from around the globe it's thecube covering space and cyber security symposium 2020 hosted by cal poly hello everyone welcome to the space and cyber security symposium 2020 hosted by cal poly where the intersection of space and security are coming together i'm john furrier your host with thecube here in california i want to welcome our featured guest lieutenant general john f thompson with the united states space force approach to cyber security that's the topic of this session and of course he's the commander of the space and missile system center in los angeles air force base also heading up space force general thank you for coming on really appreciate you kicking this off welcome to the symposium hey so uh thank you very much john for that very kind introduction also uh very much thank you to cal poly uh for this opportunity to speak to this audience today also a special shout out to one of the organizers uh dustin brun for all of his work uh helping uh get us uh to this point uh ladies and gentlemen as uh as uh john mentioned uh i'm jt thompson uh i lead the 6 000 men and women of the united states space forces space and missile system center which is headquartered here at los angeles air force base in el segundo if you're not quite sure where that's at it's about a mile and a half from lax this is our main operating location but we do have a number of other operating locations around the country with about 500 people at kirtland air force base in albuquerque new mexico uh and about another 500 people on the front range of the rockies uh between colorado springs and uh and denver plus a smattering of other much smaller operating locations nationwide uh we're responsible for uh acquiring developing and sustaining the united states space force's critical space assets that includes the satellites in the space layer and also on the ground layer our ground segments to operate those satellites and we also are in charge of procuring launch services for the u.s space force and a number of our critical mission partners across the uh department of defense and the intelligence community um just as a couple of examples of some of the things we do if you're unfamiliar with our work we developed and currently sustained the 31 satellite gps constellation that satellite constellation while originally intended to help with global navigation those gps signals have provided trillions of dollars in unanticipated value to the global economy uh over the past three decades i mean gps is everywhere i think everybody realizes that agriculture banking the stock market the airline industry uh separate and distinct navigation systems it's really pervasive across both the capabilities for our department of defense and capabilities for our economy and and individuals billions of individuals across our country and the planet some of the other work we do for instance in the communications sector uh secure communications satellites that we design and build that link america's sons and daughters serving in the military around the world and really enable real-time support and comms for our deployed forces and those of our allies we also acquire uh infrared missile warning satellites uh that monitor the planet for missile launches and provide advanced warning uh to the u.s homeland and to our allies uh in case some of those missile launches are uh nefarious um on a note that's probably a lot closer to home maybe a lot closer to home than many of us want to think about here in the state of california in 2018 smc jumped through a bunch of red tape and bureaucracy uh to partner with the u.s forest service during the two of the largest wildfires in the state's history the camp and woolsey fires in northern california as those fires spread out of control we created processes on the fly to share data from our missile warning satellites those are satellites that are systems that are purpose built to see heat sources from thousands of miles above the planet and we collaborated with the us forest service so that firefighters on the ground uh could track those fires more in real time and better forecast fires and where they were spreading thereby saving lives and and property by identifying hot spots and flare-ups for firefighters that data that we were able to working with our contractors pass to the u.s forest service and authorities here in california was passed in less than an hour as it was collected to get it into the hands of the emergency responders the first responders as quickly as possible and doing that in an hour greatly surpassed what was available from some of the other assets in the airborne and ground-based fire spotters it was really instrumental in fighting those fires and stopping their spread we've continued uh that involvement in recent years using multiple systems to support firefighters across the western u.s this fall as they battled numerous wildfires that unfortunately continue working together with the u.s forest service and with other partners uh we like to make uh we like to think that we made a difference here but there's still a lot more work to go and i think that we should always be asking ourselves uh what else can space data be used for and how can we more rapidly get that space data to uh stakeholders so that they can use it for for purposes of good if you will how else can we protect our nation how else can we protect our friends and allies um i think a major component of the of the discussion that we will have throughout this conference is that the space landscape has changed rapidly and continues to change rapidly um just over the past few years uh john and i were talking before we went live here and 80 nations now have uh space programs 80 nearly 80 space faring nations on the planet um if you just look at one mission area that uh the department of defense is interested in and that's small launch there are currently over a hundred different small launch companies uh within the u.s industrial base vying for commercial dod and civil uh payload capabilities uh mostly to low earth orbit it's it's just truly a remarkable time if you factor in those things like artificial intelligence and machine learning um where we're revolutionary revolutionizing really uh the ways that we generate process and use data i mean it's really remarkable in 2016 so if you think about this four years ago uh nasa estimated that there were 28 terabytes of information transiting their space network each day and that was four years ago um uh obviously we've got a lot of desire to work with a lot of the people in the audience of this congress or in this conference uh we need to work with big thinkers like many of you to answer questions on how best we apply data analytics to extract value and meaning from that data we need new generations of thinkers to help apply cutting edge edge theories of data mining cyber behaviorism and internet of things 2.0 it's just truly a remarkable time uh to be in the space business and the cyber aspects of the states of the space business are truly truly daunting and important to uh to all of us um integrating cyber security into our space systems both commercial and government is a mandate um it's no longer just a nice to have as the us space force and department of the air force leadership has said many times over the past couple of years space is becoming congested and contested and that contested aspect means that we've got to focus on cyber security uh in the same way that the banking industry and cyber commerce focus on uh cyber security day in and day out the value of the data and services provided is really directly tied to the integrity and availability of that data and services from the space layer from the ground control segments associated with it and this value is not just military it's also economic and it's not just american it's also a value for the entire world particularly particularly our allies as we all depend upon space and space systems your neighbors and friends here in california that are employed at the space and missile system center uh work with network defenders we work with our commercial contractors and our systems developers um our international allies and partners to try and build as secure and resilient systems as we can from the ground up that keep the global commons of space free and open for exploration and for commerce um as john and i were talking earlier before we came online there's an aspect of cyber security for space systems especially for some of our legacy systems that's more how do we bolt this on because we fielded those space systems a number of years ago and the the challenges of cyber security in the space domain have grown so we have a part that we have to worry about bolting it on but then we have to worry about building it in as we as we field new systems and build in a flexibility that that realizes that the cyber threat or the cyber security landscape will evolve over time it's not just going to be stagnant there will always be new vulnerabilities and new threat vectors that we always have to look at look uh as secretary barrett who is our secretary of the air force likes to say most americans use space before they have their first cup of coffee in the morning the american way of life really depends on space and as part of the united states space force we work with defense leaders our congress joint and international military teammates and industry to ensure american leadership in space i really thank you for this opportunity to address the audience today john and thanks so much to cal poly for letting me be one of the speakers at this event i really look forward to this for uh several months and so with that i look forward to your questions as we kind of move along here general thank you very much for the awesome uh introductory statement uh for the folks watching on the stream brigadier general carthan is going to be in the chat answering any questions feel free to chat away he's the vice commander of space and missile systems center he'll be available um a couple comments from your keynote before i get to my questions because it just jumped in my head you mentioned the benefits of say space but the fires in california we're living that here that's really real time that's a benefit you also mentioned the ability for more people launching payloads into space and i only imagine moore's law smaller faster cheaper applies to rockets too so i'm imagining you have the benefits of space and you have now more potential objects flying out sanctioned and maybe unsanctioned so you know is it going to be more rules around that i mean this is an interesting question because it's exciting space force but for all the good there is potentially bad out there yeah so i i john i think the uh i think the basics of your question is as space becomes more congested and contested is there a need for more international norms of how satellites fly in space what kind of basic features satellites have to perhaps deorbit themselves what kind of basic protections does do all satellites should all satellites be afforded as part of a peaceful global commons of space i think those are all fantastic questions and i know that u.s and many uh allied policy makers are looking very very hard at those kinds of questions in terms of what are the norms of behavior and how we uh you know how how we field and field is the military term but you know how we uh populate uh using civil or uh commercial terms uh that space layer at different altitudes uh low earth orbit mid mid-earth orbit geosynchronous earth orbit different kinds of orbits uh what the kind of mission areas we accomplish from space that's all things that need to be definitely taken into account as uh as the place gets a little bit not a little bit as the place gets increasingly more popular day in and day out well i'm super excited for space force i know that a new generation of young folks are really interested in it's an emerging changing great space the focus here at this conference is space and cyber security intersection i'd like to get your thoughts on the approach that space force is taking to cyber security and how it impacts our national goals here in the united states yeah yeah so that's a that's a great question john let me let me talk about in two uh two basic ways but number one is and and i know um some people in the audience this might make them a little bit uncomfortable but i have to talk about the threat right um and then relative to that threat i really have to talk about the importance of uh of cyber and specifically cyber security as it relates to that threat um the threats that we face um really represent a new era of warfare and that new era of warfare involves both space and cyber uh we've seen a lot of action in recent months uh from certain countries notably china and russia uh that have threatened what i referred to earlier as the peaceful global commons of space for example uh it through many unclassified sources and media sources everybody should understand that um uh the russians have been testing on orbit uh anti-satellite capabilities it's been very clear if you were following just the week before last the department of defense released its uh 2020 military and security developments involving the people's republic of china um uh and uh it was very clear that china is developing asats electronic jammers directed energy weapons and most relevant to today's discussion offensive cyber uh capabilities there are kinetic threats uh that are very very easy to see but a cyber attack against a critical uh command and control site or against a particular spacecraft could be just as devastating to the system and our war fighters in the case of gps and important to note that that gps system also impacts many civilians who are dependent upon those systems from a first response perspective and emergency services a cyber attack against a ground control site could cause operators to lose control of a spacecraft or an attacker could feed spoofed data to a system to mislead operators so that they send emergency services personnel to the to the wrong address right attacks on spacecraft on orbit whether directly via a network of intrusion or enabled through malware introduced during the systems production uh while we're building the satellite can [ __ ] or corrupt the data denial of service type attacks on our global networks obviously would disrupt our data flow and interfere with ongoing operations and satellite control i mean if gps went down i you know i hesitate to say it this way because we might elicit some screams from the audience but if gps went down a starbucks wouldn't be able to handle your mobile order uber drivers wouldn't be able to find you and domino's certainly certainly wouldn't be able to get there in 30 minutes or less right so with a little bit of tongue-in-cheek there from a military operations perspective it's dead serious um uh we have become accustomed in the commercial world to threats like lance ransomware and malware and those things have unfortunately become commonplace in commercial terrestrial networks and computer systems however what we're seeing is that our adversaries with the increased competition in space these same techniques are being retooled if you will to use against our national security space systems uh day in and day out um as i said during my opening remarks on the importance of cyber the value of these systems is directly tied to their integrity if commanders in the field uh firefighters in california or baristas in in starbucks can't trust the data they see they're receiving then that really harms their decision-making capabilities one of the big trends we've recently seen is the mood move towards proliferated leo uh uh constellations obviously uh spacex's uh starlink uh on the commercial side and on the military side the work that darpa and my organization smc are doing on blackjack and casino as well as some space transport layer constellation work that the space development agency is designing are all really really important types of mesh network systems that will revolutionize how we plan and field warfighting systems and commercial communications and internet providing systems but they're also heavily reliant on cyber security uh we've got to make sure that they are secured to avoid an accident or international damage uh loss of control of these constellations really could be catastrophic from both a mission perspective or from uh you know satellites tumbling out of low earth orbit perspective another trend is introductions in artificial intelligence and machine learning on board spacecraft or at the edge our satellites are really not so much hardware systems with a little software anymore in the commercial sector and in the defense sector they're basically flying boxes full of software right and we need to ensure the data that we're getting out of those flying boxes full of software are helping us base our decisions on accurate data and algorithms govern governing the right actions and that those uh that those systems are impervious to the extent possible uh to nefarious uh modifications so in summation a cyber security is vital element of everything in our national security space goals and i would argue for our national uh goals uh writ large including uh economic and information uh uh dimensions uh the space force leadership at all levels uh from uh some of the brand new second lieutenants that general raymond uh swore into the space force this morning uh ceremonially from the uh air force association's air space and cyberspace conference uh to the various highest levels general raymond uh general d t thompson myself and a number of other senior leaders in this enterprise we've got to make sure that we're all working together to keep cyber security at the forefront of our space systems because it they absolutely depend on it you know you mentioned uh hardware software threats opportunities challenges i want to ask you because you you got me thinking of the minute there around infrastructure i mean we've heard critical infrastructure you know grids here on on earth you're talking about critical infrastructure a redefinition of what critical infrastructure is an extension of what we have so i'd love to get your thoughts about space force's view of that critical infrastructure vis-a-vis the threat vectors because you know the term threat vectors has been kicked around in the cyber space oh yeah threat vectors they're always increasing the surface area well if the surface area is from space it's an unlimited surface area so you got different vectors so you got new critical infrastructure developing real time really fast and you got an expanded threat vector landscape putting that in perspective for the folks that aren't really inside the ropes on these critical issues how would you explain this and how would you talk about those two things well so i tell you um i just like um uh just like uh i'm sure people in the security side or the cyber security side of the business in the banking industry feel they feel like it's uh all possible threat vectors represent a dramatic and protect potentially existential threat to all of the dollars that they have in the banking system to the financial sector on the department of defense side we've got to have sort of the same mindset um that threat vector from to and through space against critical space systems ground segments the launch enterprise or transportation uh to orbit and the various different uh domains within uh within space itself like i mentioned before uh leo mio and geo-based satellites with different orbits all of the different mission areas that are accomplished from space that i mentioned earlier some that i didn't mention like weather tactical or wide band communications uh various new features of space control all of those are things that we have to worry about from a cyber security uh threat perspective and it's a it's a daunting challenge right now right yeah it's awesome and one of the things we've been following on the hardware side here in the on the ground is the supply chain we've seen you know malware being you know really put into really obscure hardware who manufactures it as being outsourced obviously government has restrictions but with the private sector uh you mentioned china and and the us kind of working together across these these peaceful areas but you got to look at the supply chain how does the supply chain the security aspect impact the mission of the u.s space force yeah yeah so so um how about another um just in terms of an example another kind of california-based historical example right um the very first u.s satellite uh explorer one was built by uh the jet propulsion uh laboratory folks uh not far from here in el segundo up in uh up in pasadena um that satellite when it was first built in the late 50s uh weighed a little bit over 30 pounds and i'm sure that each and every part was custom made and definitely made by u.s companies fast forward to today the global supply chain is so tightly coupled and frankly many industries are so specialized almost specialized regionally around the planet we focus every day to guarantee the integrity of every component that we put in our space systems is absolutely critical to the operations of those satellites and we're dependent upon them but it becomes more difficult and more difficult to understand the the heritage if you will of some of the parts that are used the thousands of parts that are used in some of our satellites that are literally school bus sized right the space industry especially uh national security space sector um uh is relatively small compared to other commercial industries and we're moving to towards using more and more parts uh from non-us companies uh cyber security and cyber awareness have to be baked in from the beginning if we're going to be using parts that maybe we don't necessarily um understand 100 percent like an explorer one uh the the lineage of that particular part the environmental difficulties in space are well known the radiation environment the temperature extremes the vacuum those require specialized component and the us military is not the only uh customer in that space in fact we're definitely not the dominant customer uh in space anymore all those factors require us along with our other government partners and many different commercial space organizations to keep a very close eye on our supply chains from a quality perspective a security perspective and availability um there's open source reporting on supply training intrusions from um many different breaches of commercial retailers to the infectious spread of uh you know compromised patches if you will and our adversaries are aware of these techniques as i mentioned earlier with other forms of attack considering our supply chains and development networks really becomes fair game for our adversaries so we have to uh take that threat seriously um between the government and industry sectors here in the u.s we're also working with our industry partners to enact stronger defenses and assess our own vulnerabilities last fall we completed an extensive review of all of our major contracts here at space and missile system center to determine the levels of cyber security requirements we've implemented across our portfolio and it sounds really kind of you know businessy geeky if you will you know hey we looked at our contracts to make sure that we had the right clauses in our contracts to address cyber security as dynamically as we possibly could and so we found ourselves having to add new language to our contracts to require system developers to implement some more advanced uh protective measures in this evolving cyber security environment so that data handling and supply chain perspective uh protections um from contract inception to launch and operations were taken into account uh cyber security really is a key performance parameter for us now it's as important as the the mission performance of the system it's as important as cost it's as important as schedule because if we deliver the perfect system on time and on cost uh it can perform that missile warning or that communications mis mission perfectly but it's not cyber secure if it doesn't have cyber protections built into it or the ability to implement mitigations against cyber uh threats then we've essentially fielded a shoe box in space that doesn't do the k the the war fighter or the nation uh any good um supply chain risk management is a is a major challenge for us uh we're doing a lot to coordinate with our industry partners uh we're all facing it head on uh to try and build secure and trusted components uh that keep our confidence as leaders firefighters and baristas uh as the case may be uh but it is a challenge and we're trying to rise to that challenge you know this so exciting this new area because it really touches everything you know talk about geeking out on on the tech the hardware the systems but also you put your kind of mba hat on you go what's the roi of the extra development and how you how things get built because the always the exciting thing for space geeks is like you're building cool stuff people love it's it's exciting but you still have to build and cyber security has proven that security has to be baked in from the beginning and be thought as a system architecture so you're still building things which means you've got to acquire things you got to acquire parts you got to acquire build software and and sustain it how is security impacting the acquisition and the sustainment of these systems for space yeah from initial development uh through planning for the acquisition design development fielding or production fielding and sustainment it impacts all aspects of of the life cycle john uh we simply especially from the concept of baking in cyber security uh we can't wait until something is built and then try and figure out how to make it cyber secure so we've moved way further uh towards working side by side with our system developers to strengthen cyber security from the very beginning of a system's development cyber security and the resilience associated with it really have to be treated as a key system attribute as i mentioned earlier equivalent with data rates or other metrics of performance we like to talk in uh in the space world about uh mission assurance and mission assurance has always you know sort of taken us as we as we technically geek out right mission assurance has always taken us to the will this system work in space right can it work in a vacuum can it work in you know as it as it uh you know transfers through uh the van allen radiation belt or through the the um the southern hemisphere's electromagnetic anomaly right will it work out in space and now from a resiliency perspective yeah it has to work in space it's got to be functional in space but it's also got to be resistant to these cyber security threats it's it's not just i think uh general dt thompson quoted this term it's not just widget assurance anymore it's mission assurance um uh how does that satellite uh operator that ground control segment operate while under attack so let me break your question a little bit uh just for purposes of discussion into into really two parts uh cyber uh for cyber security for systems that are new and cyber security uh for systems that are in sustainment or kind of old and legacy um obviously there's cyber vulnerabilities that threaten both and we really have to employ different strategies for for defense of of each one for new systems uh we're desperately trying to implement across the department of defense in particular in the space world a kind of a devsecops methodology and practice to delivering software faster and with greater security for our space systems here at smc we have a program called enterprise ground services which is a tool kit basically a collection of tools for common command and control of different satellite systems egs as we call it has an integrated suite for defensive cyber capabilities network operators can use these tools to gain unprecedented insight to data flows and to monitor space network traffic for anomalies or other potential indicators of of bad behavior malicious behavior if you will um uh it's rudimentary at this point but because we're using devsecops and that incremental development approach as we scale it it just becomes more and more capable you know every every product increment that we field here at uh at uh la air force base uh uh we have the united space space forces west coast software factory which we've dubbed kobayashi maru they're using those agile devops uh software development practices uh to deliver uh space awareness software uh to the combined space operations center uh affectionately called the csp that c-spock is just down the road uh from cal poly uh there in san luis obispo at vandenberg air force base they've securely linked the c-spock with other space operation centers around the planet our allies australia canada and the uk uh we're partnering with all of them to enable secure and enhanced combined space operations so lots of new stuff going on as we bake in new development uh capabilities for our our space systems but as i mentioned earlier we've got large constellations on satellite of satellites on orbit right now some of them are well in excess of a decade or more old on orbit and so the design aspects of those satellites are several decades old and so but we still have to worry about them because they're critical to our space capabilities um we've been working with an air force materiel command organization uh called crows which stands for the cyber resiliency office for uh weapon systems to assess all of those legacy platforms from a cyber security perspective and develop defensive strategies and potential hardware and software upgrades to those systems to better enable them to to live through this increasingly cyber security uh concerned era that we currently live in our industry partners have been critical to to both of those different avenues both new systems and legacy systems we're working closely with them to defend and upgrade uh national assets and develop the capabilities to do similar with uh with new national assets coming online the vulnerabilities of our space systems really kind of threaten the way we've done business in the past both militarily and in the case of gps economically the impacts of that cyber security risk are clear in our acquisition and sustainment processes but i've got to tell you it that as the threat vectors change as the vulnerabilities change we've got to be nimble enough agile enough to be able to bounce back and forth we can't just say uh many people in the audience are probably familiar with the rmf or the risk management framework approach to um to reviewing uh the cyber security of a system we can't have program managers and engineers just accomplish an rmf on a system and then hey high five we're all good uh it's a journey not a destination that's cyber security and it's a constant battle rhythm throughout a weapon systems life cycle not just a single event i want to get to this commercial business needs and your needs on the next question but before i go there you mentioned the agile and i see that clearly because when you have accelerated innovation cycles you've got to be faster and we saw this in the computer industry mainframes mini computers and then when you started getting beyond me when the internet hit and pcs came out you saw the big enterprises the banks and and government start to work with startups it used to be a joke in the entrepreneurial circles is that you know there's no way if you're a startup you're ever going to get a contract with a big business enterprise now that used to be for public sector and certainly uh for you guys so as you see startups out there and there's acquisition involved i'm sure would love to love to have a contract with space force there's an roi calculation where if it's in space and you have a sustainment view edit software you might have a new kind of business model that could be attractive to startups could you share your thoughts on the folks who want to be a supplier to you uh whether they're a startup or an existing business that wants to be agile but they might not be that big company we are john that's a fantastic question we are desperately trying to reach out to to those new space advocates to those startups to those um what we sometimes refer to within the department of defense those non-traditional uh defense contractors a couple of things just for uh thinking purposes on some of the things that we're trying to highlight um uh three years ago we created here at uh space and missile system center uh the space enterprise consortium uh to provide a platform uh a contractual vehicle really to enable us to rapidly prototype uh development of space systems and to collaborate uh between the u.s space force uh traditional defense contractors non-traditional vendors like startups and even some academic institutions uh spec as we call it space enterprise consortium uses a specialized contracting tool to get contracts uh awarded quickly many in the audience may be familiar with other transaction agreements and that's what spec is based on and so far in just three years spec has awarded 75 different uh prototyping contracts worth over 800 million dollars with a 36 reduction in time to award and because it's a consortium based competition for um for these kinds of prototyping efforts the barrier to entry for small and non-traditional for startups even for academic institutions to be able to compete for these kinds of prototypings is really lowered right um uh these types of partnerships uh that we've been working through on spec uh have really helped us work with smaller companies who might not have the background or expertise in dealing with the government or in working with cyber security uh for their systems both their developmental systems and the systems that they're designing and trying to build we want to provide ways for companies large and small to partner together and support um uh kind of mutually beneficial uh relationships between all um recently uh at the annual air force association uh conference that i mentioned earlier i moderated a panel with several space industry leaders uh all from big traditional defense contractors by the way and they all stressed the importance of building bridges and partnerships uh between major contractors in the defense industry and new entrants uh and that helps us capture the benefits of speed and agility that come with small companies and startups as well as the expertise and specialized skill sets of some of those uh larger contractors uh that we rely on day in and day out advanced cyber security protections and utilization of secure facilities are just a couple of things that i think we could be prioritizing more so in those collaborations as i mentioned earlier the spec has been very successful in awarding a number of different prototyping contracts and large dollar values and it's just going to get better right there's over 400 members of the space enterprise consortium 80 of them are non-traditional kinds of vendors and we just love working with them another thing that many people in the audience may be familiar with in terms of our outreach to innovators uh if you will and innovators that include uh cyber security experts is our space pitch day events right so we held our first event last november in san francisco uh where we awarded over a two-day period about 46 million dollars to 30 different companies um that had potentially game-changing ideas these were phase two small business innovative research efforts uh that we awarded with cash on the spot uh we're planning on holding our second space pitch day in the spring of 2021. uh we're planning on doing it right here in los angeles uh covent 19 environment permitting um and we think that these are you know fantastic uh uh venues for identifying and working with high-speed startups startups and small businesses who are interested in uh really truly partnering with the us air force it's a as i said before it's a really exciting time to be a part of this business uh and working with the innovation economy uh is something that the department of defense uh really needs to do in that um the innovation that we used to think was ours you know that 80 percent of the industrial-based innovation that came from the department of defense uh the the script has been flipped there and so now more than 70 percent uh particularly in space innovation uh comes from the commercial sector not from uh not from the defense business itself and so um that's a tsunami of uh investment and a tsunami of uh capability and i need to figure out how to get my surfboard out and ride it you know what i mean yeah i mean it's one of those things where the flip the script has been flipped but it's exciting because it's impacting everything are you talking about systems architecture you're talking about software you're talking about a business model you talk about devsecops from a technical perspective but now you have a business model innovation all the theaters of uh are exploding in innovation technical business personnel this brings up the workforce challenge you've got the cyber needs for the u.s space force there's probably a great roi model for new kinds of software development that could be priced into contracts that's a entrepreneurial innovation you got the the business model theater you've got the personnel how does the industry adopt and change you guys are clearly driving this how does the industry adjust to you yeah so um i think a great way to answer that question is to just talk about the kind of people that we're trying to prioritize in the u.s space force from a from an acquisition perspective and in this particular case from a from a cyber security perspective as i mentioned earlier it's the most exciting time to be in space programs uh really since the days of apollo um uh you know just to put it in terms that you know maybe have an impact with the audience uh from 1957 until today approximately 9 000 satellites uh have been launched from the various space faring countries around the planet uh less than two thousand of those nine thousand are still up on orbit and operational and yet in the new space regime um players like spacex have plans to launch you know 12 000 satellites for some of their constellations alone it really is a remarkable time in terms of innovation and fielding of space capabilities and all of those space capabilities whether they're commercial civil or defense are going to require appropriate cyber security uh protections it's just a really exciting time uh to be working in stuff like this and so uh folks like the folks in this audience who have a passion about space and a passion about cyber security are just the kind of people that we want to work with because we need to make sure our systems are are secure and resilient we need folks that have technical and computing expertise engineering skills to be able to design cybersecure systems that can detect and mitigate attacks uh but we also as you alluded to we need people that have that business and um you know business acumen human networking background so that we can launch the startups and work with the non-traditional businesses uh help to bring them on board help to secure both their data and our data and uh and and make sure our processes and systems are are free as much as possible from uh uh from attack um for preparation for for audience members who are young and maybe thinking about getting into this uh trade space um you gotta be smart on digital networking uh you gotta understand basic internet protocols concepts uh programming languages uh database design uh learn what you can from penetration or vulnerability testing and and uh risk assessment i will tell you this and i don't think he will i know he will not mind me telling you this but you've got to be a lifelong learner and so two years ago i'm at home one evening and i get a phone call on my cell phone and it's my boss the commander of air force space command uh general j raymond who is now currently the chief of space operations and he is on temporary duty flying overseas he lands where he's going and he first thing he does when he lands is he calls me and he goes jt um while i was traveling um i noticed that there were e-books available on the commercial airliner i was traveling on and there was an e-book on something called scrumming and agile devsecops and i read it have you read it um and i said no sir but if you tell me what the title of the book is i will read it and so i got to go to my staff meeting um you know the very next week the next time we had a staff meeting and tell everybody in the stab meeting hey if the four star and the three star can read the book about scrumming then i'm pretty sure all of you around this table and all our lieutenants and our captains our gs13s all of our government employees can get smart on uh the scrumming development process and interestingly as another side i had a telephone call with him last year during the holidays where he was trying to take some leave and i said sir what are you up to today are you are you you know making eggnog for the event tonight or whatever and the chief of space operations told me no i'm trying to teach myself python i'm at lesson two and it's not going so well but i'm i'm gonna figure this out and so that kind of thing if the chief of staff or the you know the the the chief of space operations can prioritize scrumming and python language and innovation in his daily schedule then we're definitely looking for other people who can do that and we'll just say lower levels of rank uh throughout our entire space force enterprise um look i i we don't need to need people that can code a satellite from scratch but we need to know we need to have people that have a basic grasp of the programming basics and cyber security requirements and that can turn those things into into meaningful actions obviously in the space domain things like basic physics and orbital mechanics are also important uh space is not an intuitive uh domain so under understanding how things survive uh on orbit is really critical to making the right design and operational decisions and you know i know there's probably a lot because of this conference i know there's a probably a whole lot of high-speed cyber security experts out in the audience and i need those people in the u.s space force the the country is counting on it but i wouldn't discount having people that are just cyber aware or cyber savvy right i have contracting officers and logisticians and program managers and they don't have to be high-end cyber security experts but they have to be aware enough about it to be able to implement cyber security protections um into our space system so the skill set is is really really broad um our adversaries are pouring billions of dollars into uh define designing uh and fielding offensive and destructive space cyber security weapons right they've repeatedly shown really a blatant disregard of safety and international norms for good behavior on orbit and the cyber security aspects of our space systems is really a key battleground going forward so that we can maintain that as i mentioned before peaceful uh global commons of space we really need all hands on deck if you're interested in helping in uniform if you're interested in helping uh not in uniform uh but as a government employee a commercial or civil employee to help us make cyber security more important uh or more cape more able to be developed for our space systems then we'd really love to uh to work with you or have you on the team to build that safe and secure future for our space systems lieutenant general john thompson great insight thank you for sharing all that awesome stories too and motivation for the young next generation the united states space force approach of cyber security really amazing talk thank you for your time final parting question is as you look out and you had your magic wand what's your view for the next few years in terms of things that we could accomplish it's a super exciting time what do you hope for so um um first of all john thanks to you and and thanks to cal poly uh for the invitation and and thanks to everybody for uh for their interest in cyber security especially as it relates to space systems that's here at the conference um uh there's a quote and i'll read it here uh from uh bernard schriever who was the uh the founder if you will uh a legend in uh dod space the founder of the western development division which was a predecessor organization to space and missile systems center general shrever i think captures the essence of what how we see the next couple of years the world has an ample supply of people who can always come up with a dozen good reasons why new ideas will not work and should not be tried but the people who produce progress are breed apart they have the imagination the courage and the persistence to find solutions and so i think if you're hoping that the next few years of space innovation and cyber security innovation are going to be a pony ride at the county fair then perhaps you should look for another line of work because i think the next few years in space and cyber security innovation are going to be more like a rodeo um and a very dynamic rodeo as it goes it is a an awesome privilege to be part of this ecosystem it's really an honor for me to um to be able to play some small role uh in the space ecosystem and trying to improve it uh while i'm trying to improve the chances of uh of the united states of america in a uh in a space war fighting uh uh environment um and so i thank all of you for uh participating today and for this little bit of time that you've allowed me to share with you thank you sir thank you for your leadership and thank you for the for the time for this awesome event space and cyber security symposium 2020 i'm john furrier on behalf of cal poly thanks for watching [Music]

>> Narrator: From around the globe. It's theCUBE covering space in cybersecurity symposium 2020 hosted by Cal Poly. >> Hello, everyone. Welcome to the space and cybersecurity symposium, 2020 hosted by Cal Poly where the intersection of space and security are coming together. I'm John Furrier, your host with theCUBE here in California. I want to welcome our featured guest, Lieutenant General, John F. Thompson with the United States Space Force approach to cybersecurity. That's the topic of this session. And of course he's the commander of the space and missile system center in Los Angeles Air Force Base. Also heading up Space Force. General, thank you for coming on. I really appreciate to you kicking this off. Welcome to the symposium. >> Hey, so thank you very much, John, for that very kind introduction. Also very much thank you to Cal Poly for this opportunity to speak to this audience today. Also a special shout out to one of the organizers, Dustin Debrun, for all of his work, helping get us to this point. Ladies and gentlemen as a John mentioned, I'm JT Thompson. I lead the 6,000 men and women of the United States Space Force's Space and Missile System Center, which is headquartered here at Los Angeles Air Force Base and El Segundo. If you're not quite sure where that's at, it's about a mile and a half from LAX. This is our main operating location, but we do have a number of other operating locations around the country. We're about 500 people at Kirtland Air Force Base in Albuquerque, New Mexico, and an about another 500 people on the front range of the Rockies between Colorado Springs and Denver plus a smattering of other much smaller operating locations nationwide. We're responsible for acquiring, developing and sustaining the United States Space Force's, critical space assets. That includes the satellites in the space layer and also on the ground layer our ground segments to operate those satellites. And we also are in charge of procuring launch services for the US Space Force and a number of our critical mission partners across the Department of Defense and the intelligence community. Just as a couple of examples of some of the things we do, if you're unfamiliar with our work we developed and currently sustain the 31 satellite GPS constellation that satellite constellation, while originally intended to help with global navigation, those GPS signals have provided trillions of dollars in unanticipated value to the global economy over the past three decades. GPS is everywhere. I think everybody realizes that. Agriculture, banking, the stock market, the airline industry, separate and distinct navigation systems. It's really pervasive across both capabilities for our Department of Defense and capabilities for our economy and individuals, billions of individuals across our country and the planet. Some of the other work we do for instance, in the communications sector, secure communications satellites that we designed and build that link America's sons and daughters serving in the military around the world and really enable real time support and comms for our deployed forces. And those of our allies. We also acquire infrared missile warning satellites that monitor the planet for missile launches that provide advanced warning to the US Homeland and to our allies in case some of those missile launches are nefarious. On a note, that's probably a lot closer to home, maybe a lot closer to home than many of us want to think about here in the state of California. In 2018, SMC jumped through a bunch of red tape and bureaucracy to partner with the US Forest Service during two of the largest wildfires in the state's history, the Camp and Woolsey fires in Northern California. As those fires spread out of control, we created processes on the fly to share data from our missile warning satellites. Those are satellites that are systems that are purpose built to see heat sources from thousands of miles above the planet. And we collaborated with the US Forest Service so that firefighters on the ground could track those fires more in real time and better forecast fires and where they were spreading, thereby saving lives and property by identifying hotspots and flareups for firefighters. That data that we were able to working with our contractors pass to the US Forest Service and authorities here in California, was passed in less than an hour as it was collected to get it into the hands of the emergency responders, the first responders as quickly as possible and doing that in an hour greatly surpassed what was available from some of the other assets in the airborne and ground-based fire spotters. It was really instrumental in fighting those fires and stopping their spread. We've continued that involvement in recent years, using multiple systems to support firefighters across the Western US this fall, as they battled numerous wildfires that unfortunately continue. Working together with the US Forest Service and with other partners we'd like to think that we've made a difference here, but there's still a lot more work to go. And I think that we should always be asking ourselves what else can space data be used for and how can we more rapidly get that space data to stakeholders so that they can use it for purposes of good, if you will. How else can we protect our nation? How else can we protect our friends and allies? I think a major component of the discussion that we will have throughout this conference is that the space landscape has changed rapidly and continues to change rapidly. Just over the past few years, John and I were talking before we went live here and 80 nations now have space programs. Nearly 80 space faring nations on the planet. If you just look at one mission area that the Department of Defense is interested in, and that's small launch, there are currently over 100 different small launch companies within the US industrial base vying for commercial DoD and civil payload capabilities, mostly to lower earth orbit. It's truly a remarkable time. If you factor in those things like artificial intelligence and machine learning, where we're revolutionizing really, the ways that we generate process and use data. It's really remarkable. In 2016, so if you think about this four years ago, NASA estimated that there were 28 terabytes of information transiting their space network each day. And that was four years ago. Obviously we've got a lot of desire to work with a lot of the people in the audience in this conference, we need to work with big thinkers, like many of you to answer questions on how best we apply data analytics to extract value and meaning from that data. We need new generations of thinkers to help apply cutting edge theories of data mining, cyber behaviorism, and Internet of Things 2.0, it's just truly a remarkable time to be in the space business and the cyber aspects of the space business are truly, truly daunting and important to all of us. Integrating cyber security into our space systems, both commercial and government is a mandate. it's no longer just a nice to have as the US Space Force and Department of the Air Force leadership has said many times over the past couple of years, space is becoming congested and contested. And that contested aspect means that we've got to focus on cyber security in the same way that the banking industry and cyber commerce focus on cybersecurity day in and day out. The value of the data and services provided is really directly tied to the integrity and availability of that data and services from the space layer, from the ground control segments associated with it. And this value is not just military, it's also economic and it's not just American, it's also a value for the entire world, particularly our allies, as we all depend upon space and space systems. Your neighbors and friends here in California that are employed at the space and missile system center work with network defenders. We work with our commercial contractors and our systems developers, our international allies and partners to try and build as secure and resilient systems as we can from the ground up that keep the global comments of space free and open for exploration and for commerce as John and I were talking earlier, before we came online, there's an aspect of cybersecurity for space systems, especially for some of our legacy systems, that's more, how do we bolt this on? Cause we fielded those space systems a number of years ago, and the challenges of cybersecurity in the space domain have grown. So we have a part that we have to worry about, bolting it on, but then we have to worry about building it in as we field new systems and build in a flexibility that realizes that the cyber threat or the cybersecurity landscape will evolve over time. It's not just going to be stagnant. There will always be new vulnerabilities and new threat vectors that we all have to look at. Look, as Secretary Barrett, who is our secretary of the air force likes to say most Americans use space before they have their first cup of coffee in the morning. The American way of life really depends on space. And as part of the United States Space Force, we work with defense leaders, our Congress joint, and international military teammates and industry to ensure American leadership in space. I really thank you for this opportunity to address the audience today, John, and thanks so much to Cal Poly for letting me be one of the speakers at this event. I've really looked forward to this for several months. And so with that, I look forward to your questions as we kind of move along here. >> General, thank you very much for those awesome introductory statement. For the folks watching on the stream, Brigadier General Carthan's going to be in the chat, answering any questions, feel free to chat away. He's the vice commander of Space and Missile System Center, he'll be available. A couple of comments from your keynote before I get to my questions. Cause it just jumped into my head. You mentioned the benefits of say space with the fires in California. We're living that here. That's really realtime. That's a benefit. You also mentioned the ability for more people launching payloads into space. I'm only imagined Moore's law smaller, faster, cheaper applies to rockets too. So I'm imagining you have the benefits of space and you have now more potential objects flying out sanctioned and maybe unsanctioned. So is it going to be more rules around that? This is an interesting question cause it's exciting Space Force, but for all the good there is potentially bad out there. >> Yeah. So John, I think the basics of your question is as space becomes more congested and contested, is there a need for more international norms of how satellites fly in space? What kind of basic features satellites have to perhaps de orbit themselves? What kind of basic protections should all satellites be afforded as part of a peaceful global commons of space? I think those are all fantastic questions. And I know that US and many allied policy makers are looking very, very hard at those kinds of questions in terms of what are the norms of behavior and how we field, and field as the military term. But how we populate using civil or commercial terms that space layer at different altitudes, lower earth orbit, mid earth orbit, geosynchronous earth orbit, different kinds of orbits, what the kind of mission areas we accomplished from space. That's all things that need to be definitely taken into account as the place gets a little bit, not a little bit as the place gets increasingly more popular day in and day out. >> I'm super excited for Space Force. I know that a new generation of young folks are really interested in it's an emerging, changing great space. The focus here at this conference is space and cybersecurity, the intersection. I'd like to get your thoughts on the approach that a space force is taking to cybersecurity and how it impacts our national goals here in the United States. >> Yeah. So that's a great question John, let me talk about it in two basic ways. At number one is an and I know some people in the audience, this might make them a little bit uncomfortable, but I have to talk about the threat. And then relative to that threat, I really have to talk about the importance of cyber and specifically cyber security, as it relates to that threat. The threats that we face really represented a new era of warfare and that new era of warfare involves both space and cyber. We've seen a lot of action in recent months from certain countries, notably China and Russia that have threatened what I referred to earlier as the peaceful global commons of space. For example, it threw many unclassified sources and media sources. Everybody should understand that the Russians have been testing on orbit anti-satellite capabilities. It's been very clear if you were following just the week before last, the Department of Defense released its 2020 military and security developments involving the People's Republic of China. And it was very clear that China is developing ASATs, electronic jammers, directed energy weapons, and most relevant to today's discussion, offensive cyber capabilities. There are kinetic threats that are very, very easy to see, but a cyber attack against a critical command and control site or against a particular spacecraft could be just as devastating to the system and our war fighters in the case of GPS and important to note that that GPS system also impacts many civilians who are dependent on those systems from a first response perspective and emergency services, a cyber attack against a ground control site could cause operators to lose control of a spacecraft or an attacker could feed spoofed data to assist them to mislead operators so that they sent emergency services personnel to the wrong address. Attacks on spacecraft on orbit, whether directly via a network intrusion or enabled through malware introduced during the system's production while we're building the satellite can cripple or corrupt the data. Denial-of-service type attacks on our global networks obviously would disrupt our data flow and interfere with ongoing operations and satellite control. If GPS went down, I hesitate to say it this way, cause we might elicit some screams from the audience. But if GPS went down a Starbucks, wouldn't be able to handle your mobile order, Uber drivers wouldn't be able to find you. And Domino's certainly wouldn't be able to get there in 30 minutes or less. So with a little bit of tongue in cheek there from a military operations perspective, it's dead serious. We have become accustomed in the commercial world to threats like ransomware and malware. And those things have unfortunately become commonplace in commercial terrestrial networks and computer systems. However, what we're seeing is that our adversaries with the increased competition in space these same techniques are being retooled, if you will, to use against our national security space systems day in and day out. As I said, during my opening remarks on the importance of cyber, the value of these systems is directly tied to their integrity. If commanders in the field, firefighters in California or baristas in Starbucks, can't trust the data they're receiving, then that really harms their decision making capabilities. One of the big trends we've recently seen is the move towards proliferated LEO constellations, obviously Space X's Starlink on the commercial side and on the military side, the work that DARPA and my organization SMC are doing on Blackjack and Casino, as well as some space transport layer constellation work that the space development agency is designing are all really, really important types of mesh network systems that will revolutionaries how we plan and field war fighting systems and commercial communications and internet providing systems. But they're also heavily reliant on cybersecurity. We've got to make sure that they are secured to avoid an accident or international damage. Loss of control of these constellations really could be catastrophic from both a mission perspective or from a satellites tumbling out of low earth orbit perspective. Another trend is introductions in artificial intelligence and machine learning, onboard spacecraft are at the edge. Our satellites are really not so much hardware systems with a little software anymore in the commercial sector and in the defense sector, they're basically flying boxes full of software. And we need to ensure that data that we're getting out of those flying boxes full of software are helping us base our decisions on accurate data and algorithms, governing the right actions and that those systems are impervious to the extent possible to nefarious modifications. So in summation, cybersecurity is a vital element of everything in our national security space goals. And I would argue for our national goals, writ large, including economic and information dimensions, the Space Force leadership at all levels from some of the brand new second lieutenants that general Raymond swore in to the space force this morning, ceremonially from the air force associations, airspace and cyberspace conference to the various highest levels, General Raymond, General DT Thompson, myself, and a number of other senior leaders in this enterprise. We've got to make sure that we're all working together to keep cyber security at the forefront of our space systems cause they absolutely depend on it. >> You mentioned hardware, software threats, opportunities, challenges. I want to ask you because you got me thinking of the minute they're around infrastructure. We've heard critical infrastructure, grids here on earth. You're talking about critical infrastructure, a redefinition of what critical infrastructure is, an extension of what we have. So I'd love to get your thoughts about Space Force's view of that critical infrastructure vis-a-vis the threat vectors, because the term threat vectors has been kicked around in the cyberspace. Oh you have threat vectors. They're always increasing the surface area. If the surface area is from space, it's an unlimited service area. So you got different vectors. So you've got new critical infrastructure developing real time, really fast. And you got an expanded threat vector landscape. Putting that in perspective for the folks that aren't really inside the ropes on these critical issues. How would you explain this and how would you talk about those two things? >> So I tell you, just like, I'm sure people in the security side or the cybersecurity side of the business in the banking industry feel, they feel like it's all possible threat vectors represent a dramatic and protect potentially existential threat to all of the dollars that they have in the banking system, to the financial sector. On the Department of Defense side, we've got to have sort of the same mindset. That threat vector from, to, and through space against critical space systems, ground segments, the launch enterprise, or transportation to orbit and the various different domains within space itself. Like I mentioned before, LEO, MEO and GEO based satellites with different orbits, all of the different mission areas that are accomplished from space that I mentioned earlier, some that I did mention like a weather tactical or wide band communications, various new features of space control. All of those are things that we have to worry about from a cyber security threat perspective. And it's a daunting challenge right now. >> Yeah, that's awesome. And one of the things we've been falling on the hardware side on the ground is the supply chain. We've seen, malware being, really put in a really obscure hardware. Who manufactures it? Is it being outsourced? Obviously government has restrictions, but with the private sector, you mentioned China and the US kind of working together across these peaceful areas. But you got to look at the supply chain. How does the supply chain in the security aspect impact the mission of the US space Force? >> Yeah. Yeah. So how about another, just in terms of an example, another kind of California based historical example. The very first US Satellite, Explorer 1, was built by the jet propulsion laboratory folks, not far from here in El Segundo, up in Pasadena, that satellite, when it was first built in the late 50s weighing a little bit, over 30 pounds. And I'm sure that each and every part was custom made and definitely made by US companies. Fast forward to today. The global supply chain is so tightly coupled, and frankly many industries are so specialized, almost specialized regionally around the planet. We focus every day to guarantee the integrity of every component that we put in our space systems is absolutely critical to the operations of those satellites and we're dependent upon them, but it becomes more difficult and more difficult to understand the heritage, if you will, of some of the parts that are used, the thousands of parts that are used in some of our satellites that are literally school bus sized. The space industry, especially national security space sector is relatively small compared to other commercial industries. And we're moving towards using more and more parts from non US companies. Cybersecurity and cyber awareness have to be baked in from the beginning if we're going to be using parts that maybe we don't necessarily understand 100% like an Explorer one, the lineage of that particular part. The environmental difficulties in space are well known. The radiation environment, the temperature extremes, the vacuum, those require specialized component. And the US military is not the only customer in that space. In fact, we're definitely not the dominant customer in space anymore. All those factors require us along with our other government partners and many different commercial space organizations to keep a very close eye on our supply chains, from a quality perspective, a security perspective and availability. There's open source reporting on supply training intrusions from many different breaches of commercial retailers to the infectious spread of compromised patches, if you will. And our adversaries are aware of these techniques. As I mentioned earlier, with other forms of attack, considering our supply chains and development networks really becomes fair game for our adversaries. So we have to take that threat seriously. Between the government and industry sectors here in the US. We're also working with our industry partners to enact stronger defenses and assess our own vulnerabilities. Last fall, we completed an extensive review of all of our major contracts here at Space and Missile System Center to determine the levels of cyber security requirements we've implemented across our portfolio. And it sounds really kind of businessy geeky, if you will. Hey, we looked at our contracts to make sure that we had the right clauses in our contracts to address cybersecurity as dynamically as we possibly could. And so we found ourselves having to add new language to our contracts, to require system developers, to implement some more advanced protective measures in this evolving cyber security environment. So that data handling and supply chain protections from contract inception to launch and operations were taken into account. Cyber security really is a key performance parameter for us now. Performance of the system, It's as important as cost, it's as important as schedule, because if we deliver the perfect system on time and on cost, it can perform that missile warning or that communications mission perfectly, but it's not cyber secure. If it's doesn't have cyber protections built into it, or the ability to implement mitigations against cyber threats, then we've essentially fielded a shoe box in space that doesn't do the CA the war fighter or the nation any good. Supply chain risk management is a major challenge for us. We're doing a lot to coordinate with our industry partners. We're all facing it head on to try and build secure and trusted components that keep our confidence as leaders, firefighters, and baristas as the case may be. But it is a challenge. And we're trying to rise to that challenge. >> This is so exciting this new area, because it really touches everything. Talk about geeking out on the tech, the hardware, the systems but also you put your kind of MBA hat on you go, what's the ROI of extra development and how things get built. Because the always the exciting thing for space geeks is like, if you're building cool stuff, it's exciting, but you still have to build. And cybersecurity has proven that security has to be baked in from the beginning and be thought as a system architecture. So you're still building things, which means you got to acquire things, you got to acquire parts, you got acquire build software and sustain it. How is security impacting the acquisition and the sustainment of these systems for space? >> Yeah. From initial development, through planning for the acquisition, design, development, our production fielding and sustainment, it impacts all aspects of the life cycle, John. We simply, especially from the concept of baking in cybersecurity, we can't wait until something is built and then try and figure out how to make it cyber secure. So we've moved way further towards working side by side with our system developers to strengthen cybersecurity from the very beginning of a systems development, cyber security, and the resilience associated with it really have to be treated as a key system attribute. As I mentioned earlier, equivalent with data rates or other metrics of performance. We like to talk in the space world about mission assurance and mission assurance has always sort of taken us as we technically geek out. Mission assurance has always taken us to the will this system work in space. Can it work in a vacuum? Can it work in as it transfers through the Van Allen radiation belt or through the Southern hemisphere's electromagnetic anomaly? Will it work out in space? And now from a resiliency perspective, yeah, it has to work in space. It's got to be functional in space, but it's also got to be resistant to these cybersecurity threats. It's not just, I think a General D.T Thompson quoted this term. It's not just widget assurance anymore. It's mission assurance. How does that satellite operator that ground control segment operate while under attack? So let me break your question a little bit, just for purposes of discussion into really two parts, cybersecurity, for systems that are new and cybersecurity for systems that are in sustainment are kind of old and legacy. Obviously there's cyber vulnerabilities that threatened both, and we really have to employ different strategies for defensive of each one. For new systems. We're desperately trying to implement across the Department of Defense and particularly in the space world, a kind of a dev sec ops methodology and practice to delivering software faster and with greater security for our space systems. Here at SMC, we have a program called enterprise ground services, which is a toolkit, basically a collection of tools for common command and control of different satellite systems, EGS as we call it has an integrated suite for defensive cyber capabilities. Network operators can use these tools to gain unprecedented insight to data flows and to monitor space network traffic for anomalies or other potential indicators of a bad behavior, malicious behavior, if you will, it's rudimentary at this point, but because we're using DevSecOps and that incremental development approach, as we scale it, it just becomes more and more capable. Every product increment that we feel. Here at LA Air Force Base, we have the United Space Force's West Coast Software Factory, which we've dubbed the Kobayashi Maru. They're using those agile DevOps software development practices to deliver a space awareness software to the combined space operations center. Affectionately called the CSpock that CSpock is just on the road from Cal Poly there in San Luis Obispo at Vandenberg Air Force Base. They've so securely linked the sea Spock with other space operation centers around the planet, our allies, Australia, Canada, and the UK. We're partnering with all of them to enable secure and enhanced combined space operations. So lots of new stuff going on as we bake in new development capabilities for our space systems. But as I mentioned earlier, we've got large constellations of satellites on orbit right now. Some of them are well in excess of a decade or more or old on orbit. And so the design aspects of those satellites are several decades old. But we still have to worry about them cause they're critical to our space capabilities. We've been working with an air force material command organization called CROWS, which stands for the Cyber Resiliency Office for Weapon Systems to assess all of those legacy platforms from a cyber security perspective and develop defensive strategies and potential hardware and software upgrades to those systems to better enable them to live through this increasingly cybersecurity concerned era that we currently live in. Our industry partners have been critical to both of those different avenues. Both new systems and legacy systems. We're working closely with them to defend and upgrade national assets and develop the capabilities to do similar with new national assets coming online. The vulnerabilities of our space systems really kind of threatened the way we've done business in the past, both militarily and in the case of GPS economically. The impacts of that cybersecurity risk are clear in our acquisition and sustainment processes, but I've got to tell you, as the threat vectors change, as the vulnerabilities change, we've got to be nimble enough, agile enough, to be able to bounce back and forth. We can't just say, many people in the audience are probably familiar with the RMF or the Risk Management Framework approach to reviewing the cyber security of a system. We can't have program managers and engineers just accomplish an RMF on a system. And then, hey, high five, we're all good. It's a journey, not a destination, that's cybersecurity. And it's a constant battle rhythm through our weapon systems lifecycle, not just a single event. >> I want to get to this commercial business needs and your needs on the next question. But before I go there, you mentioned agile. And I see that clearly because when you have accelerated innovation cycles, you've got to be faster. And we saw this in the computer industry, mainframes, mini computers, and then we started getting beyond maybe when the internet hit and PCs came out, you saw the big enterprises, the banks and government start to work with startups. And it used to be a joke in the entrepreneurial circles is that, there's no way if you are a startup you're ever going to get a contract with a big business enterprise. Now that used to be for public sector and certainly for you guys. So as you see startups out there and there's acquisition involved, I'm sure would love to have a contract with Space Force. There's an ROI calculation where if it's in space and you have a sustainment view and it's software, you might have a new kind of business model that could be attractive to startups. Could you share your thoughts on the folks who want to be a supplier to you, whether they're a startup or an existing business that wants to be agile, but they might not be that big company. >> John, that's a fantastic question. We're desperately trying to reach out to those new space advocates, to those startups, to those what we sometimes refer to, within the Department of Defense, those non traditional defense contractors. A couple of things just for thinking purposes on some of the things that we're trying to highlight. Three years ago, we created here at Space and Missile System Center, the Space Enterprise Consortium to provide a platform, a contractual vehicle, really to enable us to rapidly prototype, development of space systems and to collaborate between the US Space Force, traditional defense contractors, non traditional vendors like startups, and even some academic institutions. SPEC, as we call it, Space Enterprise Consortium uses a specialized contracting tool to get contracts awarded quickly. Many in the audience may be familiar with other transaction agreements. And that's what SPEC is based on. And so far in just three years, SPEC has awarded 75 different prototyping contracts worth over $800 million with a 36% reduction in time to award. And because it's a consortium based competition for these kinds of prototyping efforts, the barrier to entry for small and nontraditional, for startups, even for academic institutions to be able to compete for these kinds of prototyping has really lowered. These types of partnerships that we've been working through on spec have really helped us work with smaller companies who might not have the background or expertise in dealing with the government or in working with cyber security for their systems, both our developmental systems and the systems that they're designing and trying to build. We want to provide ways for companies large and small to partner together in support kind of mutually beneficial relationships between all. Recently at the Annual Air Force Association conference that I mentioned earlier, I moderated a panel with several space industry leaders, all from big traditional defense contractors, by the way. And they all stressed the importance of building bridges and partnerships between major contractors in the defense industry and new entrance. And that helps us capture the benefits of speed and agility that come with small companies and startups, as well as the expertise and specialized skill sets of some of those larger contractors that we rely on day in and day out. Advanced cyber security protections and utilization of secure facilities are just a couple of things that I think we could be prioritizing more so in those collaborations. As I mentioned earlier, the SPEC has been very successful in awarding a number of different prototyping contracts and large dollar values. And it's just going to get better. There's over 400 members of the space enterprise consortium, 80% of them are non traditional kinds of vendors. And we just love working with them. Another thing that many people in the audience may be familiar with in terms of our outreach to innovators, if you will, and innovators that include cyber security experts is our space pitch day events. So we held our first event last November in San Francisco, where we awarded over a two day period about $46 million to 30 different companies that had potentially game changing ideas. These were phase two small business innovative research efforts that we awarded with cash on the spot. We're planning on holding our second space pitch day in the spring of 2021. We're planning on doing it right here in Los Angeles, COVID-19 environment permitting. And we think that these are fantastic venues for identifying and working with high-speed startups, and small businesses who are interested in really, truly partnering with the US Air Force. It's, as I said before, it's a really exciting time to be a part of this business. And working with the innovation economy is something that the Department of Defense really needs to do in that the innovation that we used to think was ours. That 80% of the industrial base innovation that came from the Department of Defense, the script has been flipped there. And so now more than 70%, particularly in space innovation comes from the commercial sector, not from the defense business itself. And so that's a tsunami of investment and a tsunami of a capability. And I need to figure out how to get my surfboard out and ride it, you know what I mean? >> Yeah, It's one of those things where the script has been flipped, but it's exciting because it's impacting everything. When you're talking about systems architecture? You're talking about software, you're talking about a business model. You're talking about dev sec opsx from a technical perspective, but now you have a business model innovation. All the theaters are exploding in innovation, technical, business, personnel. This brings up the workforce challenge. You've got the cyber needs for the US Space Force, It's probably great ROI model for new kinds of software development that could be priced into contracts. That's a entrepreneurial innovation, you've got the business model theater, you've got the personnel. How does the industry adopt and change? You guys are clearly driving this. How does the industry adjust to you? >> Yeah. So I think a great way to answer that question is to just talk about the kind of people that we're trying to prioritize in the US Space Force from an acquisition perspective, and in this particular case from a cybersecurity perspective. As I mentioned earlier, it's the most exciting time to be in space programs, really since the days of Apollo. Just to put it in terms that maybe have an impact with the audience. From 1957 until today, approximately 9,000 satellites have been launched from the various space varying countries around the planet. Less than 2000 of those 9,000 are still up on orbit and operational. And yet in the new space regime players like Space X have plans to launch, 12,000 satellites for some of their constellations alone. It really is a remarkable time in terms of innovation and fielding of space capabilities and all of those space capabilities, whether they're commercial, civil, or defense are going to require appropriate cybersecurity protections. It's just a really exciting time to be working in stuff like this. And so folks like the folks in this audience who have a passion about space and a passion about cybersecurity are just the kind of people that we want to work with. Cause we need to make sure our systems are secure and resilient. We need folks that have technical and computing expertise, engineering skills to be able to design cyber secure systems that can detect and mitigate attacks. But we also, as you alluded to, we need people that have that business and business acumen, human networking background, so that we can launch the startups and work with the non traditional businesses. Help to bring them on board help, to secure both their data and our data and make sure our processes and systems are free as much as possible from attack. For preparation, for audience members who are young and maybe thinking about getting into this trade space, you got to be smart on digital networking. You got to understand basic internet protocols, concepts, programming languages, database design. Learn what you can for penetration or vulnerability testing and a risk assessment. I will tell you this, and I don't think he will, I know he will not mind me telling you this, but you got to be a lifelong learner and so two years ago, I'm at home evening and I get a phone call on my cell phone and it's my boss, the commander of Air Force Space command, General, J. Raymond, who is now currently the Chief of Space Operations. And he is on temporary duty, flying overseas. He lands where he's going and first thing he does when he lands is he calls me and he goes JT, while I was traveling, I noticed that there were eBooks available on the commercial airliner I was traveling on and there was an ebook on something called scrumming and agile DevSecOps. And I read it, have you read it? And I said, no, sir. But if you tell me what the title of the book is, I will read it. And so I got to go to my staff meeting, the very next week, the next time we had a staff meeting and tell everybody in the staff meeting, hey, if the four star and the three star can read the book about scrumming, then I'm pretty sure all of you around this table and all our lieutenants and our captains our GS13s, All of our government employees can get smart on the scrumming development process. And interestingly as another side, I had a telephone call with him last year during the holidays, where he was trying to take some leave. And I said, sir, what are you up to today? Are you making eggnog for the event tonight or whatever. And the Chief of Space Operations told me no, I'm trying to teach myself Python. I'm at lesson two, and it's not going so well, but I'm going to figure this out. And so that kind of thing, if the chief of staff or the Chief of Space Operations can prioritize scrumming and Python language and innovation in his daily schedule, then we're definitely looking for other people who can do that. And we'll just say, lower levels of rank throughout our entire space force enterprise. Look, we don't need people that can code a satellite from scratch, but we need to know, we need to have people that have a basic grasp of the programming basics and cybersecurity requirements. And that can turn those things into meaningful actions, obviously in the space domain, things like basic physics and orbital mechanics are also important spaces, not an intuitive domain. So under understanding how things survive on orbit is really critical to making the right design and operational decisions. And I know there's probably a lot, because of this conference. I know there's probably a whole lot of high speed cybersecurity experts out in the audience. And I need those people in the US Space Force. The country is counting on it, but I wouldn't discount having people that are just cyber aware or cyber savvy. I have contracting officers and logisticians and program managers, and they don't have to be high end cybersecurity experts, but they have to be aware enough about it to be able to implement cyber security protections into our space systems. So the skill set is really, really broad. Our adversaries are pouring billions of dollars into designing and fielding offensive and destructive space, cybersecurity weapons. They repeatedly shown really a blatant disregard of safety and international norms for good behavior on orbit. And the cyber security aspects of our space systems is really a key battleground going forward so that we can maintain that. As I mentioned before, peaceful global comments of space, we really need all hands on deck. If you're interested in helping in uniform, if you're interested in helping, not in uniform, but as a government employee, a commercial or civil employee to help us make cyber security more important or more able to be developed for our space systems. And we'd really love to work with you or have you on the team to build that safe and secure future for our space systems. >> Lieutenant General John Thompson, great insight. Thank you for sharing all that awesome stories too, and motivation for the young next generation. The United States Space Force approach to cybersecurity. Really amazing talk, thank you for your time. Final parting question is, as you look out and you have your magic wand, what's your view for the next few years in terms of things that we could accomplish? It's a super exciting time. What do you hope for? >> So first of all, John, thanks to you and thanks to Cal Poly for the invitation and thanks to everybody for their interest in cybersecurity, especially as it relates to space systems, that's here at the conference. There's a quote, and I'll read it here from Bernard Schriever, who was the founder, if you will, a legend in a DoD space, the founder of the Western development division, which was a predecessor organization to Space and Missile System Center, General Schriever, I think captures the essence of how we see the next couple of years. "The world has an ample supply of people "who can always come up with a dozen good reasons "why new ideas will not work and should not be tried, "but the people who produce progress are breed apart. "They have the imagination, "the courage and the persistence to find solutions." And so I think if you're hoping that the next few years of space innovation and cybersecurity innovation are going to be upon a pony ride at the County fair, then perhaps you should look for another line of work, because I think the next few years in space and cybersecurity innovation are going to be more like a rodeo and a very dynamic rodeo as it goes. It is an awesome privilege to be part of this ecosystem. It's really an honor for me to be able to play some small role in the space ecosystem and trying to improve it while I'm trying to improve the chances of the United States of America in a space war fighting environment. And so I thank all of you for participating today and for this little bit of time that you've allowed me to share with you. Thank you. >> Sir, thank you for your leadership and thank you for the time for this awesome event, Space and Cyber Cybersecurity Symposium 2020, I'm John Furrier on behalf of Cal Poly, thanks for watching. (mellow music)

>>live from Las Vegas. It's the Cube covering Splunk dot com. 19. Brought to you by spunk. >>Okay, welcome back. Everyone secures live coverage in Las Vegas response dot com. I'm John Ferrier, host of the Cube. We're here for three days is a spunk. Spunk dot com 10 anniversary of their end user conference way Got some great guests here. They talk about diversity, inclusion breaking the barrier. Women in tech We got some great guests. Jane Heights, I add Si io National government service is Thanks for joining us. Appreciate it. Carol Jones, CEO Sandy and National Labs from Albuquerque Think coming on to CEOs of excited Suzanne McGovern. Diversity and inclusion talent leader for Splunk Thanks for guys joining us. Really appreciate it. I want to get into a panel you guys discuss because this is the area of really important to the workforce. Global workforce is made up of men and women, but most of the software text built by mostly men. But we get that second. I want to get in, find out what you guys are doing in your rolls because you guys, the journey is breaking through the barrier. Start with you. What's your role. What do you do? Their CEO. >>So I am CEO for National Government Service Is we do Medicare claims processing for the federal government. We also have a number of I t contracts with CMS. And, um, I organ. I have an organization of 331 people. Very different organization, Data center, infrastructure security gambit of I t, if you will. A great group of people divers were in Baltimore. Where? In Indianapolis. We're out of the kingdom office. How >>long have you been in 19 >>My career. So yes. Yeah. The waves. Yes. I have seen the waves have Daryl >>Jones and I'm c i o same National Laboratories. It's a federally funded research and development center. So we do research and development from on behalf of the U. S. Government. I have about 500 employees and 400 contractors. So we provide the I T for Sadia, all gametes of it, including some classified environments. >>A lot of security, your role. What's wrong? >>I'm the chief diversity officer. It's Plus I get the pleasure to do that every day. A swell, a cz. It's everyone's job. Not just magically explode. But I'm very honored to do that. How to look after talent. >>I want to compliment you guys on your new branding. Thank not only is a cool and really picking orange, but also that position is very broad and everything is trade message. But the big posters have diversity. Not a bunch of men on the posters. So congratulations, it's anger. Representative is really important. Worth mentioning. Okay, let's start with the journey. The topic you guys just talked about on a panel here in Las Vegas is female leaders smashing the glass ceiling. So when you smash his last ceiling, did you get caught? Was her bleeding? What happened? Take us for your journey. What was big? Take away. What's the learnings? Share your stories. >>Well, a lot of it, as I shared today with Panel, is really learning and be having that Lerner mindset and learning from something that you do, which is part of your life. And I use the example of I'm married to an Indian Muslim, went to India, spent some time with his family, and they told me Let's be ready at 6 30 and I said, Okay, I'm ready. I'm ready. Dressed in 6 30 nobody else was ready. And everyone in the room said, Well, we're gonna have Chai first we're gonna have some tea And I was like, Well, you said 6 30 and I'm ready And, um, everyone said, Well, you know, we need to relax. We need to connect. We need to have some time So I took that back and said, You know what? We all need to make time for tea Way. All need to connect with our people and the individuals that work with us, And I've kind of taken that on through the last 20 years of being married, Tim. But connecting with individuals and your teams and your partner's is what's important and as what Lead Meeks. I've built those allies and that great group of people that >>being people centric, relationship driven, not so much chasing promotions or those kinds. >>That's what's worked for me. Yes, >>Carol, it's been your journey. Stories >>start a little bit of beginnings. I've been in Tech over 30 years. I got a bachelor's and marketing, and then I was looking to get my master's. So I got, um, I s degree, but I didn't know even to go into that field. So my professor said you needed to go into my s, so don't know that's too hard. You can't do that. You know, you could do it. So it's always been challenging myself and continuing learning. I worked at IBM then I was there in the time when they did great layoffs. So no, e he was 93 right to left. Only wonder he's gonna be left by the end of the year. >>You know, for the younger audience out there M I s stands from management information systems. Before that, there was data processing division which actually relevant today. Quite a journey. What a great spirit. What's the one thing that you could share? Folks, this is a lot of young women coming into the workforce, and a lot of people are looking at inspirational figures like yourselves that have been there and done that. There's a lot of mentoring going on is a lot of navigation for young women and understand minorities. And they just you guys, there's no real playbook. You guys have experiences. What's your advice, folks out watching >>my number one advice. And I gave this to people who are wanting to go into leadership. Trust yourself. Trust to you. Are you all got to this place because of the successful person you are and just continue to trust yourself to take advantage of those opportunities. Take a risk. I took a risk when my total focus was in Medicare. I was asked to do another job and I took another, you know, position. And it wasn't in Medicare. So you have to take those opportunities and risk and just trust that you're gonna get yourself. >>Carol. You're >>similar. It's to continue to grow and to be resilient, there'll be times in your career like a layoff where you don't know what you're gonna do. You bounce back and make it into uneven. Better job on. Take risks. I took a risk. I went into cybersecurity. Spent 10 years there, continuing learning and the Brazilian >>learnings key, right? I mean, one of the things about security mentioned 10 years. So much has changed, hasn't it? >>Well, it's bad. Guys still outnumber the good guys. That has changed faster. Exactly. Technologies change. >>Just talk about the diversity inclusion efforts. You guys have a Splunk Splunk cultures very open transparent on the technology solutions very enabling you actually enabling a lot of change on the solution side. Now we're seeing tech for good kind of stories because Texas Tech Tech for business. But also you're seeing speed and times value time to mission value, a new term way kicked around this morning. It's time to mission value. >>Yes. So I'm glad you mentioned data, right? We're data company, and we're very proud that we actually whole star diversity inclusion numbers, right? So way moved the needle 1.8% on gender last year, year on year pride, but not satisfied. We understand that there's much more to diversity inclusion than just gender, But our strategy is threefold for diversity. Inclusion. So it's work force, workplace marketplace farces around just where talk is improving our representation so that these women are no longer the only. These are in the minority that were much more represented, and we're lucky we have three women and our board. We have four women in our C suite, so we're making good good progress. But there's a lot more to do, and as I say, it's not just about gender. We want to do way, nor the innovation is fueled by diversity. So we want to try. You know, folks of different races, different ethnicity, military veterans, people with disability. We need everyone. It's belongs to be, since >>you guys are all three leaders in the industry, Thanks for coming on. Appreciate that. I want to ask you guys because culture seems to be a common thread. I mean, I do so money talks and interviews with leaders for all types, from digital transformation to Dev ops, the security and they always talk speeds in fees. But all the change comes from culture people on what I'm seeing is a pattern of success. Diversity inclusion works well if it's in the culture of the company, so one filter for anyone a woman or anyone is this is a company culturally aligned with it. So that's the question is what do you do when you have a culture that's aligned with it? And what do you do? There's a culture that's not allow, so you want to get out. But how do you unwind and how do you navigate and how do you see the size of signals? Because the date is there >>a way to certainly really harness and failed a culture of inclusion. And that's through employee resource groups in particular. So it's plunks. More than 50% of our spelunkers are actually members. Followers are allies on employee resource. So gives community. It gives that sense of inclusion so that everyone could bring their whole Selves to work. So, to your point, it really does build a different culture, different level of connection. And it's super different. >>Any thoughts on culture and signals look for good, bad, ugly, I mean, because you see a good ways taken right. Why not >>take a chance, right? Right. No, I think, you know, like you look at it and you decide, like some young women we were talking to, You know, Is this the right company for you? And if not, can you find an ally? You know, it's a feeling that the culture isn't there and helped educate him on help to get him to be Jack of what does he and his leaders, I think we have to always ask ourselves, Are we being inclusive for everyone >>and mine? I would spend it a little bit. Is that diversity and thoughts And how? When I joined this organization. Culture is a big factor that needs to change and some of the things that I'm working on, but to bring people to the table and hear those different thoughts and listen to them because they all do think differently. No matter color, race, gender, that sort of thing. So diversity and thought is really something that I try to focus in on >>carry. Palin was just on the Cuban CMO of Splunk and top of the logo's on the branding and, she said, was a great team effort. Love that because she's just really cool about that. And she said we had a lot of diversity and thought, which is a code word for debate. So when you have diversity, I want to get your thoughts on this because this is interesting. We live in a time where speed is a competitive advantage speed, creativity, productivity, relevance, scale. These air kind of the key kind of modern efforts. Diversity could slow things down, too, so but the benefit of diversity is more thought, more access to data. So the question is, what do you guys think about how companies or individuals could not lose the speed keep the game going on the speed and scale and get the benefits of the diversity because you don't want things to grind down. Toe halts way Slugs in the speed game get data more diverse. Data comes in. That's a technical issue. But with diversity, you >>want a challenge that, to be honest, because we're a data company in the details. Irrefutable. Right? So gender diverse Teams up inform homogeneous teams by about 15% if you take that to race and ethnicity was up to 33%. Companies like ourselves, of course, their numbers see an uptick in share price. It's a business imperative, right? We get that. It's the right thing to do. But this notion that it slows things down, you find a way right. You're really high performance. You find a way best time. So it doesn't always come fast, right? Sometimes it's about patients and leadership. So I'm on the side of data and the data is there. If you tickle, di bear seems just perform better, >>so if it is slowing down, your position would be that it's not working >>well. Yes, I know. I think you got to find a way to work together, you know? And that's a beautiful thing about places like spun were hyper cool, right? It's crazy. Tons of work to do different things were just talking about this in the break way have this unwritten rule that we don't hire. I'll see jerks for >>gender neutral data, saris, origin, gender neutral data. >>Yeah, absolutely no hiring folks are really gonna, you know, have a different cultural impact there. No cultural adds the organization way. Need everyone on bats. Beautiful thing. And that's what makes it special. >>I think you know, is you start to work and be more inclusive. You start to build trust. So it goes back to what Jane was talking about relationships. And so you gotta have that foundation and you can move fast and still be reversed. I >>think that's a very key point. Trust is critical because people are taking chances whether they're male or female. If the team works there like you see a Splunk, it shouldn't be an issue becomes an issue when it's issue. All right, so big Walk away and learnings over the years in your journey. What was some moments of greatness? Moments of struggle where you brought your whole self to bear around resolving in persevering what were some challenges in growth moments that really made a difference in your life breaking through that ceiling. >>Wow. Well, um, I'm a breast cancer survivor, and I, uh, used my job and my strength to pull me through that. And I was working during the time, and I had a great leader who took it upon herself to make sure that I could work if I wanted. Thio are not. And it really opened that up for me to be able to say, I can still bring my whole self, whatever that is today that I'm doing. And I look back at that time and that was a strength from inside that gave me that trust myself. You're going to get through it. And that was a challenging personal time, But yet had so many learnings in it, from a career perspective to >>story thanks for sharing Caroline stories and struggles and successes that made him big impact of you. Your >>life. It was my first level one manager job. I got into cybersecurity and I didn't know what I was doing. I came back. My boss of Carol. I don't know what you did this year, and so I really had to learn to communicate. But prior to that, you know that I would never have been on TV. Never would have done public speaking like we did today. So I had to hire a coach and learn hadn't forward on communications. Thanks for sharing stories, I think a >>pivotal moment for me. I was in management, consultants say, for the first half of my career, Dad's first child and I was on the highway with a local Klein seven in the morning. Closet Night started on a Sunday midday, so I didn't see her a week the first night. I know many women who do it just wasn't my personal choice. So I decided to take a roll internal and not find Jason and was told that my career would be over, that I would be on a track, that I wouldn't get partner anymore. And it really wasn't the case. I find my passions in the people agenda did leadership development. I didn't teach our role. I got into diversity, including which I absolutely love. So I think some of those pivotal moments you talked about resilient earlier in the panel is just to dig, dying to know what's important to you personally and for the family and really follow your to north and you know, it works out in the end, >>you guys air inspiration. Thank you for sharing that, I guess on a personal question for me, as a male, there's a lot of men who want to do good. They want to be inclusive as well. Some don't know what to do. Don't even are free to ask for directions, right? So what would you advise men? How could they help in today's culture to move the needle forward, to support beach there from trust and all these critical things that make a difference what you say to that? >>So the research says that women don't suffer from a lack of mentorship. The sucker suffer from a lack of advocacy. So I would say if you want to do something super easy and impactful, go advocate for women, go advocate for women. You know who is amazing I there and go help her forward >>in Korea. And you can do that. Whatever gender you are, you can advocate for others. Yeah, also echo the advocacy. I would agree. >>Trust relationships, yes, across the board >>way, said Thio. Some of the women and our allies today WAAS bring your whole self. And I would just encourage men to do that, to bring your whole self to work, because that's what speeds up the data exchange. That's what it speeds up. Results >>take a chance, >>Take a chance, bring your whole self >>get trust going right. He opened a communicated and look at the date on the photo booth. Datable driver. Thank you guys so much for sharing your stories in The Cube, you think. Uses the stories on the Cube segments. Cube coverage here in Las Vegas for the 10th stop. Compass Accused seventh year John Ferrier with Q. Thanks for watching.

>> Live, from Las Vegas, it's "The Cube" covering VMworld 2018, brought to you by VMware and its ecosystem partners. >> Welcome back. This is The Cube coverage of VM World 2018. Always love when we get to dig in with the practitioners here. I'm Stu Miniman. My cohost is Justin Warren. Welcome to the program first-time guest Andrew Chavez, who is a network and information technology manager with Indian Pueblo Cultural Center out of Albuquerque, New Mexico. >> Out of Albuquerque, New Mexico, that's correct. >> Excellent. Thanks so much for joining us. >> Well, thank you so much for having me. >> Alright, so first of all, tell us a little bit about your organization and your role. >> Well, the Indian Pueblo Cultural Center is kind of a touch point for all the 19 tribes in the state of New Mexico. It's actually one of the only places in the entire world, where 19 tribes, 19 different cultures, really, of Native American people have gotten together, built a cultural center and kind of have formed a gateway in Albuquerque, the largest city in New Mexico, and the gateways to the Pueblos. So it's kind of a cool place. There's just a mix of a lot of neat people, a lot of the different Pueblo people come in and out. It's culturally just a great place to be, just a wonderful, cool place. And on top of that, they at the Pueblo Cultural Center formed a development corporation. So not only do we have the cultural side, which is really neat, but we have this development side, which is developing the old Indian schools. I don't know if you remember the cultural background of the Indian schools throughout the United States of America. >> Yes. >> They've actually taken some of the land for the Cultural Center and the Indian school and are repurposing it, to really help out the Cultural Center and the 19 tribes as we give back to them. >> So is this nonprofit then? >> We have a nonprofit side and a for-profit side. >> OK, give us a little bit of the scope of the operation. You mentioned the tribes and everything, but is it multiple locations? And your scope of responsibilities. >> It's actually multiple locations, so we are actually housed in the Cultural Center itself, but directly across the street we're building up places like hotels, restaurants, office buildings, things of that nature, to kind of diversify the portfolio of things that we offer to the community at large. That money is given back to the stakeholders, who are are the 19 Pueblos. And I was brought in last year, to kind of take what they were as an IT department, and really improve on what they were doing, what they've already done, and just kind of take what's already been done and make it better, and really be able to not only serve the Pueblo Cultural Center, but I'm working to make a showcase there if we can. >> So, Andrew, maybe you could give us a bit of an idea of how IT supports the mission of the Cultural Center. A lot of people are worried that IT is just a cost center and it sits off on the end there and it's something that you have to pay for. So what are some of the things that IT enables the Cultural Center to do, that they wouldn't be able to do otherwise? >> Well, some of the things that we do is... cultural preservation is really one of the big things that we do. Because we do represent all the 19 tribes of New Mexico, different aspects of each of those tribes, in terms of pottery, paintings, all the very rich nature of the hand-crafted pieces that the Pueblos take care of, are all representative of the Cultural Center. So it's not only putting those, but it's cataloging, archiving them, and help with the preservation and dissemination of that information, right? So, when you walk through our museum, all the things are automated. You can go in and press buttons and hear the different languages, see how the pottery is made, see how a lot of these arts and crafts come together, see the history of the Pueblo people and kind of what happened, and how, really, other cultures have interdispersed themselves and interweaved themselves within the rich history of the Pueblo people of New Mexico. And how this overarching culture has really made a difference in the state. Those preservations and on top of that, it's using technology to be able to, again, disseminate it and show how those things work going forward. >> Great stuff, Andrew. Alright, so all the people that visit probably don't understand all the stuff that's behind the scenes. So, it's like all of us that have worked in IT, people are like "Oh, you do computer stuff, right?" So, take us a little bit behind the curtain and tell us a little bit about what technologies you are using to help enable all of those great things you talked about. >> Well, currently what we're using is, we kind of started really green field. The folks that were there before me had worked in more of a single server, hot closet environment (laughs), some of the ways it used to be. There were a lot of consultants, and the decision was made that, to match a lot of the technology initiatives that are going on with the other Pueblos, the Cultural Center needs to catch up. So that's one of the reasons why I was brought in. So one of the first things we did, is say, what can we start doing? And so, when you pull the curtain back one of the things we really decided on was going to a full virtual environment, and finding the right technology and the right player to help us put together a virtual environment, help us build out a data center, and do some of those things. So that's kind of where we started. We started with a five year plan on that build-out and how to maximize not only the budgets that we have, but push those budgets through proper depreciation. So it was really kind of neat to be able to go to a place that I could kind of just pick and choose the things I needed to move forward, and kind of set the course for us moving forward. >> Alright, so could you tell us about some of the decisions you actually made there? So, what did you choose, and what led you to make that particular choice of technology provider? >> Well, initially I started out, because I had worked in a previous endeavor using a UCS, you know, the three in one solution, you have your OS, you have the host, and then you have the navs that's presented to the host, and that's what originally I was going to do because that's what I knew. But I went out to a conference called TribalNet, and was introduced to Nutanix. And I was aware of Nutanix, but I hadn't delved into it. So I kind of talked to one of the reps out there, Justin, and he kind of talked me through Nutanix. When I got back, I searched out a place in Albuquerque called Ardham Technologies, who sells Nutanix, and sat with them. Now, the old UCS was less expensive, cause it's a little older technology, and we didn't think we could get into a hyperconverged solution, but working with the Nutanix rep and my rep from Ardham, they really found a way to make it affordable for us and get us into the hyperconverged technology, which is where I wanted to go. So it was really, kind of... That was the first big decision I made, and I've been very happy with it. >> Excellent. So, having made that deciison and put it in, what are ome of the things that you've now been able to do, given that this is where you wanted to go, and thought maybe it wasn't going to be possible, but now it is. So what's that enabled you to do, that you were looking forward to being able to do? >> Well, it's been abled for us to consolidate a lot of what we have. We haven't used it to its fullest potential because the implementation's only been in about five months. >> Right. >> But what we've been able to do is take those different single servers and move them into a virtualized environment, and then be able to build out a storage area and place user files, and group files, and all the disparate storage areas that were siloed throughout the environment, put it on one single piece of equipment that we can watch. >> Right. >> It's been able to allow us to move to a backup solution that goes to the cloud and isn't fractured, right? So it puts it all in one single area that we can watch, and gives us a single pane of glass for all our servers, which we didn't have before. It's just made us better at what we do, really, and be able to watch what we're doing a lot better. >> Andrew, it's interesting. We talked for years about hyperconvergence. It's not just about converging into the footprint, but it changes the model, because it's really more of a distributed architecture. I think you've got some geographic locations. Maybe help discuss how that fits together, between multiple locations, multi-cloud. It's not just about taking a couple of servers and putting them down to a smaller footprint, it's giving you more flexibility. >> And you've really hit the nail on the head, for the five year plan, right? So year one, it's like choose the vendor, choose the course, but the five year plan is to be able to geographically disperse what we're doing. Because we're using Nutanix, it allows us to put a three-note cluster over here in a single box, we take another single box and put a two-note cluster over here and geographically disperse it. It also allows us, I talked about depreciation, and this is something that I worked on in other places. What we did, is we bought the Nutanix node that we have now for today, right. We plan on using that and buying a secondary node, and using that for the next three years. As we build up, remember I talked about having the development across the road, as we're building new buildings, we're going to build an alternate data center there, and the third year, we're going to take that piece of equipment and move that to the data center and build out a disaster recovery center. So when we buy the new Nutanix node, those two will now be joined. So, not only are we sharing information between the two locations, and have backups geographically dispersed, but we also have been able to use SRM a lot of different ways, to keep the geographical locations up, keep business continuity, but the other portion that is really interesting to us, is that most technology is about a three year depreciation schedule, right. >> Yeah. >> We've been able to take that three year depreciation schedule, and because we're using the older technology as our backup business continuity center, that takes it out to six year depreciation, which extends the life of what we have and be able, when we buy new equipment, it's the newest, greatest, we have the business continuity equipment. And then of course the nodes talk to each other, so we're doing data duplication across two locations. So really when we're all done, we can have up to four to six sets of backups throughout any portion of the day, so it really protects our data and gives us a continuity that we wouldn't have before. >> As someone who really likes a good financial model and spends a lot of time in spreadsheets, mucking around with that, it's really good to hear someone from an IT arena talking about some of the financial impacts on this, some of the business impacts on this. It shows that what is possible when IT takes an interest in the business issues, and shows, we were talking about this earlier on The Cube, about IT people getting a seat at the table, being able to have that conversation about the five year plan, about what makes IT strategically important to the organization. And it's really great hearing a customer actually talk about IT in that context. >> Well, that's one of the things that I think IT gets lost in and as you know, with CIOs, CFOs, CEOs, IT is always seen as a cost center. And we'd eventually like to not be a cost center. (laughs) We'd like to make money, but we have to be fiscally responsible. We have to be fiscally responsible for a number of reasons where I come from at the Indian Pueblo Cultural Center, because we do have a responsibility to our shareholders. We have a responsibility to the Native American people that are taking care of us. We need to take care of them. So if we can find the technology that we need, that we can be a showcase, not only in the technological realm, but also how we budget and take care of money, that shows huge commitment to what we're doing. You know, you can't be a showcase unless you're going to be fiscally responsible as well as technologically responsible, so that's what we're trying to do. >> Yeah, and Andrew, the other thing that strikes me from your conversation, you talk about this five year plan. Sometimes we come to the shows and it's like oh wait, I'm worried about lock-in and enterprise license agreement. Talk about what you look for in choosing partners that will be strategic, that will be with you for this kind of engagement. >> Well, I'm looking for, everybody's always looking for cutting edge, right? But you need to have cutting edge with a background, with a roadmap, right? So what I look for in not only a partner that services me locally, but also in the larger vendor partners, for instance Nutanix. I look for somebody who has a roadmap of what they're doing. Here's what we started with. You know, if I have a five year plan, what's your five year plan? What was your five year plan? Where did you come from? Where are you going to? Can you show me what's going to go on over here? And that's one thing that I really liked about Nutanix, is they had here's what got us here, here's how it's changing, here's what we can show you moving forward, and here's how it can help you. And then, you know, my vendor in Albuquerque, I want the same things. Are you growing? Are you stagnant? What's your customer list? And then the last portion of that is really a relationship sell. There are people out there that will go buy from any vendor because that's what the price ensues, but I can't buy on just price because I need pricing and support and be able to, you know, one call (laughs) We used to say one throat to choke, but I don't like using that any more. But you know, somebody you can drive to and have a conversation with. And that's one thing I've really respected about my vendors, and I like from a customer perspective, is people that are real, they come and see you, and then I can reach out to not only my local vendor, but the folks that support them. I do have to say, with Nutanix, I met Justin who is the rep from Nutanix. He got me involved with the sales engineer at that point and they were on site, they worked directly with me and built just a great relationship around this brand new purchase, something I'm not familiar with but it's a foray into a wider world. And it made me really comfortable with my decision. >> Alright. What's the most exciting thing that you're looking forward to? So you've seen the roadmap, you've spoken to the vendors and you have an idea of what your five year plan is. What's the most exciting thing that's going to be coming up in the next few years? >> The biggest thing for me, and it's probably not even a new thing for Nutanix, but it's what Nutanix is built on. It's what you talked about, the geographical separation, the node building and how we can, Okay, you need more compute? We can give you more compute. You need more storage? We can give you more storage. You need to add something over here? We can do that. It's the flexibility it gives me to stick within budget, we don't have to do this huge budget every year, to be able to prop up what we need. We can buy piece by piece and build it out. And again part of that fiscal responsibility is being forward looking and working with a company that's saying hey, we can get you this today. We're going to take care of you, we're going to listen to your needs, we're going to get you what you need, and here's the bolt-on pieces as we move forward. So I think that's the most exciting piece, is being able to grow within that framework. I like to use a word called platforms for what (laughs) we're doing, right? And I think, from an IT perspective, that's what we're doing and from a cultural perspective, the Indian Pueblo cultural perspective, it's having that platform. So if we say from a museum standpoint, we found the latest and greatest software that's going to allow people to do virtual reality, but we need a back end to support it, I can say I got that. (laughs) We've been able to build the platform to put that on. So it's putting that platform in place, building on that platform, us growing into it and then that company growing with us. And that's been something that's been just transformative for us. >> Well, Andrew, you talked about authentic conversations. We really appreciate you sharing your story with us. Be sure to check out IndianPueblo.org for all that they have to offer. I want to check out the museum. You've got a great list of cultural activities there, so thanks so much for joining us. >> Yes, come see us at the Indian Pueblo Cultural Center. The best time to come is the first week in October for the Albuquerque Balloon Fiesta. We'd love to have you all. >> Alright, for Justin Warren, I'm Stu Miniman. We still have lots more coverage here from Vmworld 2018. Thanks for watching The Cube. (upbeat techno music)

>> Live, from Las Vegas, it's "The Cube" covering VMworld 2018, brought to you by VMware and its ecosystem partners. >> Welcome back. This is The Cube coverage of VM World 2018. Always love when we get to dig in with the practitioners here. I'm Stu Miniman. My cohost is Justin Warren. Welcome to the program first-time guest Andrew Chavez, who is a network and information technology manager with Indian Pueblo Cultural Center out of Albuquerque, New Mexico. >> Out of Albuquerque, New Mexico, that's correct. >> Excellent. Thanks so much for joining us. >> Well, thank you so much for having me. >> Alright, so first of all, tell us a little bit about your organization and your role. >> Well, the Indian Pueblo Cultural Center is kind of a touch point for all the 19 tribes in the state of New Mexico. It's actually one of the only places in the entire world, where 19 tribes, 19 different cultures, really, of Native American people have gotten together, built a cultural center and kind of have formed a gateway in Albuquerque, the largest city in New Mexico, and the gateways to the Pueblos. So it's kind of a cool place. There's just a mix of a lot of neat people, a lot of the different Pueblo people come in and out. It's culturally just a great place to be, just a wonderful, cool place. And on top of that, they at the Pueblo Cultural Center formed a development corporation. So not only do we have the cultural side, which is really neat, but we have this development side, which is developing the old Indian schools. I don't know if you remember the cultural background of the Indian schools throughout the United States of America. >> Yes. >> They've actually taken some of the land for the Cultural Center and the Indian school and are repurposing it, to really help out the Cultural Center and the 19 tribes as we give back to them. >> So is this nonprofit then? >> We have a nonprofit side and a for-profit side. >> OK, give us a little bit of the scope of the operation. You mentioned the tribes and everything, but is it multiple locations? And your scope of responsibilities. >> It's actually multiple locations, so we are actually housed in the Cultural Center itself, but directly across the street we're building up places like hotels, restaurants, office buildings, things of that nature, to kind of diversify the portfolio of things that we offer to the community at large. That money is given back to the stakeholders, who are are the 19 Pueblos. And I was brought in last year, to kind of take what they were as an IT department, and really improve on what they were doing, what they've already done, and just kind of take what's already been done and make it better, and really be able to not only serve the Pueblo Cultural Center, but I'm working to make a showcase there if we can. >> So, Andrew, maybe you could give us a bit of an idea of how IT supports the mission of the Cultural Center. A lot of people are worried that IT is just a cost center and it sits off on the end there and it's something that you have to pay for. So what are some of the things that IT enables the Cultural Center to do, that they wouldn't be able to do otherwise? >> Well, some of the things that we do is... cultural preservation is really one of the big things that we do. Because we do represent all the 19 tribes of New Mexico, different aspects of each of those tribes, in terms of pottery, paintings, all the very rich nature of the hand-crafted pieces that the Pueblos take care of, are all representative of the Cultural Center. So it's not only putting those, but it's cataloging, archiving them, and help with the preservation and dissemination of that information, right? So, when you walk through our museum, all the things are automated. You can go in and press buttons and hear the different languages, see how the pottery is made, see how a lot of these arts and crafts come together, see the history of the Pueblo people and kind of what happened, and how, really, other cultures have interdispersed themselves and interweaved themselves within the rich history of the Pueblo people of New Mexico. And how this overarching culture has really made a difference in the state. Those preservations and on top of that, it's using technology to be able to, again, disseminate it and show how those things work going forward. >> Great stuff, Andrew. Alright, so all the people that visit probably don't understand all the stuff that's behind the scenes. So, it's like all of us that have worked in IT, people are like "Oh, you do computer stuff, right?" So, take us a little bit behind the curtain and tell us a little bit about what technologies you are using to help enable all of those great things you talked about. >> Well, currently what we're using is, we kind of started really green field. The folks that were there before me had worked in more of a single server, hot closet environment (laughs), some of the ways it used to be. There were a lot of consultants, and the decision was made that, to match a lot of the technology initiatives that are going on with the other Pueblos, the Cultural Center needs to catch up. So that's one of the reasons why I was brought in. So one of the first things we did, is say, what can we start doing? And so, when you pull the curtain back one of the things we really decided on was going to a full virtual environment, and finding the right technology and the right player to help us put together a virtual environment, help us build out a data center, and do some of those things. So that's kind of where we started. We started with a five year plan on that build-out and how to maximize not only the budgets that we have, but push those budgets through proper depreciation. So it was really kind of neat to be able to go to a place that I could kind of just pick and choose the things I needed to move forward, and kind of set the course for us moving forward. >> Alright, so could you tell us about some of the decisions you actually made there? So, what did you choose, and what led you to make that particular choice of technology provider? >> Well, initially I started out, because I had worked in a previous endeavor using a UCS, you know, the three in one solution, you have your OS, you have the host, and then you have the navs that's presented to the host, and that's what originally I was going to do because that's what I knew. But I went out to a conference called TribalNet, and was introduced to Nutanix. And I was aware of Nutanix, but I hadn't delved into it. So I kind of talked to one of the reps out there, Justin, and he kind of talked me through Nutanix. When I got back, I searched out a place in Albuquerque called Ardham Technologies, who sells Nutanix, and sat with them. Now, the old UCS was less expensive, cause it's a little older technology, and we didn't think we could get into a hyperconverged solution, but working with the Nutanix rep and my rep from Ardham, they really found a way to make it affordable for us and get us into the hyperconverged technology, which is where I wanted to go. So it was really, kind of... That was the first big decision I made, and I've been very happy with it. >> Excellent. So, having made that deciison and put it in, what are ome of the things that you've now been able to do, given that this is where you wanted to go, and thought maybe it wasn't going to be possible, but now it is. So what's that enabled you to do, that you were looking forward to being able to do? >> Well, it's been abled for us to consolidate a lot of what we have. We haven't used it to its fullest potential because the implementation's only been in about five months. >> Right. >> But what we've been able to do is take those different single servers and move them into a virtualized environment, and then be able to build out a storage area and place user files, and group files, and all the disparate storage areas that were siloed throughout the environment, put it on one single piece of equipment that we can watch. >> Right. >> It's been able to allow us to move to a backup solution that goes to the cloud and isn't fractured, right? So it puts it all in one single area that we can watch, and gives us a single pane of glass for all our servers, which we didn't have before. It's just made us better at what we do, really, and be able to watch what we're doing a lot better. >> Andrew, it's interesting. We talked for years about hyperconvergence. It's not just about converging into the footprint, but it changes the model, because it's really more of a distributed architecture. I think you've got some geographic locations. Maybe help discuss how that fits together, between multiple locations, multi-cloud. It's not just about taking a couple of servers and putting them down to a smaller footprint, it's giving you more flexibility. >> And you've really hit the nail on the head, for the five year plan, right? So year one, it's like choose the vendor, choose the course, but the five year plan is to be able to geographically disperse what we're doing. Because we're using Nutanix, it allows us to put a three-note cluster over here in a single box, we take another single box and put a two-note cluster over here and geographically disperse it. It also allows us, I talked about depreciation, and this is something that I worked on in other places. What we did, is we bought the Nutanix node that we have now for today, right. We plan on using that and buying a secondary node, and using that for the next three years. As we build up, remember I talked about having the development across the road, as we're building new buildings, we're going to build an alternate data center there, and the third year, we're going to take that piece of equipment and move that to the data center and build out a disaster recovery center. So when we buy the new Nutanix node, those two will now be joined. So, not only are we sharing information between the two locations, and have backups geographically dispersed, but we also have been able to use SRM a lot of different ways, to keep the geographical locations up, keep business continuity, but the other portion that is really interesting to us, is that most technology is about a three year depreciation schedule, right. >> Yeah. >> We've been able to take that three year depreciation schedule, and because we're using the older technology as our backup business continuity center, that takes it out to six year depreciation, which extends the life of what we have and be able, when we buy new equipment, it's the newest, greatest, we have the business continuity equipment. And then of course the nodes talk to each other, so we're doing data duplication across two locations. So really when we're all done, we can have up to four to six sets of backups throughout any portion of the day, so it really protects our data and gives us a continuity that we wouldn't have before. >> As someone who really likes a good financial model and spends a lot of time in spreadsheets, mucking around with that, it's really good to hear someone from an IT arena talking about some of the financial impacts on this, some of the business impacts on this. It shows that what is possible when IT takes an interest in the business issues, and shows, we were talking about this earlier on The Cube, about IT people getting a seat at the table, being able to have that conversation about the five year plan, about what makes IT strategically important to the organization. And it's really great hearing a customer actually talk about IT in that context. >> Well, that's one of the things that I think IT gets lost in and as you know, with CIOs, CFOs, CEOs, IT is always seen as a cost center. And we'd eventually like to not be a cost center. (laughs) We'd like to make money, but we have to be fiscally responsible. We have to be fiscally responsible for a number of reasons where I come from at the Indian Pueblo Cultural Center, because we do have a responsibility to our shareholders. We have a responsibility to the Native American people that are taking care of us. We need to take care of them. So if we can find the technology that we need, that we can be a showcase, not only in the technological realm, but also how we budget and take care of money, that shows huge commitment to what we're doing. You know, you can't be a showcase unless you're going to be fiscally responsible as well as technologically responsible, so that's what we're trying to do. >> Yeah, and Andrew, the other thing that strikes me from your conversation, you talk about this five year plan. Sometimes we come to the shows and it's like oh wait, I'm worried about lock-in and enterprise license agreement. Talk about what you look for in choosing partners that will be strategic, that will be with you for this kind of engagement. >> Well, I'm looking for, everybody's always looking for cutting edge, right? But you need to have cutting edge with a background, with a roadmap, right? So what I look for in not only a partner that services me locally, but also in the larger vendor partners, for instance Nutanix. I look for somebody who has a roadmap of what they're doing. Here's what we started with. You know, if I have a five year plan, what's your five year plan? What was your five year plan? Where did you come from? Where are you going to? Can you show me what's going to go on over here? And that's one thing that I really liked about Nutanix, is they had here's what got us here, here's how it's changing, here's what we can show you moving forward, and here's how it can help you. And then, you know, my vendor in Albuquerque, I want the same things. Are you growing? Are you stagnant? What's your customer list? And then the last portion of that is really a relationship sell. There are people out there that will go buy from any vendor because that's what the price ensues, but I can't buy on just price because I need pricing and support and be able to, you know, one call (laughs) We used to say one throat to choke, but I don't like using that any more. But you know, somebody you can drive to and have a conversation with. And that's one thing I've really respected about my vendors, and I like from a customer perspective, is people that are real, they come and see you, and then I can reach out to not only my local vendor, but the folks that support them. I do have to say, with Nutanix, I met Justin who is the rep from Nutanix. He got me involved with the sales engineer at that point and they were on site, they worked directly with me and built just a great relationship around this brand new purchase, something I'm not familiar with but it's a foray into a wider world. And it made me really comfortable with my decision. >> Alright. What's the most exciting thing that you're looking forward to? So you've seen the roadmap, you've spoken to the vendors and you have an idea of what your five year plan is. What's the most exciting thing that's going to be coming up in the next few years? >> The biggest thing for me, and it's probably not even a new thing for Nutanix, but it's what Nutanix is built on. It's what you talked about, the geographical separation, the node building and how we can, Okay, you need more compute? We can give you more compute. You need more storage? We can give you more storage. You need to add something over here? We can do that. It's the flexibility it gives me to stick within budget, we don't have to do this huge budget every year, to be able to prop up what we need. We can buy piece by piece and build it out. And again part of that fiscal responsibility is being forward looking and working with a company that's saying hey, we can get you this today. We're going to take care of you, we're going to listen to your needs, we're going to get you what you need, and here's the bolt-on pieces as we move forward. So I think that's the most exciting piece, is being able to grow within that framework. I like to use a word called platforms for what (laughs) we're doing, right? And I think, from an IT perspective, that's what we're doing and from a cultural perspective, the Indian Pueblo cultural perspective, it's having that platform. So if we say from a museum standpoint, we found the latest and greatest software that's going to allow people to do virtual reality, but we need a back end to support it, I can say I got that. (laughs) We've been able to build the platform to put that on. So it's putting that platform in place, building on that platform, us growing into it and then that company growing with us. And that's been something that's been just transformative for us. >> Well, Andrew, you talked about authentic conversations. We really appreciate you sharing your story with us. Be sure to check out IndianPueblo.org for all that they have to offer. I want to check out the museum. You've got a great list of cultural activities there, so thanks so much for joining us. >> Yes, come see us at the Indian Pueblo Cultural Center. The best time to come is the first week in October for the Albuquerque Balloon Fiesta. We'd love to have you all. >> Alright, for Justin Warren, I'm Stu Miniman. We still have lots more coverage here from Vmworld 2018. Thanks for watching The Cube. (upbeat techno music)

>> Live from Boston, Massachusetts, it's the CUBE covering IBM Chief Data Officer Summit. Brought to you by IBM. >> Welcome back to the CUBE's live coverage of the IBM CDO Strategy Summit here in Boston, Massachusetts. I'm your host, Rebecca Knight, along with my co-host Dave Vellante. We're joined by Mark Lack. He is the Strategy Analytics and Business Intelligence Manager at Mueller Inc. Thanks so much for joining us, Mark. >> Thank you for the invite. >> So why don't you tell our viewers a little bit about Mueller and about what you do there. >> Sure, Mueller Inc. is based in the southwest. Ballinger, Texas, to be specific. And, I don't expect anybody, unless they Google it right now, would be able to find that city. But that's where our corporate headquarters and our main manufacturing plant has been. And, we are a company that manufactures and retails steel building products. So, if you think of a warehouse, or a backyard building or even a metal roof, or even I was looking downtown, or downstairs, earlier today, this building is made out of big steel girders. We take those and form them into a product that a customer can use for storage or for living or for any of whatever their use happens to be. Typically, it might be agricultural, but you also find it in very, very large buildings. Mueller is a retailer that happens to manufacture its products. Now, that's a very important distinction, because the company, up until about 15, 20 years ago, viewed itself as a manufacturer that just happened to retail its products. And so when you take the change in the emphasis, your business changes. The way you approach your customers, the way you approach your products, the way you market yourself, is completely different from one side to the other. We've been in business since 1930s, been around for a very long time. It's a family owned business that has it's culture and it's success rooted in West Texas. We have 40 locations all over the southwest. We're headquartered in Ballinger, Texas. We're as far east as Oak Grove, Louisiana and as far west with locations as Albuquerque, New Mexico. >> So you do cognitive analytics for Mueller, so tell our viewers a little bit about what you do there. >> Sure. Mueller has always been on the forefront of technology. Not for technology's sake, but really for effectiveness and efficiency's sake. So Mueller did business process reengineering when it was common for much larger organizations to do. But Mueller took it under as the reality for us to manage our business in the future. We need to have the professional tools to be able to do this. So we set on in our industry using technology in novel ways that our competition just doesn't do. So with the implementation of technology, what you have is a lot of data that comes along. And so we've been very effective using it for our balance scorecard to report metrics and keep the organization on track with that. Giving information back to various parts of the organization and then also creating an analytics platform and program that allows us to really dive deep into the organization and the data and everything that's being thrown off from modern technology. So cognitive analytics. This is something, as you hear about in technology today is, from the robots to artificial intelligence. Cognitive analytics, I think is for us a better way of looking at it of augmented intelligence. We have all of this data, we have these wonderful systems that help give us information to give us the answers we need on our business processes. We have some predictive analytics that help us to identify the challenges going ahead. What we don't have is the deep dive into using these technologies of cognitive to take all of this big data and find answers to situations that it would take a hundred people a hundred years to find out to be able to mine through. So the cognitive analytics is our new direction of analytics, and to be honest with you it's really the natural progression from our traditional analytic system. So as I said before, we have the regular analytics, we have the predictive analytics. As we get into cognitive, this is the next generation of how do we take this data that we have, that's coming at a volume and a velocity and a variety that is so difficult to look at as it is in a spreadsheet, and offload this onto system that can help us to interpret, give us some answers that we can then judge and then make decisions from. >> So, as you said, you have a lot of data. You got customer data, you got supply chain data, you got product data, you got sales data, retail location data. What's the data architecture look like? I mean, some data is more important than other data. How did you approach this opportunity? >> So, a few years ago I went to the first World of Watson, which was in New York. There was about a thousand attendees and Ginni Rometty had had this great presentation and it was very inspiring and she asked, "What will you do with Watson?" And at the time I had no idea what we were going to do with Watson, and so I sat on the plane on the way back and I thought through what are the business case scenarios that we can use to use artificial intelligence in a steel building company in Ballinger, Texas. Don't forget the irony of that part. As we're going to to go back to start using cognitive. So I thought through this and I went to our owner and we had many, many conversations on cognitive. You had the jeopardy, the Watson championship and you started thinking about all of these systems. But the real question was how could we take a new technology and apply it to our existing business to make a difference? And I'm getting to the answer to your question on how it got structured. So we went down the path of investigating Watson, and we've realized that the cognitive is part of our future. And so we plan on leveraging cognitive in many ways. We'd like to see it sales effectiveness, operations effectiveness, transportation effectiveness. There are all sorts of great ideas that we have. One of the challenges we have, and the reason I'm here at the CDO Summit, is when we start to look at our data, the question is are we cognitive ready? And I'll be honest to you, we are for today for a sliver of what cognitive capability is. As you've always heard the numbers 80% of your data is in unstructured format. So we have lots and lots of unstructured data. We have a lot of structured data. When it comes to the analytics around our structured data, we're pretty good, but when you start talking about unstructured data, how do we now take this to add to our structured data and then have a more complete picture of the problem that we're searching? So what I'm hoping to gain here at the CDO Summit is talking to some of these world-class leaders in data operations and data management to help understand what their pain points were. Learn from them so I can take that back and help to architect what our needs are so that we can take advantage of this entire cognitive future that's... >> So you're precognitive. So cognitive ready, let's unpack that a little bit. That means, that what you've got a level of confidence in the data quality? You've got an understanding of how to secure it, govern it, who gets access to it? What does that mean, being cognitive ready? >> So it's going to to be all of those. All of the above. First is, do you have the data? And we all have data, whether it's in spreedsheet on our systems, whether it's in our mobile phone, whether it's on our websites, whether it's in our EIP systems, and I can keep going on >> You got data. >> We have data, but the question is, do we have access to the data? And if you talk to some people, well sure, we have access to the data. Just tell me what data you want and I'll get you access. Okay, well, that is one answer to a much larger problem, because that's only going to give you what your asking for. What the cognitive future is promising for us is we may not know the questions to ask. I think that's the difference between traditional analytics and then the cognitive analytics. One of the benefits of cognitive will be the fact that cognitive will give answers to questions that we're never asked. And so now that this happens, what do we do with it? You know, when we start thinking about having attacking a problem, you know, being data ready, having the data there, that's part of the problem. And I think most companies say we're pretty good with our data. But with the 80% that we don't have access to, the real question is, are we missing that crucial piece of information that prevents us from making the right decision at the right time? And so our approach, and what I'm going to go back with, is understanding the data architecture that those who have gone before me that I can pick up and bring back to my organization and help us to implement that in a way that will make it cognitive ready for the future. You know, it's not just the access to the data; it's having the data. And I had lunch a few years ago with Steve Mills who was a senior executive for IBM, and one of the people at lunch was bold enough to ask him, "How do we know what data to capture?" And he said, very bluntly, "All of it." Now this was about five years ago. So, back then, you're shaking your heads saying, "We don't have storage capabilities. "We don't have the ability to store all these data." But he had already seen the future, and what he was telling us right then was all of it is going to be valuable. So where we are today, we think we know what data's valuable. But cognitive's going to help us to understand what other data might me valuable as well. >> So I'm interested in your job from the perspective of the organizational change. And you work for, as you said, a small family-owned company. Smallish of family-owned company. And we've heard a lot of today about the business transformation, the technology involved, and how that has really changed dramatically over the last decade. But then, there's also this other piece which is the social and cultural change within these organizations. Can you describe your experience in terms of how your colleagues interpret your world? >> You're asking me those questions 'cause you can see the bruises from whatever I have to accomplish. (laughter) You know, within an organization, one of the benefits of working that I found at Muller, and it's a family organization, is that those who work there, and I've been there for 18 years, and I'm still considered a newcomer to the organization right after 18 years. But we're not there unless we have a strong commitment to the organization and to the culture of the company. So, while we may not always agree as to what the future needs to hold, okay? We all understand we need to do what's best for this company for its long term survival. At the end of the day, that's what we're there to do. So culturally, when you first come up with saying you're going to do artificial intelligence, you know, you got a lot of head-scratching, especially in West Texas. I have a hard time explaining even to those around me what it is that I do. But, once you start telling the story that we have data, we have lots of data, and that there might be information in that data that we don't know now but in the future we may have, and so, it's important for us to capture that data and store it. Whether or not we know that there's immediate value, we know there's some value, okay? And if we can take that leap that there's going to be some value, and we're here with the help of the organization faces, we know that there are challenges to every organization. We're a still building company in Ballinger, Texas. Now I know I keep saying that, but what if a company like Uber comes up with metal building and all of a sudden, we have new challenges that we never thought we'd face? Many organizations that have been up, industries that have been in upheaval from these changes in either technology access or a new idea that splits the difference. We want to make sure we can stay ahead, and so when we start talking about that from a culture, we're here for the long term value of the company. We're committed to this organization, so what it do we need to do? And so, you know, the term "out of the box thinking" is something that sometimes we have to do. That doesn't mean it's easy. It doesn't mean that we all immediately say, "Aha! This is what we're going to do." It takes convincing. It takes a lot of conversation, and it takes a lot of political capital to show that what it is that we're going to do is going to make sense and use a lot of good examples. >> Well, and you come to tongue-in-cheek about people rolling their eyes about AI and so forth, but any manufacturer who sees 3D printing and the way it's evolved goes "Wow!" And then the data that you can capture from that, so, I wanted to ask you, when you talk to your colleagues and people are afraid that robots are going to take over the world and so forth, but what are the things that when you think about augmented intelligence that, you know, where do the machines leave off and the humans pick up? What kinds of things do humans do in your world that machines don't do that well? >> So, you know, if I go back and think about analytics, for example, there's a lot of time collecting data, storing data, translating data, creating contract to retrieve that data, putting that data into a beautiful report and then handing it out. Think of all that time that it takes to get there, right? A lot of people who are in analytics think that they're adding value by doing it. But to be honest with you, they're not. There's no value in the construct. And so, what the value is in the interpretation of that data. So what do computers do well and what do we do well? We do well at interpreting what those findings tell us. If we can offload those transactions back to a machine that can set the data for us, automatically construct the data, put it into a situation for us that can then allow us to then interpret the results? Then we're spending the majority of our time adding value by interpreting and making changes with the company versus spending that same time going back and constructing something that may or may not be something that may add value. So we spend 80% of our time creating data for a report. The report, now we have to test the report to determine, can I communicate this the right way? You have machine learning now and you have tools that will then take this data and say, "Oh, this is numerical data. "This looks like general ledger data. This is the type of way this data should be displayed." So I don't have to think of a graph. It suggests one for me. So what it does is then allow me to interpret the results, not worry about the construct. >> So you can focus on the things that humans do well. But the other thing I want to talk to you about is the talent issue. I mean you guys, you've mentioned before that you're based in West Texas and you are working on a real vanguard in your industry. As I said, you were someone who is thinking about whether or not Uber is going to say, "Let's make steel buildings." I mean, is that a problem that you're facing, that your company is facing? >> Well, there is no joke, right, that the fact of the future's going to have a man and a dog. And the man's job is to feed the dog, and the dog's job is to bite the man if he tries to touch any of the machinery, right? So, I don't think that we're there. The jobs aren't going to be eliminated to where people are not able to add value. But finding a talent, back to your question, is the expectation that we have of talent, it is scarce. Finding people that have the skills to now interpret the data, so you can find people that have a lot of time that can do any of those steps in between. But now, what's happened is, you want people to add value, not create constructs that don't add the value. So the type of talent that you look for are people who can interpret this information to give us the better answers that we need for the organization to thrive. And that's really where I see the talent shifting is on more forward-looking, outcome-based, value-based decision making, not as much on the development of items that could be offloaded to a machine. >> Yeah, I mean, interpretation, creativity, ideation. I mean, machines have always replaced humans. We've talked about this on The Cube before, but the first time in human history, machines are replacing humans in cognitive functions. I mean, you gave an example of the workflow of developing a report, which... >> Kenney Company can relate to, yeah. >> But yeah, 10 years ago, that was like super valuable. Today it's like, "Let's automate that." >> Well, but the challenge I think where people have is where do they add value? What is the problem that we're trying to solve? It's where do we add value. If we add value creating the construct, you aren't going to be employed, because something else is going to do that. >> But if you add value on focusing on the output and being able to interpret that output in a way that adds value to your company, you'll be employed forever. So, you know, people that can solve problems, take the information, make decisions, make suggestions that are going to make the company better, will always be employed. But it's the people who think they add value flipping a switch or programming a lever, now, they think their value's very important there, but I think what we have to do and it behooves us, is to translate those jobs into where do you add value? Where is the most important thing you need to be doing for the success of this company? And that I think is really the future. >> Are you... We haven't asked any IoT questions today. I want to ask you, are you sort of digitizing, instrumenting for your customers the end products of what you guys produce, and how was that creating data? >> You know, we haven't, we talked about it. We don't have products that, we're not selling things that are machinery that might break down and give us information, and so, we're building final products that are there, that people will then do different things with. So, IoT hasn't worked for us from a product standpoint, but we are looking at our various machinery and making sure that we have understanding as to those events that are causing a break down. One of the challenges we have in our industry is if we have a line that manufactures apart, if it goes down, okay, now it shuts everything down. So we have a duplicate, which can get very expensive. We have duplicates of everything, and how many duplicates do you need to have to make sure you have duplicates of the duplicates? So if we can start to look at the state of this coming from our machinery, and use that as a predictor, then we can use that, and so you have sort of an IoT thing there by looking at the data that's there. But is it feeding back into our normal reporting systems? It's not necessarily like it is from a smartphone are enabled like that. >> No, but it's anticipating a potential outage. >> Sure. >> And avoiding that. Yeah, great. >> Well Mark, thanks so much for coming on The Cube. It was wonderful conversation. >> Thank you. >> I'm Rebecca Knight with Dave Vellante. We will have more from the CDO Summit just after this. (upbeat music)