>>From around the globe. It's the queue with digital coverage of AWS reinvent 2020 sponsored by Intel, AWS, and our community partners. >>Hello, and welcome back to the cube live coverage of reinvent 2020 virtual. We're not there this year. It's the cube virtual. We are the cube virtual. I'm your host, John fro with Dave Alante and analyzing our take on the partner day. Um, keynotes and leadership sessions today was AWS APN, which is Amazon partner network global partner network day, where all the content being featured today is all about the partners and what Amazon is doing to create an ecosystem, build the ecosystem, nurture the ecosystem and reinvent what it means to be a partner. Dave, thanks for joining me today on the analysis of Amazon's ecosystem and partner network and a great stuff today. Thanks for coming on. >>Yeah, you're welcome. I mean, watch the keynote this morning. I mean, partners are critical to AWS. Look, the fact is that when, when AWS was launched, it was the developers ate it up. You know, if you're a developer, you dive right in infrastructure is code beautiful. You know, if you're mainstream it, this thing's just got more complex with the cloud. And so there's, there's a big gap right between how I, where I am today and where I want to be. And partners are critical to help helping people get there. And we'll talk about the details of specifically what Amazon did, but I mean, especially when John, when you look at things like smaller outposts, you know, going hybrid, Andy Jassy redefining hybrid, you need partners to really help you plan design, implement, manage at scale. >>Yeah. You know, one of the things I'm always, um, you know, saying nice things about Amazon, but one of the things that they're vulnerable on in my opinion is how they balanced their own SAS offerings and with what they develop in the ecosystem. This has been a constant, um, challenge and, and they've balanced it very well. Um, so other vendors, they are very clear. They make their own software, right. And they have a channel and it's kind of the old playbook. Amazon's got to reinvent the playbook here. And I think that's, what's key today on stage Doug Yom. He's the, uh, the leader you had, um, also Dave McCann who heads up marketplace and Sandy Carter who heads up worldwide public sector partners. So Dave interesting combination of three different teams, you had the classic ISV partners in the ecosystem, the cohesiveness of the world, the EMCs and so on, you had the marketplace with Dave McCann. That's where the future of procurement is. That's where people are buying product and you had public sector, huge tsunami of innovation happening because of the pandemic and Sandy is highlighting their partners. So it's partner day it's partner ecosystem, but multiple elements. They're moving marketplace where you buy programs and competencies with public sector and then ISV, all of those three areas are changing. Um, I want to get your take because you've been following ecosystems years and you've been close to the enterprise and how they buy your, >>And I think, I think John, Oh, a couple of things. One is, you know, Dave McCann was talking a lot about how CIO is one of modernize applications and they have to rationalize, and it will save some of that talk for later on, you know, Tim prophet on. But there's no question that Amazon's out to reinvent, as you said, uh, the whole experience from procurement all the way through, and, you know, normally you had to, to acquire services outside of the marketplace. And now what they're doing is bundling the services and software together. You know, it's straightforward services, implementation services, but those are well understood. The processes are known. You can pretty much size them and price them. So I think that's a huge opportunity for partners and customers to reduce friction. I think the other thing I would say is ecosystems are, are critical. >>Uh, one of the themes that we've been talking about in the cube as we've gone from a product centric world in the old days of it to a platform centric world, which has really been the last decade has been about SAS platforms and cloud platforms. And I think ecosystems are going to be a really power, the new innovation in the coming decade. And what I mean by that is look, if you're just building a service and Amazon is going to do that same service, you know, you got to keep innovating. And one of the ways you can innovate is you can build on ecosystems. There's all this data within industries, across industries, and you can through the partner network and through customer networks within industry start building new innovation around ecosystems and partners or that glue, Amazon's not going to go in. And like Jandy Jesse even said in the, uh, in his fireside chat, you know, customers will ask us for our advice and we're happy to give it to them, but frankly partners are better at that nitty gritty hardcore stuff. They have closer relationships with the customers. And so that's a really important gap that Amazon has been closing for the last, you know, frankly 10 years. And I think that to your point, they've still got a long way to go, but that's a huge opportunity in that. >>A good call out on any Jess, I've got to mention that one of the highlights of today's keynote was on a scheduled, um, Andy Jassy fireside chat. Uh, normally Andy does his keynote and then he kind of talks to customers and does his thing normally at a normal re-invent this time he came out on stage. And I think what I found interesting was he was talking about this builder. You always use the word builder customer, um, solutions. And I think one of the things that's interesting about this partner network is, is that I think there's a huge opportunity for companies to be customer centric and build on top of Amazon. And what I mean by that is, is that Amazon is pretty cool with you doing things on top of their platform that does two things serves the customer's needs better than they do, and they can make more money on and other services look at snowflake as an example, um, that's a company built on AWS. I know they've got other clouds going on, but mainly Amazon Zoom's the same way. They're doing a great solution. They've got Redshift, Amazon, Amazon's got Redshift, Dave, but also they're a customer and a partner. So this is the dynamic. If you can be successful on Amazon serving customers better than Amazon does, that's the growth hack. That's the hack on Amazon's partner network. If you could. >>I think, I think Snowflake's a really good example. You snowflake you use new Relic as an example, I've heard Andy Jess in the past use cloud air as an example, I like snowflake better because they're, they're sort of thriving. And so, but, but I will say this there's a, they're a great example of that ecosystem that we just talked about because yes, not only are they building on AWS, they're connecting to other clouds and that is an ecosystem that they're building out. And Amazon's got a lot of snowflake, I guess, unless you're the Redshift team, but, but generally speaking, Snowflake's driving a lot of business for Amazon and Andy Jesse addressed that in that, uh, in that fireside chat, he's asked that question a lot. And he said, look, we, we, we have our primary services. And at the same time we want to enable our partners to be successful. And snowflake is a really good example of that. >>Yeah. I want to call out also, uh, yesterday. Um, I had our Monday, I should say Tuesday, December 1st, uh, Jesse's keynote. I did an interview with Jerry chin with gray lock. He's investing in startups and one of the things he observed and he pointed out Dave, is that with Amazon, if you're, if you're a full all-in in the cloud, you're going to take advantage of things that are just not available on say on premises that is data patterns, other integrations. And I think one of the things that Doug pointed out was with interoperability and integration with say things like the SAS factor that they put out there there's advantages for being in the cloud specifically with Amazon, that you can get on integrations. And I think Dave McCann teases that out with the marketplace when they talk about integrations. But the idea of being in the cloud with all these other partners makes integration and interoperability different and unique and better potentially a differentiator. This is going to become a huge deal. >>I didn't pick up on that because yesterday I thought I wasn't in the keynote. I think it was in the analyst one-on-one with, with Jesse, he talked about, you know, this notion that people, I think he was addressing multi-cloud he didn't use that term, but this notion of an abstraction layer and how it does simplify things in, in his basic, he basically said, look, our philosophy is we want to have, you know, the, the ability to go deep with the primitives and have that fine grain access, because that will give us control. A lot of times when you put in this abstraction layer, which people are trying to do across clouds, you know, it limits your ability to really move fast. And then of course it's big theme is, is this year, at the same time, if you look at a company who was called out today, like, like Octa, you know, when you do an identity management and single sign-on, you're, you're touching a lot of pieces, there's a lot of integration to your point. >>So you need partners to come in and be that glue that does a lot of that heavy lifting that needs to needs to be done. Amazon. What Jessie was essentially saying, I think to the partner network is, look, we're not going to put in that abstraction layer. You're going to you, you got to do that. We're going to do stuff maybe between our own own services like they did with the, you know, the glue between databases, but generally speaking, that's a giant white space for partner organizations. He mentioned Okta. He been talked about in for apt Aptio. This was Dave McCann, actually Cohesity came up a confluent doing fully managed Kafka. So that to me was a signal to the partners. Look, here's where you guys should be playing. This is what customers need. And this is where we're not going to, you know, eat your lunch. >>Yeah. And the other thing McCann pointed out was 200 new Dave McCann pointed out who leads these leader of the, of the marketplace. He pointed out 200 new ISP. ISV is out there, huge news, and they're going to turn already. He went, he talked with his manage entitlements, which got my attention. And this is kind of an, um, kind of one of those advantage points that it's kind of not sexy and mainstream to talk about, but it's really one of those details. That's the heavy lifting. That's a pain in the butt to deal with licensing and tracking all this compliance stuff that goes on under the covers and distribution of software. I think that's where the cloud could be really advantaged. And also the app service catalog registry that he talked about and the professional services. So these are areas that Amazon is going to kind of create automation around. >>And as Jassy always talks about that undifferentiated heavy lifting, they're going to take care of some of these plumbing issues. And I think you're right about this differentiation because if I'm a partner and I could build on top of Amazon and have my own cloud, I mean, let's face it. Snowflake is a born in the cloud, in the cloud only solution on Amazon. So they're essentially Amazon's cloud. So I think the thing that's not being talked about this year, that is probably my come up in future reinvents is that whoever can build their own cloud on top of Amazon's cloud will be a winner. And I, I talked about this years ago, data around this tier two, I call it tier two clouds. This new layer of cloud service provider is going to be kind of the, on the power law, the, the second wave of cloud. >>In other words, you're on top of Amazon differentiating with a modern application at scale inside the cloud with all the other people in there, a whole new ecosystem is going to emerge. And to me, I think this is something that is not yet baked out, but if I was a partner, I would be out there planning like hell right now to say, I'm going to build a cloud business on Amazon. I'm going to take advantage of the relationships and the heavy lifting and compete and win that way. I think that's a re redefining moment. And I think whoever does that will win >>And a big theme around reinventing everything, reinvent the industry. And one of the areas that's being reinvented as is the, you know, the VAR channel really well, consultancies, you know, smaller size for years, these companies made a ton of dough selling boxes, right? All the, all the Dell and the IBM and the EMC resellers, you know, they get big boats and big houses, but that business changed dramatically. They had to shift toward value, value, value add. So what did they do? They became VMware specialists. They came became SAP specialists. There's a couple of examples, maybe, you know, adding into security. The cloud was freaking them out, but the cloud is really an opportunity for them. And I'll give you an example. We've talked a lot about snowflake. The other is AWS glue elastic views. That's what the AWS announced to connect all their databases together. Think about a consultancy that is able to come in and totally rearchitect your big data life cycle and pipeline with the people, the processes, the skillsets, you know, Amazon's not going to do that work, but the upside value for the organizations is tremendous. So you're seeing consultancies becoming managed service providers and adding all kinds of value throughout the stack. That's really reinvention of the partnership. >>Yeah. I think it's a complete, um, channel strategy. That's different. It doesn't, it looks like other channels, but it's not, it's, it's, it's driven by value. And I think this idea of competing on value versus just being kind of a commodity play is shifting. I think the ISV and the VARs, those traditional markets, David, as you pointed out, are going to definitely go value oriented. And you can just own a specialty area because as data comes in and when, and this is interesting. And one of the key things that Andy Jassy said in his fireside chat want to ask directly, how do partners benefit when asked about his keynote, how that would translate to partners. He really kind of went in and he was kind of rambling, but he, he, he hit the chips. He said, well, we've got our own chips, which means compute. Then he went into purpose-built data store and data Lake data, elastic views SageMaker Q and QuickSight. He kind of went down the road of, we have the horsepower, we have the data Lake data, data, data. So he was kind of hinting at innovate on the data and you'll do okay. >>Well, and this is again, we kind of, I'm like a snowflake fan boy, you know, in the way you, you like AWS. But look, if you look at AWS glue elastic views, that to me is like snowflakes data cloud is different, a lot of pushing and moving a date, a lot of copying data. But, but this is a great example of where like, remember last year at reinvent, they said, Hey, we're separating compute from storage. Well, you know, of course, snowflake popularized that. So this is great example of two companies thriving that are both competitors and partners. >>Well, I've got to ask you, you know, you, you and I always say we kind of his stories, we've been around the block on the enterprise for years. Um, where do you Mark the, um, evolution of their partner? Because again, Amazon has been so explosive in their growth. The numbers have been off the charts and they've done it well with and pass. And now you have the pandemic which kind of puts on full display, digital transformation. And then Jassy telegraphing that the digital global it spend is their next kind of conquering ground, um, to take, and they got the edge exploding with 5g. So you have this kind of range and they doing all kinds of stuff with IOT, and they're doing stuff in you on earth and in space. So you have this huge growth and they still don't have their own fully oriented business model. They rely on people to build on top of Amazon. So how do you see that evolving in your opinion? Because they're trying to add their own Amazon only, we've got Redshift that competes with others. How do you see that playing out? >>So I think it's going to be specialized and, and something that, uh, that I've talked about is Amazon, you know, AWS in the old day, old days being last decade, they really weren't that solution focused. It was really, you know, serving the builders with tooling, with you, look at something like what they're doing in the call center and what they're doing at the edge and IOT there. I think they're, so I think their move up the stack is going to be very solution oriented, but not necessarily, you know, horizontal going after CRM or going after, you know, uh, supply chain management or ERP. I don't think that's going to be their play. I think their play is going to be to really focus on hard problems that they can automate through their tooling and bring special advantage. And that's what they'll SAS. And at the same time, they'll obviously allow SAS players. >>It's just reminds me of the early days when you and I first met, uh, VMware. Everybody had to work with VMware because they had a such big ecosystem. Well, the SAS players will run on top. Like Workday does like Salesforce does Infour et cetera. And then I think you and I, and Jerry Chen talked about this years ago, I think they're going to give tools to builders, to disrupt the service now is in the sales forces who are out buying companies like crazy to try to get a, you know, half, half a billion dollar, half a trillion dollar market caps. And that is a really interesting dynamic. And I think right now, they're, they're not even having to walk a fine line. I think the lines are reasonably clear. We're going up to database, we're going to do specialized solutions. We're going to enable SAS. We're going to compete where we compete, come on, partner ecosystem. And >>Yeah, I, I, I think that, you know, the Slack being bought by Salesforce is just going to be one of those. I think it's a web van moment, you know, um, you know, where it's like, okay, Slack is going to go die on Salesforce. Okay. I get that. Um, but it's, it's just, it's just, it's just, it's just old school thinking. And I think if you're an entrepreneur and if you're a developer or a partner, you could really reinvent the business model because if you're, dis-aggregating all these other services like you can compete with Salesforce, Slack has now taken out of the game with Salesforce, but what Amazon is doing with say connect, which they're promoting heavily at this conference. I mean, you hear it, you heard it on Andy Jessie's keynote, Sandy Carter. They've had huge success with AWS connect. It's a call center mindset, but it's not calling just on phones. >>It's contact that is descent, intermediating, the Salesforce model. And I think when you start getting into specialists and specialism in channels, you have customer opportunity to be valuable. And I think call center, these kinds of stories that you can stand up pretty quickly and then integrate into a business model is going to be game changing. And I think that's going to going to a lot of threat on these big incumbents, like Salesforce, like Slack, because let's face it. Bots is just the chat bot is just a call center front end. You can innovate on the audio, the transcriptions there's so much Amazon goodness there, that connect. Isn't just a call center that could level the playing field and every vertical >>Well, and SAS is getting disrupted, you know, to your, to your point. I mean, you think about what happened with, with Oracle and SAP. You had, you know, these new emerging players come up like, like Salesforce, like Workday, like service now, but their pricing model, it was all the same. We lock you in for a one-year two-year three-year term. A lot of times you have to pay up front. Now you look at guys like Datadog. Uh, you, you look at a snowflake, you look at elastic, they're disrupting the Splunks of the world. And that model, I think that SAS model is right for disruption with a consumption pricing, a true cloud pricing model. You combine that with new innovation that developers are going to attack. I mean, you know, people right now, they complain about service now pricing, they complain about Splunk pricing. They, you know, they talk about, Oh, elastic. We can get that for half the price Datadog. And so I'm not predicting that those companies service now Workday, the great companies, but they are going to have to respond much in the same way that Oracle and SAP had to respond to the disruption that they saw. >>Yeah. It's interesting. During the keynote, they'll talk about going out to the mainframes today, too. So you have Amazon going into Oracle and Microsoft, and now the mainframes. So you have Oracle database and SQL server and windows server all going to being old school technologies. And now mainframe very interesting. And I think the, this whole idea of this SAS factory, um, got my attention to Cohesity, which we've been covering Dave on the storage front, uh, Mo with the founder was on stage. I'm a data management as a service they're part of this new SAS factory thing that Amazon has. And what they talk about here is they're trying to turn ISV and VARs into full-on SAS providers. And I think if they get that right with the SAS factory, um, then that's going to be potentially game changing. And I'm gonna look at to see if what the successes are there, because if Amazon can create more SAS applications, then their Tam and the global it market is there is going to, it can be mopped up pretty quickly, but they got to enable it. They got to enable that quickly. Yeah. >>Enabling to me means not just, and I think, you know, when Jesse answered your question, I saw it in the article that you wrote about, you know, you asked them about multi-cloud and it, to me, it's not about running on AWS and being compatible with Azure and being compatible with Google. No, it's about that frankly abstraction layer that he talked about, and that's what Cohesity is trying to do. You see others trying to do it as well? Snowflake for sure. It's about abstracting that complexity away and adding value on top of the cloud. In other words, you're using the cloud for scale being really expert at taking advantage of the native cloud services, which requires is that Jessie was saying different API APIs, different control, plane, different data plane, but taking that complexity away and then adding new value on top that's white space for a lot of players there. And, and, and I'll tell you, it's not trivial. It takes a lot of R and D and it takes really smart people. And that's, what's going to be really interesting to see, shake out is, you know, can the Dell and HPE, can they go fast enough to compete with the, the Cohesity's you've got guys like CLU Mayo coming in that are, that are brand new. Obviously we talked about snowflake a lot and many others. >>I think there's going to be a huge change in expectations, experience, huge opportunity for people to come in with unique solutions. We're going to have specialty programming on the cube all day today. So if you're watching us here on the Amazon channel, you know that we're going to have an all of a sudden demand. There's a little link on our page. On the, on the, um, the Amazon reinvent virtual event platform, click here, the bottom, it's going to be a landing page, check out all the interviews as we roll them out all day. We got a great lineup, Dave, we got Nutanix pure storage, big ID, BMC, Amazon leaders, all coming in to talk today. Uh, chaos search ed Walsh, Rachel Rose, uh, Medicar Kumar, um, Mike Gill, flux, tons of great, great, uh, partners coming in and they're going to share their story and what's working for them and their new strategies. And all throughout the day, you're going to hear specific examples of how people are changing and reinventing their business development, their partnership strategies on the product, and go to market with Amazon. So really interesting learnings. We're going to have great conversations all throughout the day. So check it out. And again, everything's going to be on demand. And when in doubt, go to the cube.net, we have everything there and Silicon angle.com, uh, for all the great coverage. So >>I don't think John is, we're going to have a conversation with him. David McCann touched on this. You talked about the need for modernization and rationalization, Tim Crawford on, on later. And th this is, this is sort of the, the, uh, the call-out that Andy Jassy made in his keynote. He gave the story of that one. CIO is a good friend of his who said, Hey, I love what you're doing, but it's not going to happen on my watch. And, and so, you know, Jessie's sort of poking at that, that, uh, complacency saying, guys, you have to reinvent, you have to go fast, you have to keep moving. And so we're gonna talk a little bit about what, what does that mean to modernize applications, why the CIO is want to rationalize what is the role of AWS and its ecosystem and providing that, that, that level of innovation, and really try to understand what the next five to seven years are gonna look like in that regard. >>Funny, you mentioned, uh, Andy Jesuit that story. When I had my one-on-one conversation with them, uh, he was kind of talking about that anonymous CIO and I, if people don't know Andy, he's a big movie buff, too, right? He loves it goes to Sundance every year. Um, so I said to him, I said, this error of digital transformation, uh, is kind of like that scene in the godfather, Dave, where, um, Michael Corleone goes to Tom Hagen, Tom, you're not a wartime conciliary. And what he meant by that was is that, you know, they were going to war with the other five families. I think now I think this is what chassis pointed out is that, that this is such an interesting, important time in history. And he pointed this out. If you don't have the leadership chops to lean into this, you're going to get swept away. >>And that story about the CIO being complacent. Yeah. He didn't want to shift. And the new guy came in or gal and they, and they, and they lost three years, three years of innovation. And the time loss, you can't get that back. And during this time, I think you have to have the stomach for the digital transformation. You have to have the fortitude to go forward and face the truth. And the truth is you got to learn new stuff. So the old way of doing things, and he pointed that out very aggressively. And I think for the partners, that same thing is true. You got to look in the mirror and say, where are we? What's the opportunity. And you gotta gotta go there. If not, you can wait, be swept away, be driftwood as Pat Gelsinger would say, or lean in and pick up a, pick up a shovel and start digging the new solution. >>You know what the other interesting thing, I mean, every year when you listen to Jassy and his keynotes and you sort of experienced re-invent culture comes through and John you're live in Silicon Valley, you talked to leaders of Silicon Valley, you know, well, what's the secret of success though? Nine times out of 10, they'll talk about culture, maybe 10 times out of 10. And, and, and so that's, that comes through in Jesse's keynotes. But one of the things that was interesting this year, and it's been thematic, you know, Andy, you know, repetition is important, uh, to, to him because he wants to educate people and make sure it sticks. One of the things that's really been he's been focused on is you actually can change your culture. And there's a lot of inertia. People say, well, not on my watch. Well, it doesn't work that way around here. >>And then he'll share stories about how AWS encourages people to write papers. Anybody in the organization say we should do it differently. And, and you know, they have to follow their protocol and work backwards and all of those stuff. But I believe him when he says that they're open to what you have a great example today. He said, look, if somebody says, well, it's 10 feet and somebody else says, well, it's, it's five feet. He said, okay, let's compromise and say it's seven and a half feet. Well, we know it's not seven and a half feet. We don't want to compromise. We either want to be a 10, Oh, we want to be at five, which is the right answer. And they push that. And that that's, he gives examples like that for the AWS culture, the working backwards, the frequently asked questions, documents, and he's always pushing. And that to me is very, very important and fundamental to understanding AWS. >>It's no doubt that Andy Jassy is the best CEO in the business. These days. If you look at him compared to everyone else, he's hands down, more humble as keynote who does three hour keynotes, the way he does with no notes with no, he memorize it all. So he's competitive and he's open. And he's a good leader. I think he's a great CEO. And I think it will be written and then looked back at his story this time in history. The next, I think post COVID Dave is going to be an error. We're going to look back and say the digital transformation was accelerated. Yes, all that good stuff, people process technology. But I think we're gonna look at this time, this year and saying, this was the year that there was before COVID and after COVID and the people who change and modernize will build the winners and not, and the losers will, will be sitting still. So I think it's important. I think that was a great message by him. So great stuff. All right. We gotta leave it there. Dave, the analysis we're going to be back within the power panel. Two sessions from now, stay with us. We've got another great guest coming on next. And then we have a pair of lb talk about the marketplace pricing and how enterprises have CIO is going to be consuming the cloud in their ecosystem. This is the cube. Thanks for watching..

>> Narrator: From theCUBE studios in Palo Alto and Boston connecting with thought leaders all around the world. This is theCUBE conversation. >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We are here in our Palo Alto studios today. We got through March, this is some really crazy time. So we're taking advantage of the opportunity to reach out to some of the community leaders that we have in our community to get some good tips and tricks as to know how to kind of deal with this current situation. All the working from home, school from home. And we're really excited to have one of the experts. One of my favorite CUBE guests. We haven't had her around since October 2017, which I find crazy. And we'd love to welcome into theCUBE via the remote dial-in, Rachel Tobac. She is the CEO of SocialProof Security. Rachel, great to see you and I cannot believe that we have not sat down since 2017. >> I know, I can't believe it, it's been so much time. Thanks for having me back. >> Absolutely, but we are good Twitter friends. >> Oh yeah >> Exchanging stuff all the time. So, first of, great to see you. Just a kind of of introduction, tell us a little bit about SocialProof Security and your very unique specialty. >> Yes. SocialProof Security is all about social engineering and protecting you from the those types of attackers. So, basically we help you understand how folks manipulate you and try and gain access to your information. I am an attacker myself so I basically go out, try it, learn what we can learn about how we do our attacks and then go on and train you to protect your organization. So, training and testing. >> Alright. Well, I am going to toot your horn a little bit louder than that because I think it's amazing. I think that you are basically 100% undefeated in hacking people during contests at conventions, live. And it's fascinating to me and why I think it's so important it's not a technical hack at all. It's a human hack, and your success is amazing. And I've seen you do it. There's tons of videos out there with you doing it. So, what are kind of just the quick and dirty takeaways that people need to think about knowing that there are social hackers, not necessarily machine hackers out there, trying to take advantage of them. What are some of these inherit weaknesses that we just have built into the system? >> Yeah, thanks for your kind words too, I appreciate that. The challenge with social engineering is that it leverages your principles of persuasion. The parts of you that you cannot switch off. And so, I might pretend to be similar to you so that I can build rapport with you. And it's really hard for you to switch that off because you want to be a kind person, you want to be nice and trusting. But it's hard, it's a tough world out there and unfortunately criminals will leverage elements of your personality and your preferences against you. So, for instance if I know you have a dog, then I might play a YouTube video of a dog barking and try and gain access to information about your systems and your data, while pretending to be IT support, for example. And that's really tough because, you know three minutes into the conversation we are already talking about our dog breeds and now you want to trust me more. But unfortunately just because we have something in common, it doesn't mean that I am who I say I am. And so, I always recommend people are politely paranoid. It just basically means that you use two methods of communication to confirm that people are who they say they are. And if they are trying to get you to divulge sensitive information or go through with a wire transfer, for instance, you want to make sure that you check that first. We just saw an example of this with Barbara Corcoran. Famously on Shark Tank. Where she has many investments in real estate. And unfortunately a cyber criminal was able to take advantage and get almost $400,000 wired over to them and they did lose that money because they were able to take advantage of the bookkeeper, the accountant and the assistant and folks just were not checking back and forth that people are who they say they were with multiple methods of communication. >> It's crazy. A friend of mine actually is in the real estate business. And we were talking earlier this year and he got a note from his banker. Looked like his banker's email. It was the guy's name that he works with all the time. Was talking about a transfer. It didn't have a bunch of weird misspelling and bad grammar. And all kind of the old school things that kind of would expose it as a hack. And he picked up the phone and called the guy, and said "we don't have a transaction happening right now. "Why did you send this to me?" So it gets really really really good. But lets dive into just a little vocabulary 101. When people talk about "fishing" and "spearphishing" what does that exactly mean for people that aren't really familiar with those terms? >> Sure. Most likely you are going to see it happen over email. In fact, with COVID-19 right now we've seen through Google's Transparency Report on fishing that there's been a 350% increase in fishing attacks. And I believe Brisk had this huge research that said that there were 300,000 plus suspicious COVID 19 fishing websites that were just spun up in the past couple of weeks. It's pretty scary but basically what they are trying to do is get you to input your credentials. They are trying to get access to your machine or your credentials so that they can use them on other high value sites, gain access to your information, your data, points, your sensitive data basically. And use that against you. It's really tough. Unfortunately, criminals don't take a break even in crisis. >> Yeah they are not self-isolating unfortunately, I guess they are sitting there with their computers. So that's interesting. So, I was going to ask you, kind of what is the change in the landscape now. So you answered a little bit there but then the other huge thing that's happening now is everybody is working from home. They are all on Zoom, they are all on Skype, WebEx. And you've actually had some really timely post just recently about little things that people should think about in terms on just settings on Zoom to avoid some of the really unfortunate things that are popping in kind of randomly on Zoom meetings. So, I wonder if you could share some of those tips and tricks with the audience. >> Yeah, absolutely. Some of the big issues that we are seeing recently is what people have coined as Zoombombing. It's all over the news. So you've probably heard about it before but in case you are wondering exactly what that is. It's whenever an attacker either guesses your Zoom ID code and you don't have a password on your Zoom call that you are in the middle of. Or they might gain access to your Zoom ID code because maybe your took a screenshot of your Zoom and posted that to social media. And now if you don't have password protection or your waiting room is on they can just join your call and sometimes you might not notice that they are on the call, which could lead to privacy issues, data breach for instance or just a sensitive data leak. If they join via the phone you might not even notice that they are on the call. And so it's really important to make sure that you have password protection on for your Zoom and you have waiting rooms enabled. And you don't want to take pictures of your workstation. I know that's really tough for folks. because they want to showcase how connected they are during these difficult times I do understand that. But realize that when you take those screenshots of your workstation, this is something that we just saw in the news with Boris Johnson just a few days ago. He posted an image of his zoom call and it included some of the software they used. And so, you just mentioned spearphishing, right? I can look at some of that software get an idea for maybe the version of his operating system the version of some of the software he may be using on his machine and craft a very specific spearfish just for him that I know will likely work on his machine, with his software installed because I understand the version and the known vulnerabilities in that software. So, there's a lot of problems with posting those types of pictures. As a blanket rule you are not going to want to take pictures of your workstation. Especially not now. >> Okay, so, I remember that lesson that you taught me when we're in Houston at Grace Hopper. Do not take selfies in front of your pics, in front of your work laptop. 'Cause as you said, you can identify all types of OS information. Information that gives you incredible advantage when you are trying to hack into my machine. >> Yeah, that's true. And I think a lot of people don't realize they are like, "everybody uses the browser, everybody uses Power Point", for example. But sometimes, the icons and logos that you have on your machine, really give me good information about the exact version and potentially the versions that might be out of data in your machine. When I can look up those non-vulnerabilities pretty easily that's a pretty big risk. The other things that we see is people take screenshots and I can see their desktop and when I can see your desktop, I might know the naming convention that you use for your files which I can name drop with you or talk about on the phone or over email to convince you that I really do have access to your machine like I am IT support or something. >> Yeah, it's great stuff. So for people who want more of this great stuff go to Rachel's Twitter handle. I'm sure we have it here on the lower third. You've got the great piece with. Last week with John Oliver hacking the voting machines like a week before the elections last year which was phenomenal. Now I just saw your in this new HBO piece where you actually just sit down at the desk with the guy running the show and hacker disciplines systems. Really good stuff. Really simple stuff. Let's shift gears one more time, really in terms of what you are doing now. You said you are doing some help in the community to directly help those in need as we go through this crisis. People are trying to find a way to help. Tell us a little bit more about what you are doing. >> Yeah, as soon as I started noticing how intense COVID-19 was wreaking havoc on the hospital and healthcare systems in the world I decided to just make my services available for free. And so I put out a call on my social medias and let folks know "Hey if you need training ,if you need support if you just want to walk through some of your protocols and how I might gain access to your systems or your sensitive data through those protocols, let me know and I'll chat with you" And, I've had an amazing response. Being able to work with hospitals all over the world for free to make sure that they have the support that they need during COVID-19 it really does mean a lot to me because it's tough I feel kind of powerless in this situation there's not a lot that I can personally do there are many brave folks who are out there risking it all every single day to be able to do the work to keep folks safe. So, just trying to do something to help support the healthcare industry as they save lives. >> Well, that's great. I mean, it is great 'cause if you are helping the people that are helping ,you know, you are helping maybe not directly with patients but that's really important work and there's a lot of stuff now that's coming out in terms of, kind of of this tunnel vision on COVID-19 and letting everything else kind of fall by the wayside including other medical procedures and there is going to be a lot of collateral damage that we don't necessarily see because the COVID situation has kind of displaced everything out and kind of blown it out. Anything that you can do to help people get more out of the resources, protect their vulnerability is nothing but goodness. So, thank you for doing that. So, I will give you a last word. What's your favorite, kind of closing line when you are at Black Hat or RSA to these people to give them the last little bit "Come on, don't do stupid things. There is some simple steps you can take to be a little bit less vulnerable" >> Yeah, I think something that we hear a lot is that people kind of give a blanket piece of advice. Like, don't click links. And, that's not really actionable advice. Because a lot of times you are required to click links or download that PDF attachment from HR. And, many times it is legitimate for work. And so, that type of advice isn't really the type of advice I like to give. Instead, I like to say just be politely paranoid and use two methods of communication to confirm if it is legitimate before you go ahead and do that. And, it will take a little bit of time I'm not going to lie it'll take you an extra 30 seconds to 60 seconds to just chat somebody and say "Hey quick question about that thing you sent over" But it can start to change the security consciousness of your culture. And maybe they'll put out a chat while they send out an email from HR to let you know that it is legitimate and then you are kind of starting this cycle at the beginning. Not every single person has to ask individually you can start getting that security consciousness going where people are politely paranoid and they know that you are going to be too so they are going to preempt it and make sure that you understand something is legitimate with a second form of communication. >> Great tip, I am a little taken aback, everybody now wants to get their score so high their customer satisfaction score so after like every transaction you get this silly surveys "How was your time at SafeWay? "Or Bank of America?" All these things Survey Monkey. I don't really know how those businesses stay in anymore. I am not clicking on any Bank of America customer satisfaction or Safeway customer satisfaction link. But I will be politely paranoid and look for the right ones to click on. (giggle) >> That's good and use two methods of communication to confirm they are real. >> That's right,two-factor authentication. Alright,well Rachel, thank you for taking a few minutes of your time. Thank you for your good work with hospitals in the community and really enjoyed catching up. As always, love your work and I'm sure we'll be talking you more on Twitter. >> Thanks for having me on again and I'll see you on the Internet. >> All right, be safe. >> Rachel: Thank you >> All right, that was Rachel. I am Jeff. You are watching theCUBE. We are coming to you from our Palo Alto Studios. Thanks for watching. Stay safe and we'll see you next time. (instrumental music)