(light airy music) >> Hello, everyone, welcome to theCUBE's presentation of the AWS Startup Showcase, AI and machine learning. "Top Startups Building Generative AI on AWS." This is season three, episode one of the ongoing series covering the exciting startups from the AWS ecosystem, talking about AI machine learning. We have three great guests Bratin Saha, VP, Vice President of Machine Learning and AI Services at Amazon Web Services. Tom Mason, the CTO of Stability AI, and Aidan Gomez, CEO and co-founder of Cohere. Two practitioners doing startups and AWS. Gentlemen, thank you for opening up this session, this episode. Thanks for coming on. >> Thank you. >> Thank you. >> Thank you. >> So the topic is hype versus reality. So I think we're all on the reality is great, hype is great, but the reality's here. I want to get into it. Generative AI's got all the momentum, it's going mainstream, it's kind of come out of the behind the ropes, it's now mainstream. We saw the success of ChatGPT, opens up everyone's eyes, but there's so much more going on. Let's jump in and get your early perspectives on what should people be talking about right now? What are you guys working on? We'll start with AWS. What's the big focus right now for you guys as you come into this market that's highly active, highly hyped up, but people see value right out of the gate? >> You know, we have been working on generative AI for some time. In fact, last year we released Code Whisperer, which is about using generative AI for software development and a number of customers are using it and getting real value out of it. So generative AI is now something that's mainstream that can be used by enterprise users. And we have also been partnering with a number of other companies. So, you know, stability.ai, we've been partnering with them a lot. We want to be partnering with other companies as well. In seeing how we do three things, you know, first is providing the most efficient infrastructure for generative AI. And that is where, you know, things like Trainium, things like Inferentia, things like SageMaker come in. And then next is the set of models and then the third is the kind of applications like Code Whisperer and so on. So, you know, it's early days yet, but clearly there's a lot of amazing capabilities that will come out and something that, you know, our customers are starting to pay a lot of attention to. >> Tom, talk about your company and what your focus is and why the Amazon Web Services relationship's important for you? >> So yeah, we're primarily committed to making incredible open source foundation models and obviously stable effusions been our kind of first big model there, which we trained all on AWS. We've been working with them over the last year and a half to develop, obviously a big cluster, and bring all that compute to training these models at scale, which has been a really successful partnership. And we're excited to take it further this year as we develop commercial strategy of the business and build out, you know, the ability for enterprise customers to come and get all the value from these models that we think they can get. So we're really excited about the future. We got hugely exciting pipeline for this year with new modalities and video models and wonderful things and trying to solve images for once and for all and get the kind of general value and value proposition correct for customers. So it's a really exciting time and very honored to be part of it. >> It's great to see some of your customers doing so well out there. Congratulations to your team. Appreciate that. Aidan, let's get into what you guys do. What does Cohere do? What are you excited about right now? >> Yeah, so Cohere builds large language models, which are the backbone of applications like ChatGPT and GPT-3. We're extremely focused on solving the issues with adoption for enterprise. So it's great that you can make a super flashy demo for consumers, but it takes a lot to actually get it into billion user products and large global enterprises. So about six months ago, we released our command models, which are some of the best that exist for large language models. And in December, we released our multilingual text understanding models and that's on over a hundred different languages and it's trained on, you know, authentic data directly from native speakers. And so we're super excited to continue pushing this into enterprise and solving those barriers for adoption, making this transformation a reality. >> Just real quick, while I got you there on the new products coming out. Where are we in the progress? People see some of the new stuff out there right now. There's so much more headroom. Can you just scope out in your mind what that looks like? Like from a headroom standpoint? Okay, we see ChatGPT. "Oh yeah, it writes my papers for me, does some homework for me." I mean okay, yawn, maybe people say that, (Aidan chuckles) people excited or people are blown away. I mean, it's helped theCUBE out, it helps me, you know, feed up a little bit from my write-ups but it's not always perfect. >> Yeah, at the moment it's like a writing assistant, right? And it's still super early in the technologies trajectory. I think it's fascinating and it's interesting but its impact is still really limited. I think in the next year, like within the next eight months, we're going to see some major changes. You've already seen the very first hints of that with stuff like Bing Chat, where you augment these dialogue models with an external knowledge base. So now the models can be kept up to date to the millisecond, right? Because they can search the web and they can see events that happened a millisecond ago. But that's still limited in the sense that when you ask the question, what can these models actually do? Well they can just write text back at you. That's the extent of what they can do. And so the real project, the real effort, that I think we're all working towards is actually taking action. So what happens when you give these models the ability to use tools, to use APIs? What can they do when they can actually affect change out in the real world, beyond just streaming text back at the user? I think that's the really exciting piece. >> Okay, so I wanted to tee that up early in the segment 'cause I want to get into the customer applications. We're seeing early adopters come in, using the technology because they have a lot of data, they have a lot of large language model opportunities and then there's a big fast follower wave coming behind it. I call that the people who are going to jump in the pool early and get into it. They might not be advanced. Can you guys share what customer applications are being used with large language and vision models today and how they're using it to transform on the early adopter side, and how is that a tell sign of what's to come? >> You know, one of the things we have been seeing both with the text models that Aidan talked about as well as the vision models that stability.ai does, Tom, is customers are really using it to change the way you interact with information. You know, one example of a customer that we have, is someone who's kind of using that to query customer conversations and ask questions like, you know, "What was the customer issue? How did we solve it?" And trying to get those kinds of insights that was previously much harder to do. And then of course software is a big area. You know, generating software, making that, you know, just deploying it in production. Those have been really big areas that we have seen customers start to do. You know, looking at documentation, like instead of you know, searching for stuff and so on, you know, you just have an interactive way, in which you can just look at the documentation for a product. You know, all of this goes to where we need to take the technology. One of which is, you know, the models have to be there but they have to work reliably in a production setting at scale, with privacy, with security, and you know, making sure all of this is happening, is going to be really key. That is what, you know, we at AWS are looking to do, which is work with partners like stability and others and in the open source and really take all of these and make them available at scale to customers, where they work reliably. >> Tom, Aidan, what's your thoughts on this? Where are customers landing on this first use cases or set of low-hanging fruit use cases or applications? >> Yeah, so I think like the first group of adopters that really found product market fit were the copywriting companies. So one great example of that is HyperWrite. Another one is Jasper. And so for Cohere, that's the tip of the iceberg, like there's a very long tail of usage from a bunch of different applications. HyperWrite is one of our customers, they help beat writer's block by drafting blog posts, emails, and marketing copy. We also have a global audio streaming platform, which is using us the power of search engine that can comb through podcast transcripts, in a bunch of different languages. Then a global apparel brand, which is using us to transform how they interact with their customers through a virtual assistant, two dozen global news outlets who are using us for news summarization. So really like, these large language models, they can be deployed all over the place into every single industry sector, language is everywhere. It's hard to think of any company on Earth that doesn't use language. So it's, very, very- >> We're doing it right now. We got the language coming in. >> Exactly. >> We'll transcribe this puppy. All right. Tom, on your side, what do you see the- >> Yeah, we're seeing some amazing applications of it and you know, I guess that's partly been, because of the growth in the open source community and some of these applications have come from there that are then triggering this secondary wave of innovation, which is coming a lot from, you know, controllability and explainability of the model. But we've got companies like, you know, Jasper, which Aidan mentioned, who are using stable diffusion for image generation in block creation, content creation. We've got Lensa, you know, which exploded, and is built on top of stable diffusion for fine tuning so people can bring themselves and their pets and you know, everything into the models. So we've now got fine tuned stable diffusion at scale, which is democratized, you know, that process, which is really fun to see your Lensa, you know, exploded. You know, I think it was the largest growing app in the App Store at one point. And lots of other examples like NightCafe and Lexica and Playground. So seeing lots of cool applications. >> So much applications, we'll probably be a customer for all you guys. We'll definitely talk after. But the challenges are there for people adopting, they want to get into what you guys see as the challenges that turn into opportunities. How do you see the customers adopting generative AI applications? For example, we have massive amounts of transcripts, timed up to all the videos. I don't even know what to do. Do I just, do I code my API there. So, everyone has this problem, every vertical has these use cases. What are the challenges for people getting into this and adopting these applications? Is it figuring out what to do first? Or is it a technical setup? Do they stand up stuff, they just go to Amazon? What do you guys see as the challenges? >> I think, you know, the first thing is coming up with where you think you're going to reimagine your customer experience by using generative AI. You know, we talked about Ada, and Tom talked about a number of these ones and you know, you pick up one or two of these, to get that robust. And then once you have them, you know, we have models and we'll have more models on AWS, these large language models that Aidan was talking about. Then you go in and start using these models and testing them out and seeing whether they fit in use case or not. In many situations, like you said, John, our customers want to say, "You know, I know you've trained these models on a lot of publicly available data, but I want to be able to customize it for my use cases. Because, you know, there's some knowledge that I have created and I want to be able to use that." And then in many cases, and I think Aidan mentioned this. You know, you need these models to be up to date. Like you can't have it staying. And in those cases, you augmented with a knowledge base, you know you have to make sure that these models are not hallucinating. And so you need to be able to do the right kind of responsible AI checks. So, you know, you start with a particular use case, and there are a lot of them. Then, you know, you can come to AWS, and then look at one of the many models we have and you know, we are going to have more models for other modalities as well. And then, you know, play around with the models. We have a playground kind of thing where you can test these models on some data and then you can probably, you will probably want to bring your own data, customize it to your own needs, do some of the testing to make sure that the model is giving the right output and then just deploy it. And you know, we have a lot of tools. >> Yeah. >> To make this easy for our customers. >> How should people think about large language models? Because do they think about it as something that they tap into with their IP or their data? Or is it a large language model that they apply into their system? Is the interface that way? What's the interaction look like? >> In many situations, you can use these models out of the box. But in typical, in most of the other situations, you will want to customize it with your own data or with your own expectations. So the typical use case would be, you know, these are models are exposed through APIs. So the typical use case would be, you know you're using these APIs a little bit for testing and getting familiar and then there will be an API that will allow you to train this model further on your data. So you use that AI, you know, make sure you augmented the knowledge base. So then you use those APIs to customize the model and then just deploy it in an application. You know, like Tom was mentioning, a number of companies that are using these models. So once you have it, then you know, you again, use an endpoint API and use it in an application. >> All right, I love the example. I want to ask Tom and Aidan, because like most my experience with Amazon Web Service in 2007, I would stand up in EC2, put my code on there, play around, if it didn't work out, I'd shut it down. Is that a similar dynamic we're going to see with the machine learning where developers just kind of log in and stand up infrastructure and play around and then have a cloud-like experience? >> So I can go first. So I mean, we obviously, with AWS working really closely with the SageMaker team, do fantastic platform there for ML training and inference. And you know, going back to your point earlier, you know, where the data is, is hugely important for companies. Many companies bringing their models to their data in AWS on-premise for them is hugely important. Having the models to be, you know, open sources, makes them explainable and transparent to the adopters of those models. So, you know, we are really excited to work with the SageMaker team over the coming year to bring companies to that platform and make the most of our models. >> Aidan, what's your take on developers? Do they just need to have a team in place, if we want to interface with you guys? Let's say, can they start learning? What do they got to do to set up? >> Yeah, so I think for Cohere, our product makes it much, much easier to people, for people to get started and start building, it solves a lot of the productionization problems. But of course with SageMaker, like Tom was saying, I think that lowers a barrier even further because it solves problems like data privacy. So I want to underline what Bratin was saying earlier around when you're fine tuning or when you're using these models, you don't want your data being incorporated into someone else's model. You don't want it being used for training elsewhere. And so the ability to solve for enterprises, that data privacy and that security guarantee has been hugely important for Cohere, and that's very easy to do through SageMaker. >> Yeah. >> But the barriers for using this technology are coming down super quickly. And so for developers, it's just becoming completely intuitive. I love this, there's this quote from Andrej Karpathy. He was saying like, "It really wasn't on my 2022 list of things to happen that English would become, you know, the most popular programming language." And so the barrier is coming down- >> Yeah. >> Super quickly and it's exciting to see. >> It's going to be awesome for all the companies here, and then we'll do more, we're probably going to see explosion of startups, already seeing that, the maps, ecosystem maps, the landscape maps are happening. So this is happening and I'm convinced it's not yesterday's chat bot, it's not yesterday's AI Ops. It's a whole another ballgame. So I have to ask you guys for the final question before we kick off the company's showcasing here. How do you guys gauge success of generative AI applications? Is there a lens to look through and say, okay, how do I see success? It could be just getting a win or is it a bigger picture? Bratin we'll start with you. How do you gauge success for generative AI? >> You know, ultimately it's about bringing business value to our customers. And making sure that those customers are able to reimagine their experiences by using generative AI. Now the way to get their ease, of course to deploy those models in a safe, effective manner, and ensuring that all of the robustness and the security guarantees and the privacy guarantees are all there. And we want to make sure that this transitions from something that's great demos to actual at scale products, which means making them work reliably all of the time not just some of the time. >> Tom, what's your gauge for success? >> Look, I think this, we're seeing a completely new form of ways to interact with data, to make data intelligent, and directly to bring in new revenue streams into business. So if businesses can use our models to leverage that and generate completely new revenue streams and ultimately bring incredible new value to their customers, then that's fantastic. And we hope we can power that revolution. >> Aidan, what's your take? >> Yeah, reiterating Bratin and Tom's point, I think that value in the enterprise and value in market is like a huge, you know, it's the goal that we're striving towards. I also think that, you know, the value to consumers and actual users and the transformation of the surface area of technology to create experiences like ChatGPT that are magical and it's the first time in human history we've been able to talk to something compelling that's not a human. I think that in itself is just extraordinary and so exciting to see. >> It really brings up a whole another category of markets. B2B, B2C, it's B2D, business to developer. Because I think this is kind of the big trend the consumers have to win. The developers coding the apps, it's a whole another sea change. Reminds me everyone use the "Moneyball" movie as example during the big data wave. Then you know, the value of data. There's a scene in "Moneyball" at the end, where Billy Beane's getting the offer from the Red Sox, then the owner says to the Red Sox, "If every team's not rebuilding their teams based upon your model, there'll be dinosaurs." I think that's the same with AI here. Every company will have to need to think about their business model and how they operate with AI. So it'll be a great run. >> Completely Agree >> It'll be a great run. >> Yeah. >> Aidan, Tom, thank you so much for sharing about your experiences at your companies and congratulations on your success and it's just the beginning. And Bratin, thanks for coming on representing AWS. And thank you, appreciate for what you do. Thank you. >> Thank you, John. Thank you, Aidan. >> Thank you John. >> Thanks so much. >> Okay, let's kick off season three, episode one. I'm John Furrier, your host. Thanks for watching. (light airy music)

(upbeat music) >> Hey everyone. Welcome back to "The Cube"'s live coverage of "Women in Data Science 2023". As every year we are here live at Stanford University, profiling some amazing women and men in the fields of data science. I have my co-host for this segment is Hannah Freitag. Hannah is from Stanford's Data Journalism program, really interesting, check it out. We're very pleased to welcome our first guest of the day fresh from the keynote stage, Gayatree Ganu, the VP of Data Science at Meta. Gayatree, It's great to have you on the program. >> Likewise, Thank you for having me. >> So you have a PhD in Computer Science. You shared some really cool stuff. Everyone knows Facebook, everyone uses it. I think my mom might be one of the biggest users (Gayatree laughs) and she's probably watching right now. People don't realize there's so much data behind that and data that drives decisions that we engage with. But talk to me a little bit about you first, PhD in Computer Science, were you always, were you like a STEM kid? Little Gayatree, little STEM, >> Yeah, I was a STEM kid. I grew up in Mumbai, India. My parents are actually pharmacists, so they were not like math or stats or anything like that, but I was always a STEM kid. I don't know, I think it, I think I was in sixth grade when we got our first personal computer and I obviously used it as a Pacman playing machine. >> Oh, that's okay. (all laugh) >> But I was so good at, and I, I honestly believe I think being good at games kind of got me more familiar and comfortable with computers. Yeah. I think I always liked computers, I, yeah. >> And so now you lead, I'm looking at my notes here, the Engagement Ecosystem and Monetization Data Science teams at Facebook, Meta. Talk about those, what are the missions of those teams and how does it impact the everyday user? >> Yeah, so the engagement is basically users coming back to our platform more, there's, no better way for users to tell us that they are finding value on the things that we are doing on Facebook, Instagram, WhatsApp, all the other products than coming back to our platform more. So the Engagement Ecosystem team is looking at trends, looking at where there are needs, looking at how users are changing their behaviors, and you know, helping build strategy for the long term, using that data knowledge. Monetization is very different. You know, obviously the top, top apex goal is have a sustainable business so that we can continue building products for our users. And so, but you know, I said this in my keynote today, it's not about making money, our mission statement is not, you know, maximize as much money as you can make. It's about building a meaningful connection between businesses, customers, users, and, you know especially in these last two or three funky, post-pandemic years, it's been such a big, an important thing to do for small businesses all over all, all around the world for users to find like goods and services and products that they care about and that they can connect to. So, you know, there is truly an connection between my engagement world and the monetization world. And you know, it's not very clear always till you go in to, like, you peel the layers. Everything we do in the ads world is also always first with users as our, you know, guiding principle. >> Yeah, you mentioned how you supported especially small businesses also during the pandemic. You touched a bit upon it in the keynote speech. Can you tell our audience what were like special or certain specific programs you implemented to support especially small businesses during these times? >> Yeah, so there are 200 million businesses on our platform. A lot of them small businesses, 10 million of them run ads. So there is a large number of like businesses on our platform who, you know use the power of social media to connect to the customers that matter to them, to like you, you know use the free products that we built. In the post-pandemic years, we built a lot of stuff very quickly when Covid first hit for business to get the word out, right? Like, they had to announce when special shopping hours existed for at-risk populations, or when certain goods and services were available versus not. We had grants, there's $100 million grant that we gave out to small businesses. Users could show sort of, you know show their support with a bunch of campaigns that we ran, and of course we continue running ads. Our ads are very effective, I guess, and, you know getting a very reliable connection with from the customer to the business. And so, you know, we've run all these studies. We support, I talked about two examples today. One of them is the largest black-owned, woman black-owned wine company, and how they needed to move to an online program and, you know, we gave them a grant, and supported them through their ads campaign and, you know, they saw 60% lift in purchases, or something like that. So, a lot of good stories, small stories, you know, on a scale of 200 million, that really sort of made me feel proud about the work we do. And you know, now more than ever before, I think people can connect so directly with businesses. You can WhatsApp them, I come from India, every business is on WhatsApp. And you can, you know, WhatsApp them, you can send them Facebook messages, and you can build this like direct connection with things that matter to you. >> We have this expectation that we can be connected anywhere. I was just at Mobile World Congress for MWC last week, where, obviously talking about connectivity. We want to be able to do any transaction, whether it's post on Facebook or call an Uber, or watch on Netflix if you're on the road, we expect that we're going to be connected. >> Yeah. >> And what we, I think a lot of us don't realize I mean, those of us in tech do, but how much data science is a facilitator of all of those interactions. >> Yeah! >> As we, Gayatree, as we talk about, like, any business, whether it is the black women-owned wine business, >> Yeah. >> great business, or a a grocer or a car dealer, everybody has to become data-driven. >> Yes. >> Because the consumer has the expectation. >> Yes. >> Talk about data science as a facilitator of just pretty much everything we are doing and conducting in our daily lives. >> Yeah, I think that's a great question. I think data science as a field wasn't really defined like maybe 15 years ago, right? So this is all in our lifetimes that we are seeing this. Even in data science today, People come from so many different backgrounds and bring their own expertise here. And I think we, you know, this conference, all of us get to define what that means and how we can bring data to do good in the world. Everything you do, as you said, there is a lot of data. Facebook has a lot of data, Meta has a lot of data, and how do we responsibly use this data? How do we use this data to make sure that we're, you know representing all diversity? You know, minorities? Like machine learning algorithms don't do well with small data, they do well with big data, but the small data matters. And how do you like, you know, bring that into algorithms? Yeah, so everything we do at Meta is very, very data-driven. I feel proud about that, to be honest, because while data gets a bad rap sometimes, having no data and making decisions in the blind is just the absolute worst thing you can do. And so, you know, we, the job as a data scientist at Facebook is to make sure that we use this data, use this responsibly, make sure that we are representing every aspect of the, you know, 3 billion users who come to our platform. Yeah, data serves all the products that we build here. >> The responsibility factor is, is huge. You know, we can't talk about AI without talking about ethics. One of the things that I was talking with Hannah and our other co-host, Tracy, about during our opening is something I just learned over the weekend. And that is that the CTO of ChatGPT is a woman. (Gayatree laughs) I didn't know that. And I thought, why isn't she getting more awareness? There's a lot of conversations with their CEO. >> Yeah. >> Everyone's using it, playing around with it. I actually asked it yesterday, "What's hot in Data Science?" (all laugh) I was like, should I have asked that to let itself in, what's hot? (Gayatree laughs) But it, I thought that was phenomenal, and we need to be talking about this more. >> Yeah. >> This is something that they're likening to the launch of the iPhone, which has transformed our lives. >> I know, it is. >> ChatGPT, and its chief technologist is a female, how great is that? >> And I don't know whether you, I don't know the stats around this, but I think CTO is even less, it's even more rare to have a woman there, like you have women CEOs because I mean, we are building upon years and years of women not choosing technical fields and not choosing STEM, and it's going to take some time, but yeah, yeah, she's a woman. Isn't it amazing? It's wonderful. >> Yes, there was a great, there's a great "Fast Company" article on her that I was looking at yesterday and I just thought, we need to do what we can to help spread, Mira Murati is her name, because what she's doing is, one of the biggest technological breakthroughs we may ever see in our lifetime. It gives me goosebumps just thinking about it. (Gayatree laughs) I also wanted to share some stats, oh, sorry, go ahead, Hannah. >> Yeah, I was going to follow up on the thing that you mentioned that we had many years with like not enough women choosing a career path in STEM and that we have to overcome this trend. What are some, like what is some advice you have like as the Vice-President Data Science? Like what can we do to make this feel more, you know, approachable and >> Yeah. >> accessible for women? >> Yeah, I, there's so much that we have done already and you know, want to continue, keep doing. Of course conferences like these were, you know and I think there are high school students here there are students from my Alma Mater's undergrad year. It's amazing to like get all these women together to get them to see what success could look like. >> Yeah. >> What being a woman leader in this space could look like. So that's, you know, that's one, at Meta I lead recruiting at Meta and we've done a bunch to sort of open up the thinking around data science and technical jobs for women. Simple things like what you write in your job description. I don't know whether you know this, or this is a story you've heard before, when you see, when you have a job description and there are like 10 things that you need to, you know be good at to apply to this job, a woman sees those 10 and says, okay, I don't meet the qualifications of one of them and she doesn't apply. And a man sees one that he meets the qualifications to and he applies. And so, you know, there's small things you can do, and just how you write your job description, what goals you set for diversity and inclusion for your own organization. We have goals, Facebook's always been pretty up there in like, you know, speaking out for diversity and Sheryl Sandberg has been our Chief Business Officer for a very long time and she's been, like, amazing at like pushing from more women. So yeah, every step of the way, I think, we made a lot of progress, to be honest. I do think women choose STEM fields a lot more than they did. When I did my Computer Science I was often one of one or two women in the Computer Science class. It takes some time to, for it to percolate all the way to like having more CTOs and CEOs, >> Yeah. >> but it's going to happen in our lifetime, and you know, three of us know this, women are going to rule the world, and it (laughs) >> Drop the mic, girl! >> And it's going to happen in our lifetime, so I'm excited about it. >> And we have responsibility in helping make that happen. You know, I'm curious, you were in STEM, you talked about Computer Science, being one of the only females. One of the things that the nadb.org data from 2022 showed, some good numbers, the number of women in technical roles is now 27.6%, I believe, so up from 25, it's up in '22, which is good, more hiring of women. >> Yeah. >> One of the biggest challenges is attrition. What keeps you motivated? >> Yeah. >> To stay what, where you are doing what you're doing, managing a family and helping to drive these experiences at Facebook that we all expect are just going to happen? >> Yeah, two things come to mind. It does take a village. You do need people around you. You know, I'm grateful for my husband. You talked about managing a family, I did the very Indian thing and my parents live with us, and they help take care of the kids. >> Right! (laughs) >> (laughs) My kids are young, six and four, and I definitely needed help over the last few years. It takes mentors, it takes other people that you look up to, who've gone through all of those same challenges and can, you know, advise you to sort of continue working in the field. I remember when my kid was born when he was six months old, I was considering quitting. And my husband's like, to be a good role model for your children, you need to continue working. Like, just being a mother is not enough. And so, you know, so that's one. You know, the village that you build around you your supporters, your mentors who keep encouraging you. Sheryl Sandberg said this to me in my second month at Facebook. She said that women drop out of technical fields, they become managers, they become sort of administrative more, in their nature of their work, and her advice was, "Don't do that, Don't stop the technical". And I think that's the other thing I'd say to a lot of women. Technical stuff is hard, but you know, keeping up with that and keeping sort of on top of it actually does help you in the long run. And it's definitely helped me in my career at Facebook. >> I think one of the things, and Hannah and I and Tracy talked about this in the open, and I think you'll agree with us, is the whole saying of you can't be what you can't see, and I like to way, "Well, you can be what you can see". That visibility, the great thing that WiDS did, of having you on the stage as a speaker this morning so people can understand, everyone, like I said, everyone knows Meta, >> Yeah. >> everyone uses Facebook. And so it's important to bring that connection, >> Yeah. >> of how data is driving the experiences, the fact that it's User First, but we need to be able to see women in positions, >> Yes. >> like you, especially with Sheryl stepping down moving on to something else, or people that are like YouTube influencers, that have no idea that the head of YouTube for a very long time, Susan Wojcicki is a woman. >> (laughs) Yes. Who pioneered streaming, and I mean how often do you are you on YouTube every day? >> Yep, every day. >> But we have to be able to see and and raise the profile of these women and learn from them and be inspired, >> Absolutely. >> to keep going and going. I like what I do, I'm making a difference here. >> Yeah, yeah, absolutely. >> And I can be the, the sponsor or the mentor for somebody down the road. >> Absolutely. >> Yeah, and then referring back to what we talked in the beginning, show that data science is so diverse and it doesn't mean if you're like in IT, you're like sitting in your dark room, >> Right. (laughs) >> coding all day, but you know, >> (laughs) Right! >> to show the different facets of this job and >> Right! >> make this appealing to women, >> Yeah. for sure. >> And I said this in my keynote too, you know, one of the things that helped me most is complimenting the data and the techniques and the algorithms with how you work with people, and you know, empathy and alignment building and leadership, strategic thinking. And I think honestly, I think women do a lot of this stuff really well. We know how to work with people and so, you know, I've seen this at Meta for sure, like, you know, all of these skills soft skills, as we call them, go a long way, and like, you know, doing the right things and having a lasting impact. And like I said, women are going to rule the world, you know, in our lifetimes. (laughs) >> Oh, I can't, I can't wait to see that happen. There's some interesting female candidates that are already throwing their hats in the ring for the next presidential election. >> Yes. >> So we'll have to see where that goes. But some of the things that are so interesting to me, here we are in California and Palo Alto, technically Stanford is its own zip code, I believe. And we're in California, we're freaking out because we've gotten so much rain, it's absolutely unprecedented. We need it, we had a massive drought, an extreme drought, technically, for many years. I've got friends that live up in Tahoe, I've been getting pictures this morning of windows that are >> (laughs) that are covered? >> Yes, actually, yes. (Gayatree laughs) That, where windows like second-story windows are covered in snow. >> Yeah. >> Climate change. >> Climate change. >> There's so much that data science is doing to power and power our understanding of climate change whether it's that, or police violence. >> Yeah. (all talk together) >> We had talk today on that it was amazing. >> Yes. So I want more people to know what data science is really facilitating, that impacts all of us, whether you're in a technical role or not. >> And data wins arguments. >> Yes, I love that! >> I said this is my slide today, like, you know, there's always going to be doubters and naysayers and I mean, but there's hard evidence, there's hard data like, yeah. In all of these fields, I mean the data that climate change, the data science that we have done in the environmental and climate change areas and medical, and you know, medicine professions just so much, so much more opportunity, and like, how much we can learn more about the world. >> Yeah. >> Yeah, it's a pretty exciting time to be a data scientist. >> I feel like, we're just scratching the surface. >> Yeah. >> With the potential and the global impact that we can make with data science. Gayatree, it's been so great having you on theCUBE, thank you. >> Right, >> Thank you so much, Gayatree. >> So much, I love, >> Thank you. >> I'm going to take Data WiD's arguments into my personal life. (Gayatree laughs) I was actually just, just a quick anecdote, funny story. I was listening to the radio this morning and there was a commercial from an insurance company and I guess the joke is, it's an argument between two spouses, and the the voiceover comes in and says, "Let's watch a replay". I'm like, if only they, then they got the data that helped the woman win the argument. (laughs) >> (laughs) I will warn you it doesn't always help with arguments I have with my husband. (laughs) >> Okay, I'm going to keep it in the middle of my mind. >> Yes! >> Gayatree, thank you so much. >> Thank you so much, >> for sharing, >> Thank you both for the opportunity. >> And being a great female that we can look up to, we really appreciate your insights >> Oh, likewise. >> and your time. >> Thank you. >> All right, for our guest, for Hannah Freitag, I'm Lisa Martin, live at Stanford University covering "Women in Data Science '23". Stick around, our next guest joins us in just a minute. (upbeat music) I have been in the software and technology industry for over 12 years now, so I've had the opportunity as a marketer to really understand and interact with customers across the entire buyer's journey. Hi, I'm Lisa Martin and I'm a host of theCUBE. (upbeat music) Being a host on theCUBE has been a dream of mine for the last few years. I had the opportunity to meet Jeff and Dave and John at EMC World a few years ago and got the courage up to say, "Hey, I'm really interested in this. I love talking with customers, gimme a shot, let me come into the studio and do an interview and see if we can work together". I think where I really impact theCUBE is being a female in technology. We interview a lot of females in tech, we do a lot of women in technology events and one of the things I.

(upbeat music) >> Morning guys and girls, welcome back to theCUBE's live coverage of Women in Data Science WIDS 2023 live at Stanford University. Lisa Martin here with my co-host for this segment, Tracy Zhang. We're really excited to be talking with a great female rockstar. You're going to learn a lot from her next, Jacqueline Kuo, solutions engineer at Dataiku. Welcome, Jacqueline. Great to have you. >> Thank you so much. >> Thank for being here. >> I'm so excited to be here. >> So one of the things I have to start out with, 'cause my mom Kathy Dahlia is watching, she's a New Yorker. You are a born and raised New Yorker and I learned from my mom and others. If you're born in New York no matter how long you've moved away, you are a New Yorker. There's you guys have like a secret club. (group laughs) >> I am definitely very proud of being born and raised in New York. My family immigrated to New York, New Jersey from Taiwan. So very proud Taiwanese American as well. But I absolutely love New York and I can't imagine living anywhere else. >> Yeah, yeah. >> I love it. >> So you studied, I was doing some research on you you studied mechanical engineering at MIT. >> Yes. >> That's huge. And you discovered your passion for all things data-related. You worked at IBM as an analytics consultant. Talk to us a little bit about your career path. Were you always interested in engineering STEM-related subjects from the time you were a child? >> I feel like my interests were ranging in many different things and I ended up landing in engineering, 'cause I felt like I wanted to gain a toolkit like a toolset to make some sort of change with or use my career to make some sort of change in this world. And I landed on engineering and mechanical engineering specifically, because I felt like I got to, in my undergrad do a lot of hands-on projects, learn every part of the engineering and design process to build products which is super-transferable and transferable skills sort of is like the trend in my career so far. Where after undergrad I wanted to move back to New York and mechanical engineering jobs are kind of few and fall far in between in the city. And I ended up landing at IBM doing analytics consulting, because I wanted to understand how to use data. I knew that data was really powerful and I knew that working with it could allow me to tell better stories to influence people across different industries. And that's also how I kind of landed at Dataiku to my current role, because it really does allow me to work across different industries and work on different problems that are just interesting. >> Yeah, I like the way that, how you mentioned building a toolkit when doing your studies at school. Do you think a lot of skills are still very relevant to your job at Dataiku right now? >> I think that at the core of it is just problem solving and asking questions and continuing to be curious or trying to challenge what is is currently given to you. And I think in an engineering degree you get a lot of that. >> Yeah, I'm sure. >> But I think that we've actually seen that a lot in the panels today already, that you get that through all different types of work and research and that kind of thoughtfulness comes across in all different industries too. >> Talk a little bit about some of the challenges, that data science is solving, because every company these days, whether it's an enterprise in manufacturing or a small business in retail, everybody has to be data-driven, because the end user, the end customer, whoever that is whether it's a person, an individual, a company, a B2B, expects to have a personalized custom experience and that comes from data. But you have to be able to understand that data treated properly, responsibly. Talk about some of the interesting projects that you're doing at Dataiku or maybe some that you've done in the past that are really kind of transformative across things climate change or police violence, some of the things that data science really is impacting these days. >> Yeah, absolutely. I think that what I love about coming to these conferences is that you hear about those really impactful social impact projects that I think everybody who's in data science wants to be working on. And I think at Dataiku what's great is that we do have this program called Ikig.AI where we work with nonprofits and we support them in their data and analytics projects. And so, a project I worked on was with the Clean Water, oh my goodness, the Ocean Cleanup project, Ocean Cleanup organization, which was amazing, because it was sort of outside of my day-to-day and it allowed me to work with them and help them understand better where plastic is being aggregated across the world and where it appears, whether that's on beaches or in lakes and rivers. So using data to help them better understand that. I feel like from a day-to-day though, we, in terms of our customers, they're really looking at very basic problems with data. And I say basic, not to diminish it, but really just to kind of say that it's high impact, but basic problems around how do they forecast sales better? That's a really kind of, sort of basic problem, but it's actually super-complex and really impactful for people, for companies when it comes to forecasting how much headcount they need to have in the next year or how much inventory to have if they're retail. And all of those are going to, especially for smaller companies, make a huge impact on whether they make profit or not. And so, what's great about working at Dataiku is you get to work on these high-impact projects and oftentimes I think from my perspective, I work as a solutions engineer on the commercial team. So it's just, we work generally with smaller customers and sometimes talking to them, me talking to them is like their first introduction to what data science is and what they can do with that data. And sort of using our platform to show them what the possibilities are and help them build a strategy around how they can implement data in their day-to-day. >> What's the difference? You were a data scientist by title and function, now you're a solutions engineer. Talk about the ascendancy into that and also some of the things that you and Tracy will talk about as those transferable, those transportable skills that probably maybe you learned in engineering, you brought data science now you're bringing to solutions engineering. >> Yeah, absolutely. So data science, I love working with data. I love getting in the weeds of things and I love, oftentimes that means debugging things or looking line by line at your code and trying to make it better. I found that on in the data science role, while those things I really loved, sometimes it also meant that I didn't, couldn't see or didn't have visibility into the broader picture of well like, well why are we doing this project? And who is it impacting? And because oftentimes your day-to-day is very much in the weeds. And so, I moved into sales or solutions engineering at Dataiku to get that perspective, because what a sales engineer does is support the sale from a technical perspective. And so, you really truly understand well, what is the customer looking for and what is going to influence them to make a purchase? And how do you tell the story of the impact of data? Because oftentimes they need to quantify well, if I purchase a software like Dataiku then I'm able to build this project and make this X impact on the business. And that is really powerful. That's where the storytelling comes in and that I feel like a lot of what we've been hearing today about connecting data with people who can actually do something with that data. That's really the bridge that we as sales engineers are trying to connect in that sales process. >> It's all about connectivity, isn't it? >> Yeah, definitely. We were talking about this earlier that it's about making impact and it's about people who we are analyzing data is like influencing. And I saw that one of the keywords or one of the biggest thing at Dataiku is everyday AI, so I wanted to just ask, could you please talk more about how does that weave into the problem solving and then day-to-day making an impact process? >> Yes, so I started working on Dataiku around three years ago and I fell in love with the product itself. The product that we have is we allow for people with different backgrounds. If you're coming from a data analyst background, data science, data engineering, maybe you are more of like a business subject matter expert, to all work in one unified central platform, one user interface. And why that's powerful is that when you're working with data, it's not just that data scientist working on their own and their own computer coding. We've heard today that it's all about connecting the data scientists with those business people, with maybe the data engineers and IT people who are actually going to put that model into production or other folks. And so, they all use different languages. Data scientists might use Python and R, your business people are using PowerPoint and Excel, everyone's using different tools. How do we bring them all in one place so that you can have conversations faster? So the business people can understand exactly what you're building with the data and can get their hands on that data and that model prediction faster. So that's what Dataiku does. That's the product that we have. And I completely forgot your question, 'cause I got so invested in talking about this. Oh, everyday AI. Yeah, so the goal of of Dataiku is really to allow for those maybe less technical people with less traditional data science backgrounds. Maybe they're data experts and they understand the data really well and they've been working in SQL for all their career. Maybe they're just subject matter experts and want to get more into working with data. We allow those people to do that through our no and low-code tools within our platform. Platform is very visual as well. And so, I've seen a lot of people learn data science, learn machine learning by working in the tool itself. And that's sort of, that's where everyday AI comes in, 'cause we truly believe that there are a lot of, there's a lot of unutilized expertise out there that we can bring in. And if we did give them access to data, imagine what we could do in the kind of work that they can do and become empowered basically with that. >> Yeah, we're just scratching the surface. I find data science so fascinating, especially when you talk about some of the real world applications, police violence, health inequities, climate change. Here we are in California and I don't know if you know, we're experiencing an atmospheric river again tomorrow. Californians and the rain- >> Storm is coming. >> We are not good... And I'm a native Californian, but we all know about climate change. People probably don't associate all of the data that is helping us understand it, make decisions based on what's coming what's happened in the past. I just find that so fascinating. But I really think we're truly at the beginning of really understanding the impact that being data-driven can actually mean whether you are investigating climate change or police violence or health inequities or your a grocery store that needs to become data-driven, because your consumer is expecting a personalized relevant experience. I want you to offer me up things that I know I was doing online grocery shopping, yesterday, I just got back from Europe and I was so thankful that my grocer is data-driven, because they made the process so easy for me. And but we have that expectation as consumers that it's going to be that easy, it's going to be that personalized. And what a lot of folks don't understand is the data the democratization of data, the AI that's helping make that a possibility that makes our lives easier. >> Yeah, I love that point around data is everywhere and the more we have, the actually the more access we actually are providing. 'cause now compute is cheaper, data is literally everywhere, you can get access to it very easily. And so, I feel like more people are just getting themselves involved and that's, I mean this whole conference around just bringing more women into this industry and more people with different backgrounds from minority groups so that we get their thoughts, their opinions into the work is so important and it's becoming a lot easier with all of the technology and tools just being open source being easier to access, being cheaper. And that I feel really hopeful about in this field. >> That's good. Hope is good, isn't it? >> Yes, that's all we need. But yeah, I'm glad to see that we're working towards that direction. I'm excited to see what lies in the future. >> We've been talking about numbers of women, percentages of women in technical roles for years and we've seen it hover around 25%. I was looking at some, I need to AnitaB.org stats from 2022 was just looking at this yesterday and the numbers are going up. I think the number was 26, 27.6% of women in technical roles. So we're seeing a growth there especially over pre-pandemic levels. Definitely the biggest challenge that still seems to be one of the biggest that remains is attrition. I would love to get your advice on what would you tell your younger self or the previous prior generation in terms of having the confidence and the courage to pursue engineering, pursue data science, pursue a technical role, and also stay in that role so you can be one of those females on stage that we saw today? >> Yeah, that's the goal right there one day. I think it's really about finding other people to lift and mentor and support you. And I talked to a bunch of people today who just found this conference through Googling it, and the fact that organizations like this exist really do help, because those are the people who are going to understand the struggles you're going through as a woman in this industry, which can get tough, but it gets easier when you have a community to share that with and to support you. And I do want to definitely give a plug to the WIDS@Dataiku team. >> Talk to us about that. >> Yeah, I was so fortunate to be a WIDS ambassador last year and again this year with Dataiku and I was here last year as well with Dataiku, but we have grown the WIDS effort so much over the last few years. So the first year we had two events in New York and also in London. Our Dataiku's global. So this year we additionally have one in the west coast out here in SF and another one in Singapore which is incredible to involve that team. But what I love is that everyone is really passionate about just getting more women involved in this industry. But then also what I find fortunate too at Dataiku is that we have a strong female, just a lot of women. >> Good. >> Yeah. >> A lot of women working as data scientists, solutions engineer and sales and all across the company who even if they aren't doing data work in a day-to-day, they are super-involved and excited to get more women in the technical field. And so. that's like our Empower group internally that hosts events and I feel like it's a really nice safe space for all of us to speak about challenges that we encounter and feel like we're not alone in that we have a support system to make it better. So I think from a nutrition standpoint every organization should have a female ERG to just support one another. >> Absolutely. There's so much value in a network in the community. I was talking to somebody who I'm blanking on this may have been in Barcelona last week, talking about a stat that showed that a really high percentage, 78% of people couldn't identify a female role model in technology. Of course, Sheryl Sandberg's been one of our role models and I thought a lot of people know Sheryl who's leaving or has left. And then a whole, YouTube influencers that have no idea that the CEO of YouTube for years has been a woman, who has- >> And she came last year to speak at WIDS. >> Did she? >> Yeah. >> Oh, I missed that. It must have been, we were probably filming. But we need more, we need to be, and it sounds like Dataiku was doing a great job of this. Tracy, we've talked about this earlier today. We need to see what we can be. And it sounds like Dataiku was pioneering that with that ERG program that you talked about. And I completely agree with you. That should be a standard program everywhere and women should feel empowered to raise their hand ask a question, or really embrace, "I'm interested in engineering, I'm interested in data science." Then maybe there's not a lot of women in classes. That's okay. Be the pioneer, be that next Sheryl Sandberg or the CTO of ChatGPT, Mira Murati, who's a female. We need more people that we can see and lean into that and embrace it. I think you're going to be one of them. >> I think so too. Just so that young girls like me like other who's so in school, can see, can look up to you and be like, "She's my role model and I want to be like her. And I know that there's someone to listen to me and to support me if I have any questions in this field." So yeah. >> Yeah, I mean that's how I feel about literally everyone that I'm surrounded by here. I find that you find role models and people to look up to in every conversation whenever I'm speaking with another woman in tech, because there's a journey that has had happen for you to get to that place. So it's incredible, this community. >> It is incredible. WIDS is a movement we're so proud of at theCUBE to have been a part of it since the very beginning, since 2015, I've been covering it since 2017. It's always one of my favorite events. It's so inspiring and it just goes to show the power that data can have, the influence, but also just that we're at the beginning of uncovering so much. Jacqueline's been such a pleasure having you on theCUBE. Thank you. >> Thank you. >> For sharing your story, sharing with us what Dataiku was doing and keep going. More power to you girl. We're going to see you up on that stage one of these years. >> Thank you so much. Thank you guys. >> Our pleasure. >> Our pleasure. >> For our guests and Tracy Zhang, this is Lisa Martin, you're watching theCUBE live at WIDS '23. #EmbraceEquity is this year's International Women's Day theme. Stick around, our next guest joins us in just a minute. (upbeat music)

>>Hello everyone, and welcome back to the Cube's Live coverage of Cuban here in Motor City, Michigan. My name is Savannah Peterson and I'm delighted to be joined for this segment by my co-host Lisa Martin. Lisa, how you doing? Good. >>We are, we've had such great energy for three days, especially on a Friday. Yeah, that's challenging to do for a tech conference. Go all week, push through the end of day Friday. But we're here, We're excited. We have a great conversation coming up. Absolutely. A little of our alumni is back with us. Love it. We have a great conversation about learning. >>There's been a lot of learning this week, and I cannot wait to hear what these folks have to say. Please welcome Tom and Victoria from Cast by Beam. You guys are swag up very well. You've got the Fanny pack. You've got the vest. You even were nice enough to give me a Carhartt Beanie. Carhartt being a Michigan company, we've had so much love for Detroit and, and locally sourced swag here. I've never seen that before. How has the week been for you? >>The week has been amazing, as you can say by my voice probably. >>So the mic helps. Don't worry. You're good. >>Yeah, so, So we've been talking to tons and tons of people, obviously some vendors, partners of ours. That was great seeing all those people face to face again, because in the past years we haven't really been able to meet up with those people. But then of course, also a lot of end users and most importantly, we've met a lot of people that wanted to learn Kubernetes, that came here to learn Kubernetes, and we've been able to help them. So feel very satisfied about that. >>When we were at VMware explorer, Tom, you were on the program with us, just, I guess that was a couple of months ago. I'm listening track. So many events are coming up. >>Time is a loop. It's >>Okay. It really is. You, you teased some new things coming from a learning perspective. What is going on there? >>All right. So I'm happy that you link back to VMware explorer there because Yeah, I was so excited to talk about it, but I couldn't, and it was frustrating. I knew it was coming up. That was was gonna be awesome. So just before Cuban, we launched Cube Campus, which is the rebrand of learning dot cast io. And Victoria is the great mind behind all of this, but what the gist of it, and then I'll let Victoria talk a little bit. The gist of Cube Campus is this all started as a small webpage in our own domain to bring some hands on lab online and let people use them. But we saw so many people who were interested in those labs that we thought, okay, we have to make this its own community, and this should not be a branded community or a company branded community. >>This needs to be its own thing because people, they like to be in just a community environment without the brand from the company being there. So we made it completely independent. It's a Cube campus, it's still a hundred percent free and it's still the That's right. Only platform where you actually learn Kubernetes with hands on labs. We have 14 labs today. We've been creating one per month and we have a lot of people on there. The most exciting part this week is that we had our first learning day, but before we go there, I suggest we let Victoria talk a little bit about that user experience of Cube Campus. >>Oh, absolutely. So Cube Campus is, and Tom mentioned it's a one year old platform, and we rebranded it specifically to welcome more and, you know, embrace this Kubernetes space total as one year anniversary. We have over 11,000 students and they've been taking labs Wow. Over 7,000. Yes. Labs taken. And per each user, if you actually count approximation, it's over three labs, three point 29. And I believe we're growing as per user if you look at the numbers. So it's a huge success and it's very easy to use overall. If you look at this, it's a number one free Kubernetes learning platform. So for you user journey for your Kubernetes journey, if you start from scratch, don't be afraid. That's we, we got, we got it all. We got you back. >>It's so important and, and I'm sure most of our audience knows this, but the, the number one challenge according to Gartner, according to everyone with Kubernetes, is the complexity. Especially when you're getting harder. I think it's incredibly awesome that you've decided to do this. 11,000 students. I just wanna settle on that. I mean, in your first year is really impressive. How did this become, and I'm sure this was a conversation you two probably had. How did this become a priority for CAST and by Beam? >>I have to go back for that. To the last virtual only Cuban where we were lucky enough to have set up a campaign. It was actually, we had an artist that was doing caricatures in a Zoom room, and it gave us an opportunity to actually talk to people because the challenge back in the days was that everything virtual, it's very hard to talk to people. Every single conversation we had with people asking them, Why are you at cu com virtual was to learn Kubernetes every single conversation. Yeah. And so that was, that is one data point. The other data point is we had one lab to, to use our software, and that was extremely popular. So as a team, we decided we should make more labs and not just about our product, but also about Kubernetes. So that initial page that I talked about that we built, we had three labs at launch. >>One was to learn install Kubernetes. One was to build a first application on Kubernetes, and then a third one was to learn how to back up and restore your application. So there was still a little bit of promoting our technology in there, but pretty soon we decided, okay, this has to become even more. So we added storage, we added security and, and a lot more labs. So today, 14 labs, and we're still adding one every month. The next step for the labs is going to be to involve other partners and have them bring their technologies in the lab. So that's our user base can actually learn more about Kubernetes related technologies and then hopefully with links to open source tools or free software tools. And it's, it's gonna continue to be a, a learning experience for Kubernetes. I >>Love how this seems to be, have been born out of the pandemic in terms of the inability to, to connect with customers, end users, to really understand what their challenges are, how do we help you best? But you saw the demand organically and built this, and then in, in the first year, not only 11,000 as Victoria mentioned, 11,000 users, but you've almost quadrupled the number of labs that you have on the platform in such a short time period. But you did hands on lab here, which I know was a major success. Talk to us about that and what, what surprised you about Yeah, the appetite to learn that's >>Here. Yeah. So actually I'm glad that you relay this back to the pandemic because yes, it was all online because it was still the, the tail end of the pandemic, but then for this event we're like, okay, it's time to do this in person. This is the next step, right? So we organized our first learning day as a co-located event. We were hoping to get 60 people together in a room. We did two labs, a rookie and a pro. So we said two times 30 people. That's our goal because it's really, it's competitive here with the collocated events. It's difficult >>Bringing people lots going on. >>And why don't I, why don't I let Victoria talk about the success of that learning day, because it was big part also her help for that. >>You know, our main goal is to meet expectations and actually see the challenges of our end user. So we actually, it also goes back to what we started doing research. We saw the pain points and yes, it's absolutely reflecting, reflecting on how we deal with this and what we see. And people very appreciative and they love platform because it's not only prerequisites, but also hands on lab practice. So, and it's free again, it's applied, which is great. Yes. So we thought about the user experience, user flow, also based, you know, the product when it's successful and you see the result. And that's where we, can you say the numbers? So our expectation was 60 >>People. You're kinda, you I feel like a suspense is starting killing. How many people came? >>We had over 350 people in our room. Whoa. >>Wow. Wow. >>And small disclaimer, we had a little bit of a technical issue in the beginning because of the success. There was a wireless problem in the hotel amongst others. Oh geez. So we were getting a little bit nervous because we were delayed 20 minutes. Nobody left that, that's, I was standing at the door while people were solving the issues and I was like, Okay, now people are gonna walk out. Right. Nobody left. Kind >>Of gives me >>Ose bump wearing that. We had a little reception afterwards and I talked to people, sorry about the, the disruption that we had under like, no, we, we are so happy that you're doing this. This was such a great experience. Castin also threw party later this week at the party. We had people come up to us like, I was at your learning day and this was so good. Thank you so much for doing this. I'm gonna take the rest of the classes online now. They love it. Really? >>Yeah. We had our instructors leading the program as well, so if they had any questions, it was also address immediately. So it was a, it was amazing event actually. I'm really grateful for people to come actually unappreciated. >>But now your boss knows how you can blow out metrics though. >>Yeah, yeah, yeah, yeah. Gonna >>Raise Victoria. >>Very good point. It's a very >>Good point. I can >>Tell. It's, it's actually, it's very tough to, for me personally, to analyze where the success came from. Because first of all, the team did an amazing job at setting the whole thing up. There was food and drinks for everybody, and it was really a very nice location in a hotel nearby. We made it a colocated event and we saw a lot of people register through the Cuban registration website. But we've done colocated events before and you typically see a very high no-show rate. And this was not the case right now. The a lot of, I mean the, the no-show was actually very low. Obviously we did our own campaign to our own database. Right. But it's hard to say like, we have a lot of people all over the world and how many people are actually gonna be in Detroit. Yeah. One element that also helped, I'm actually very proud of that, One of the people on our team, Thomas Keenan, he reached out to the local universities. Yes. And he invited students to come to learning day as well. I don't think it was very full with students. It was a good chunk of them. So there was a lot of people from here, but it was a good mix. And that way, I mean, we're giving back a little bit to the universities versus students. >>Absolutely. Much. >>I need to, >>There's a lot of love for Detroit this week. I'm all about it. >>It's amazing. But, but from a STEM perspective, that's huge. We're reaching down into that community and really giving them the opportunity to >>Learn. Well, and what a gateway for Castin. I mean, I can easily say, I mean, you are the number, we haven't really talked about casting at all, but before we do, what are those pins in front of you? >>So this is a physical pain. These are physical pins that we gave away for different programs. So people who took labs, for example, rookie level, they would get this p it's a rookie. >>Yes. I'm gonna hold this up just so they can do a little close shot on if you want. Yeah. >>And this is PR for, it's a, it's a next level program. So we have a program actually for IS to beginners inter intermediate and then pro. So three, three different levels. And this one is for Helman. It's actually from previous. >>No, Helmsman is someone who has taken the first three labs, right? >>Yes, it is. But we actually had it already before. So this one is, yeah, this one is, So we built two new labs for this event and it was very, very great, you know, to, to have a ready absolutely new before this event. So we launched the whole website, the whole platform with new labs, additional labs, and >>Before an event, honestly. Yeah. >>Yeah. We also had such >>Your expression just said it all. Exactly. >>You're a vacation and your future. I >>Hope so. >>We've had a couple of rough freaks. Yeah. This is part of it. Yeah. So, but about those labs. So in the classroom we had two, right? We had the, the, the rookie and the pro. And like I said, we wanted an audience for both. Most people stayed for both. And there were people at the venue one hour before we started because they did not want to miss it. Right. And what that chose to me is that even though Cuban has been around for a long time, and people have been coming back to this, there is a huge audience that considers themselves still very early on in their Kubernetes journey and wants to take and, and is not too proud to go to a rookie class for Kubernetes. So for us, that was like, okay, we're doing the right thing because yeah, with the website as well, more rookie users will keep, keep coming. And the big goal for us is just to accelerate their Kubernetes journey. Right. There's a lot of platforms out there. One platform I like as well is called the tech world with nana, she has a lot of instructional for >>You. Oh, she's a wonderful YouTuber. >>She, she's, yeah, her following is amazing. But what we add to this is the hands on part. Right? And, and there's a lot of auto resources as well where you have like papers and books and everything. We try to add those as well, but we feel that you can only learn it by doing it. And that is what we offer. >>Absolutely. Totally. Something like >>Kubernetes, and it sounds like you're demystifying it. You talked about one of the biggest things that everyone talks about with respect to Kubernetes adoption and some of the barriers is the complexity. But it sounds to me like at the, we talked about the demand being there for the hands on labs, the the cube campus.io, but also the fact that people were waiting an hour early, they're recognizing it's okay to raise, go. I don't really understand this. Yeah. In fact, another thing that I heard speaking of, of the rookies is that about 60% of the attendees at this year's cube con are Yeah, we heard that >>Out new. >>Yeah. So maybe that's smell a lot of those rookies showed up saying, >>Well, so even >>These guys are gonna help us really demystify and start learning this at a pace that works for me as an individual. >>There's some crazy macro data to support this. Just to echo this. So 85% of enterprise companies are about to start making this transition in leveraging Kubernetes. That means there's only 15% of a very healthy, substantial market that has adopted the technology at scale. You are teaching that group of people. Let's talk about casting a little bit. Number one, Kubernetes backup, 900% growth recently. How, how are we managing that? What's next for you, you guys? >>Yeah, so growth last year was amazing. Yeah. This year we're seeing very good numbers as well. I think part of the explanation is because people are going into production, you cannot sell back up to a company that is not in production with their right. With their applications. Right? So what we are starting to see is people are finally going into production with their Kubernetes applications and are realizing we have to back this up. The other trend that we're seeing is, I think still in LA last year we were having a lot of stateless first estate full conversations. Remember containers were created for stateless applications. That's no longer the case. Absolutely. But now the acceptance is there. We're not having those. Oh. But we're stateless conversations because everybody runs at least a database with some user data or application data, whatever. So all Kubernetes applications need to be backed up. Absolutely. And we're the number one product for that. >>And you guys just had recently had a new release. Yes. Talk to us a little bit about that before we wrap. It's new in the platform and, and also what gives you, what gives cast. And by being that competitive advantage in this new release, >>The competitive advantage is really simple. Our solution was built for Kubernetes. With Kubernetes. There are other products. >>Talk about dog fooding. Yeah. Yeah. >>That's great. Exactly. Yeah. And you know what, one of our successes at the show is also because we're using Kubernetes to build our application. People love to come to our booth to talk to our engineers, who we always bring to the show because they, they have so much experience to share. That also helps us with ems, by the way, to, to, to build those labs, Right? You need to have the, the experience. So the big competitive advantage is really that we're Kubernetes native. And then to talk about 5.5, I was going like, what was the other part of the question? So yeah, we had 5.5 launched also during the show. So it was really a busy week. The big focus for five five was simplicity. To make it even easier to use our product. We really want people to, to find it easy. We, we were using, we were using new helm charts and, and, and things like that. The second part of the launch was to do even more partner integrations. Because if you look at the space, this cloud native space, it's, you can also attest to that with, with Cube campus, when you build an application, you need so many different tools, right? And we are trying to integrate with all of those tools in the most easy and most efficient way so that it becomes easy for our customers to use our technology in their Kubernetes stack. >>I love it. Tom Victoria, one final question for you before we wrap up. You mentioned that you have a fantastic team. I can tell just from the energy you two have. That's probably the truth. You also mentioned that you bring the party everywhere you go. Where are we all going after this? Where's the party tonight? Yeah. >>Well, let's first go to a ballgame tonight. >>The party's on the court. I love it. Go Pistons. >>And, and then we'll end up somewhere downtown in a, in a good club, I guess. >>Yeah. Yeah. Well, we'll see how the show down with the hawks goes. I hope you guys make it to the game. Tom Victoria, thank you so much for being here. We're excited about what you're doing. Lisa, always a joy sharing the stage with you. My love. And to all of you who are watching, thank you so much for tuning into the cube. We are wrapping up here with one segment left in Detroit, Michigan. My name's Savannah Peterson. Thanks for being here.

>>Good afternoon everyone, and welcome back to the Cube. I am Savannah Peterson here, coming to you from Detroit, Michigan. We're at Cuban Day three. Such a series of exciting interviews. We've done over 30, but this conversation is gonna be extra special, don't you think, John? >>Yeah, this is gonna be a good one. Griffon Labs is here with us. We're getting the conversation of what's going on in the industry management, watching the Kubernetes clusters. This is large scale conversations this week. It's gonna be a good one. >>Yeah. Yeah. I'm very excited. He's also got a fantastic Twitter handle, twitchy. H Please welcome Richie Hartman, who is the director of community here at Griffon. Richie, thank you so much for joining us. Thanks >>For having me. >>How's the show been for you? >>Busy. I, I mean, I, I, >>In >>A word, I have a ton of talks at at like maintain a thing and like the covering board searches at the TLC panel. I run forme day. So it's, it's been busy. It, yeah. Monday, I didn't have to run anything. That was quite nice. But there >>You, you have your hands in a lot. I'm not even gonna cover it. Looking at your bio, there's, there's so many different things that you're working on. I know that Grafana specifically had some announcements this week. Yeah, >>Yeah, yeah. We had quite a few, like the, the two largest ones is a, we now have a field Kubernetes integration on Grafana Cloud. So our, our approach is generally extremely open source first. So we try to push stuff into the exporters, like into the open source exporters, into mixes into things which are out there as open source for anyone to use. But that's little bit like a tool set, not a ready made solution. So when we talk integrations, we actually talk about things where you get this like one click experience, You log into your Grafana cloud, you click, I have a Kubernetes, which probably most of us have, and things just work like you in just the data. You have to write dashboards, you have to write alerts, you have to write everything to just get started with extremely opinionated dashboards, SLOs, alerts, again, all those things made by experts, so anyone can use them. And you don't have to reinvent the view for every single user. So that's the one. The other is, >>It's a big deal. >>Oh yeah, it is. Yeah. It is. It, we, we has, its heavily in integrations course. While, I mean, I don't have to convince anyone that perme is a DD factor standard in everything. Cloudnative. But again, it's, it's, it's sometimes a little bit hard to handle or a little bit not easy to get into. So, so smoothing this, this, this path onto onboarding yourself onto this stack and onto those types of solutions. Yes. Is what a lot of people need. Course, if you, if you look at the statistics from coupon, and we just heard this in the governing board session yesterday. Yeah. Like 60% of the people here are first time attendees. So there's a lot of people who just come into this thing and who need, like, this is your path. This is where you should be going. Or at least if you want to go, go there. This is how to get there. >>Here's your runway for takeoff. Yes. Yeah. I think that's a really good point. And I love that you, you had those numbers. I was curious. I, I had seen on Twitter, speaking of Twitter, I had seen, I had seen that, that there were a lot of people here coming for the first time. You're a community guy. Are we at an inflection point where this community is about to continue to scale? >>That's a very good question. Which I can't really answer. So I mean, >>Obviously I bet you're gonna try. >>I covid changed a few things. Yeah. Probably most people, >>A couple things. I mean, you know, casually, it's like such a gentle way of putting that, that was >>Beautiful. I'm gonna say yes, just to explode. All these new ERs are gonna learn Prometheus. They're gonna roll in with a open, open metrics, open telemetry. I love it, >>You know, But, but at the same time, like Cuban is, is ramping back up. But if you look at the, if you look at the registration numbers between Valencia Andro, it was more or less the same. Interesting. Which, so it didn't go onto this, onto this flu trajectory, which it was on like, up to, up to 2019. I expect this to take up again. But also with the economic situation, everything, I, I don't think >>It's, I think the jury's still out on hybrid. I think there's a lot, lot more hybrid. Let's see how the projects are gonna go. That's what I think it's gonna be the tell sign. How many people are in participating? How are the project's advancing? Some of the momentum, >>I mean, from the project level, Most of this is online anyway. Of course. That's how open source, right. I've been working for >>Ages. That's >>Cause you don't have any trouble budget or, or any office or, It's >>Always been that way. >>Yeah, precisely. So the projects are arguably spearheading this, this development and the, the online numbers. I I, I have some numbers in my head, but I'm, I'm not a hundred percent certain to, but they're higher for this time in Detroit than in volunteer as far somewhere. Cool. So that is growing and it's grown in parallel, which also is great. Cause it's much more accessible, much more inclusive. You don't have to have a budget of at least, let's say, I don't know, two to five k to, to fly over the pond and, and attend this thing. You can just do it from your home. So that is, that's a lot more inclusive. And I expect this to, to basically be a second more or less orthogonal growth, growth path. But the best thing about coupon is the hallway track. I'm just meeting people, talking to people and that kind of thing is not really possible with, >>It's, it's great to see people >>In person. No, and it makes such a difference. I mean, yeah. Even and interviewing people in person too. I mean, it does a, it's, it's, and, and this, this whole, I mean cncf, this whole community, every company here is community first. It's how these projects come to be. I think it's awesome. I feel like you got something you're saying to say, Johnny. >>Yeah. And I love some of the advancements. Rich Richie, we talked last time about, you know, open telemetry, open metrics. You're involved in dashboards. Yeah. One of the themes here is ease of use, simplicity, developer productivity. Where do you see the ease of use going from a project standpoint? For me, as you mentions everywhere, it's pretty much, it is, it's almost all corners of the world. Yep. And new people coming in. How, how are you making it easier? What's going on? Give us the update on that. >>So we also, funnily enough at precisely this topic in the TC panel just a few hours ago, about ease of use and about how to, how to make things easier to, to handle how developers currently, like if they just want to get into the cloud native seen, they have like, like we, we did some neck and math, like maybe 10 tools at least, which you have to be somewhat proficient in to just get started, which is honestly horrendous. Yeah. Course. Like with a server, I just had my survey install my thing and it runs, maybe I need a database, but that's roughly it. And this needs to change again. Like it's, it's nice that everything is, is un unraveled. And you have, you, you, you, you don't have those service boundaries which you had before. You can do all the horizontal scaling, you can do all the automatic scaling, all those things that they're super nice. But at the same time, this complexity, which used to be nicely compartmentalized, was deliberately broken up. And so it's becoming a lot harder to, to, like, we, we need to find new ways to compartmentalize this complexity back to, to human understandable levels again, in particular, as we keep onboarding new and new and new, new people, of course it's just not good use of anyone's time to, to just like learn the basics again and again and again. This is something which should be just compartmentalized and automated away. We're >>The three, We were talking to Matt Klein earlier and he was talking about as projects become mature and all over the place and have reach and and usage, you gotta work on the boring stuff. Yes. And when it's boring, that means you have success. Yes. But then you gotta work on the plumbing. What are some of the things that you guys are working on? Because people are relying on the product. >>Oh yeah. So for with my premises head on, the highlight feature is exponential or native or spars. Histograms. There's like three different names for one single concept. If you know Prometheus, you ha you currently have hard bucket boundaries where I say my latency is lower equal two seconds, one second, a hundred milliseconds, what have you. And I can put stuff into those histogram buckets accordingly to those predefined levels, which is extremely efficient, but like on the, on the code level. But it's not very nice for the humans course you need to understand your system before you're able to, to, to choose good cutoff points. And if you, if you, if you add new ones, that's completely fine. But if you want to actually change them, course you, you figured out that you made a fundamental mistake, you're going to have a break in the continue continuity of your observability data. And you cannot undo this in, into the past. So this is just gone native histograms. On the other hand, allow me to, to, okay, I'm not going to get get into the math, but basically you define a single formula, which there comes a good default. If you have good reasons, then you can change it. But if you don't, just don't talk, >>The people are in the math, Hit him up on Twitter. Twitter, h you'll get you that math. >>So the, >>The thing is people want the math, believe me. >>Oh >>Yeah. I mean we don't have time, but hit him up. Yeah. >>There's ProCon in two weeks in Munich and there will be whole talk about like the, the dirty details of all of the stuff. But the, the high level answer is it just does what people would expect it to do. And with very little overhead, you become, you get highly, highly or high resolution histograms, which is really important for a lot of use cases. But this is not just Prometheus with my open metrics head on the 2.0 feature, like the breaking highlight feature of Open Metrics 2.0 will be you guested precisely the same with my open telemetry head on. Low and behold the same underlying technology is being put or has been put into open telemetry. And we've worked for month and month and month and even longer between all different projects to, to assert that we have one single standard which is actually compatible with each other course. One of the worst things which you can have in the cloud ecosystem is if you have soly different things and they break in subtly wrong ways, like it's much better to just not work than to break in a way, which is just a little bit wrong. Of course you won't figure this out until it's too late. So we spent, like with all three hats, we spent insane amounts of time on making this happen and, and making this nice. >>Savannah, one of the things we have so much going on at Cube Con. I mean just you're unpacking like probably another day of cube. We can't go four days, but open time. >>I know, I know. I'm the same >>Open telemetry >>Challenge acceptance open. >>Sorry, we're gonna stay here. All the, They >>Shut the lights off on us last night. >>They literally gonna pull the plug on us. Yeah, yeah, yeah, yeah. They've done that before. It's not the first time we go until they kick us out. We love, love doing this. But Open telemetry is got a lot of news too. So that's, We haven't really talked much about that. >>We haven't at >>All. So there's a lot of stuff going on that, I won't call it boring. That's like code word's. That's cube talk for, for it's working. Yeah. So it's not bad, but there's a lot of stuff going on. Like open telemetry, open metrics, This is the stuff that matters cuz when you go in large scale, that's key. It's just what, missing all the, all the stuff. >>No, >>What are we missing? What are people missing? What's going on in the show that you think that's not actually being reported on? I mean it's a lot of high web assembly for instance got a lot >>Of high. Oh yeah, I was gonna say, I'm glad you're asking this because you, you've already mentioned about seven different hats that you wear. I can only imagine how many hats are actually in your hat cabinet. But you, you are someone with your, with your fingers in a lot of different things. So you can kind of give us a state of the union. Yeah. So go ahead. Let's talk about >>It. So I think you already hit a few good points. Ease of use is definitely one of them. And, and improving the developer experience and not having this like a value of pain. Yeah. That is one of the really big ones. It's going to be interesting cause it is boring. It is janitorial and it needs a different type of persona. A lot of, or maybe not most, but a large fraction of developers like the shiny stuff. And we could see this in Prometheus where like initially the people who contributed this the most where like those restless people who need to fix that one thing, this is impossible, are going to do it. Which changed over the years where the people who now contribute the most are off the janitorial. Like keep things boring, keep things running, still have substantial changes. But but not like more on the maintenance level. >>Yeah. The maintainers. I was just gonna bring that >>Up. Yeah. On the, on the keep things boring while still pushing 'em forward. Yeah. And the thing about ease of use is a lot of this is boring. A lot of this is strategy. A lot of this is toil. A lot of this takes lots of research also in areas where developers are not really good at, like UX for example, and ui like most software developers are really bad at those cause they just think differently from normal humans, I guess. >>So that's an interesting observation that you just made. I we could unpack that on a whole nother show as well. >>So the, the thing is this is going to be interesting for the open source scene course. This needs deliberate investment by companies who assign people to those projects and say, okay, fix that one thing or make it easier to use what have you. That is a lot easier with, with first party products and projects from companies cuz they can invest directly into the thing and they see much more of a value prop. It's, it's kind of normal by now to, to allow developers or even assigned developers onto open source projects. That's not so much the case for the tpms, for the architects, for the UX and your I people like for the documentation people that there's not as much awareness of that this is also driving value for everyone. Yes. And also there's not much as much. >>Yeah, that's a great point. This whole workflow production system of open source, which has grown and keeps growing and we'll keep growing. These be funded. And one of the things we were talking earlier in another session about is about the recession potentially we're hitting and the global issues, macroeconomics that might force some of these projects or companies not to get VC >>Funding. It's such a theme at the show. So, >>So to me, I said it's just not about VC funding. There's other funding mechanisms that's community oriented. There's companies participating, there's other meccas. Richie, if you could have your wishlist of how things could progress an open source, what would you want to see happen in terms of how it's, how things are funded, how things are executed. Cuz developers are going to run businesses. Cuz ultimately if you follow digital transformation to completion, it and developers aren't a department serving the business. They are the business. And that's coming fast. You know, what has to happen in your opinion, if you had the wish magic wand, what would you, what would you snap your fingers to make happen? >>If I had a magic wand that's very different from, from what is achievable. But let, let's >>Go with, Okay, go with the magic wand first. Cause we'll, we'll, we'll we'll riff on that. So >>I'm here for dreams. Yeah, yeah, >>Yeah. I mean I, I've been in open source for more than two, two decades, but now, and most of the open source is being driven forward by people who are not being paid for those. So for example, Gana is the first time I'm actually paid by a company to do my com community work. It's always been on the side. Of course I believe in it and I like doing it. I'm also not bad at it. And so I just kept doing it. But it was like at night on the weekends and everything. And to be honest, it's still at night and in the weekends, but the majority of it is during paid company time, which is awesome. Yeah. Most of the people who have driven this space forward are not in this position. They're doing it at night, they're doing it on the weekends. They're doing it out of dedication to a cause. Yeah. >>The commitment is insane. >>Yeah. At the same time you have companies mostly hyperscalers and either they have really big cloud offerings or they have really big advertisement business or both. And they're extracting a huge amount of value, which has been created in large part elsewhere. Like yes, they employ a ton of developers, but a lot of the technologies they built on and the shoulders of the giants they stand upon it are really poorly paid. And there are some efforts to like, I think the core foundation like which redistribute a little bit of money and such. But if I had my magic wand, everyone who is an open source and actually drives things forwards, get, I don't know, 20% of the value which they create just magically somehow. Yeah. >>Or, or other companies don't extract as much value and, and redistribute more like put more full-time engineers onto projects or whichever, like that would be the ideal state where the people who actually make the thing out of dedication are not more or less left on the sideline. Of course they're too dedicated to just say, Okay, I'm, I'm not doing this anymore. You figure this stuff out and let things tremble and falter. So I mean, it's like with nurses and such who, who just like, they, they know they have something which is important and they keep doing it. Of course they believe in it. >>I think this, I think this is an opportunity to start messaging this narrative because yeah, absolutely. Now we're at an inflection point where there's a big community, there is a shared responsibility in my opinion, to not spread the wealth, but make sure that it's equally balanced and, and the, and I think there's a way to do that. I don't know how yet, but I see that more than ever, it's not just come in, raid the kingdom, steal all the jewels, monetize it, and throw some token token money around. >>Well, in the burnout. Yeah, I mean I, the other thing that I'm thinking about too is it's, you know, it's, it's the, it's the financial aspect of this. It's the cognitive load. And I'm curious actually, when I ask you this question, how do you avoid burnout? You do a million different things and we're, you know, I'm sure the open source community that passion the >>Coach. Yeah. So it's just write code, >>It's, oh, my, my, my software engineering days are firmly over. I'm, I'm, I'm like, I'm the cat herer and the janitor and like this type of thing. I, I don't really write code anymore. >>It's how do you avoid burnout? >>So a i I didn't curse ahead burnout a few years ago. I was not nice, but that was still when I had like a full day job and that day job was super intense and on top I did all the things. Part of being honest, a lot of the people who do this are really dedicated and are really bad at setting boundaries between work >>And process. That's why I bring it up. Yeah. Literally why I bring it up. Yeah. >>I I I'm firmly in that area and I'm, I'm, I don't claim I have this fully figured out yet. It's also even more risky to some extent per like, it's, it's good if you're paid for this and you can do it during your work time. But on the other hand, if it's so nice and like if your hobby and your job are almost completely intersectional, it >>Becomes really, the lines are blurry. >>Yeah. And then yeah, like have work from home. You, you don't even commute anything or anymore. You just sit down at your computer and you just have fun doing your stuff and all of a sudden it's deep at night and you're still like, I want to keep going. >>Sounds like God, something cute. I >>Know. I was gonna say, I was like, passion is something we all have in common here on this. >>That's the key. That is the key point There is a, the, the passion project becomes the job. But now the contribution is interesting because now yeah, this ecosystem is, is has a commercial aspect. Again, this is the, this is the balance between commercialization and keeping that organic production system that's called open source. I mean, it's so fascinating and this is amazing. I want to continue that conversation. It's >>Awesome. Yeah. Yeah. This is, this is great. Richard, this entire conversation has been excellent. Thank you so much for joining us. How can people find you? I mean, I give em your Twitter handle, but if they wanna find out more about Grafana Prometheus and the 1700 things you do >>For grafana grafana.com, for Prometheus, promeus.io for my own stuff, GitHub slash richie age slash talks. Of course I track all my talks in there and like, I don't, I currently don't have a personal website cause I stop bothering, but my, like that repository is, is very, you find what I do over, like for example, the recording link will be uploaded to this GitHub. >>Yeah. Great. Follow. You also run a lot of events and a lot of community activity. Congratulations for you. Also, I talked about this last time, the largest IRC network on earth. You ran, built a data center from scratch. What happened? You done >>That? >>Haven't done a, he even built a cloud hyperscale compete with Amazon. That's the next one. Why don't you put that on the >>Plate? We'll be sure to feature whatever Richie does next year on the cube. >>I'm game. Yeah. >>Fantastic. On that note, Richie, again, thank you so much for being here, John, always a pleasure. Thank you. And thank you for tuning in to us here live from Detroit, Michigan on the cube. My name is Savannah Peterson and here's to hoping that you find balance in your life this weekend.

foreign welcome back everyone to our special presentation here at thecube with Horizon 3.a I'm John Furrier host thecube here in Palo Alto back it's niho and Tony CEO and co-founder of horizon 3 for deep dive on going under the hood around the big news and also the platform autonomous pen testing changing the game and security great to see you welcome back thank you John I love what you guys have been doing with the cube huge fan been here a bunch of times and yeah looking forward to the conversation let's get into it all right so what what's the market look like and how do you see it evolving we're in a down Market relative to startups some say our data we're reporting on siliconangle in the cube that yeah there might be a bit of downturn in the economy with inflation but the tech Market is booming because the hyperscalers are still pumping out massive scale and still innovating so so you know for the first time in history this is a recession or downturn where there's now Cloud scale players that are an economic engine what's your view on this where's the market heading relative to the downturn and how are you guys navigating that so um I think about it one the there's a lot of belief out there that we're going to hit a downturn and we started to see that we started to see deals get longer and longer to close back in May across the board in the industry we continue to see deals get at least backloaded in the quarter as people understand their procurement how much money they really have to spend what their earnings are going to be so we're seeing this across the board one is quarters becoming lumpier for tech companies and we think that that's going to become kind of the norm over the next over the next year but what's interesting in our space of security testing is a very basic supply and demand problem the demand for security testing has skyrocketed when I was a CIO eight years ago I only had to worry about my on-prem attack surface my perimeter and Insider threat those are my primary threat vectors now if I was a CIO I have to include multiple clouds all of the data in my SAS offerings my Salesforce account and so on as well as work from home threat vectors and other pieces and I've got Regulatory Compliance in Europe in Asia in in the U.S tons of demand for testing and there's just not enough Supply there's only 5 000 certified pen testers in the United States so I think for starters you have a fundamental supply and demand problem that plays to our strength because we're able to bring a tremendous amount of pen testing supply to the table but now let's flip to if you are the CEO of a large security company or whether it's a Consulting shop or so on you've got a whole bunch of deferred revenue in your business model around security testing services and what we've done in our past in previous companies I worked at is if we didn't think we were going to make the money the quarter with product Revenue we would start to unlock some of that deferred Services Revenue to make the number to hit what we expected Wall Street to hit what Wall Street expected of us in testing that's not possible because there's not enough Supply except us so if I'm the CEO of an mssp or a large security company and I need I see a huge backlog of security testing revenue on the table the easy button to convert that to recognized revenue is Horizon 3. and when I think about the next six months and the amount of Revenue misses we're going to see in security shops especially those that can't fulfill their orders I think there's a ripe opportunity for us to win yeah one of the few opportunities where on any Market you win because the forces will drive your flywheel that's exactly right very basic supply and demand forces that are only increasing with pressure and there's no way it takes 10 years just to build a master hacker just it's a very hard complex space we become the easy button to address that supply problem yeah and this and the autonomous aspect makes appsec reviews as new things get pushed with Cloud native developers they're shifting left but still the security policies need to stay Pace as these new vectors threat vectors appear yeah I mean because that's what's happening a new new thing makes a vector possible that's exactly right I think there's two aspects one is the as you in increase change in your environment you need to increase testing they are absolutely correlated the second thing though is you know for 20 years we focused on remote code execution or rces as an industry what was the latest rce that gave an attacker access to my environment but if you look over the past few years that entire mindset has shifted credentials are the new code execution what I mean by that is if I have a large organization with a hundred a thousand ten thousand employees all it takes is one of them to have a password I can crack in credential spray and gain access to as an attacker and once I've gained access to a single user I'm going to systematically snowball that into something of consequence and so I think that the attackers have shifted away from looking for code execution and looked more towards harvesting credentials and cascading credentials from a regular domain user into an admin this brings up the conversation I would like to do it more Deep dive now shift into more of like the real kind of landscape of the market and your positioning and value proposition in that and that is managed services are becoming really popular as we move into this next next wave of super cloud and multi-cloud and hybrid Cloud because I mean multi-cloud and hybrid hybrid than multi-cloud sounds good on paper but the security Ops become big and one of the things we're reporting with here on the cube and siliconangle the past six months is devops has made the developer the IT team because they've essentially run it now in CI CD pipeline as they say that means it's replaced by data Ops or AI Ops or security Ops and data and security kind of go hand in hand so I can see that playing out do you believe that to be true that that's kind of the new operational kind of beach head that's critical and if so secure if data is part of security that makes security the new it yeah I I think that if you think about organizations hell even for Horizon 3 right now I don't need to hire a CIO I'll have a CSO and that CSO will own it and governance risk and compliance and security operations because at the end of the day the most pressing question for me to answer as a CEO is my security posture IIT is a supporting function of that security posture and we see that at say or a growth stage company like Horizon 3 but when I thought about my time at GE Capital we really shifted to this mindset of security by Design architecture as code and it was very much security driven conversation and I think that is the norm going forward and how do you view the idea that you have to enable a managed service provider with security also managing comp and which then manages the company to enable them to have agile security um security is code because what you're getting at is this autonomous layer that's going to be automated away to make the next talented layer whether it's coder or architect scale so the question is what is abstracted away at at automation seems to be the conversation that's coming out of this big cloud native or super cloud next wave of cloud scale I think there's uh there's two Dimensions to that and honestly I think the more interesting Dimension is not the technical side of it but rather think of the Equifax hack a bunch of years ago had Equifax used a managed security services provider would the CEO have been fired after the breach and the answer is probably not I think the CEO would have transferred enough reputational risk in operational risk to the third party mssp to save his job from being you know from him being fired you can look at that across the board I think that if if I were a CIO again I would be hard-pressed to build my own internal security function because I'm accepting that risk as an executive and we saw what just happened at Uber there's a ton of risk coming with that with the with accepting that as a security person so I think in the future the role of the mssp becomes more significant as a mechanism for transferring enough reputational and operational and legal risk to a third party so that you as the Core Company are able to protect yourself and your people now then what you think is a super cloud printables and Concepts being applied at mssp scale and I think that becomes really interesting talk about the talent opportunity because I think the managed service providers point to markets that are growing and changing also having managed service means that the customers can't always hire Talent hence they go to a Channel or a partner this seems to be a key part of the growth in your area talk about the talent aspect of it yeah um think back to what we saw in Cloud so as as Cloud picked up we saw IBM HP other Hardware companies sell more servers but to fewer customers Amazon Google and others right and so I think something similar is going to happen in the security space where I think you're going to see security tools providers selling more volume but to fewer customers that are just really big mssps so that is the the path forward and I think that the underlying Talent issue gives us economies at scale and that's what we saw this with Cloud we're going to see the same thing in the mssp space I've got a density of Talent Plus a density of automation plus a density of of relationships and ecosystem that give mssps a huge economies of scale advantage over everybody else I mean I want to get into the mssp business sounds like I make a lot of money yeah definitely it's profitable no doubt about it like that I got to ask more on the more of the burden side of it because if you're a partner I don't need another training class I don't need another tool I don't need someone saying this is the highest margin product I need to actually downsize my tools so right now there's hundreds of tools that mssps have all the time dealing with and does the customer so tools platforms we've kind of teased this out in previous conversations together but more more relevant to the mssp is what they do to the customers so talk about this uh burden of tools and the socks out there in the in in the landscape how do you how do you view that and what's the conversation like on average an organization has 130 different cyber security tools installed none of those tools were designed to work together none of those tools are from the same vendor and in fact oftentimes they're from vendors that have competing products and so what we don't have and they're still getting breached in the industry we don't have a tools problem we have an Effectiveness problem we have to reduce the number of tools we have get more out of out of the the effectiveness out of the existing infrastructure build muscle memory you know how to detect and respond to a breach and continuously verify that posture I think that's what the the most successful security organizations have mastered the fundamentals and they mastered that by making sure they were effective in detection and response not mastering it by buying the next shiny AI tool on the defensive side okay so you mentioned supply and demand early since you're brought up economics we'll get into the economic equations here when you have great profits that's going to attract more entrance into the marketplace so as more mssps enter the market you're going to start to see a little bit of competition maybe some fud maybe some price competitive price penetration all kinds of different Tactics get out go on there um how does that impact you because now does that impact your price or are you now part of them just competing on their own value what's that mean for the channel as more entrants come in hey you know I can compete against that other one does that create conflict is that an opportunity does are you neutral on that what's the position it's a great question actually I think the way it plays out is one we are neutral two the mssp has to stand on their own with their own unique value proposition otherwise they're going to become commoditized we saw this in the early cloud provider days the cloud providers that were just basically wrapping existing Hardware with with a race to the bottom pricing model didn't survive those that use the the cloud infrastructure as a starting point to build higher value capabilities they're the ones that have succeeded to this day the same Mo I think will occur in mssps which is there's a base level of capability that they've got to be able to deliver and it is the burden of the mssp to innovate effectively to elevate their value problem it's interesting Dynamic and I brought it up mainly because if you believe that this is going to be a growing New Market price erosion is more in mature markets so it's interesting to see that Dynamic come up and we'll see how that handles on the on the economics and just the macro side of it getting more into kind of like the next gen autonomous pen testing is a leading indicator that a new kind of security assessment is here um if I said that to you how do you respond to that what is this new security assessment mean what does that mean for the customer and to the partner and that that relationship down that whole chain yeah um back to I'm wearing a CIO hat right now don't tell me we're secure in PowerPoint show me we're secure Today Show me where we're secure tomorrow and then show me we're secure again next week because that's what matters to me if you can show me we're secure I can understand the risk I'm accepting and articulate it up to my board to my Regulators up until now we've had a PowerPoint tell me where secure culture and security and I just don't think that's going to last all that much longer so I think the future of security testing and assessment is this shift from a PowerPoint report to truly showing me that my I'm secure enough you guys auto-generate those statements now you mentioned that earlier that's exactly right because the other part is you know the classic way to do security reports was garbage in garbage out you had a human kind of theoretically fill out a spreadsheet that magically came up with the risk score or security posture that doesn't work that's a check the box mentality what you want to have is an accurate High Fidelity understanding of your blind spots your threat vectors what data is at risk what credentials are at risk you want to look at those results over time how quickly did I find problems how quickly did I fix them how often did they reoccur and that is how you get to a show me where secure culture whether I'm a company or I'm a channel partner working with Horizon 3.ai I have to put my name on the line and say Here's a service level agreement I'm going to stand behind there's levels of compliance you mentioned that earlier how do you guys help that area because that becomes I call the you know below the line I got to do it anyway usually it's you know they grind out the work but it has to be fundamental because if the threats vectors are increasing and you're handling it like you say you are the way it is real time today tomorrow the next day you got to have that other stuff flow into it can you describe how that works under the hood yeah there's there's two parts to it the first part is that attackers don't have to hack in with zero days they log in with credentials that they found but often what attackers are doing is chaining together different types of problems so if you have 10 different tactics you can chain those together a number of different ways it's not just 10 to the 10th it's it's actually because you don't you don't have to use all the tactics at once this is a very large number of combinations that an attacker can apply upon you is what it comes down to and so at the base level what you want to have is what are the the primary tactics that are being used and those tactics are always being added to and evolving what are the primary outcomes that an attacker is trying to achieve steal your data disrupt your systems become a domain admin and borrow and now what you have is it actually looks more like a chess game algorithm than it does any sort of hard-coded automation or anything else which is based on the pieces on the board the the it infrastructure I've discovered what is the next best action to become a domain admin or steal your data and that's the underlying innovation in IP we've created which is next best action Knowledge Graph analytics and adaptiveness to figure out how to combine different problems together to achieve an objective that an attacker cares about so the 3D chess players out there I'd say that's more like 3D chess are the practitioners implementing it but when I think about compliance managers I don't see 3D chess players I see back office accountants in my mind like okay are they actually even understand what comes out of that so how do you handle the compliance side do you guys just check the boxes there is it not part of it is it yeah I I know I don't Envision the compliance guys on the front lines identifying vectors do you know what it doesn't even know what it means yeah it's a great question when you think about uh the market segmentation I think there are we've seen are three basic types of users you've got the the really mature high frequency security testing purple team type folks and for them we are the the force multiplier for them to secure the environment you then have the middle group where the IT person and the security person are the same individual they are barely Treading Water they don't know what their attack surface is and they don't know what to focus on we end up that's actually where we started with the barely Treading Water Persona and that's why we had a product that helped those Network Engineers become superheroes the third segment are those that view security and compliance as synonymous and they don't really care about continuous they care about running and checking the box for PCI and forever else and those customers while they use us they are better served by our partner ecosystem and that's really so the the first two categories tend to use us directly self-service pen tests as often as they want that compliance-minded folks end up going through our partners because they're better served there steel great to have you on thanks for this deep dive on um under the hood section of the interview appreciate it and I think autonomous is is an indicator Beyond pen testing pen testing has become like okay penetration security but this is not going away where do you see this evolving what's next what's next for Horizon take a minute to give a plug for what's going on with copy how do you see it I know you got good margins you're raising Capital always raising money you're not yet public um looking good right now as they say yeah yeah well I think the first thing is our company strategy is in three chapters chapter one is become the best security testing platform in the industry period that's it and be very good at helping you find and fix your security blind spots that's chapter one we've been crushing it there with great customer attraction great partner traction chapter two which we've started to enter is look at our results over time to help that that GRC officer or auditor accurately assess the security posture of an organization and we're going to enter that chapter about this time next year longer term though the big Vision I have is how do I use offense to inform defense so for me chapter three is how do I get away from just security testing towards autonomous security overall where you can use our security testing platform to identify ways to attack that informs defensive tools exactly where to focus how to adjust and so on and now you've got offset and integrated learning Loop between attack and defense that's the future never been done before Master the art of attack to become a better Defender is the bigger vision of the company love the new paradigm security congratulations been following you guys we will continue to follow you thanks for coming on the Special Report congratulations on the new Market expansion International going indirect that a big way congratulations thank you John appreciate it okay this is a special presentation with the cube and Horizon 3.ai I'm John Furrier your host thanks for watching thank you

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

foreign okay we're back at Falcon 2022 crowdstrike's big user conference first time in a couple of years obviously because of kova this is thecube's coverage Dave vellante and Dave Nicholson wall-to-wall coverage two days in a row Michael Rogers the series the newly minted vice president of global alliances at crowdstrike Michael first of all congratulations on the new appointment and welcome to the cube thank you very much it's an honor to be here so dial back just a bit like think about your first hundred days in this new role what was it like who'd you talk to what'd you learn wow well the first hundred days were filled with uh excitement uh I would say 18 plus hours a day getting to know the team across the globe a wonderful team across all of the partner types that we cover and um just digging in and spending time with people and understanding uh what the partner needs were and and and and it was just a it was a blur but a blast I agree with any common patterns that you heard that you could sort of coalesce around yeah I mean I think that uh really what a common thing that we hear at crowdstrike whether it's internal is extra external is getting to the market as fast as possible there's so much opportunity and every time we open a door the resource investment we need we continue to invest in resources and that was an area that we identified and quickly pivoted and started making some of those new investments in a structure of the organization how we cover Partners uh how we optimize uh the different routes to Market with our partners and yeah just a just a it's been a wonderful experience and in my 25 years of cyber security uh actually 24 and a half as of Saturday uh I can tell you that I have never felt and had a better experience in terms of culture people and a greater mission for our customers and our partners you'll Max funny a lot of times Dave we talk about this is we you know we learned a lot from Amazon AWS with the cloud you know taking something you did internally pointing it externally to Pizza teams there's shared responsibility model we talk about that and and one of the things is blockers you know Amazon uses that term blocker so were there any blockers that you identified that you're you're sort of working with the partner ecosystem to knock down to accelerate that go to market well I mean if I think about what we had put in place prior and I had the benefit of being vice president of America's prior to the appointment um and had the pleasure of succeeding my dear friend and Mentor Matthew Pauley um a lot of that groundwork was put in place and we work collectively as a leadership team to knock down a lot of those blockers and I think it really as I came into the opportunity and we made new Investments going into the fiscal year it's really getting to Market as fast as possible it's a massive Target addressable market and identifying the right routes and how to how to harness that power of we to drive the most value to the marketplace yeah what is it what does that look like in terms of alliances alliances can take a lot of shape we've we've talked to uh service providers today as an example um our Global Systems integrators in that group also what what is what does the range look like yeah I mean alliances at crowdstrike and it's a great question because a lot of times people think alliances and they only think of Technology alliances and for us it spans really any and all routes to Market it could be your traditional solution providers which might be regionally focused it could be nationally focused larger solution providers or Lars as you noted service providers and telcos global system integrators mssps iot Partners OEM Partners um and store crouchstrike store Partners so you look across that broad spectrum and we cover it all so the mssps we heard a lot about that on the recent earnings call we've heard this is a consistent theme we've interviewed a couple here today what's driving that I mean is it the fact that csos are just you know drowning for talent um and why crowdstrike why is there such an affinity between mssps and crowdstrike yeah a great question we um and you noted that uh succinctly that csos today are faced with the number one challenge is lack of resources and cyber security the last that I heard was you know in the hundreds of thousands like 350 000 and that's an old stat so I would venture to Guess that the open positions in cyber security are north of a half a million uh as we sit here today and um service providers and mssps are focused on providing service to those customers that are understaffed and have that Personnel need and they are harnessing the crowdstrike platform to bring a cloud native best of breed solution to their customers to augment and enhance the services that they bring to those customers so partner survey what tell us about the I love surveys I love data you know this what was the Genesis of the survey who took it give us the breakdown yeah that's a great question no uh nothing is more important than the feedback that we get from our partners so every single year we do a partner survey it reaches all partner types in the uh in the ecosystem and we use the net promoter score model and so we look at ourselves in terms of how we how we uh rate against other SAS solution providers and then we look at how we did last year and in the next year and so I'm happy to say that we increased our net promoter score by 16 percent year over year but my philosophy is there's always room for improvement so the feedback from our partners on the positive side they love the Falcon platform they love the crowdstrike technology they love the people that they work with at crowdstrike and they like our enablement programs the areas that they like us to see more investment in is the partner program uh better and enhanced enablement making it easier to work with crowdstrike and more opportunities to offer services enhance services to their customers dramatic differences between the types of Partners and and if so you know why do you think those were I mean like you mentioned you know iot Partners that's kind of a new area you know so maybe maybe there was less awareness there were there any sort of differences that you noticed by type of partner I would say that you know the areas or the part the partners that identified areas for improvement were the partners that that uh either were new to crowdstrike or they're areas that we're just investing in uh as as we expand as a company and a demand from the market is you know pull this thing into these new routes to Market um not not one in particular I mean iot is something that we're looking to really blow up in the next uh 12 to 18 months um but no no Common Thread uh consistent feedback across the partner base speaking of iot he brought it up before it's is it in a you see it as an adjacency to i-team it seems like it and OT used to never talk to each other and now they're increasingly doing so but they're still it still seems like different worlds what have you found and learned in that iot partner space yeah I mean I think the key and we the way we look at the journey is it starts with um Discovery discovering the assets that are in the OT environment um it then uh transitions to uh detection and response and really prevention and once you can solve that and you build that trust through certifications in the industry um you know it really is a game changer anytime you have Global in your job title first word that comes to mind for me anyway is sovereignty issues is that something that you deal with in this space uh in terms of partners that you're working with uh focusing on Partners in certain regions so that they can comply with any governance or sovereignty yeah that's that's a great question Dave I mean we have a fantastic and deep bench on our compliance team and there are certain uh you know parameters and processes that have been put in place to make sure that we have a solid understanding in all markets in terms of sovereignty and and uh where we're able to play and how that were you North America before or Americas uh Americas America so you're familiar with the sovereignty issue yeah a little already Latin America is certainly uh exposed me plenty of plenty of that yes 100 so you mentioned uh uh Tam before I think it was total available Market you had a different word for the t uh total addressable Mark still addressable Market okay fine so I'm hearing Global that's a tam expansion opportunity iot is definitely you know the OT piece and then just working better um you know better Groove swing with the partners for higher velocity when you think about the total available total addressable market and and accelerating penetration and growing your Tam I've seen the the charts in your investor presentation and you know starts out small and then grows to you know I think it could be 100 billion I do a lot of Tam analysis but just my back a napkin had you guys approaching 100 billion anyway how do you think about the Tam and what role do Partners play in terms of uh increasing your team yeah that's a great question I mean if you think about it today uh George announced on the day after our 11th anniversary as a company uh 20 000 customers and and if you look at that addressable Market just in the SMB space it's north of 50 million companies that are running on Legacy on-prem Solutions and it really provides us an opportunity to provide those customers with uh Next Generation uh threat protection and and detection and and response partners are the route to get there there is no doubt that we cannot cover 50 50 million companies requires a span of of uh of of of a number of service providers and mssps to get to that market and that's where we're making our bets what what's an SMB that is a candidate for crowdstrike like employee size or how do you look at that like what's the sort of minimum range yeah the way we segment out the SMB space it's 250 seats or endpoints and below 250 endpoints yes right and so it's going to be fairly significant so math changes with xdr with the X and xdr being extended the greater number of endpoints means that a customer today when you talk about total addressable Market that market can expand even without expanding the number of net new customers is that a fair yeah Fair assessment yep yeah you got that way in that way but but map that to like company size can you roughly what's the what's the smallest s that would do business with crowdstrike yeah I mean we have uh companies as small as five employees that will leverage crowd strike yeah 100 and they've got hundreds of endpoints oh no I'm sorry five uh five endpoints is oh okay so it's kind of 250 endpoints as well like the app that's the sweets that's it's that's kind of the Top Line we look at and then we focus oh okay when we Define SMB it's below so five to 250 endpoints right yes and so roughly so you're talking to companies with less than 100 employees right yeah yeah so I mean this is what I was talking about before I say I look around the the ecosystem myself it kind of reminds me of service now in 2013 but servicenow never had a SMB play right and and you know very kind of proprietary closed platform not that you don't have a lot of propriety in your platform you do but you they were never going to get down Market there and their Tam is not as big in my view but I mean your team is when you start bringing an iot it's it's mind-boggling it's endless how large it could be yeah all right so what's your vision for the Elevate program partner program well I I look at uh a couple things that we've we've have in place today one is um one is we've we've established for the first time ever at crowdstrike the Alliance program management office apmo and that team is focused on building out our next Generation partner program and that's you know processes it's you know uh it's it's ring fencing but it's most important importantly identifying capabilities for partners to expand to reduce friction and uh grow their business together with crowdstrike we also look at uh what we call program Harmony and that's taking all of the partner types or the majority of the partner types and starting to look at it with the customer in the middle and so multiple partners can play a role on the journey to bringing a customer on board initially to supporting that customer going forward and they can all participate and be rewarded for their contribution to that opportunity so it's really a key area for us going forward Hub and spoke model with the center of the that model is the customer you're saying that's good okay so you're not like necessarily fighting each other for for a sort of ownership of that model but uh cool Michael Rogers thanks so much for coming on thecube it was great to have you my pleasure thank you for having me you're welcome all right keep it right there Dave Nicholson and Dave vellante we'll be right back to Falcon 22 from the Aria in Las Vegas you're watching thecube foreign [Music]

(light corporate music) >> Welcome back, everyone, to VMware Explore 22. I'm John Furrier, host of theCUBE with Dave Vellante. Our 12th year covering VMware's User Conference, formerly known as VMworld, now rebranded as VMware Explore. Two great cube alumnus coming down the cube. Ricky Cooper, SVP, Worldwide Partner Commercials VMware, great to see you. Thanks for coming on. >> Thank you. >> We just had a great chat- >> Good to see you again. >> With the Discovery and, of course, Joseph George, vice president of Compute Industry Alliances. Great to have you on. Great to see you. >> Great to see you, John. >> So guys this year is very curious in VMware. A lot goin' on, the name change, the event. Big, big move. Bold move. And then they changed the name of the event. Then Broadcom buys them. A lot of speculation, but at the end of the day, this conference kind of, people were wondering what would be the barometer of the event. We're reporting this morning on the keynote analysis. Very good mojo in the keynote. Very transparent about the Broadcom relationship. The expo floor last night was buzzing. >> Mhm. >> I mean, this is not a show that's lookin' like it's going to be, ya' know, going down. >> Yeah. >> This is clearly a wave. We're calling it Super Cloud. Multi-Cloud's their theme. Clearly the cloud's happenin'. We not to date ourselves, but 2013 we were discussing on theCUBE- >> We talked about that. Yeah. Yeah. >> Discover about DevOps infrastructure as code- >> Mhm. >> We're full realization now of that. >> Yep. >> This is where we're at. You guys had a great partnership with VMware and HPE. Talk about where you guys see this coming together because customers are refactoring. They are lookin' at Cloud Native. The whole Broadcom visibility to the VMware customer bases activated them. They're here and they're leaning in. >> Yeah. >> What's going on? >> Yeah. Absolutely. We're seeing a renewed interest now as customers are looking at their entire infrastructure, bottoms up, all the way up the stack, and the notion of a hybrid cloud, where you've got some visibility and control of your data and your infrastructure and your applications, customers want to live in that sort of a cloud environment and so we're seeing a renewed interest. A lot of conversations we're having with customers now, a lot of customers committing to that model where they have applications and workloads running at the Edge, in their data center, and in the public cloud in a lot of cases, but having that mobility, having that control, being able to have security in their own, you know, in their control. There's a lot that you can do there and, obviously, partnering with VMware. We've been partners for so long. >> 20 years about. Yeah. Yeah. >> Yeah. At least 20 years, back when they invented stuff, they were inventing way- >> Yeah. Yeah. Yeah. >> VMware's got a very technical culture, but Ricky, I got to say that, you know, we commented earlier when Raghu was on, the CEO, now CEO, I mean, legendary product. I sent the trajectory to VMware. Everyone knows that. VMware, I can't know whether to tell it was VMware or HP, HP before HPE, coined hybrid- >> Yeah. >> 'Cause you guys were both on. I can't recall, Dave, which company coined it first, but it was either one of you guys. Nobody else was there. >> It was the partnership. >> Yes. I- (cross talking) >> They had a big thing with Pat Gelsinger. Dave, remember when he said, you know, he got in my grill on theCUBE live? But now you see- >> But if you focus on that Multi-Cloud aspect, right? So you've got a situation where our customers are looking at Multi-Cloud and they're looking at it not just as a flash in the pan. This is here for five years, 10 years, 20 years. Okay. So what does that mean then to our partners and to our distributors? You're seeing a whole seed change. You're seeing partners now looking at this. So, look at the OEMs, you know, the ones that have historically been vSphere customers are now saying, they're coming in droves saying, okay, what is the next step? Well, how can I be a Multi-Cloud partner with you? >> Yep. Right. >> How can I look at other aspects that we're driving here together? So, you know, GreenLake is a great example. We keep going back to GreenLake and we are partaking in GreenLake at the moment. The real big thing for us is going to be, right, let's make sure that we've got the agreements in place that support this SaaS and subscription motion going forward and then the sky's the limit for us. >> You're pluggin' that right into GreenLake, right? >> Well, here's why. Here's why. So customers are loving the fact that they can go to a public cloud and they can get an SLA. They come to a, you know, an On-Premise. You've got the hardware, you've got the software, you've got the, you know, the guys on board to maintain this through its life cycle. >> Right. I mean, this is complicated stuff. >> Yeah. >> Now we've got a situation where you can say, hey, we can get an SLA On-Premise. >> Yeah. And I think what you're seeing is it's very analogous to having a financial advisor just manage your portfolio. You're taking care of just submitting money. That's really a lot of what the customers have done with the public cloud, but now, a lot of these customers are getting savvy and they have been working with VMware Technologies and HPE for so long. They've got expertise. They know how they want their workloads architected. Now, we've given them a model where they can leverage the Cloud platform to be able to do this, whether it's On-Premise, The Edge, or in the public cloud, leveraging HPE GreenLake and VMware. >> Is it predominantly or exclusively a managed service or do you find some customers saying, hey, we want to manage ourself? How, what are you seeing is the mix there? >> It is not predominantly managed services right now. We're actually, as we are growing, last time we talked to HPE Discover we talked about a whole bunch of new services that we've added to our catalog. It's growing by leaps and bounds. A lot of folks are definitely interested in the pay as you go, obviously, the financial model, but are now getting exposed to all the other management that can happen. There are managed services capabilities, but actually running it as a service with your systems On-Prem is a phenomenal idea for all these customers and they're opening their eyes to some new ways to service their customers better. >> And another phenomenon we're seeing there is where partners, such as HPA, using other partners for various areas of their services implementation as well. So that's another phenomenon, you know? You're seeing the resale motion now going into a lot more of the services motion. >> It's interesting too, you know, I mean, the digital modernization that's goin' on. The transformation, whatever you want to call it, is complicated. >> Yeah. >> That's clear. One of the things I liked about the keynote today was the concept of cloud chaos. >> Yeah. >> Because we've been saying, you know, quoting Andy Grove at Intel, "Let chaos rain and rain in the chaos." >> Mhm. >> And when you have inflection points, complexity, which is the chaos, needs to be solved and whoever solves it kicks the inflection point, that's up into the right. So- >> Prime idea right here. Yeah. >> So GreenLake is- >> Well, also look at the distribution model and how that's changed. A couple of points on a deal. Now they're saying, "I'll be your aggregator. I'll take the strain and I'll give you scale." You know? "I'll give you VMware Scale for all, you know, for all of the various different partners, et cetera." >> Yeah. So let's break this down because this is, I think, a key point. So complexity is good, but the old model in the Enterprise market was- >> Sure. >> You solve complexity with more complexity. >> Yeah. >> And everybody wins. Oh, yeah! We're locked in! That's not what the market wants. They want some self-service. They want, as a service, they want easy. Developer first security data ops, DevOps, is already in the cycle, so they're going to want simpler. >> Yeah. >> Easier. Faster. >> And this is kind of why I'll say, for the big announcement today here at VMware Explore, around the VMware vSphere Distributed Services Engine, Project Monterey- >> Yeah. >> That we've talked about for so long, HPE and VMware and AMD, with the Pensando DPU, actually work together to engineer a solution for exactly that. The capabilities are fairly straightforward in terms of the technologies, but actually doing the work to do integration, joint engineering, make sure that this is simple and easy and able to be running HPE GreenLake, that's- >> That's invested in Pensando, right? >> We are. >> We're all investors. Yeah. >> What's the benefit of that? What's, that's a great point you made. What's the value to the customer, bottom line? That deep co-engineering, co-partnering, what does it deliver that others don't do? >> Yeah. Well, I think one example would be, you know, a lot of vendors can say we support it. >> Yep. >> That's great. That's actually a really good move, supporting it. It can be resold. That's another great move. I'm not mechanically inclined to where I would go build my own car. I'll go to a dealership and actually buy one that I can press the button and I can start it and I can do what I need to do with my car and that's really what this does is the engineering work that's gone on between our two companies and AMD Pensando, as well as the business work to make that simple and easy, that transaction to work, and then to be able to make it available as a service, is really what made, it's, that's why it's such a winner winner with our- >> But it's also a lower cost out of the box. >> Yep. >> Right. >> So you get in whatever. Let's call it 20%. Okay? But there's, it's nuanced because you're also on a new technology curve- >> Right. >> And you're able to absorb modern apps, like, you know, we use that term as a bromide, but when I say modern apps, I mean data-rich apps, you know, things that are more AI-driven not the conventional, not that people aren't doing, you know, SAP and CRM, they are, but there's a whole slew of new apps that are coming in that, you know, traditional architectures aren't well-suited to handle from a price performance standpoint. This changes that doesn't it? >> Well, you think also of, you know, going to the next stage, which is to go to market between the two organizations that before. At the moment, you know, HPE's running off doing various different things. We were running off to it again, it's that chaos that you're talking about. In cloud chaos, you got to go to market chaos. >> Yeah. >> But by simplifying four or five things, what are we going to do really well together? How do we embed those in GreenLake- >> Mhm. >> And be known in the marketplace for these solutions? Then you get a, you know, an organization that's really behind the go to market. You can help with sales activation the enablement, you know, and then we benefit from the scale of HPE. >> Yeah. >> What are those solutions I mean? Is it just, is it I.S.? Is it, you know, compute storage? >> Yeah. >> Is it, you know, specific, you know, SAP? Is it VDI? What are you seeing out there? >> So right now, for this specific technology, we're educating our customers on what that could be and, at its core, this solution allows customers to take services that normally and traditionally run on the compute system and run on a DPU now with Project Monterey, and this is now allowing customers to think about, okay, where are their use cases. So I'm, rather than going and, say, use it for this, we're allowing our customers to explore and say, okay, here's where it makes sense. Where do I have workloads that are using a lot of compute cycles on services at the compute level that could be somewhere else like networking as a great example, right? And allowing more of those compute cycles to be available. So where there are performance requirements for an application, where there is timely response that's needed for, you know, for results to be able to take action on, to be able to get insight from data really quick, those are places where we're starting to see those services moving onto something like a DPU and that's where this makes a whole lot more sense. >> Okay. So, to get this right, you got the hybrid cloud, right? >> [Ricky And Joseph] Yes. >> You got GreenLake and you got the distributed engine. What's that called the- >> For, it's HPE ProLiant- >> ProLiant with- >> The VMware- >> With vSphere. >> That's the compute- >> Distributed. >> Okay. So does the customer, how do you guys implement that with the customer? All three at the same time or they mix and match? What's that? How does that work? >> All three of those components. Yeah. So the beauty of the HP ProLiant with VMware vSphere-distributed services engine- >> Mhm. >> Also known as Project Monterey for those that are keeping notes at home- >> Mhm. >> It's, again, already pre-engineered. So we've already worked through all the mechanics of how you would have to do this. So it's not something you have to go figure out how you build, get deployment, you know, work through those details. That's already done. It is available through HPE GreenLake. So you can go and actually get it as a service in partnership with our customer, our friends here at VMware, and because, if you're familiar and comfortable with all the things that HP ProLiant has done from a security perspective, from a reliability perspective, trusted supply chain, all those sorts of things, you're getting all of that with this particular (indistinct). >> Sumit Dhawan had a great quote on theCUBE just an hour or so ago. He said you have to be early to be first. >> Yeah. (laughing) >> I love that quote. Okay. So you were- >> I fought the urge. >> You were first. You were probably a little early, but do you have a lead? I know you're going to say yes, okay. Let's just- >> Okay. >> Let's just assume that. >> Okay. Yeah. >> Relative to the competition, how do you know? How do you determine that? >> If we have a lead or not? >> Yeah. If you lead. If you're the best. >> We go to the source of the truth which is our customers. >> And what do they tell you? What do you look at and say, okay, now, I mean, when you have that honest conversation and say, okay, we are, we're first, we're early. We're keeping our lead. What are the things that you- >> I'll say it this way. I'll say it this way. We've been in a lot of businesses where there, where we do compete head-to-head in a lot of places. >> Mhm. >> And we know how that sales process normally works. We're seeing a different motion from our customers. When we talk about HPE GreenLake, there's not a lot of back and forth on, okay, well, let me go shop around. It is HP Green. Let's talk about how we actually build this solution. >> And I can tell you, from a VMware perspective, our customers are asking us for this the other way around. So that's a great sign is that, hey, we need to see this partnership come together in GreenLake. >> Yeah. >> It's the old adage that Amazon used to coin and Andy Jassy, you know, they do the undifferentiated heavy lifting. >> [Ricky And Joseph] Yeah. >> A lot of that's now Cloud operations. >> Mhm. >> Underneath it is infrastructure's code to the developer. >> That's right. >> That's at scale. >> That's right. >> And so you got a lot of heavy lifting being done with GreenLake- >> Right. >> Which is why there's no objections probably. >> Right. >> What's the choice? What are you going to shop? >> Yeah. >> There's nothing to shop around. >> Yeah, exactly. And then we've got, you know, that is really icing on the cake that we've, you know, that we've been building for quite some time and there is an understanding in the market that what we do with our infrastructure is hardened from a reliability and quality perspective. Like, times are tough right now. Supply chain issues, all that stuff. We've talked, all talked about it, but at HPE, we don't skimp on quality. We're going to spend the dollars and time on making sure we got reliability and security built in. It's really important to us. >> We had a great use case. The storage team, they were provisioning with containers. >> Yes. >> Storage is a service instantly we're seeing with you guys with VMware. Your customers' bringing in a lot of that into the mix as well. I got to ask 'cause every event we talk about AI and machine learning- >> Mhm. >> Automation and DevOps are now infiltrating in with the CICD pipeline. Security and data become a big conversation. >> [Ricky And Joseph] Agreed. >> Okay. So how do you guys look at that? Okay. You sold me on Green. Like, I've been a big fan from day one. Now, it's got maturity on it. I know it's going to get a lot more headroom to do. There's still a lot of work to do, but directionally it's pretty accurate, you know? It's going to be a success. There's still concern about security, the data layer. That's agnostic of environment, private cloud, hybrid, public, and Edge. So that's important and security- >> Great. >> Has got a huge service area. >> Yeah. >> These are on working progress. >> Yeah. Yeah. >> How do you guys view those? >> I think you've just hit the net on the head. I mean, I was in the press and journalist meetings yesterday and our answer was exactly the same. There is still so much work that can be done here and, you know, I don't think anybody is really emerging as a true leader. It's just a continuation of, you know, tryin' to get that right because it is what is the most important thing to our customers. >> Right. >> And the industry is really sort of catching up to that. >> And, you know, when you start talking about privacy and when you, it's not just about company information. It's about individuals' information. It's about, you know, information that, if exposed, actually could have real impact on people. >> Mhm. >> So it's more than just an I.T. problem. It is actually, and from HPE's perspective, security starts from when we're picking our suppliers for our components. Like, there are processes that we put into our entire trusted supply chain from the factory on the way up. I liken it to my golf swing. My golf swing. I slice right like you wouldn't believe. (John laughing) But when I go to the golf pros, they start me back at the mechanics, the foundational pieces. Here's where the problems are and start workin' on that. So my view is, our view is, if your infrastructure is not secure, you're goin' to have troubles with security as you go further up. >> Stay in the sandbox. >> Yeah. >> Yeah. So to speak, you know, they're driving range on the golf analogy there. I love that. Talk about supply chain security real quick because you mentioned supply chain on the hardware side. You're seeing a lot of open source and supply chain in software, trusted software. >> Yep. >> How does GreenLake look at that? How do you guys view that piece of it? That's an important part. >> Yeah. Security is one of the key pillars that we're actually driving as a company right now. As I said, it's important to our customers as they're making purchasing decisions and we're looking at it from the infrastructure all the way up to the actual service itself and that's the beauty of having something like HPE GreenLake. We don't have to pick, is the infrastructure or the middle where, or the top of stack application- >> It's (indistinct), right? >> It's all of it. >> Yeah. >> It's all of it. That matters. >> Quick question on the ecosystem posture. So- >> Sure. >> I remember when HP was, you know, one company and then the GSIs were a little weird with HP because of EDS, you know? You had data protector so we weren't really chatting up Veeam at the time, right? And as soon as the split happened, ecosystem exploded. Now you have a situation where you, Broadcom, is acquiring VMware. You guys, big Broadcom customer. Has your attitude changed or has it not because, oh, we meet with the customers already. Well, you've always said that, but have you have leaned in more? I mean, culturally, is HPE now saying, hmm, now we have some real opportunities to partner in new ways that we don't have to sleep with one eye open, maybe. (John laughing) >> So first of all, VMware and HPE, we've got a variety of different partners. We always have. >> Mhm. >> Well before any Broadcom announcement came along. >> Yeah, sure. >> We've been working with a variety of partners. >> And that hasn't changed. >> And that hasn't changed. And, if your question is, has our posture toward VMware changed at all, the answer's absolutely not. We believe in what VMware is doing. We believe in what our customers are doing with VMware and we're going to continue to work with VMware and partner with the (indistinct). >> And of course, you know, we had to spin out ourselves in November of last year, which I worked on, you know, the whole Dell thing. >> Yeah. We still had the same chairman. >> Yeah. There- (Dave chuckling) >> Yeah, but since then, I think what's really become very apparent and not, it's not just with HPE, but with many of our partners, many of the OEM partners, the opportunity in front of us is vast and we need to rely on each other to help us as, you know, solve the customer problems that are out there. So there's a willingness to overlook some things that, in the past, may have been, you know, barriers. >> But it's important to note also that it's not that we have not had history- >> Yeah. >> Right? Over, we've got over 200,000 customers join- >> Hundreds of millions of dollars of business- >> 100,000, over 10,000, or 100,000 channel partners that we all have in common. >> Yeah. Yeah. >> Yep. >> There's numerous- >> And independent of the whole Broadcom overhang there. >> Yeah. >> There's the ecosystem floor. >> Yeah. >> The expo floor. >> Right. >> I mean, it's vibrant. I mean, there's clearly a wave coming, Ricky. We talked about this briefly at HPE Discover. I want to get an update from your perspectives, both of you, if you don't mind weighing in on this. Clearly, the wave, we're calling it the Super Cloud, 'cause it's not just Multi-Cloud. It's completely different looking successes- >> Smart Cloud. >> It's not just vendors. It's also the customers turning into clouds themselves. You look at Goldman Sachs and- >> Yep. >> You know, I think every vertical will have its own power law of Cloud players in the future. We believe that to be true. We're still testing that assumption, but it's trending in when you got OPEX- >> [Ricky And Joseph] Right. >> Has to go to in-fund statement- >> Yeah. >> CapEx goes too. Thanks for the Cloud. All that's good, but there's a wave coming- >> Yeah. >> And we're trying to identify it. What do you guys see as this wave 'cause beyond Multi-Cloud and the obvious nature of that will end up happening as a state and what happens beyond that interoperability piece, that's a whole other story, and that's what everyone's fighting for, but everyone out in that ecosystem, it's a big wave coming. They've got their surfboards. They're ready to go. So what do you guys see? What is the next wave that everyone's jacked up about here? >> Well, I think that the Multi-Cloud is obviously at the epicenter. You know, if you look at the results that are coming in, a lot of our customers, this is what's leading the discussion and now we're in a position where, you know, we've brought many companies over the last few years. They're starting to come to fruition. They're starting to play a role in, you know, how we're moving forward. >> Yeah. >> Some of those are a bit more applicable to the commercial space. We're finding commercial customers that never bought from us before. Never. Hundreds and hundreds are coming through our partner networks every single quarter, you know? So brand new to VMware. The trick then is how do you nurture them? How do you encourage them? >> So new logos are comin' in. >> New logos are coming in all the time, all the time, from, you know, from across the ecosystem. It's not just the OEMs. It's all the way back- >> So the ecosystem's back of VMware. >> Unbelievably. So what are we doing to help that? There's two big things that we've announced in the recent weeks is that Partner Connect 2.0. When I talked to you about Multi-Cloud and what the (indistinct), you know, the customers are doing, you see that trend. Four, five different separate clouds that we've got here. The next piece is that they're changing their business models with the partners. Their services is becoming more and more apparent, et cetera, you know? And the use of other partners to do other services, deployment, or this stuff is becoming prevalent. Then you've got the distributors that I talked about with their, you know, their, then you route to market, then you route to business. So how do you encapsulate all of that and ensure your rewarding partners on all aspects of that? Whether it's deployment, whether it's test and depth, it's a points-based system we've put in place now- >> It's a big pie that's developing. The market's getting bigger. >> It's getting so much bigger. And then you help- >> I know you agree, obviously, with that. >> Yeah. Absolutely. In fact, I think for a long time we were asking the question of, is it going to be there or is it going to be here? Which was the wrong question. (indistinct cross talking) Now it's everything. >> Yeah. >> And what I think that, what we're seeing in the ecosystem, is that people are finding the spots that, where they're going to play. Am I going to be on the Edge? >> Yeah. >> Am I going to be on Analytics Play? Am I going to be, you know, Cloud Transition Play? There's a lot of players are now emerging and saying, we're- >> Yeah. >> We're, we now have a place, a part to play. And having that industry view not just of, you know, a commercial customer at that level, but the two of us are lookin' at Teleco, are looking at financial services, at healthcare, at manufacturing. How do these new ecosystem players fit into the- >> (indistinct) lifting. Everyone can see their position there. >> Right. >> We're now being asked for simplicity and talk to me about partner profitability. >> Yes. >> How do I know where to focus my efforts? Am I spread too thin? And, you know, that's, and my advice that the partner ecosystem out there is, hey, let's pick out spots together. Let's really go to, and then strategic solutions that we were talking about is a good example of that. >> Yeah. >> Sounds like composability to me, but not to go back- (laughing) Guys, thanks for comin' on. I think there's a big market there. I think the fog is lifted. People seeing their spot. There's value there. Value creation equals reward. >> Yeah. >> Simplicity. Ease of use. This is the new normal. Great job. Thanks for coming on and sharing. (cross talking) Okay. Back to live coverage after this short break with more day one coverage here from the blue set here in Moscone. (light corporate music)

(upbeat music) >> Hey, everyone. Welcome to this CUBE Conversation that's part of the AWS startup showcase Season Two, Episode Four. I'm your host Lisa Martin. Chase Doelling joins me, the principles strategist at JumpCloud. Chase, welcome to theCUBE. It's great to have you. >> Chase: Perfect. Well, thank you so much, Lisa. I really appreciate the opportunity to come and hang out. >> Let's talk about JumpCloud. First of all, love the name. This is an open directory platform. Talk to the audience about what the platform is, obviously, the evolution of the domain controller. But give us that backstory? >> Yeah, absolutely. And so, company was started, and I think, from serial entrepreneurs, and after kind of last exit, taking a look around and saying, "Why is this piece of hardware still the dominant force when you're thinking about identities, especially when the world is moving to cloud, and all the different pieces that have been around it?" And so, over the years, we've evolved JumpCloud into an open directory platform. And what that is, is we're managing your identities, the devices that are associated to that, all the access points that employees need just to get their job done. And the best part is, is we're able to do that no matter where they are within the world. >> It seems like kind of a reinvention of how modern IT teams are getting worked done, especially in these days of remote work. Talk to me a little bit about the last couple of years particularly as remote work exploded, and here we are still probably, permanently, in that situation? >> Yeah, absolutely. And I think it's probably going to be one of those situations where we stick with it for quite a while. We had a very abrupt force in making sure that essentially every IT and security team could grapple with the fact of their users are no longer coming into the office. You know, how do we VPN into all of our different resources? Those are very common and unfortunate pain points that we've had over the last couple years. And so, now, people have starting to kind of get into the motion of it, working from home, having background and setups and other pieces. But one of the main areas of concern, especially as you're thinking about that, is how does it relate to my security infrastructure, or kind of my approach to my organization. And making sure that too, on the tail end, that a user's access and making sure that they can get into everything that they need to do in order to get work done, is still happening? And so, what we've done, is we've really taken, evolving and really kind of ripping apart this notion of what a directory was. 'Cause originally, it was just like, great, almost like a phone directory. It's where people lived they're going into all those different pieces. But it wasn't set up for the modern world, and kind of how we're approaching it, and how organizations now are started with a credit card and have all of their infrastructure. And essentially, all of their IP, is now hosted somewhere else. And so, we wanted to take a different approach where we're thinking about, not only managing that identity, but taking an open approach. So, matter where the identity's coming from, we can integrate that into the platform but then we're also managing and securing those devices, which is often the most important piece that we have sitting right in front of us in order to get into that. But then, also that final question, of when you're accessing networks applications, can you create the conditions for trust, right? And so, if you're looking at zero trust, or kind of going after different levels of compliance, ISO, SOC2, whatever that might be, making sure that you have all that put in place no matter where your employees are. So, in that way, as we kind of moved into this remote, now hybrid world, it wasn't the office as the gating point anymore, right? So, key cards, as much as we love 'em, final part, whereas the new perimeter, the kind of the new barrier for organizations especially how they're thinking about security, is the people's identities behind that. And so, that's the approach that we really wanted to take as we continue to evolve and really open up what a directory platform can do. >> Yeah. Zero trust security, remote work. Two things that have exploded in the last couple of years. But as employees, we expected to be able to still have the access that we needed to apps, to the network, to WiFi, et cetera. And, of course, on the security side, we saw massive changes in the threat landscape that really, obviously, security elevates to a board level conversation. So, I imagine zero trust security, remote work, probably compliance, you mentioned SOC2, are some of the the key use cases that you're helping organizations with? >> Those are a lot of the drivers. And what we do, is we're able to combine a lot of different aspects that you need for each one of those. And so, now you're thinking about essentially, the use case of someone joins an organization, they need access to all these different things. But behind the scenes, it's a combination of identity access management, device management, applications, networks, everything else, and creating those conditions for them to do their roles. But the other piece of that, is you also don't want to be overly cumbersome. I think a lot of us think about security as like great biometrics, so I'm going to add in these keys, I'm going to do everything else to kind of get into these secured resources. But the reality of it now, is those secure resources might be AWS infrastructure. It might be other Salesforce reporting tools. It might be other pieces, or kind of IP within the organization. And those are now your crown jewel. And so, if you're not thinking about the identities behind them and the security that you have in order to facilitate that transaction, it becomes a board level conversation very quickly. But you want to do it in a way that people can move forward with their lives, and they're not spending a ton of time battling the systems and procedures you put in place to protect it, but that it's working together seamlessly. And so, that's where, kind of this notion for us of bringing all these different technologies into one platform. You're able to consolidate a lot of those and remove a lot of the friction while maintaining the visibility, and answering the question, of who has access to what? And when did they do that? Those are the most critical pieces that IT and security teams are asking themselves when something happens. And hopefully, on the preventative side and not so much on the redacted side. >> Have you seen the escalation up the C-Suite change of the board in terms of really focusing on how do we do identity management? How do we do single sign on? How do we do device management and network access? Is that all the way up to the C-Suite board level as well? >> It certainly can be. And we've seen it in a lot of different conversations, because now you are thinking about all different portions of the organization. And then, two, as we're thinking about times we're currently in, there's also a cost associated to that. And so, when you start to consolidate all of those technologies into one area, now it becomes much more of total cost optimization types of story while you're still maintaining a lot of the security and basic blocking and tackling that you need for most organizations. So, everything you just mentioned, those are now table stakes for a lot of small, medium, startups to be at the table. So, how do you have access to enterprise level, essentially technology, without the cost that's associated to it. And that's a lot of the trade offs that organizations are facing and having those types of conversations as it relates to business preparedness and how we're making sure that we are putting our best foot forward, and we're able to be resilient in no matter what type, of either economic or security threat that the organization might be looking at. >> So, let's talk about the go-to market, the strategy from a sales and marketing perspective. Where are the customer conversations happening? Are they at the IT level? Are they higher up the stack? >> It's really at, I'd say the IT level. And so, by that, I mean the builders, the implementers, everyone that's responsible for putting devices in people's hands, and making sure that they can do their job effectively. And so, those are their, I'd say the IT admins the world as well as the managed service providers who support those organizations, making sure that we can enable them to making sure that their organizations or their client organizations have all the tools that their disposable to make sure that they have the security or the policies, and the technology behind them to enable all those different practices. >> Let's unpack the benefits from an IT perspective? Obviously, they're getting one console that they can manage at all. One user identity for email, and devices, and apps, and things. You mentioned regardless of location, but this is also regardless of operating system, correct? >> That's correct. And so, part of taking an open approach, is also the devices that you're running on. And so, we take a cross OS approach. So, Mac, Windows, Linux, iPhone, whatever it might be, we can make sure that, that device is secure. And so, it does a couple different things. So, one, is the employees have device choice, right? So, I'm a Mac person coming in. If forced into a Windows, it'd be an interesting experience. But then, also too, from the back end, now you have essentially one platform to manage your entire fleet. And also give visibility and data behind what's happening behind those. And then, from the end user perspective as well, everything's tied together. And so, instead of having, what we'll call user ID schizophrenia, it might be one employee, but hundreds of different identities and logins just to get their work done. We can now centralize that into one person, making sure you have one password to get into your advice, get into the network, to get into your single sign on. We also have push MFA associated with that. So, you can actually create the conditions for your most secured access, or you understand, say, "Hey, I'm actually in the office. I'm going to be a hybrid employee. Maybe I can actually relax some of those security concerns I might have for people outside of the network." And all we do, is making sure that we give all that optionality to our IT admins, manage service providers of the world to enable that type of work for their employees to happen. >> So, they have the ability to toggle that, is critically important in this day and age of the hybrid work model, that's probably here to stay? >> It is, yeah. And it's something that organizations change, right? Our own organizations, they grow, they change different. New threats might emerge, or same old existing threats continue to come back. And we need to just have better processes and automations put within that. And it's when you start to consolidate all of those technologies, not only are you thinking about the visibility behind that, but then you're automating a lot of those different pieces that are already tightly coupled together. And that actually is truly powerful for a lot of the IT admins of the world, because that's where they spend a lot of time, and they're able to spend more time helping users tackling big projects instead of run rate security, and blocking, and tackling. That should be enabled from the organization from the get go. >> You mentioned automation. And I think that there's got to be a TCO reduction aspect here with respect to security and IT practices. Can you talk about that a little bit? >> Yeah, absolutely. Let's think about the opposite of that. Let's say we have a laundry list of technology that we need to go out and source. One is, great, where the identity is, so we have an identity provider. Now, we need to make sure that we have application access that might look like single sign on. Now, we need to make sure, you are who you are no matter where you are in the world. Well, now we need multifactor authentication and that might involve either a push button, or biometrics. And then, well, great the device's in front of us, that's a huge component, making sure that I can understand, not only who's on the device, but that the device is secure, that there's certificates there, that there's policies that ensure the proper use of that wherever it might be. Especially, if I'm an employee, either, it used to be on the the jet center going between flying anywhere you need. Now, it's kind of cross country, cross domain, all those different areas. And when you start to have that, it really unlocks, essentially IT sprawl. You have a lot of different pieces, a lot of different contracts, trying to figure out one technology works, but the other might not. And you're now you're creating workarounds for all these different pieces. So, the opposite of that, is essentially, let's take all those technologies and consolidate that into one platform. So, not only is it cheaper essentially, looking after that and understanding all the different technologies, but now it's all the other soft costs around it that many people don't think about. It's all the other automations. It's all the workarounds that you didn't have to do in the first place. It's all the other pieces that you'd spend a lot of time trying to wire it together. Into the hopes of that, it creates some security model. But then again, you lose a lot of the visibility. So, you might have an incident happen over here, or a trigger, or alert, but it's not tied to the rest of the stack. And so, now you're spending a lot of time, especially, either trying to understand. And worse timing, is if you have an incident and you're trying to understand what's happening? Unraveling all of that as it happens, becomes impossible, especially if it's not consolidated with one platform. So, there's not only the hard cost aspect of bringing all that together, but also the soft costs of thinking about how your business can perform, or at least optimize for a lot of those different standard processes, including onboarding, offboarding, and everything else in between. >> Yeah. On the soft cost side, I can imagine. I can see huge benefits for HR onboarding, offboarding. I can see benefits for the employee experience period, which directly relates to the customer experience. So, in terms of the business impact that JumpCloud can make, it seems to be pretty horizontal across any type of organization? >> It is, and especially as you mentioned HR. Because when you think about, where does the origin of someone's identity start? Well, typically, it starts with a resume and that might be in applicant tracking software. Now, we're going to get hired, so we're going to move into HR, because, well, everyone likes payroll, and we need that in our lives, right? But now you get into the second phase, of great, now I've joined the organization. Now, I need access to all of these different pieces. But when you look at it, essentially horizontally, from HR, all the way into the employee experience, and their whole life cycle within the organization, now you're touching multiple different teams And that's one of the other, I'd say benefits of that, is now you're actually bringing in HR, and IT, and security, and everyone else that might be related within these kind of larger use cases of making work happen all coming under. And when they're tightly integrated, it's also a lot more secure, right? So, you're not passing notes along. You're not having a checklist of other stuff, especially when it relates to something as important as someone's identity, which is more often than not, the most common attack vector for people to go after. Because they know it's the keys to the kingdom. There's going to be a lot of different attempts, maybe malware and other pieces, but a lot of it comes back into, can I impersonate, or become the person that I want within the organization, because it's the identity allows you to access all those different pieces. And so, if it's coming from a disjointed process or something that's not as tightly as it could be, that's where it really opens up a lot of different vectors that organizations don't think about. >> Right, and those vectors are only growing and multiplying as we know, and here to stay. When you're in customer conversations what do you describe as maybe the top three differentiators of JumpCloud compared to the competition? >> Well, I think a lot of it is we take an open approach. And so, by that, I mean, it's one we're not locking into, I'd say different vendors or other areas. We're really looking into making sure that we can work within your environment as it stands today, or where you want to migrate in the future. And so, this could be a combination of on-prem resources, cloud resources, or nothing if you're starting a company from today. And the second, is again, coming back into how we're looking at devices. So, we take a cross OS approach that way, no matter what you're operating on, it all comes back from the same dashboard. But then, finally, we leverage a ton of different protocols to make sure it works with everything within your current technology stack, as well as it continues to elevate and evolve over time. So, it could be LD app and Radius, and Sam, and skim, and open ID Connect, and open APIs. And whatever that might be, we are able to tie in all those different pieces. So, now, all of a sudden, it's not just one platform, but you have your whole business tied into as that gives you some flexibility too, to evolve. Because even during the pandemic and the shift for remote, there's a lot of technology choices that shifted. A lot of people are like, "Okay, now's the time to go to the cloud." There might be other events that organizations change. There's other things that might happen. So, creating that flexibility for organizations to move and make those calls, is essentially how we're differentiating ourselves. And we're not locking you into this, walled garden of technology that's just our own. We really want to make sure that we can operate, and be that glue, so that way, no matter what you're trying to do and making sure that your work is being done, we can help facilitate that. >> Nice. No matter what happens. Because boy, at this day, anything's possible. One more question for you about your AWS partnership. Talk to me a little bit about that? >> Yeah, absolutely. So, we are preferred ADP identity provider and SSO provider for AWS. And so, now rebranded under their identity center. But it's crucial for a lot of our organizations and joint customers because again, when we think about a lot of organization IP and how they operate as a business, is tied into AWS. And so, really understanding, who has the right level of access? Who should be in there or not? And when too, you should challenge in making sure that actually there's something fishy there. Like let's make sure that they're not just traveling to Europe on a sabbatical, and it's really who they are instead of a threat actor. Those are some of the pieces when we're thinking about creating that authentication, but then also, the right authorization into those AWS resources. And so, that's actually something that we've been very close to, especially, I'd say that the origins of a company. Because a lot of startups, that's where they go. That's where they begin their journey. And so, we meet them where they are, and making sure that we're protecting not only everything else within their organization, but also what they're trying to get into, which is typically AWS >> Meeting customers where they are. It's all about that. Chase, thank you so much for joining me on the program talking about JumpCloud, it's open directory platform. The benefits, the capabilities, what's in it for IT, HR, security, et cetera. We appreciate all of your insights and time. Where do you want to point folks to go to learn more? >> Well, absolutely. Well, thank you so much for having us. And I'd say, if you're curious about any and all these different technologies, the best part is everything I talked about is free up to 10 users, 10 devices. So, just go to jumpcloud.com. You can create an organization, and it's great for startups, people at home. Any size company that you're at, we can help support all of those different facets in bringing in those different types of technologies all into one roof. >> Awesome. Chase, thank you so much. This is awesome, go to jumpcloud.com. For Chase Doelling, I'm Lisa Martin. We want to thank you so much for giving us some of your time and watching this CUBE Conversation. (upbeat music)

>>Hello. Welcome back to our super cloud 22 event. I'm John F host the cue with my co-host Dave ante. Extracting the signal from noise. We're proud to have two amazing cube alumnis here. We got Sanja Putin. Who's now the CEO of cohesive the emo Aaron who's the CTO. Co-founder also former CEO Cub alumni. The father of hyper-converged welcome back to the cube I endorsed the >>Cloud. Absolutely. Is the father. Great >>To see you guys. Thank thanks for coming on and perfect timing. The new job taking over that. The helm Mo it at cohesive big news, but part of super cloud, we wanna dig into it. Thanks for coming on. >>Thank you for having >>Us here. So first of all, we'll get into super before we get into the Supercloud. I want to just get the thoughts on the move Sanjay. We've been following your career since 2010. You've been a cube alumni from that point, we followed that your career. Why cohesive? Why now? >>Yeah, John David, thank you first and all for having us here, and it's great to be at your event. You know, when I left VMware last year, I took some time off just really primarily. I hadn't had a sabbatical in probably 18 years. I joined two boards, Phillips and sneak, and then, you know, started just invest and help entrepreneurs. Most of them were, you know, Indian Americans like me who were had great tech, were looking for the kind of go to market connections. And it was just a wonderful year to just de to unwind a bit. And along the, the way came CEO calls. And I'd asked myself, the question is the tech the best in the industry? Could you see value creation that was signi significant and you know, three, four months ago, Mohit and Carl Eschenbach and a few of the board members of cohesive called me and walk me through Mo's decision, which he'll talk about in a second. And we spent the last few months getting to know him, and he's everything you describe. He's not just the father of hyperconverge. And he wrote the Google file system, wicked smart, built a tech platform better than that second time. But we had to really kind of walk through the chemistry between us, which we did in long walks in, in, you know, discrete places so that people wouldn't find us in a Starbucks and start gossiping. So >>Why Sanjay? There you go. >>Actually, I should say it's a combination of two different decisions. The first one was to, for me to take a different role and I run the company as a CEO for, for nine years. And, you know, as a, as a technologist, I always like, you know, going deep into technology at the same time, the CEO duties require a lot of breadth, right? You're talking to customers, you're talking to partners, you're doing so much. And with the way we've been growing the with, you know, we've been fortunate, it was becoming hard to balance both. It's really also not fair to the company. Yeah. So I opted to do the depth job, you know, be the visionary, be the technologist. And that was the first decision to bring a CEO, a great CEO from outside. >>And I saw your video on the site. You said it was your decision. Yes. Go ahead. I have to ask you, cuz this is a real big transition for founders and you know, I have founder artists cuz everyone, you know, calls me that. But being the founder of a company, it's always hard to let go. I mean nine years as CEO, it's not like you had a, you had a great run. So this was it timing for you? Was it, was it a structural shift, like at super cloud, we're talking about a major shift that's happening right now in the industry. Was it a balance issue? Was it more if you wanted to get back in and in the tech >>Look, I, I also wanna answer, you know, why Sanja, but, but I'll address your question first. I always put the company first what's right for the company. Is it for me to start get stuck the co seat and try to juggle this depth and Brad simultaneously. I mean, I can stroke my ego a little bit there, but it's not good for the company. What's best for the company. You know, I'm a technologist. How about I oversee the technology part in partnership with so many great people I have in the company and I bring someone kick ass to be the CEO. And so then that was the second decision. Why Sanja when Sanjay, you know, is a very well known figure. He's managed billions of dollars of business in VMware. You know, been there, done that has, you know, some of the biggest, you know, people in the industry on his speed dial, you know, we were really fortunate to have someone like that, come in and accept the role of the CEO of cohesive. I think we can take the company to new Heights and I'm looking forward to my partnership with, with Sanja on this. >>It it's we, we called it the splash brothers and >>The, >>In the vernacular. It doesn't matter who gets the ball, whether it's step clay, we shoot. And I think if you look at some of the great partnerships, whether it was gates bomber, there, plenty of history of this, where a founder and a someone who was, it has to be complimentary skills. If I was a technologist myself and wanted to code we'd clash. Yeah. But I think this was really a match me in heaven because he, he can, I want him to keep innovating and building the best platform for today in the future. And our customers tell one customer told me, this is the best tech they've seen since VMware, 20 years ago, AWS, 10 years ago. And most recently this was a global 100 big customers. So I feel like this combination, now we have to show that it works. It's, you know, it's been three, four months. My getting to know him, you know, I'm day eight on the job, but I'm loving it. >>Well, it's a sluman model too. It's more modern example. You saw, he did it with Fred Ludy at service now. Yes. And, and of course at, at snowflake, yeah. And his book, you read his book. I dunno if you've read his book, amp it up, but app it up. And he says, I always you'll love this. Give great deference to the founder. Always show great respect. Right. And for good reason. So >>In fact, I mean you could talk to him, you actually met to >>Frank. I actually, you know, a month or so back, I actually had dinner with him in his ranch in Moana. And I posed the question. There was a number of CEOs that went there and I posed him the question. So Frank, you know, many of us, we grow being deaf guys, you know? And eventually when we take on the home of our CEO, we have to do breadth. How do you do it? And he's like, well, let me tell you, I was never a death guy. I'm a breath guy. >>I'm like, >>That's my answer. Yeah. >>So, so I >>Want the short story. So the day I got the job, I, I got a text from Frank and I said, what's your advice the first time CEO, three words, amp it up, >>Amp it up. Right? Yeah. >>And so you're always on brand, man. >>So you're an amazing operator. You've proven that time and time again at SAP, VMware, et cetera, you feel like now you, you, you wanna do both of those skills. You got the board and you got the operations cuz you look, you know, look at sloop when he's got Scarelli wherever he goes, he brings Scarelli with him as sort of the operator. How, how do you, how are you thinking >>About that? I mean it's early days, but yeah. Yeah. Small. I mean I've, you know, when I was, you know, it was 35,000 people at VMware, 80, 90,000 people at SAP, a really good run. The SAP run was 10 to 20 billion innovative products, especially in analytics and VMware six to 12 end user computing cloud. So I learned a lot. I think the company, you know, being about 2000 employees plus not to mayor tomorrow, but over the course next year I can meet everybody. Right? So first off the executive team, 10 of us, we're, we're building more and more cohesiveness if I could use that word between us, which is great, the next, you know, layers of VPs and every manager, I think that's possible. So I I'm a people person and a customer person. So I think when you take that sort of extroverted mindset, we'll bring energy to the workforce to, to retain the best and then recruit the best. >>And you know, even just the week we, we were announced that this announcement happened. Our website traffic went through the roof, the highest it's ever been, lots of resumes coming in. So, and then lots of customer engagement. So I think we'll take this, but I, I feel very good about the possibilities, because see, for me, I didn't wanna walk into the company to a company where the technology risk was high. Okay. I feel like that I can go to bed at night and the technology risk is low. This guy's gonna run a machine at the current and the future. And I'm hearing that from customers. Now, what I gotta do is get the, the amp it up part on the go to market. I know a little thing or too about >>That. You've got that down. I think the partnership is really key here. And again, nine use the CEO and then Sanja points to our super cloud trend that we've been looking at, which is there's another wave happening. There's a structural change in real time happening now, cloud one was done. We saw that transition, AWS cloud native now cloud native with an kind of operating system kind of vibe going on with on-premise hybrid edge. People say multi-cloud, but we're looking at this as an opportunity for companies like cohesive to go to the next level. So I gotta ask you guys, what do you see as structural change right now in the industry? That's disruptive. People are using cloud and scale and data to refactor their business models, change modern cases with cloud native. How are you guys looking at this next structural change that's happening right now? Yeah, >>I'll take that. So, so I'll start by saying that. Number one, data is the new oil and number two data is exploding, right? Every year data just grows like crazy managing data is becoming harder and harder. You mentioned some of those, right? There's so many cloud options available. Cloud one different vendors have different clouds. There is still on-prem there's edge infrastructure. And the number one problem that happens is our data is getting fragmented all over the place and managing so many fragments of data is getting harder and harder even within a cloud or within on-prem or within edge data is fragmented. Right? Number two, I think the hackers out there have realized that, you know, to make money, it's no longer necessary to Rob banks. They can actually see steal the data. So ransomware attacks on the rise it's become a boardroom level discussion. They say there's a ransomware attack happening every 11 seconds or so. Right? So protecting your data has become very important security data. Security has become very important. Compliance is important, right? So people are looking for data management solutions, the next gen data management platform that can really provide all this stuff. And that's what cohesive is about. >>What's the difference between data management and backup. Explain that >>Backup is just an entry point. That's one use case. I wanna draw an analogy. Let's draw an analogy to my former company, Google right? Google started by doing Google search, but is Google really just a search engine. They've built a platform that can do multiple things. You know, they might have started with search, but then they went down to roll out Google maps and Gmail and YouTube and so many other things on that platform. So similarly backups might be just the first use case, but it's really about that platform on which you can do more with the data that's next gen data management. >>But, but you am, I correct. You don't consider yourself a security company. One of your competitors is actually pivoting and in positioning themselves as a security company, I've always felt like data management, backup and recovery data protection is an adjacency to security, but those two worlds are coming together. How do you see >>It? Yeah. The way I see it is that security is part of data management. You start maybe by backing with data, but then you secure it and then you do more with that data. If you're only doing security, then you're just securing the data. You, you gotta do more with the data. So data management is much bigger. So >>It's a security is a subset of data. I mean, there you go. Big TA Sanjay. >>Well, I mean I've, and I, I, I I'd agree. And I actually, we don't get into that debate. You know, I've told the company, listen, we'll figure that out. Cuz who cares about the positioning at the bottom? My email, I say we are data management and data security company. Okay. Now what's the best word that describes three nouns, which I think we're gonna do management security and analytics. Okay. He showed me a beautiful diagram, went to his home in the course of one of these, you know, discrete conversations. And this was, I mean, he's done this before. Many, if you watch on YouTube, he showed me a picture of an ice big iceberg. And he said, listen, you know, if you look at companies like snowflake and data bricks, they're doing the management security and mostly analytics of data. That's the top of the iceberg, the stuff you see. >>But a lot of the stuff that's get backed archive is the bottom of the iceberg that you don't see. And you try to, if you try to ask a question on age data, the it guy will say, get a ticket. I'll come back with three days. I'll UNIV the data rehydrate and then you'll put it into a database. And you can think now imagine that you could do live searches analytics on, on age data that's analytics. So I think the management, the security, the analytics of, you know, if you wanna call it secondary data or backed up data or data, that's not hot and live warm, colder is a huge opportunity. Now, what do you wanna call one phrase that describes all of it. Do you call that superpower management security? Okay, whatever you wanna call it. I view it as saying, listen, let's build a platform. >>Some people call Google, a search company. People, some people call Google and information company and we just have to go and pursue every CIO and every CSO that has a management and a security and do course analytics problem. And that's what we're doing. And when I talk to the, you know, I didn't talk to all the 3000 customers, but the biggest customers and I was doing diligence. They're like this thing has got enormous potential. Okay. And we just have to now go focus, get every fortune 1000 company to pick us because this problem, even the first use case you talk back up is a little bit like, you know, razor blades and soap you've needed. You needed it 30 years ago and you'll need it for 30 years. It's just that the tools that were built in the last generation that were companies formed in 1990s, one of them I worked for years ago are aids are not built for the cloud. So I think this is a tremendous opportunity where many of those, those, those nos management security analytics will become part of what we do. And we'll come up with the right phrase for what the companies and do course >>Sanjay. So ma and Sanja. So given that given that's this Google transition, I like that example search was a data problem. They got sequenced to a broader market opportunity. What super cloud we trying to tease out is what does that change over from a data standpoint, cuz now the operating environments change has become more complex and the enterprises are savvy. Developers are savvy. Now they want, they want SAS solutions. They want freemium and expanding. They're gonna drive the operations agenda with DevOps. So what is the complexity that needs to be abstracted away? How do you see that moment? Because this is what people are talking about. They're saying security's built in, driven by developers. Developers are driving operations behavior. So what is the shift? Where do you guys see this new? Yeah. Expansive for cohesive. How do you fit into super cloud? >>So let me build up from that entry point. Maybe back up to what you're saying is the super cloud, right? Let me draw that journey. So let's say the legacy players are just doing backups. How, how sad is it that you have one silo sitting there just for peace of mind as an insurance policy and you do nothing with the data. If you have to do something with the data, you have to build another silo, you have to build another copy. You have to manage it separately. Right. So clearly that's a little bit brain damaged. Right. So, okay. So now you take a little bit of, you know, newer vendors who may take that backup platform and do a little bit more with that. Maybe they provide security, but your problem still remains. How do you do more with the data? How do you do some analytics? >>Like he's saying, right. How do you test development on that? How do you migrate the data to the cloud? How do you manage it? The data at scale? How do you do you provide a unified experience across, across multiple cloud, which you're calling the super cloud. That's where cohesive goes. So what we do, we provide a platform, right? We have tentacles in on-prem in each of the clouds. And on top of that, it looks like one platform that you manage. We have a single control plane, a UI. If you may, a single pin of glass, if, if you may, that our customers can use to manage all of it. And now it looks, starts looking like one platform. You mentioned Google, do you, when you go to, you know, kind Google search or a URL, do you really care? What happens behind the scenes mean behind the scenes? Google's built a platform that spans the whole world. No, >>But it's interesting. What's behind the scenes. It's a beautiful now. And I would say, listen, one other thing to pull on Dave, on the security part, I saw a lot of vendors this day in this space, white washing a security message on top of backup. Okay. And CSO, see through that, they'll offer warranties and guarantees or whatever, have you of X million dollars with a lot of caveats, which will never paid because it's like escape clause here. We won't pay it. Yeah. And, and what people really want is a scalable solution that works. And you know, we can match every warranty that's easy. And what I heard was this was the most scalable solution at scale. And that's why you have to approach this with a Google type mindset. I love the fact that every time you listen to sun pitch, I would, what, what I like about him, the most common word to use is scale. >>We do things at scale. So I found that him and AUR and some of the early Google people who come into the company had thought about scale. And, and even me it's like day eight. I found even the non-tech pieces of it. The processes that, you know, these guys are built for simple things in some cases were better than some of the things I saw are bigger companies I'd been used to. So we just have to continue, you know, building a scale platform with the enterprise. And then our cloud product is gonna be the simple solution for the masses. And my view of the world is there's 5,000 big companies and 5 million small companies we'll push the 5 million small companies as the cloud. Okay. Amazon's an investor in the company. AWS is a big partner. We'll talk about I'm sure knowing John's interest in that area, but that's a cloud play and that's gonna go to the cloud really fast. You not build you're in the marketplace, you're in the marketplace. I mean, maybe talk about the history of the Amazon relationship investing and all that. >>Yeah, absolutely. So in two years back late 2020, we, you know, in collaboration with AWS who also by the way is an investor now. And in cohesive, we rolled out what we call data management as a service. It's our SaaS service where we run our software in the cloud. And literally all customers have to do is just go there and sign on, right? They don't have to manage any infrastructure and stuff. What's nice is they can then combine that with, you know, software that they might have bought from cohesive. And it still looks like one platform. So what I'm trying to say is that they get a choice of the, of the way they wanna consume our software. They can consume it as a SAS service in the cloud. They can buy our software, manage it themselves, offload it to a partner on premises or what have you. But it still looks like that one platform, what you're calling a Supercloud >>Yeah. And developers are saying, they want the bag of Legos to compose their solutions. That's the Nirvana they want to get there. So that's, it has to look the same. >>Well, what is it? What we're calling a Superlo can we, can we test that for a second? So data management and service could span AWS and on-prem with the identical experience. So I guess I would call that a Supercloud I presume it's not gonna through AWS span multiple clouds, but, but >>Why not? >>Well, well interesting cuz we had this, I mean, so, okay. So we could in the future, it doesn't today. Well, >>David enough kind of pause for a second. Everything that we do there, if we do it will be customer driven. So there might be some customers I'll give you one Walmart that may want to store the data in a non AWS cloud risk cuz they're competitors. Right. So, but the control plane could still be in, in, in the way we built it, but the data might be stored somewhere else. >>What about, what about a on-prem customer? Who says, Hey, I, I like cohesive. I've now got multiple clouds. I want the identical experience across clouds. Yeah. Okay. So, so can you do that today? How do you do that today? Can we talk >>About that? Yeah. So basically think roughly about the split between the data plane and the control plane, the data plane is, you know, our cohesive clusters that could be sitting on premises that could be sitting in multiple data centers or you can run an instance of that cluster in the cloud, whichever cloud you choose. Right. That's what he was referring to as the data plane. So collectively all these clusters from the data plane, right? They stored the data, but it can all be managed using the control plane. So you still get that single image, the single experience across all clouds. And by the way, the, the, the, the cloud vendor does actually benefit because here's a customer. He mentioned a customer that may not wanna go to AWS, but when they get the data plane on a different cloud, whether it's Azure, whether it's the Google cloud, they then get data management services. Maybe they're able to replicate the data over to AWS. So AWS also gains. >>And your deployment model is you instantiate the cohesive stack on each of the regions and clouds, is that correct? And you building essentially, >>It all happens behind the scenes. That's right. You know, just like Google probably has their tentacles all over the world. We will instantiate and then make it all look like one platform. >>I mean, you should really think it's like a human body, right? The control planes, the head. Okay. And that controls everything. The data plane is large because it's a lot of the data, right? It's the rest of the body, that data plane could be wherever you want it to be. Traditionally, the part the old days was tape. Then you got disk. Now you got multiple clouds. So that's the way we think about it. And there on that piece of it will be neutral, right? We should be multi-cloud to the data plane being every single place. Cause it's customer demand. Where do you want your store data? Air gapped. On-prem no problem. We'll work with Dell. Okay. You wanna be in a particular cloud, AWS we'll work then optimized with S3 and glacier. So this is where I think the, the path to a multi-cloud or Supercloud is to be customer driven, but the control plane sits in Amazon. So >>We're blessed to have a number of, you know, technical geniuses in here. So earlier we were speaking to Ben wa deja VI, and what they do is different. They don't instantiate an individual, you know, regions. What they do is of a single global. Is there a, is there an advantage of doing it the way the cohesive does it in terms of simplicity or how do you see that? Is that a future direction for you from a technology standpoint? What are the trade offs there? >>So you want to be where the data is when you said single global, I take it that they run somewhere and the data has to go there. And in this day age, correct >>Said that. He said, you gotta move that in this >>Day and >>Age query that's, you know, across regions, look >>In this day and age with the way the data is growing, the way it is, it's hard to move around the data. It's much easier to move around the competition. And in these instances, what have you, so let the data be where it is and you manage it right there. >>So that's the advantage of instantiating in multiple regions. As you don't have to move the >>Data cost, we have the philosophy we call it. Let's bring the, the computation to the data rather than the data to >>The competition and the same security model, same governance model, same. How do you, how do you federate that? >>So it's all based on policies. You know, this overarching platform controlled by, by the control plane, you just, our customers just put in the policies and then the underlying nuts and bolts just take care >>Of, you know, it's when I first heard and start, I started watching some of his old videos, ACE really like hyperconverged brought to secondary storage. In fact, he said, oh yeah, that's great. You got it. Because I first called this idea, hyperconverged secondary storage, because the idea of him inventing hyperconverge was bringing compute to storage. It had never been done. I mean, you had the kind of big VC stuff, but these guys were the first to bring that hyperconverge at, at Nutanix. So I think this is that same idea of bringing computer storage, but now applied not to the warm data, but to the rest of the data, including a >>Lot of, what about developers? What's, what's your relationship with developers? >>Maybe you talk about the marketplace and everything >>He's yeah. And I'm, I'm curious as to do you have a PAs layer, what we call super PAs layer to create an identical developer experience across your Supercloud. I'm gonna my >>Term. So we want our customers not just to benefit from the software that we write. We also want them to benefit from, you know, software that's written by developers by third party people and so on and so forth. So we also support a marketplace on the platform where you can download apps from third party developers and run them on this platform. There's a, a number of successful apps. There's one, you know, look like I said, our entry point might be backups, but even when backups, we don't do everything. Look, for instance, we don't backup mainframes. There is a, a company we partner with, you know, and their software can run in our marketplace. And it's actually used by many, many of our financial customers. So our customers don't get, just get the benefit of what we build, but they also get the benefit of what third parties build. Another analogy I like to draw. You can tell. And front of analogy is I drew an analogy to hyperscale is like Google. Yeah. The second analogy I like to draw is that to a simple smartphone, right? A smartphone starts off by being a great phone. But beyond that, it's also a GPS player. It's a, it's a, it's a music player. It's a camera, it's a flashlight. And it also has a marketplace from where you can download apps and extend the power of that platform. >>Is that a, can we think of that as a PAs layer or no? Is it really not? You can, okay. You can say, is it purpose built for what you're the problem that you're trying to solve? >>So we, we just built APIs. Yeah. Right. We have an SDK that developers can use. And through those APIs, they get to leverage the underlying services that exist on the platform. And now developers can use that to take advantage of all that stuff. >>And it was, that was a key factor for me too. Cause I, what I, you know, I've studied all the six, seven players that sort of so-called leaders. Nobody had a developer ecosystem, nobody. Right? The old folks were built for the hardware era, but anyones were built for the cloud to it didn't have any partners were building on their platform. So I felt for me listen, and that the example of, you know, model nine rights, the name of the company that does back up. So there's, there's companies that are built on and there's a number of others. So our goal is to have a big tent, David, to everybody in the ecosystem to partner with us, to build on this platform. And, and that may take over time, but that's the way we're build >>It. And you have a metadata layer too, that has the intelligence >>To correct. It's all abstract. That that's right. So it's a combination of data and metadata. We have lots of metadata that keeps track of where the data is. You know, it allows you to index the data you can do quick searches. You can actually, you, we talking about the control plan from that >>Tracing, >>You can inject a search that'll through search throughout your multi-cloud environment, right? The super cloud that you call it. We have all that, all that goodness sounds >>Like a Supercloud John. >>Yeah. I mean, data tracing involved can trace the data lineage. >>You, you can trace the data lineage. So we, you know, provide, you know, compliance and stuff. So you can, >>All right. So my final question to wrap up, we guys, first of all, thanks for coming on. I know you're super busy, San Jose. We, we know what you're gonna do. You're gonna amp it up and, you know, knock all your numbers out. Think you always do. But what I'm interested in, what you're gonna jump into, cuz now you're gonna have the creative license to jump in to the product, the platform there has to be the next level in your mind. Can you share your thoughts on where this goes next? Love the control plane, separate out from the data plane. I think that plays well for super. How >>Much time do you have John? This guy's got, he's got a wealth. Ditis keep >>Going. Mark. Give us the most important thing you're gonna focus on. That kind of brings the super cloud and vision together. >>Yeah. Right away. I'm gonna, perhaps I, I can ion into two things. The first one is I like to call it building the, the machine, the system, right. Just to draw an analogy. Look, I draw an analogy to the us traffic system. People from all walks of life, rich, poor Democrats, Republicans, you know, different states. They all work in the, the traffic system and we drive well, right. It's a system that just works. Whereas in some other countries, you know, the system doesn't work. >>We know, >>We know a few of those. >>It's not about works. It's not about the people. It's the same people who would go from here to those countries and, and not dry. Well, so it's all about the system. So the first thing I, I have my sights on is to really strengthen the system that we have in our research development to make it a machine. I mean, it functions quite well even today, but wanna take it to the next level. Right. So that I wanna get to a point where innovation just happens in the grassroots. And it just, just like >>We automations scale optic brings all, >>Just happens without anyone overseeing it. Anyone there's no single point of bottleneck. I don't have to go take any diving catches or have you, there are people just working, you know, in a decentralized fashion and innovation just happens. Yeah. The second thing I work on of course is, you know, my heart and soul is in, you know, driving the vision, you know, the next level. And that of course is part of it. So those are the two things >>We heard from all day in our super cloud event that there's a need for an, an operating system. Yeah. Whether that's defacto standard or open. Correct. Do you see a consortium around the corner potentially to bring people together so that things could work together? Cuz there really isn't no stand there. Isn't a standards bodies. Now we have great hyperscale growth. We have on-prem we got the super cloud thing happening >>And it's a, it's kind of like what is an operating system? Operating system exposes some APIs that the applications can then use. And if you think about what we've been trying to do with the marketplace, right, we've built a huge platform and that platform is exposed through APIs. That third party developers can use. Right? And even we, when we, you know, built more and more services on top, you know, we rolled our D as we rolled out, backup as a service and a ready for thing security as a service governance, as a service, they're using those APIs. So we are building a distributor, putting systems of sorts. >>Well, congratulations on a great journey. Sanja. Congratulations on taking the hem. Thank you've got ball control. Now you're gonna be calling the ball cohesive as they say, it's, >>It's a team. It's, you know, I think I like that African phrase. If you want to go fast, you go alone. If you wanna go far, you go together. So I've always operated with the best deal. I'm so fortunate. This is to me like a dream come true because I always thought I wanted to work with a technologist that frees me up to do what I like. I mean, I started as an engineer, but that's not what I am today. Right? Yeah. So I do understand the product and this category I think is right for disruption. So I feel excited, you know, it's changing growing. Yeah. No. And it's a, it requires innovation with a cloud scale mindset and you guys have been great friends through the years. >>We'll be, we'll be watching you. >>I think it's not only disruption. It's creation. Yeah. There's a lot of white space that just hasn't been created yet. >>You're gonna have to, and you know, the proof, isn't the pudding. Yeah. You already have five of the biggest 10 financial institutions in the us and our customers. 25% of the fortune 500 users, us two of the biggest five pharmaceutical companies in the world use us. Probably, you know, some of the biggest companies, you know, the cars you have, you know, out there probably are customers. So it's already happening. >>I know you got an IPO filed confidentially. I know you can't talk numbers, but I can tell by your confidence, you're feeling good right now we are >>Feeling >>Good. Yeah. One day, one week, one month at a time. I mean, you just, you know, I like the, you know, Jeff Bezos, Andy jazzy expression, which is, it's always day one, you know, just because you've had success, even, you know, if, if a and when an IPO O makes sense, you just have to stay humble and hungry because you realize, okay, we've had a lot of success in the fortune 1000, but there's a lot of white space that hasn't picked USS yet. So let's go, yeah, there's lots of midmarket account >>Product opportunities are still, >>You know, I just stay humble and hungry and if you've got the team and then, you know, I'm really gonna be working also in the ecosystem. I think there's a lot of very good partners. So lots of ideas brew through >>The head. Okay. Well, thank you so much for coming on our super cloud event and, and, and also doubling up on the news of the new appointment and congratulations on the success guys. Coverage super cloud 22, I'm sure. Dave ante, thanks for watching. Stay tuned for more segments after this break.

[Music] okay welcome back everyone it's thecube's coverage here in monaco i'm john furrier host of thecube monaco crypto summit presented by digital bits uh media partners coin telegraph in the cube a lot of great stuff going on here digital bits and the ecosystem around the world come together to talk about the next generation uh nft environments metaverse uh blockchain all the innovations going up and down the stack of the decentralized world that will be soon a reality for everybody we have a great guest david lutzkach here who's the co-founder of aftermath islands metaverse which i got a little sneak preview of but david thanks for joining me thanks john great to be here uh we had dinner the other night at nobu it's great to know you get to know your background you've got a stellar uh pedigree um you've run public companies you've been involved in tech media across the board again this is a ship we're seeing like we've never before perfect storm technology change cultural change business model transformation all around deep decentralization crypto token economics decentralized applications metaverse i mean come on we haven't digital identity there was identity which you're involved in take us through what are you working on take a minute to explain what you're working on and then we'll get into it so aftermath islands is is really a culmination of three things uh digital identity the ability to prove who you are because we think the internet and i think everyone would agree the internet's broken you know um nefarious actors bad actors can be anywhere um hacks fake spots so by being able to prove that you're a real person not necessarily verifying your identity but prove that you're a real person um can add a lot of benefits to everyone in the ecosync system second thing is we combine that with avatars nfts and credentials because i'd like to represent myself as a little more buff than i am and maybe a little taller and then the third thing is we put it in a unreal engine so real realistic photo realistic game engine metaverse that requires no downloading it's all pixel streaming just like you'd stream netflix you can stream the game i want to ask because this is i know it's a hard problem because i've asked a lot of people the same question the unreal engine is really powerful and the imagery is amazing like gaming we all know what it looks like it's hard it's not everyone's getting it right what makes it so special how are you guys cracking the code well i think it's our experience i mean we've worked for major entertainment companies major technology companies major sports companies so um as i just use your word because it being i want to be humbled by this but we do have a great pedigree we've also brought great people to the table so having a platform isn't enough we've got great creators and uh we've got great storytellers so we've got the anisiasa brothers one mariano is is a illustrator and former special editor uh project center at marvel and his brother fabian is our storyteller who's the co-creator of deadpool so we've got great people and with unreal engine 5 we've really taken it from the ground up we've looked at it and and we've really combined it with new gpu cloud serving and pixel streaming so that you're so the individual that's that's involved engaged immersed is now really playing it without having to download a graphics package yeah and also you drop some names there and some and some brands i know there's a lot more at dinner we've talked a lot about them you you know all the top creators and again i love the creator culture i mean that's the new buzzwords around but ultimately it's artists people building stuff application developers in the software world movies and film art art and code is kind of coming together it's the same kind of thing media and coding it's like the same mindset you know creative exactly crazy good smart in a good way in the blockchain it's harder because you've got all this underlying infrastructure and stuff to provision and build often created say oh man it's like doing chores it's like i just want to build cool stuff i don't want to get in the weeds of all the tech right this is like whoever cracks the code can unleash that heavy lifting so the artist can like feel good about kicking ass well i'm i'm being a slot a little sly here because we've sort of broken it into three areas and we've used blockchain to book and the platform so we still think that that gaming in the interactive platform has to have centralization it has to have decision making we have a great community um between twitter and discord we have over 30 000 people and we have organizations that have already um spawned um themselves up or spun up to manage our landowner ownership and some of our guilds for some of our professions but at the same time they're allowing us to make decisions based on what the community wants i mean i've heard recently um i don't want to say it's a horror story but it's been difficult that consensus-based models for development have to get consensus and not everybody agrees you still need the leadership i mean you still need sort of a captain on a ship to make sure that the dictatorships are work and well and linux um tried that and they've worked for a while but when they moved over to we're going to make some decisions have an opinion right whether it's centralization it's faster yeah consensus systems can be diverse and time-consuming well they can be political as well i mean you can you can it can become problems so at the front end we've got digital identity and that's all blockchain based and at the back end we have over 20 services including dids and did com which is decentralized identifier communication and all our services are blockchain based but in the middle um connected to nft's blockchain and everything else and to our teacher identity we have a game or a game platform or a open world platform that is centralized built in unreal engine so that we can make those decisions that spur on individual development it's an architecture it is i mean this is essentially an operating environment exactly you can have the benefits of the decentralized all your data on your identity okay and then have the middle be the playground and built right now that has to get done faster and you're constantly iterating exactly so you need to have that exactly so what are people saying about this to me i think that makes a lot of sense people are very intrigued um we're getting a lot of traction first of all unreal engine in the middle um brands love it because it provides a realistic view of a brand brands have spent you know hundreds of millions of dollars building brand equity and they don't necessarily want a cartoon representation of their brand so brands love it um uh we showed a video here at the monaco crypto summit of some and our videos available online on youtube but we're showing realistic we can create realistic avatars so people are really excited about what we're doing you know david i think one of the things i've had controversy statements in the past that got all the purists going back to 2018 you know throwing tomatoes at me but other halfs like loving it because at that time there was dogma around block change got to be done you know it was slow and gas so why i can use a database now we use the blockchain for smart contracts right which you that's what you want to do you want to have that locked in you want immutability so again this opportunity is to advance faster and not have to get stuck in the dogma but maybe get it back to it later database is a great example i agreed i think i think over time the community will take over the entire platform but i think at the beginning you have to have again you have to have a rudder on a ship to make it go somewhere it's called product market fit exactly you got to get to the market exactly with a product you've got that i want that exactly i mean unreal engine is hard i know what are some of the people you worked with because i think i think what i like about what you're working on is that you are and i think a great poster child of in terms of the organization of a group of people that are pros that want to do great work in a new world with the kind of experience and tools that they had in their old world right faster cheaper better more control when we were there at web one we're there at web two and now with web three we have the ability to fix some of the things that we thought were wrong with web one and two so and move into the ownership economy and and really um for us we've got a great team of people you know around the world that we work with and we're starting to bring in larger organizations to support us i mean our digital identity we're really working with the backbone at ibm and digital identity is very different in blockchain than is crypto and we're working with great people in crypto now we announced today that we're minting our native token dubs with digital bits so we're really excited about that yeah yeah let me ask you a question because i love the fact that you brought multiple ways of innovation again i've mentioned on that with shared experience there different different ride for different waves what have you learned and shared to folks who are going to dip their toe and get on their surfboard so to speak use the california metaphor for both californians what is web3 wave like how's it different from two what's the learnings can you share scar tissue experience observation anything around what you're doing now so they can get insight into this wave well you know web 1 and web 2 were broken i mean you could never go in i think we had this discussion you could never go into an electronic store in the real world write your information down on a piece of paper and expect that you'd walk out of the store with the purchase but we can type in information that is non-verified until i could take my friend's credit card know where they live and use it by using digital identity at a front end we create one user one account that user can have thousands of verifiable credentials around them and hundreds of avatars so i think what we've really learned is the ability to progress in a way that that really puts data back in the hands of consumers and makes them the owner of their identity by starting there we have a world in front of us that is valuable to marketers valuable to brands and valuables to individuals and whether it's education whether it's government services whether it's retail everything can be built on that simple premise that i am myself it's interesting there's a constant technology we're called presence you know you're present at an event you're present at a store you're present and some reality physically and you have credentials around that presence contextually exactly you're saying you can have one nft one digital identity or identity and have multiple identities that have contacts all stored i'll store it in an avatar it's like changing your suit hey i'm going into the apple store i'm now my apple john and and think of it this way um brands can now connect with you and give you promos give you product based on the information that you're willing to share with them about your real person and your avatar becomes your intermediary so your payment information stored within your digital identity and your avatar not at the retail level so this is a concept we've been working on for a long time i think we're talking about dinner but i want to bring this up for you for you to come and get a reaction to is that if what you just said is true that means if i'm the user and i have power to control my data the script flips now i'm brokering my data to the brand exactly not the other way around exactly or some intermediary i'm in control exactly and i could demand based on what my contextual relevance is to the brand and the brand is willing to pay for that because if you think about it today um social media unfortunately is plagued by fake accounts you know and issues and and so brands are spending all this money and they're getting slippage and breakage and that's spent if they know your real person they're more likely to want to give you an incentive to engage with them because it's a one-to-one transaction that creates value that's a great point you mentioned twitter earlier look at elon musk uncovered all the bots on twitter um and if they ever did the facebook i'm sure there's a ton of different accounts on facebook but you know it's out there these walled gardens have nefarious bad actors man it's not truth isn't what's the truth i mean gaming has this right now it's like you're anonymous you can go down or you got to go real name so we've got a hybrid you can do anonymously verified so because we use biometrics to verify that you're a real person so you can stay anonymous but we know you're a real person because your biometrics belong to you well david great to have you on thecube you got a great insight and experience thanks for sharing thank you john uh what's next for you guys you want to put a plug in for what you're working on you're looking for people funding more action what are you guys doing right well we've we've self-funded to date and we're we're finally going to be releasing um opportunities for people to engage with us in tokenomics and that's why we've we're working with digital bits but we're also looking for great people and great partners we're creating an interoperable open um uh world where we want to bring partners to the table so anyone who's interested reach out to us all right david guys thanks for going on thecube all right more coverage here on thecube we're all over this area going back to 2018 we brought thecube to all the events been covered on siliconangle.com since 2010 and watching this wave just get better the reality is here it's a metaverse world it is a decentralized world happening to everyone monaco crypto summit here in monaco thanks for watching we'll be right back with more after this short break you

>> Hello, everyone. Welcome to theCUBE presentation of the AWS startup showcase, market MarTech, emerging cloud scale customer experience. This is season two, episode three of the ongoing series covering the exciting startups from the AWS ecosystem. Talking about the data analytics, all the news and all the hot stories. I'm John Furrier your host of theCUBE. And today we're excited to be joined by Rachel Ostler, VP of product at Heap, Heap.io. Here to talk about from what, to why the future of digital insights. Great to see you, thanks for joining us today. >> Thanks for having me, John. Thanks for having me back. >> Well, we had a great conversation prior to the event here, a lot going on, you guys had acquired Auryc in an acquisition. You kind of teased that out last time. Talk about this, the news here, and why is it important? And first give a little setup on Heap and then the acquisition with Auryc. >> Yeah. So heap is a digital insights platform. So as you mentioned, it's all about analytics and so Heap really excels at helping you understand what your users and customers are doing in your digital application at scale. So when it comes to Auryc, what we really saw was a broken workflow. Maybe, I would even call it a broken market. Where a lot of customers had an analytics tool like Heap. So they're using Heap on one hand to figure out what is happening at scale with their users. But on the other hand, they were also using, like a session replay tool separately, to look at individual sessions and see exactly what was happening. And no one was very effective at using these tools together. They didn't connect at all. And so as a result, neither one of them could really be fully leveraged. And so with this acquisition, we're able to put these two tools together, so that users can both understand the what at scale, and then really see the why, immediately together in one place. >> You know, that I love that word why, because there's always that, you know, that famous motivational video on the internet, "you got to know your why", you know, it's very a motivational thing, but now you're getting more practicality. What and why is the, is the lens you want, right? So, I totally see that. And again, you can teased that out in our last interview we did. But I want to understand what's under the covers, under the acquisition. What was the big thesis behind it? Why the joint forces? What does this all mean? Why is this so important to understand this new, what and why and the acquisition specifically? >> Yeah, so let me give you example of a couple used cases, that's really helpful for understanding this. So imagine that you are a product manager or a, maybe a growth marketer, but you're someone who owns a digital experience. And what you're trying to do, of course, is make that digital experience amazing for your users so that they get value and that may mean that they're using it more, it may mean that new features are easily discoverable, that you can upsell things on your own. There's all sorts of different things that that may mean, but it's all about making it easy to use, discoverable, understandable, and as self-service as possible too. And so most of these digital builders, we call 'em digital builders sometimes. They are trying to figure out when the application is not working the way that it should be working, where people are getting stuck, where they're not getting the value and figure out how to fix that. And so, one really great used case is, I just want to understand in mass, like, let's say I have a flow, where are people dropping off? Right, so I see that I have a four step funnel and between step three and four people are dropping off. Heap is great for getting very detailed on exactly what action they're taking, where they're dropping off. But then the second you find what that action is, quantitatively, you want to watch it, you want to see what they did exactly before it. You want to see what they did after it. You want to understand why they're getting stuck. What they're confused at, are they mouthing over two things, like you kind of want to watch their session. And so what this acquisition allows us to do, is to put those things together seamlessly, you find the point in friction, you watch a bunch of examples, very easily. In the past, this would take you at least hours, if you could do it at all. And then in other used cases, the other direction. So there's the kind of, I think of it as the max to the min, and then there's the other direction as well. Like you have the, or maybe it's the macro to micro. You have the micro to macro, which is you have one user that had a problem. Maybe they send in a support ticket. Well, you can validate the problem. You can watch it in the session, but then you want to know, did this only happen to them? Did this happen to a lot of users? And this is really worth fixing, because all these customers are having the same problem. That's the micro to macro flow that you can do as well. >> Yeah. That's like, that's like the quantitative qualitative, the what and the why. I truly see the value there and I liked the way you explained that, good call out. The question I have for you, because a lot of people have these tools. "I got someone who does that." "I got someone over here that does the quantitative." "I don't need to have one company do it, or do I?" So the question I have for you, what does having a single partner or vendor, providing both the quantitative and the qualitative nails mean for your customers? >> So it's all because now it's immediate. So today with the two tools being separate, you may find something quantitatively. But then to, then to find the sessions that you want to watch that are relevant to that quantitative data point is very difficult. At least it takes hours to do so. And a lot of times people just give up and they don't bother. The other way is also true, you can watch sessions, you can watch as many sessions as you want, you can spend hours doing it, you may never find anything of interest, right? So it just ends up being something that users don't do. And actually we've interviewed a lot of customers, they have a lot of guilt about this. A lot of product managers feel like they should be spending all this time, but they just don't have the time to spend. And so it not only brings them together, but it brings them together with immediacy. So you can immediately find the issue, find exactly where it is and watch it. And this is a big deal, because, if you think about, I guess, like today's economic conditions, you don't have a lot of money to waste. You don't have a lot of time to waste. You have to be very impactful with what you're doing and with your spending of development resources. >> Yeah. And totally, and I think one of the things that immediacy is key, because it allows you to connect dots faster. And we have the aha moments all the time. If you miss that, the consequences can be quantified in a bad product experience and lost customers. So, totally see that. Zooming out now, I want to get your thoughts on this, cause you're bringing, we're going down this road of essentially every company is digital now, right? So digitization, digital transformation. What do you want to call it? Data is digital. This video is an experience. It's also data as well. You're talking, we're going to share this and people are going to experience that. So every website that's kind of old school is now becoming essentially a digital native application or eCommerce platform. All the things that were once preserved for the big guys, the hyper-scalers and the categories, the big budgets, now are coming down to every company. Every company is a digital company. What challenges do they have to transition from? I got a website, I got a marketing team. Now I got to look like a world class, product, eCommerce, multifaceted, application with developers, with change, with agility? >> Well, so I think that last thing you said is a really important part of it, the agility. So, these products, when you're going from a, just a website to a product, they're a lot more complex. Right? And so maybe I can give an example. We have a customer, it's an insurance company. So they have this online workflow. And if you can imagine signing up for insurance online, it's a pretty long complicated workflow. I mean, Hey, better to do it online than to have to call someone and wait on, you know, on the phone. And so it's a good experience, but it's still fraught with like opportunities of people getting stuck and never coming back. And so one of the things that Heap allowed this customer to do was figure out something that wasn't working in their workflow. And so if you think about traditional analytics tools, typically what you're doing is you're writing tracking code and you're saying, "Hey, I'm going to track this funnel, this process." And so maybe it has, you know, five different forms or pages that you have to go through. And so what you're doing when you track it is you say, did you submit the first one? Did you submit the second one? Did you submit the third one? So you know, like where they're falling off. You know where they're falling off, but you don't know why, you don't know which thing got them stuck because each one of these pages has multiple inputs and it has maybe multiple steps that you need to do. And so you're completely blind to exactly what's happening. Well, it turned out because Heap collects all this data, that on one of these pages where users were dropping off, it was because they were clicking on a FAQ, there was a link to a FAQ, and because this was a big company, the FAQ took them to a completely different application. Didn't know how to get back from there and they just lost people. And imagine if you are doing this with traditional means today, right? You don't have any visibility into what's happening on that page, you just know that they fell off. You might think about what do I do to fix this? How do I make this flow work better? And you might come up with a bunch of ideas. One of your ideas could be, let's break it into multiple pages. Maybe there's too much stuff on this page. One of your ideas may have been, let's try a FAQ. They're getting stuck, let's give them some more help. That would be a very bad idea, right? Because that was actually the reason why they were leaving and never coming back. So, the point I'm making is that, if you don't know exactly where people are getting stuck and you can't see exactly what is happening, then you're going to make a lot of very bad decisions. You're going to waste a lot of resources, trying things that make no sense. It is hard enough as a digital builder and all the product managers and growth marketers and marketers out there can attest to this, it's hard enough when you know exactly what the problem is to figure out a good solution. Right? That's still hard. But if you don't know the problem, it's impossible. >> Okay, so let's just level up, the bumper sticker now for the challenges are what? Decision making, what's the, stack rank the top three challenges from that. So it's being agile, right? So being very fast, because you're competing with a lot of companies right now. It's about making really good decisions and driving impact, right? So you have to have all the data that you need. You have to have the, the specific information about what's going on. Cause if you don't have it, you're going to decide to invest in things and you're not going to drive the impact that you want. >> So now you got the acquisition of Auryc and Auryc and you have the, this visibility to the customers that are building, investing, you mentioned, okay. As they invest, whether it's the digital product or new technology in R and D, what feedback have you guys seen from these investments, from these customers, what results have come out of it? Could you share any specific answers to the problems and challenges you have outlined, because you know, there's growth hackers could be failing cause of stupid little product mistakes that could have been avoided in the feedback, you know what I'm saying? So it's like, where can you, where are these challenges addressed and what are some of the results? >> Yeah, so, what we've seen with our customers is that when they are applying this data and doing this analysis on say workflows or goals that they're trying to accomplish, they've been able to move the needle quite a bit. And so, whether it is, you know, increasing conversion rates or whether it is making sure that they don't have, you know, drop off of trial signups or making sure that their customers are more engaged than before, when they know exactly where they're failing, it is much easier to make an investment and move the needle. >> Awesome. Well, let's move on to the next big topic, which I love, it's about data science and data engineering. You guys are a data company and I want to ask you specifically, how Heap uniquely is positioned to help companies succeed, where in the old big tech world, they're tightening the ropes on secure cookies, privacy, data sharing. At the same time, there's been an explosion in cloud scale data opportunities and new technologies. So it seems like a new level of, capability, is going to replace the old cookies, privacy and data sharing, which seem to be constricting or going away. How do you, what's your reaction to that? Can you share how Heap fits into this next generation and the current situation going on with the cookies and this privacy stuff. >> Yep, so it is really important in this world to be collecting data compliantly, right? And so what that means is, you don't want to be reliant on third party cookies. You want to be reliant on just first party information. You want to make sure that you don't collect any PII. Heap is built to do that from the ground up. We by default will not collect information, like what do people put into forms, right? Because that's a obvious source of PII. The other thing is that, there's just so much data. So you kind of alluded to this, with this idea of data science. So first of all, you're collecting data compliantly, you're making sure that you have all the data of what your user actions are doing, compliantly, but then it's so much data that it like, how do you know where to start? Right? You want to know, you want to get to that specific point that users are dropping off, but there's so many different options out there. And so that's where Heap is applying data science, to automatically find those points of friction and automatically surface them to users, so that you don't have to guess and check and constantly guess at what the problem is, but you can see it in the product surface right for you. >> You know, Rachel, that's a great point. I want to call that out because I think a lot of companies don't underestimate, they may underestimate what you said earlier, capturing in compliance way means, you're opting in to say, not to get the data, to unwind it later, figure it out. You're capturing it in a compliant way, which actually reduces the risk and operational technical debt you might have to deploy to get it fixed on compliance. Okay, that's one thing, I love that. I want to make sure people understand that value. That's a huge value, especially for people that don't have huge teams and diverse platforms or other data sources. The other thing you mentioned is owning their own data. And that first party data is a strategic advantage, mainly around personalization and targeted customer interaction. So the question is, with the new data, I own the data, you got the comp- capture with compliance. How do you do personalization and targeted customer interactions, at the same time while being compliant? It just seems, it seems like compliance is restrictive and kind of forecloses value, but open means you can personalization and targeted interactions. How do you guys connect the dots there by being compliant, but yet being valuable on the personalization and targeted? >> Well, it all depends on how the customer is managing their information, but imagine that you have a logged in user, well, you know, who the logged in user is, right? And so all we really need is an ID. Doesn't have, we don't need to know any of the user information. We just need an ID and then we can serve up the information about like, what have they done, if they've done these three actions, maybe that means that this particular offer would be interested to them. And so that information is available within Heap, for our customers to use it as they want to, with their users. >> So you're saying you can enable companies to own their data, be compliant and then manage it end to end from a privacy standpoint. >> Yes. >> That's got to be a top seller right there. >> Well, it's not just a top seller, it's a necessity. >> It's a must have. I mean, think about it. I mean, what are people, what are the, what are people who don't do this? What do they face? What's the alternative? If you don't keep, get the Heap going immediately, what's the alternative? I'm going through logs, I got to have to get request to forget my data. All these things are all going on, right? Is, what's the consequence of not doing this? >> Well, there's a couple consequences. So one is, and I kind of alluded to it earlier that, you're just, you're blind to what your users are doing, which means that you're making investments that may not make sense, right? So you can, you can decide to add all the cool features in the world, but if the customers don't perceive them as being valuable or don't find them or don't understand them, it doesn't, it doesn't serve your business. And so, this is one of like the rule number one of being a product manager, is you're trying to balance what your customers need, with what is also good for your business. And both of those have to be in place. So that's basically where you are, is that you'll be making investments that just won't be hitting the mark and you won't be moving the needle. And as I mentioned, it's more important now in this economic climate than ever to make sure that the investments you're making are targeted and impactful. >> Yeah and I think the other thing to point out, is that's a big backlash against the whole, Facebook, you're the product, you're getting used, the users being used for product, but you're, you guys have a way to make that happen in a way that's safe for the user. >> Yes. Safe and compliant. So look, we're all about making sure that we certainly don't get our customers into trouble and we recommend that they follow all compliance rules, because the last thing you want to be is on the, on the wrong side of a compliance officer. >> Well, there's also the user satisfaction problem of, and the fines. So a lot going on there, great product. I got to ask you real quick before we kind of wrap up here. What's the reaction been to the acquisition? Quantitative, qualitative. What's been the vibe? What are some, what are people saying about it? >> We've got a lot of interest. So, I mentioned earlier that this is really a broken workflow in the market. And when users see the two products working together, they just love it because they have not been able to leverage them being separate before. And so it just makes it so much easier for these digital builders to figure out, what do I invest in because they know exactly where people are having trouble. So it's been really great, we've had a lot of reach outs already asking us how they can use it, try it, not quite available yet. So it's going to be available later this summer, but great, great response so far. >> Awesome. Well, I love the opportunity. Love the conversation, I have to ask you now, looking forward, what does the future look like for companies taking advantage of your platform and tool? What can they expect in terms of R and D investments, area moves you're making? You're the head of product, you get the keys to the kingdom. What's the future look like? What's coming next? >> Yeah, so other than pulling the qual and the quant together, you actually hinted at it earlier when you're asking me about data science, but continuing to automate as much of the analysis as we can. So, first of all, analysis, analytics, it should be easy for everyone. So we're continue to invest in making it easy, but part of making it easy is, like we can automate analysis. We can, we can see that your website has a login page on it and build a funnel for you automatically. So that's some of the stuff that we're working on, is how do we both automate getting up to speed and getting that initial analysis done easily, without any work. And then also, how do we automate more complex analysis? So you have, typically a lot of companies have a data science team and they end up doing a lot of analysis, it's a little bit more complex. I'm not saying data science teams will go away, they will be around forever. There's tons of very complex analysis that they're probably not even getting time to do. We're going to start chipping away at that, so we can help product managers do more and more of that self-service and then free up the data science team to do even more interesting things. >> I really like how you use the word product managers, product builders, digital builders, because while I got you, I want to get your thought on this, because it's a real industry shift. You're talking about it directly here, about websites going to eCommerce, CMOs, a C-suite, they generally observe that websites are old technology, but not going away, because the next level abstraction builds on top of it. What's the new capabilities because for the CMOs and the C-suites and the product folks out there, they're not building webpages, they're building applications. So what is it about this new world that's different from the old web architecture? How would you talk to a CMO or a leader? And to, when they ask what's this new opportunity to take my website, cause maybe it's not enough traffic. People are consuming out in the organic, what's this new expectation and how, what does a new product manager environment look like, if it's not the web, so to speak? >> Well, there's a couple things. So one is, and you alluded to it a bit, like the websites are also getting more complex and you need to start thinking of your website as a product. Now it's, it may not be the product that you sell, but it is, well for eCommerce it's the place that you get access to the product, for B2B SaaS, it is the window to the product. It's a place where you can learn about the product. And you need to think about, not just like, what pieces of content are being used, but you need to understand the user flow, through the application. So that's how it's a lot more like a product. >> Rachel, thanks so much for coming on theCUBE here for this presentation, final word, put a plugin for the company. What are you guys up to? What are you looking for? Take a minute to explain kind of that, what's going on. How do people contact you with a great value proposition? Put a plugin for the company. >> Yeah, well, if you want to up level your product experience or website experience, you want to be able to drive impact quickly, try Heap. You can go to Heap.io, you can try it for free. We have a free trial, we have a free product even. And yeah, and then if you have any questions, you want to talk to a live person, you can do that too, at sales@Heap.io. >> Rachel, thanks so much. Customer-scale experiences with the cloud house league. This is the season two, episode three of the ongoing series. I'm John Furrier, your host. Thanks for watching. (upbeat music)