad to be here! >> Thanks for coming on. Love to get into it. We love infrastructure as code. We love the cloud developers. The young generation loves it. Making things easy to use all sounds great, but there's still work to get done. The networking... So what's going on here at the Open Source? So this is the big tent event where there's a lot of cross-pollination around projects. Obviously the networking side, you guys at Cisco are doing your share. Give us the update. Networking is still a lot more work to be done. It's a very strategic part of the equation. Certainly making it easier up above makes it programmable. >> Yeah, you have to make the networking invisible even to the DevOps layer. There are certain things that you need from the network. They need isolation and reachability. They need service discovery and service routing. But they don't want to have to think about it. They don't want to be burdened with understanding the nitty gritty details. They don't want to know what subnet they're on, they don't want to have to worry about ACL's, they don't want to think about all of that. And the truth is, there's a lot of work that goes into making the network invisible and ubiquitous for people. And in particular, one of the challenges that we see arising as the world moves more cloud-native, as the microservices get smaller, as the shift happens toward serverless, as Kubernetes is coming on with containers, is that the network is really becoming the run time. And that run time has the need to scale and perform like it never has before. So the number of microservices you'd like to put on a server keeps going up, and that means you need to be able to actually handle that. The amount of traffic that people want to push through them continues to go up. So your performance has to keep up. And that brings a lot of distinct challenges, particularly when you're trying to achieve those in systems that were designed for a world where you had maybe two NIC's on the box, where you weren't really thinking when the original infrastructure was built about the fact that you were actually going to have to do a hell of a lot of routing inside the server because you now have currently hundreds, but hopefully someday thousands and tens of thousands of microservices running there. >> Ed, you know, I think when we've been talking about the last 15 or 20 years or so, I need to move faster with my deployment. It always seemed that networking was the thing that held everything up. It's like, okay, wait, when I virtualized, everything's great and everything, and I can just spit up a VM and do that. Oh, but I need to wait for the network to be provisioned. What are the things you've been working on, what open source projects? There's a lot of them out there helping us to really help that overall agility of work today. >> Absolutely. So one of the things I'm deeply involved in right now is a project called FD.io, usually pronounced Fido, because it's cute. And it means we can give away puppies at conferences. It's great. What FD.io is doing, is we have this core technology called VPP that gives you incredibly performant, incredibly scalable networking purely in user space. Which means from a developer velocity point of view, we can have new features every three months. From an extensibility point of view, you can bring new network features as separate plugins you drop as .so's into a plugin directory instead of having to wait for the kernel to rev on your server. And the revving process is also substantially less invasive. So if you need to take a microservice network as a user space thing and rev it, it's a restart of a process. You're talking microseconds, not 15-minute reboot cycles. You're talking levels of disruption where you don't lose your TCP state, where you don't lose any of those things. And that's really crucial to having the kind of agility that you want in the network. And when I talk about performance and scalability, I'm not kidding. So one of the things we recently clocked out with VPP was being able to route a terabyte per second of traffic with millions of routes in the forwarding tables on commodity servers with no hardware existence at all. And the workloads are starting to grow in that direction. It's going to take them a while to catch up, but to your point about the network being the long pull, we want to be far ahead of that curve so it's not the long pull anymore. So you can achieve the agility that you need in DevOps and move innovative products forward. >> Ed, one of the things that comes up all the time, I wanted to get your reaction to this because you're an important part of it, is developers say, look, I love DevOps. And even ops guys are saying, we want to promote DevOps, so there's a mind meld there if you will. But then what they don't want is a black box. They want to see debugging, and they want to have ease of manageability. So I don't mind pushing dev, if I'm an ops guy, send the dev down, but they need a path of visibility. They need to have access to debug fast. Get access to some of those things. What do you see as gates if you will, that we got to get through to make that seamless and clean right now? Obviously Kubernetes, lot of stuff going on with orchestration. And containers are providing a path. But still, the complaint and nervousness is okay, you can touch and program the infrastructure, but if something happens, you're going to be reactive. >> Yeah, that gets exactly to the point. Because the more invisible the network is, the more visibility you need when things go wrong. And for general operational use. And one of the cool things that's happening in FD.io around that, is number one, it's industrial scale. So you have all sorts of counters and telemetry information that you need from an historical point of view in networks to be able to figure out what's going on. But beyond that, there's a whole lot of innovation that's been happening in the network space that has yet to trickle down all the way to the server edge. A really classic example on the visibility front has to do with in-band iOAM. So we now have the technology, and this is present today in VPP, to be able to say, hey, I would like an in-band trace on the flow though the network of this flow for this customer who's giving me a complaint, where I can see hop by hop through the network including in the edge where VPP is, what's the latency between hops? What path it actually passed through. And there's even a feature there where you could say, at each hop, please send the packet capture at that hop to a third-party point where I can collect it so I can look at it in something like Wireshark. So you can look in Wireshark and say, okay I see where this went into that node and came out that node this way. Node by node by node. I don't know how much more visibility than that is actually physically possible. And that's one of the kinds of things that the velocity of features that you have in VPP has made very possible. That's the kind of thing that would take a long time to work into the traditional development line for networking. >> What's the Cisco internal vibe right now? Because we covered the DevNet Create event that Susie Wee put on, which was kind of like a cloud-native cool event. Kind of grassroots, kind of guerrilla. I love the mojo there. But then you've got the DevNet community at Cisco, which is a robust killer developer community on the Cisco side. How are those worlds coming together? I can imagine that the appetite for the Cisco DevNet teams, the DevNet developer community, is looking at cloud-native as an opportunity. Can you share some insight into what's the sentiment, what's the community vibe, what's going on? For folks that just got to run the networks, I mean this is serious stuff. In the past, they've been like, cloud-native, when you're ready we'll get there. But now there seems to be an onboarding of cloud-native. Talk about the dynamic. >> There has to be, because cloud-native won't wait. And there's a lot of things that the network can do to help you as the run time. The iOAM example is one, but there are a ton more. Again, cloud-native won't wait. They will find a way, and so you have to be able to bring those features at the pace at which cloud-native proceeds. You can't do it on six-month product cycles. You can't do it on 12-month product cycles. You have to be able to respond point by point as things more forward. A good example of this is a lot of the stuff that's happening with server meshes in Insteon. Which is coming really fast. Not quite here, but coming really fast. And for that, the real question is, what can the network do for DevOps? Because there's a synergistic relationship between DevOps and NetOps. >> So you were saying... Just to try to get at the point. So yes, are you seeing that the DevNet community is saying hey we love this stuff? Because they're smart, they know how to adapt. Moving from networks to DevOps. To me it seems like they're connecting the dots. You share some-- Are they, yes no maybe? >> They're absolutely connecting the dots, but there's a whole pipeline with all of this. And DevNet is at the short pointy end where it touches the DevOps people. But to get there, there's a lot of things that have to do with identifying what are the real needs, getting the code written to actually do it, figuring out the proper innovations, engaging with open source communities like Kubernetes so that they're utilized. And by the time you get to DevNet, now we're at the point where you can explain them to DevOps, where they can use them really cleanly. One of the other things is, you want it to come through transparently. Because people want to be able to pick their Kubernetes Helm charts off the web, take the collection of containers for the parts of their application they don't want to have to think about, at least right now, and have it work. So you have to make sure you're supporting all the stuff that's there, and you have to work to be able to take advantage of those new features in the existing API's. Or better yet, just have the results of those API's get better without having to think about new features. >> So they're in great shape. It's not a collision, it's not friction. >> No, no no. >> It's pretty much synergistic. Network guys get the DevOps equation. >> No, we get the DevOps equation, we get the need. There is a learning process for both sides. We deeply need each other. Applications without networking are completely uninteresting. And this is even more true in microservices where it's becoming the run time for the network. On the same side, networks without applications are completely uninteresting because there's no one to talk. And what's fascinating to me is how many of the same problems get described in different language and so we'll talk past each other. So DevOps people will talk about service discovery and service routing. And what they're really saying is, I want a thing, I don't want to have to think about how to get to it. On the network side, for 15 years now, we've been talking about identifier/locator separation. Basically the having an IP address for the thing you want, and having the ability to transparently map that to the location where that thing is without having to... It's the classic renumber your network problem. They're at a very fundamental level the same problem. But it's a different language. >> The game is still the same. There's some language nuances that I think I see some synergies. I see people getting it. It's like learning two languages. Okay, the worlds come together. It's not a collision. But the interesting thing is networking has always been enabling opportunity. This is a fundamental nuance. If you can get this right, it's invisible, as you said. That's the end game. >> Absolutely. That's really what you're looking for. You want invisibility in the normal mode, and you want total transparency when something has to be debugged. The classic example with networks is, when there's a network problem it's almost never the network. It's almost always some little niggle of configuration that went wrong along the way. And so you need that transparency to be able to figure out okay, what's the point where things broke? Or what's the point where things are running suboptimally? Or am I getting the level of service that I need? Am I getting the latency I need, and so forth. And there's been a tendency in the past to shorthand many of those things with networking concepts that are completely meaningless to the underlying problem. People will look at subnets, and say for the same subnet, we should have low latency. Bullshit. I mean basically, if you're on the same subnet, the guy could be on the other end of the WAN in the modern era with L2 overlays. So if you want latency, you should be able to ask for a particular latency guarantee. >> It felt to me that it took the networking community a while to fix things when it came to virtualization. (Ed laughs) but the punch line is, when it comes to containers, and what's happening at Kubernetes, it feels like the networking community is rallying a lot faster and getting ahead of it. So what's different this time? You've got kind of that historical view on it. Are we doing better as an industry now, and why is it? >> So a couple of things. The Kubernetes guys have done a really nice job of laying out their networking API's. They didn't get bogged down in the internal guts of the network that no DevOps guy ever wants to have to see. They got really to the heart of the matter. So if you look at the guarantees that you have in Kubernetes, what is it? Every pod can talk to every other pod at L3. So L2 isn't even in the picture. Which is beautiful, because in the cloud, you need to worry about subnets like you need a hole in the head. Then if you want isolation, you specify a network policy. And you don't talk about IP addresses when you do that. You talk about selectors on labels for pods, which is a beautiful way to go about it. Because you're talking about things you actually care about. And then with services, you're really talking about how do I discover the service I want so I never have to figure out a pod IP? The system does it for me. And there are gaps in terms of there being things that people are going to be able to need to do that are not completely specified on those API's yet. But the things they've covered have been covered so well, and they're being defended so thoroughly, that it's actually making it easier because we can't come in and introduce concepts that harm DevOps. We're forced to work in a paradigm that serves it. >> Okay, great. So this'll be easy, so we'll be ready to tackle serverless. What's that going to mean for the network? >> Serverless gets to be even more interesting because the level of agility that you want in your network goes up. Because you can imagine something in serverless where you don't even want to start a pod until someone has made a request. So there's an L7 piece that has to be dealt with but then you have to worry about the efficiency of how do you actually move that TCP session to the actual instance that's come up for serverless for that thing, and how do you move it to the next thing? Because you're working at an L7, where from the client's point of view, they think it's all the same server, but it's actually been vulcanized across all these microservices. And so you have to find an efficient way of making that transparent that minimizes the degree to which you have to hairpin through things all over the cluster because that just introduces more latency, less throughput, more load on the cluster. You've got to be able to avoid that. And so, by being able to bring sophisticated features quickly to the data plain with something like FD.io and VPP, you can actually start peeling those problems off progressively as serverless matures. Because the truth of the matter is, no one really knows what those things are going to look like. We all like to believe we do, but you're going to find new problems as you go. It's the unknown unknowns that require the velocity. >> So it sounds like you're excited about serverless, though. >> Ed: Usually, yes, definitely. >> So I love serverless too, and I always talk about it. So what is in your opinion the confusion? There are some people who are like, oh it's bullshit. I don't think it is personally. I think it's nirvana. I think it's what people want, what most developers want. There's a server behind it. It's not serverless per se. It's just from a developer standpoint, you don't have to provision hardware. >> Or containers, or VM's, or any of that. >> I personally think it's a good thing. Is it just a better naming convention? Give the people, what's the nuance? Why are people confused? >> I think it's much more fundamental than just the naming convention. Because historically, if you look at the virtualization of workloads, every movement we've had to date has been about some workload run time technology. VM's were about virtual machines. Containers are about containers to run technology. When you get to microservices and serverless, we've made the leap from talking about the underlying technology that most developers don't care about to talking about the philosophy that they do. >> Their run time is their app. Their run time assembly is their code sandwich, not to say the network. >> Just as in serverless, I don't think anyone doubts that the first run of serverless is going to be built on containers. But the philosophy is completely divorced for them. So I'll give you an example. One of the things that we have in VPP is we have an ultra high performance, ultra high scalability userspace TCP stack. We're talking the kind of thing that can trivially handle ten million simultaneous connections with 200,000 new connections coming in every second. And right now, you can scope that to an isolation scope of a container. But there's no reason, with the technology we have, you can't scope it all the way down to a process. So you control the network access at the level of a process. So there's a lot of headroom to go even smaller than containers, even lighter weight than containers. But the serverless philosophy changes not a wit as you have that improvement come in. >> That's beautiful. Ed, thanks so much for coming on theCUBE. We really appreciate your perspective. I'd like you to get one final word in to end the segment. Describe what's happening here because the OS Summit, or the Open Source Summit, is the first of its kind, a big tent event. What's your take on it? What's the purpose of the event? What's your experience? Share with the folks who aren't here what this event is all about. >> It's really exciting, because as much as we love The Linux Foundation, and as much as we've all enjoyed things like LinuxCon in the past, the truth is, for years it's been bleeding beyond just Linux. I don't see the OS Summit so much as a shift in focus, as a recognition of what's developed. Last year we had the Open Source Summit here. We just called it LinuxCon. The year before we had the Open Source Summit here. We just called it LinuxCon. And so what's really happening is, we're recognizing what is. There's actually no new creation happening here. It's the recognition of what's evolved. >> And that is open source as a tier one reality that goes way beyond Linux, which is by the way super valuable at the kernel. >> Ed: Oh, we all love Linux. >> All Linux apps... The only apps are Linux apps. But it's a bigger thing. The growth and scale that's coming is unprecedented. I think a lot of people still are pitching themselves, Stu and I were commenting, that what's coming is going to change the face of software development for generations to come. There's an exponential scale of software libraries coming on board. Up to 400 million was forecast by 2026? >> That sounds conservative to me. (laughs) >> You think so? Well, I mean, just to get the scale. So there's going to be some leadership opportunities for the community, in my opinion. >> Absolutely. And this is where the Open Source Summit actually... I mean, words matter because they shape the way we think about things. So where I think the shift to the Open Source Summit has huge value is that it starts to shift the thinking into this broader space. It's not just a recognition of what's happened. It's a new load of software here for the community. >> This is not a marking then, it's a recognition of what's actually happening. I love that quote. Open Source Summit, brilliant move by The Linux Foundation. Create a big tent event for cross-pollination, sharing of ideas. This is the ethos of open source. Ed, thanks so much for coming on theCUBE. This is theCUBE with live coverage from the Open Source Summit in North America, formerly LinuxCon and all the other great events here in Los Angeles. I'm John Furrier with Stu Miniman. More live coverage after this short break. (electronic music)