>> Narrator: Live from Orlando, Florida, it's the Cube, covering ServiceNow, Knowledge 17. Brought to you by ServiceNow. >> Welcome back to Orlando, everybody, my name is Dave Vellante and I'm here with my co-host, Jeff Frick. This is day two of ServiceNow, Knowledge, and this is the Cube, the leader in live tech coverage. Bart Murphy is here, he's the CTO of York Risk Services, and he's the CIO and CTO of CareWorks, Cube alum. Bart, good to see you again. >> Great to see you guys. So we were talking off camera, Mark came over, we're talking about the CIO Decisions, you participated in that last year as well. What have you been doing at the conference? What are you seeing that's interesting? >> Well I've been attending the sessions and you just mentioned the CIO Decisions, that was my day yesterday. Great opportunity to get you know, great speakers, we mentioned a few of them that spoke yesterday, but also there were some customer round tables that allowed you to collaborate with your peers over a few areas, and sort of discuss what's working for them, what's not. You know, what their road map looks like, how they're selling that to the board, those type of things. It was a very productive day. >> So, since we last talked, what have you been working on? We had a great discussion last year on security, I'm sure things have changed there, they keep evolving. What kind of things you've been working on, what are some of the initiatives that are new? >> Yeah, so last year we did talk about that and my desire, I was somewhat excited when I started to see the new play into SecOps with ServiceNow. So we've now gone live with SecOps. We're continuing to mature our security posture as a company, and I think that's, when you look at a road map or you're looking at things, what we want to see is continual capability maturity in our security space. One, we need to be there, right? As an organization, we're a services organization. We also want to just make sure that we're continuing to get better and automate. So we saw SecOps as a real opportunity for that. So we've now gone live, we've deployed that. We did it and integrated that with certain tools that we have, Tanium, LogRhythm, Symantec, some of our scanning tools. What that's allowing us to do is look at a wide range of log information, parse through that in order to automate certain types of work flows and cases. So whether it be as simple as finding an end point that say has an outdated Symantec update and having that automatically update, or create a case because it can't push the automation, those type of things we're trying to do now to try to raise the level of our security and start weeding through all the noise that's out there, that's provided with all the tools that we have. >> How did you find the integration? >> Well, we did the integration ourselves, and we found the integration, compared to some other products that we've done in the past, to be much smoother. You know, I think this is a later product that they've built into their platform. I think they've taken into account implementation, so some of the integrations were out of the box like the Tanium, others, we built those integrations. So, and we also, I think I may have mentioned this, not sure if I did, when I looked at my incident security response plan and the way I developed that, I developed it very closely to what was coming out of the box with ServiceNow. I wanted to make sure that our policies, procedures, process for that really just met out-of-the-box functionality, so we didn't have to do a lot of customization and configuration there, and we could focus on the technical integrations that really provide some of the power of the automation with the CMBB. >> Speaking of sort of custom work, you talk about M and A, you mention you get a mulligan coming. >> Bart: Yeah. >> Talk about that a little bit, kind of unwinding some of the custom mods. >> Yeah, so we have multiple instances of ServiceNow, and over the last year we've been building our newest instance with York Risk Services Group, that's our total company. And I'm in the process now of taking what we built for CareWorks, you know, we have been a customer since 2010, and really learning what we did well there and what we didn't do well. In addition to the fact that a lot of customization that we did on that platform is no longer really required, that's how much the platform has matured with ServiceNow. >> Which one was it, which release, do you remember? >> Oh gosh, Berlin, probably. >> Berlin, right, right. >> Early, early on if I'm accurate, from the very beginning. And you know GRC was an example where we did a lot of customization because that product just is night and day compared from where it is today. >> Jeff: Right >> So now we get a new opportunity to look at our process to see, say, is this something that we really need to keep the customization, or can we leverage the platform better, and by the way, even if we do have to do customization, can we do it a better way? So it is a little bit of a mulligan, from that standpoint, we get a sort of fresh start on a platform that we understand even better now, and we're doing it at a larger scale, so we're trying to really look at those automation opportunities so we can gain the efficiencies that we need. >> So I wonder if you can talk about the sort of business impact that you've seen over the years. You've been a long-time ServiceNow customer, and it just feels like this whole ecosystem is on the steep part of the s-curve now. Maybe describe the sort of business impact in whatever terms make sense. >> Well, I think partly supporting consolidated shared services, whether it's in IT or other areas of the business, and even finding areas of the business that aren't doing a good job of tracking their work today. And it still exists, in I think every organization. I was mentioning, you know, another area that we're looking at that we'll most likely deploy this year or early next year, I would assume this year, is the HR Case Management. >> Dave: Mmm hmm. >> That's an area very similar to IT, very similar to other areas that we've built use cases within ServiceNow, where things are done primarily through email. It's very inefficient, they don't have very good metrics to understand how much support they're providing the organization. They're pressured just as I am from an SG&A perspective, to do more with less. And the only way we're going to be able to continue to do more with less is to provide some level of automation and stay consistent with it. So when I started looking at ServiceNow, and yes, we're probably on that s-curve too. We've done some really good work on the automation side, but now with the platform, with what they're doing with some of the analytics, what they're, you know, I know what they're going to do with machine learning, what we can do with some of the predictive stuff. How can we take a security instance, for example, have it remediate itself and then inform us on what it did? Those are the type of things that I think's going to bring us way sharp up on that curve. I mean we've done a good job, we're very technical, we've done a good job automating, I'm not, but for what we can do I think over the next three to four years with this platform and the automation, is going to be a game changer for us and we're going to need that. 'Cause you know our SG&A can't grow at the same rate. You want to have that margin improvement, and this is one of the areas that we can use a platform to do that. >> It's interesting, you're, always a lot of talk about automation when we're here. >> Yeah. >> Different automated processes and make them easier. But you mentioned before we went on air, you just mentioned it again, that the desire to get measurement on the process as the primary driving factor, 'cause you just can't measure that which is in email and all these disparate systems, and now you can actually use the motivation of measurement so then you can get improvement as a primary driver to implement it. >> Yeah, I mean one of our core values is to be a data-driven decision making company. And you can't improve what you can't measure. And there's still to this day a lot of these processes that we take for granted. You know, SecOps, HR, operation service center, claim setup. We think we're doing a good job managing it and understanding the productivity of it, but we don't have really good tools in place or they're very disparate. So if we can get that into one CMDB, we can start to leverage automation. Once we start to measure it, we truly can start to see that business value, 'cause we can see those measurements go down. So whether we're using out-of-the-box performance analytics now, you know we started originally, performance analytics was a separate product. On the new York one, again, that's another benefit, we just turn it on, right? And there's already really good, rich data that it's giving us to stay, and we can compare that against our previous performance, whether it's incidents, closing rate, you know all these type of things out of the box. So I can start to show improvement. It's not to say that we don't have areas to improve, we do. There are things outside of ServiceNow that we need to do to improve our overall capability. So whether you're talking leveraging orchestration within ServiceNow but then I need a deployment tool to actually go and do that work. So that's where Tanium comes into play, so there's other strategies we're deploying to say where can we get the full life-cycle of that automation? And that's where engineering discipline and bringing that to your supply chain of activities is key. >> The other thing that you mentioned that kind of flipped it on its head, is you talked about your incidents response plan and trying to make it pretty much as out of the box from ServiceNow as possible. Was that because you just kind of went with the custom, or now are they delivering more best practices in the way that configuration comes out of the box that you don't really have to think about it. >> Yeah, I mean absolutely. >> You can presume best practices, because that's how it's preconfigured out of the box. >> Yeah, and I don't think they tout that, and I understand why, but they're getting feedback from a ton of customers on how to build a process in the most efficient way. I don't think they're doing it in a vanilla way. I think they're doing it in an efficient, robust way. So I think they are at that point where there's a lot of things that come out of the box that people really need to pay attention to. Like I understand that we may have done it this way, but this way is more than sufficient. And if it means that I don't have to customize and I can make my upgrades even easier than they are today, 'cause they aren't that painful at all, on the ServiceNow front, then why not? And then we can benefit from their maturity on the platform, because they're going to continue to add in releases and add in functionality just like we saw over the last two days. >> Back to the sort of s-curve, it sounds like you're getting in the position now to get real operating leverage almost like Metcalf's Law. The first one you get some benefit, but the nth one, boy that's when it really kicks in. >> I hope so. That's what I'm, I think right now we've spent a lot of time and energy getting onto one platform, right? Whether it's from all the acquisitions, whether it's from an older instance to a newer instance. I think once we get critical mass on that platform, yes, the automation stuff will make a marketable difference. We've done some great things for our business but I think once we get everybody on one platform and we get that true understanding of how we want to do our enterprise process and we have some other uplift in our areas and systems. You know, Tanium's a new product that we have. We're looking potentially HRIS, there's other things at play that will play in the ecosystem. And as we mature those and really understand what our end game's going to be, I think that's where we have that power. >> One of the speakers at CIO Decisions this week was author Daniel Pink. We had him on the Cube, talk about selling is human. When you run a business case, you talked about the HR, moving into HR, do you go sell, do you make the business case, are they coming to you, is it push/pull, how does it work? >> A little bit of both. As a CTO and as any executive, I listen to Daniel as well and I'm a firm believer that we're all in sales. All of us are part of some type of revenue-generating company, okay, and if we don't take that to heart, and we just think that we're some cog in a wheel in somebody else's problem, shame on you. No company's going to grow without a full company of great sales people. They're either advocates for their brand, they understand the mission, they understand what they're doing for the mission. So from a sales perspective, certainly I'm going around trying to tell people about the capability of ServiceNow. I saw the CEO speak yesterday too and one thing that struck me that I think a lot of people need to do, is he's spent a lot of time over the last 49 days trying to understand the vernacular of IT. You know, he was the CEO at some large companies, they all had IT, now he's at an IT company. And so he's trying to really understand the speak and some of the capabilities that you have to understand. He's got a better appreciation of it. It's my job, really, to be able to do that type of evangelism within our company to say here are some of the platforms that we have and here are some of the capabilities and at least start the conversation. I will tell you that other times I have people come to me because they've either heard from someone else that they're using it at their company and their HR team loves it, or what's it about? But I need to go around and say I see you guys doing this and we have a platform that's totally made for that. It's why it was built. Let's have a demo or let's start looking at how you think that would improve your guys' productivity. You're stretched for resources, I'm stretched for resources, and just come at it from a common problem statement perspective. Then we build the business case from there. >> I see. So we hear a lot of the announcements this morning, Jacarta, another release. What do you, and so there's a lot of things they did in there, performance improvements, UI improvements and things like that, bringing in intelligent automation, a lot of really good, cool things in there. What's, from your mind, on their to-do list? What kinds of things, I mean, are they doing the types of things that you want them to do, is there something big that could really make a difference to your business? >> Yeah, I wish I was like the ServiceNow product visionary. (laughing) But I'm not, I got to commend 'em. I think they're doing some pretty darn good things. When you start to look at SecOps and its play into GRC and the way that you really start to automate some of your controls, which are a huge component of, I'm not going to say waste within your organization, but they take a lot of time, and they bring value, don't get me wrong, but they aren't bringing...they're not bringing in revenue, they're a lot of compliance and they're good practices, so the more we can automate some of those they're high value but you want your team working on other innovation type of stuff, I think the better. When they start looking at what they're doing with the data now, everybody's becoming a data company, everybody's talking about machine learning. Everybody's talking about AI. I think that is the next place that they got to get to. If they can start to generate, again, some of that low value work, whether it's automating an entire incident end to end. I mean, there's insurance companies out there that are doing that, right, trying to automate a claim end to end. So I think the more they can look at their domain and determine ways to automate an entire workflow, which they are well on their path. They've been doing that from a workflow automation perspective for years. Now take it into AI to do it, I think they're going to be in a good position, a better position than I am in, probably if I was to develop that myself. >> Right. >> So I think that will help me scale from a user support perspective and just workflow in general, service management perspective. >> So you might not be the product guru going forward, but the thing you know probably better than a lot of people under the 15,000 is how to get people to adopt a platform. I wonder if you can share some of your tips and tricks to fellow practitioners to convince the people to don't pick up the phone, you know, put it in the platform? >> Yeah, it's evangelism. You got to get out and educate people on what the platform's about. As a procurer of the platform, you know and ServiceNow is not a cheap solution, and nor should it be. I think you need to go and justify, I'm getting this platform and it's up to me to make sure that we're going to leverage those dollars as much as possible. So anything I buy I want to make sure we're leveraging it as much as we can within the organization. I'm also a firm believer, I understand that reality hits and it's not going to happen overnight. So how do you build a backlog and start really working through that? We do an agile process, we're doing releases every two weeks. We're trying to, I may take an opportunity in IT but then the next one I want to do is going to be in the business. Or it's going to be with security or it's going to be with HR. Trying to get winds across the spectrum instead of trying to take big projects. Big projects take time, you know, there's a lot of little things that I can do to whet their appetite, on boarding, off boarding, transfers, HR started to get familiar with ServiceNow and what it could o just in that space. That whet their appetite, then, to have a more serious discussion about case management, right, which we're still having. So I think trying to figure out how you can handle a backlog of smaller hit items to get winds, will allow you to get a little bit more credibility if you start looking at a more wholesale change to their entire business, which this would be, a wholesale change to their business. >> You have kind of this dual role of CTO and CIO. Over the last several years, so much has changed in information technology, cloud, infrastructures, code and now you're seeing containers explode, the whole sassification of softwares eating the world, obviously service management is playing a big part there. Now AI, the whole big data meme. How has the CIO role evolved and changed and how has that affected you? Particularly the CIO piece, and you know, the CTO piece as well, I guess. Technology's always there, the CTO has got to be following that. But the CIO role seems to be changing quite dramatically. >> I think each organization's a little different. The way I look at it is, and some organizations, and maybe it's just me, some people see a CIO as an operational guy or girl, and some of them see their CTO as going out and looking at new technology. The way I, and why I sort of have the title of the CTO is I never want to have a build and run type of organization. I don't want to have a marginalized CIO that's basically just keeping the lights running, maybe keeping enterprise systems up. We need to be innovative as an entire team and those assets that we build, the same people need to support them, because, man, they build much better assets if they have to support them, let me tell you. (laughing) I think the role is changing whether you use the term CTO, CIO, you know, who is that person that's going to help ensure that you're not only looking at new platforms but not, I don't want to just spend all my time looking at new platforms or looking at new innovations. And certainly want to be aware of the trends. What's the right time to look at that for your organization? Some would say you always need to be on top of all of that, and I don't need to be on top of every AI vendor or data analytics company. What I need to understand is within the context of our organization, our financial structure, where we are as a maturity as an organization, where are the tools right now that can really make a major lift? And sometimes those aren't the most recent platforms. Sometimes they aren't the gold-standard platforms, sometimes they're just grunt and hard work. So I think the role, I hope the role evolves into where somebody takes ownership of all that and it's not carved up. Now, I think there are, even in our organization, there's a place. We have a Chief Innovation Officer, who is staying on top of some of the front-end stuff dealing with our industry. And that's a fine model as well. But I don't like breaking up between operations and development work and innovation. I like to make sure that those are all in sync. I think that's where you don't get a lot of rogue IT, a lot of shadow IT, because ultimately somebody's got to support it, and we want to make sure that that support cost is as lean as possible. >> That's a great answer, steeped in accountability, Bart. It's always great having you on the Cube. Thanks so much for coming on. >> Thank you guys, it's a pleasure to see you. >> All right, good to see you. All right, keep it right there everybody, we'll be back with our next guest, this is the Cube live from Knowledge 17. Be right back. (upbeat music)

>> Mine from Las Vegas. It's the cute covering knowledge sixteen brought to you by service. Now carry your host, Dave Alon and Jeff Rick. >> Welcome back to knowledge. Sixteen. Everybody, This is the Cube. Silicon Angles, flagship product. We go out to the events. We extract the signal from the noise Bart Murphy is. Here's the CTO of York Risk Services group. Mark. Good to see again. Good to see you. But thank you for having me. So what's been going on this week? Busy week. What you been doing this week has >> been busy. I've been doing a couple different things. One on the CIA decisions track, you know, collaborated on with those folks and getting some sessions in from service now and then on the partner side. You know, talking to customers, checking out and enjoying the the key notes on seeing what's new on the platform. Very exciting. >> Did you see Secretary Gates last night? We were, unfortunately, >> got pulled out for a call, So I >> think that's the >> one thing I did miss. You >> want to call me on that? One of things, he said, which I want to ask you about a former CEO. See XO now? Hey, said that consensus management don't bother now speaking to watch the CEO's as the CEO, yeah, it's a >> challenge. I think you know, there's there's one component that you have to devise, a strategy that you know a sound, and you have to have some resolve to help sell it. So I see that component of it. But the other is to sell that vision and get other people bought it. So, you know, I think there is a and consensus component from that, certainly from the executive team. And then you have to go sell it to your organization as well. And I think that truly doesn't come from just talking about the vision or the business case. It's from actually delivering the software and delivering the services and doing in an incremental basis that allows them to see and gain value from that, that that's what you build your credibility up on. And I think then that's what helps sell it. >> So you've gone through a few changes personally, your company. So take us through the care works acquisition. Sure, so >> careless family companies was required by your Chris Services Group S O. We're now part of a larger organization and national organization, Although care works itself had a few of the companies that had national footprint, a majority of them were primarily based in Ohio. So strategically great fit a great company. I moved into the corporate CTO roll about Oh, a year, year and a half after the acquisition, and I've been really trying to build out the entire enterprise strategy from a night perspective because they just they had procured a lot of acquired a lot of companies over a two to three year time span. And so we need to really invest a lot of time on what the future state of it is going to look like. >> So it's interesting gone from CEO to CTO. People talk coming to Cuba to talk about the role of the CIA. He'LL talk about all the time, and there'd been someone put forth the notion that the CEO eventually is going to have to choose a path, technical path or business path. You know, maybe both at different times. Do you subscribe to that, or do you see the CEO role is continuing on a CZ? We've known it. Yeah, >> we don't have a separate CIA and CTO I oversee the including operations. To me from a title perspective, I just want to have the organization view that that role is part of innovation. We have a chief innovation officer as well, but from a technology perspective, I think it's very difficult to run operations if you don't have a good grass for the technology in the platform. So regardless of the roller or title that they gave me, I think it's more about what are you managing on? And I don't want to ever be broken up between sort of SETI role that may be more focused on newer technology projects and then a CIA on Lee based on building our run methods. I want to make sure that those organizations are always combined because you're going to build much better software if you also have to support it. We also want to make sure that the automation is in place so that we have our support organization in mind when we actually deploy new platforms, new applications, new systems. >> So you see yourself as a software company. >> You know we do. We're in the wrist services business, so we are, ah, services provider, two carriers to large self insured Teo Large Claims organization. So we see ourselves. A lot of what we do is differentiated by our technology. Whether that's, you know, better business process, outsourcing functions or ability to do Bill review faster, more accurately. So our CEO definitely sees us as a technology company, and that's why there's a lot of investment in time being put into sort of build out what that future state of it is going to look like. >> What what do you do with service now? These days? How did the acquisition affect that and where you had it? >> Well, so we just went live with Yorker Services Group on service now is Platform on Geneva, and that's actually a separate production instance that we have with care work. So we deployed the care works instance in early two thousand eleven, late two thousand ten in that time frame, and there were, you know, there's a ton of customization a lot, you know, very solid platform for that family of companies with the York. There's a much larger scope that we wanted to address so very lucky again to be in that situation because I had an opportunity to start a redo and any time that you worked on a platform and you do it for a few years and then you get a chance to actually build again. So we really took more of an enterprise. I till out of the box type of approach s O that it could be flexible enough to manage across the entire enterprise, including all the acquired companies that we plan to pull onto the platform. And then that gives us time to figure out what was really the best out of our other platform that we want to, you know, retrofit back in. But the main reason I did that is to make sure that we could get some benefit out of the platform now and work and migrate into the business. Shared services functions within York that I think we're going to benefit very, very much from the new platform. >> So you've got a mulligan of sorts a little bit. >> Yeah, I got lucky on that on a little bit of the mulligan. And, you know, again, it's all about trying to make sure that we can come in and we just went live. You know, we're gonna have our challenges, like with any organizational change management solution, even just on the same side. But the cadence in which we're putting out releases to actually improve and bring on other shared services functions, I think, is where we will gain the majority of buying. >> So this notion here talked about a lot of this conference. The single cmd b yeah, is that something that you're able to achieve or working toward? Are you there? And absolutely, it's the goal. >> I mean, I don't know if you ever achieve it. I think it does take a lot of time. So the goal is to have everything in one platform for all of our companies across the board and to help facilitate automation, whether it's with GRC with the new security product that's coming out, which is, you know, something we're looking to get deployed in. Q three Q. Three Q For hopefully sooner rather than later. I just see there's a bunch of play on the automation orchestration side as it relates to tying in and tying an audit. Tien and Security on then also looking at business shared services and you know that's a whole different world of figuring out how can we help them? And we have ah operations service and are actually part of our next release. So I'll be very interested to see. You know, they do a lot of things manually like everybody does. He'LL be very keen to see how they see the platform and what they're going to come up with us, a strategy long term for them. >> So are you mentioned a couple times that York's made a number of acquisitions your company included, and don't give twenty four looking statements? Obviously, they're going to keep rolling up more things. But if you could speak to using service now as a vehicle to better integrate acquisitions, yeah, because for a lot of companies, that's a strategy. >> Yes, so and I actually have a strategy around that leveraging the platform is one of the main reasons that want to get it in now so that it could eventually build that. My whole goal there is the Leverage Performance Analytics on the way that I envisioned. Using that is, in many of the companies that we acquire, they will operate still, stand alone from a night perspective for some period of time. You know, whether that's six months, three months, two years until we can fully integrate him, whether it's network, you know, systems consolidation you name it. It takes a long time. It's not something that we have solved. So part of it is to be able to do modeling using Performance Analytics by pulling in the data so I can get them now onto this cloud platform because they don't need to be on network. I can have them operating their work within that platform for a period of a baseline period of time. And I could start to model that using Performance Analytics to say, How would that impact our enterprise? That's allies. Does it help our enterprise? That's always. Does it degrade our enterprise? That's the lace. Are they staffed appropriately to actually meet our enterprise? That's the lace and what our enterprises slaves. Once we start collecting all this data based on how we're staffed and how we're going to, you know, fund that transaction. So, >> Bart, if I understood it correctly, you have the dual role CEO slash CTO. Okay, is that there's the CSO report into you are he does. I saw Also he >> does. And so and that's ah, new rule that we established about a little less than a year ago. There was ah VP of corporate security. But we didn't have a chief information security officer s. So I we're not got a very season, see so and working not only as an internal what we do internally. Also within our tech company as well. We started cybersecurity practice. So everything we do, we try to make sure that we can actually support our technology investments from an enterprise perspective and be able to self serve ourselves as an enterprise. So very excited about that. That's why we're getting to the security components and some other products that we think will integrate extremely well into service. Now >> let's talk about that a little bit. I want to put forth the premise. You tell me, feel free to tell me the premise doesn't hold water. But it seems to us that there's been a shift in thinking about security from we'LL focus on you know, defense, defense, defense to one of you know we're going to get infiltrated. It's all about how we respond and I as the sea xo Whatever. See so CEO Seo, I can help lead that response. It's mechanism, but it's a team sport. Is that a valid premise? >> I think it's valid. I think you know, I think it's a little it is driving some change v f ear. But, you know, I think that, you know, is certainly from an external perspective can protect yourself pretty well. You know, a lot of the breaches were actually curve, and some of the cases were internal or through third party partners. So I think there's been a lot of additional due diligence being put on organization, especially as a service organization. We work with a lot of large insurance carriers as an example. So we are getting hit with a lot more requests and a lot more sort of assessments on what our controls are in that space. So we need to be mature, and that's based no matter what, since again, we're providing services to clients in this space, and we're collecting a good amount of claim data and bill data and medical data. So I'm not as going out staying okay, just when it's gonna happen and how we handle breach. If that's the case, I'm trying to figure out what are the ways that we can proactively manage our environment and be able to respond in a much faster fashion to isolate an issue as quickly as possible, which is why I'm really excited about the automation and security component within service now because properly integrated with similar tools that we have. There's a lot that the system conduce that a human can't get too fast enough that will actually shut down to manage that risk extremely well. >> Do you believe that the board level? There's sort of open and transparent communication that that it's not about If Wade get infiltrated, its we have been infiltrated and we will continue to be infiltrated. That discussion occur. >> I think, yeah, the board level. They're certainly more aware, and not just from their participation in our board for the companies that they run themselves, because many of these folks come from companies that their run themselves. So I think there's certainly an awareness I think they're demanding and wanting to have more concrete plans on what your corporate security strategy is going to be. So we've produced a three year plan on what that is and presented that our committee and are starting to communicate that all the way up, you know, through our CEO. So I think there's more awareness I I think that for whatever reason, people think that it hasn't been working on this for some time, but they have S o. You know, there's a lot of good things that we've already done and already put in place that people just need to be made aware of it and get up to speed if you will. And then there's. Here's what we're doing to invest in trying to stop future things or to be more proactive or tow, have better control. Is better auto practices this type of >> what's the right regime for a cyber security? In other words, who should be responsible for should be a single tech group? We Should it be a wider group. What responsibility? >> And no, it's it's it's It's by committee. So our committee included, you know, our general counsel, our CEO, our chief human resource officer, our CEO. So it it's a joint effort. Certainly there's a large component of it because many of it is about your defenses in your ability to manage and maintain and keep your data secure. But security is a company wide initiative. You know everything from training all the way down the associate level to not, you know, click on bad email links, right that no matter what you do and what type of in a virus you have and you're still going to get some of those fishing emails and some of those ransomware emails in those type of components. So there's a whole education put component that goes all the way down to the associate level. If that's not understood by the management over those groups, then you know how is it going to actually be distilled down and supported? So it's a complete company effort when it comes to corporate security. >> And how about >> the business lines? Because our research shows that a lot of organizations don't you don't even have the specifically answer for your organization. Just in your experience is the CEO and the CEO. If it seems as though a lot of businesses don't understand the value of their data or the value of their I p, and as a result, don't really know how to protect it, is that something that is challenging for organism >> Asians? I think it is least when I've talked to other clients potentially, I think less today than it was even five years ago. We certainly know the value of our data. I mean, there's been too many breaches in the large breaches in the past three years to not be aware. I have had that question asked ofyou on, even for a business perspective, understand the exposure. So you know they what is that? Hundred fifty hundred twenty five dollars per claim? Potentially on the data side. So people even put metrics around. It's you, Khun. Quickly go through and established what you think your overall exposure is from a dollar perspective and that starts toe. You know, open eyes when you have millions of claims, are even more millions of bills. >> And that's your business. So you would think you have a better understanding everything most. But so for those who don't how should they go about achieving that knowledge? That awareness, >> They should find someone that, you know, maybe some type of trusted advisor. You know, whether they need to hire a consulting company whether they need to go and just converse with another AA group like a CEO group and ask Hey, have you guys done this before? There's a ton of collaboration at that level where people are asking, Hey, how did you guys come up with your security road map on What did that >> look like? Because Because the value then drives your investment decisions, right, because that's the other thing is kind of like insurance. When is enough enough, You could always been Mohr, but at some point you're gonna have diminishing returns relative to the value. But you've gotta have a basis to set a budget. So I would imagine the value of the data, the value of the risk, whether its >> value brand right, so outside of the hard costs of potentially, you know, getting credit rating or those type of components. You know, there's there's the brand discussion, and I think that's somewhat invaluable. So, you know, budgets are just over. Go spend what you want, but there's certainly a lot of awareness that money needs to be spent that area. It needs to be spent wisely, but there hasn't been an issue as to either one. We're coming up with wild budgets for security but explaining what we're doing and why, and how cost effectively we're doing. It has been very well >> in thinking about how you communicate to the board Yeah, about cyber security. What would be the top two or three things that you would recommend that a C XO should have on his or her checklist? >> One is, you know, understanding all your end point, so understanding everything that's in your network. And it's an easy to say, but it's a very hard thing to do, especially when you have external facing applications. And you have a lot of different networks, so understanding your scope of devices and understand. You know, that way you could understand, to start to collect and fill up that C M G B and understand. Okay, if I have a patch that wasn't applied, how many devices were impacted? You know, how quickly can I get those remediated s so that you know, I think understanding the technical scope of your organization is important because it's very difficult to understand your risks, you know, rating if you will. If you don't understand the tools you have in place and where your potential holes maybe, ah, and then understanding you know your core data. So you know what is in your data that would potentially create a potential risk, even a financial risk? Certainly we go through all the insurance process, right? And even insurance now for cyber liability insurance. You know, the forms for five years ago were much different than the forms that are being filled out today. Much different. A lot more detail, a lot more drill down. So even just going through that process alone drives you to actually go and collect all this information that I'm talking about today, you know, so understanding your internal environment in understanding you know, those endpoints understanding the scope of your data management. And then I think it's around developing a sound strategy that is not just short term but short term and long term, with investments not just in tools, but also processes training those components. >> Did you look a tte security and responding to security is part of, ah, business continuity, as opposed to sort of a bespoke initiative. It is, There's business >> continuity and d are both have components of security, but it is truly what a way to ensure that you're you stay in business, right, and and And if people don't view it that way, then there's a lot of organizations that have been either crippled, not necessary put out of business but impacted extremely large. You know, financial impact with unmanaged breaches that actually went on way too long, right? And they weren't able to detect it, you know? So I think that there's a component there where you have to really think about what's the scope of the work, what the scope of the risk and how much do we need to invest? >> And you see service now. And I'm spending so much time in security this week because I'm excited about what I saw on Monday at the financial analyst meeting and who, talking to folks about this very important topic, you see, service now is playing a role in solving this problem. >> I do because we're a big user of GRC. So we already went down the audit route with service now years ago s Oh, this is just another extension I see of not just audit controls but being more proactive on the security side. And so, since all of our information is in this platform anyhow, we have a ton of opportunity toe automate and manage a lot of the things that again could have potentially gone unnoticed for a period of time simply because a manpower or logs if you ever had a review logs from some of these devices. I mean, trying to find the needle in the haystack is very difficult. So tools are extremely important in this space. Humans cannot meet this challenge alone at all. >> You just make a tad cloud. You wish, right? Awesome. Bart, this is I'LL give you the last word so that your impressions on knowledge sixteen. >> I'm excited, You know, the way it's grown again The way that they're really being purposeful about how they're building out their platform and truly trying to solve the enterprise problems to me is just it shows a very strategic, well thought out plan by service now. And as customers, you know and partners, you know, that's that's what you want to see from a company. So for me, I'm just very pleased where the platforms going. It's exciting how much they've grown. But the way that they've been able to invest in the right things, I feel and truly integrate things into the platform, even acquisitions that they had on and truly make it part of the platform versus and add on, I think, is really differentiating them from a lot of products that have grown in a similar matter but become unwieldy to manage because they're just pieced together. So I'm very, very excited, >> Fantastic. The cube securing knowledge for our audience that Bart, you have full of a lot of knowledge and really appreciate you coming on the Cuban and sharing. >> Yeah, appreciate it. Nice seeing you guys. >> All right, Keep it right there, everybody. We'LL be back with our next guests right after this. We're live knowledge. Sixteen from the Mandalay Bay Hotel in Las Vegas, right back. >> Every once in a while.