(bright music) (crowd talking indistinctly in the background) >> Hey guys, welcome back to Detroit, Michigan. theCUBE is live at KubeCon + CloudNativeCon 2022. You might notice something really unique here. Lisa Martin with our newest co-host of theCUBE, Savannah Peterson! Savannah, it's great to see you. >> It's so good to be here with you (laughs). >> I know, I know. We have a great segment coming up. I always love talking couple things, cars, one, two, with companies that have been around for a hundred plus years and how they've actually transformed. >> Oh yeah. >> Ford is here. You have a great story about how you, about Ford. >> Ford brought me to Detroit the first time. I was here at the North American International Auto Show. Some of you may be familiar, and the fine folks from Ford brought me out to commentate just like this, as they were announcing the Ford Bronco. >> Satish: Oh wow. >> Which I am still lusting after. >> You don't have one yet? >> For the record. No, I don't. My next car's got to be an EV. Although, ironically, there's a Ford EV right behind us here on set today. >> I know, I know. >> Which we were both just contemplating before we went live. >> It's really shiny. >> We're going to have to go check it out. >> I have to check it out. Yep, we'll do that. Yeah. Well, please welcome our two guests from Ford, Satish Puranam, is here, The Technical Leader at Cloud and Rebecca Risk, Principal Architect, developer relations. We are so excited to have you guys on the program. >> Clearly. >> Thanks for joining us. (all laugh) >> Thank you for having us. >> I love you're Ford enthusiasts! Yeah, that's awesome. >> I drive a Ford. >> Oh, awesome! Thank you. >> I can only say that's one car company here. >> That's great. >> Yes, yes. >> Great! Thank you a lot. >> Thank you for your business! >> Absolutely. (all laugh) >> So, Satish, talk to us a little bit about- I mean I think of Cloud as a car company but it seems like it's a technology company that makes cars. >> Yes. Talk to us about Ford as a Cloud first, technology driven company, and then we're going to talk about what you're doing with Red Hat and Boston University. >> Yeah, I'm like everything that all these cars that you're seeing, beautiful right behind us it's all built on, around, and with technology, right? So there's so much code goes into these cars these days, it's probably, it's mind boggling to think that probably your iPhones might be having less code as opposed to these cars. Everything from control systems, everything is code. We don't do any more clay models. Everything is done digital, 3D, virtual reality and all that stuff. So all that takes code, all of that takes technology. And we have been in that journey for the last- since 2016 when we started our first mobile app and all that stuff. And of late we have been like, heavily invested in Google. Moving a lot of these experiences, data acquisition systems AI/ML modeling for like all the autonomous cars. It's all technology and like from the day it is conceived, to the day it is marketed, to the day when you show up for a servicing, and hopefully soon how you can buy and you know, provide feedback to us, is all technology that drives all of this stuff. So it's amazing for us to see everything that we go and immerse ourselves in the technology. There is a real life thing that we can see what we all do for it, right? So- >> Yes, we're only sorry that our audience can't actually see the car, >> Yep. >> but we'll get some B-roll for you later on. Rebecca, talk a little bit about your role. Here we are at KubeCon, Savannah and I and John were talking when we went live this morning, that this is huge. That the show floor is massive, a lot bigger than last year. The collaboration and the spirit of the community is not only alive and well, as we heard in the keynote this morning, it's thriving. >> Yeah. >> Talk about developer relations at Ford and what you are helping to drive in your role. >> Yeah, so my team is all about helping developers work faster with different platforms that my team curates and produces, so that our developers don't have to deal with all of the details of setting up their environments to actually code. And we have really great people, kind of the top software developers in the company, are part of my team to produce those products that other people can use, and accelerate their development. And we have a great relationship with the developers in the company and outside with the different vendor relationships that we have, to make sure that we're always producing the next platform with the next tech stack that our developers will want to continue to use to produce the really great products that we are all about making at Ford. >> Let's dig in there a little bit because I'm curious and I suspect you both had something to do with it. How did you approach your Cloud Native transformation and how do you evaluate new technologies for the team? >> It's sometimes- many a times I would say it's like dogfooding and like experimentation. >> Yeah. Isn't anything in innovation a lot of- >> Yeah, a lot of experimentation. We started our, as I said, the Cloud Native journey back in 2016 with Cloud Foundry and things, technologies around that. Soon realized, that there was like a lot of buzz around that time. Twelve-Factor was a thing, Stateless was a thing. And then all those Stateful needs to drive the Stateless. So where do we do that thing? And the next logical iteration was Kubernetes was bursting upon the scene at that time. So we started doing a lot of experimentation. >> Like the Kool-Aid man, burst on the Kubernetes scene- >> Exactly right. >> Through the wall. >> So, the question is like, why can't we do? I think we were like crazy enough to say that Kubernetes people are talking about our serverless or Twelve-Factor on Kubernetes. We are crazy enough to do Stateful on Kubernetes and we've been doing it successfully for five years. So it's a lot about experimentation. I think good chunk of experiments that we do do not yield the results that we get, but many a times, some of them are like Gangbusters. Like, other aspects that we've been doing of late is like partnering with Becky and rest of the organization, right? Because they are the people who are like closest to the developers. We are somewhat behind the scenes doing some things but it is Becky and the rest of the architecture teams who are actually front and center with the customers, right? So it is the collaborative effort that we've been working through past few years that has been really really been useful and coming around and helping us to make some of these products really beautiful. >> Yeah, well you make a lot of beautiful products. I think we've all, I think we've all seen them. Something that I think is really interesting and part of why I was so excited for this interview, and kind of nudged John out, was because you've been- Ford has been investing in technology in a committed way for decades and I don't think most people are aware of that. When I originally came out to Dearborn, I learned that you've had a head of VR who happens to be a female. For what it's worth, Elizabeth, who's been running VR for you for two and a half decades, for 25 years. >> Satish: Yep. >> That is an impressive commitment. What is that like from a culture perspective inside of Ford? What is the attitude around innovation and technology? >> So I've been a long time Ford employee. I just celebrated my 29th year. >> Oh, wow! >> Congratulations! >> Wow, congrats! That's a huge deal. >> Yeah, it's a huge deal. I'm so proud of my career and all that Ford has brought to me and it's just a testament. I have many colleagues like me who've been there for their whole career or have done other things and come to Ford and then spent another 20 years with us because we foster the culture that makes you want to stay. We have development programs to allow you to upscale and change your role and learn new things and play with the new technologies that people are interested in doing and really make an impact to our community of developers at Ford or the company itself and the results that we're delivering. So to have that, you know, culture for so many years that people really love to work. They love to work with the people that they're working with. They love to stay engaged and they love the fact that you can have many different careers within the same umbrella, which we call the "blue oval". And that's really why I've been there for so long. I think I probably had 13 very unique and different jobs along the way. It's as if I left, and you know shopped around my skills elsewhere. But I didn't ever have to leave the company. It's been fabulous. >> The cultural change and adoption of- embracing modern technology- Cloud Native automotive software is impressive because a lot of historied companies, you guys have been there a long time, have challenges with that because it's really hard to get an entire moving, you'll call it the blue oval, to change and adapt- >> Savannah: I love that. >> and be willing to experiment. So that that is impressive. Talk about, you go by Becky, so I'll call you Becky, >> Rebecca/Becky: Yeah. >> The developer culture in terms of the developers really being the center of the nucleus of influencing the direction in which the company's going. I imagine that they probably are fairly influential. >> Yeah, so I had a very- one of the unique positions I held was a culture change for our department, Information Technology in 2016. >> Satish: Yeah. >> As the teacher was involved with moving us to the cloud, I was responsible- >> You are the transformation team! This is beautiful. I love this. We've got the right people on the show. >> Yeah, we do. >> I was responsible for changing the culture to orient our employees to pay attention to what do we want to create for tomorrow? What are the kind of skills we need to trust each other to move quickly. And that was completely unique. >> Satish: Yeah. >> Like I had men in the trenches delivering software before that, and then plucked out because they wanted someone, you know who had authentic experience with our development team to be that voice. And it was such a great investment that Ford continues to do is invest in our culture transformation. Because with each step forward that we do, we have to refine what our priorities are. And you do that through culture transformation and culture management. And that's been, I think really, the key to our successful pivots that we've made over the last six years that we've been able to continue to refine and hone where we really want to go through that culture movement. >> Absolutely. I think if I could add another- >> Please. >> spotlight to it is like the biggest thing about Ford has been among various startup-like culture, right? So the idea is that we encourage people to think outside the box, right? >> Savannah: Or outside the oval? >> Right! (laughs) >> Lisa: Outside the oval, yes! >> Absolutely! Right. >> So the question is like, you can experiment with various things, new technologies and you will get all the leadership support to go along with it. I think that is very important too and like we can be in the trenches and talk about all of these nice little things but who the heck would've thought that, you know Kubernetes was announced in 2015, in late 2016, we have early dev Kubernetes clusters already running. 2017, we are live with workloads on Kubernetes! >> Savannah: Early adopters over here. >> Yeah. >> Yeah. >> I'm like all of this thing doesn't happen without lot of foresight and support from the leadership, but it's also the grassroot efforts that is encouraged all along to be on the front end of all of these things and try different things. Some of them may not work >> Savannah: Right. >> But that's okay. But how do we know we are doing something, if you're not failing? We have to fail in order to do something, right? >> Lisa: I always say- >> So I think that's been a great thing that is encouraged very often and otherwise I would not be doing, I've done a whole bunch of stuff at Ford. Without that kind of ability to support and have an appetite for, some of those things would not have been here at all. >> I always say failure is not a bad F-word. >> Satish: Yep. >> Savannah: I love that. >> But what you're talking about there is kind of like driving this hot wheel of experimentation. You have to have the right culture and the mindset- >> Satish: Absolutely. >> to do that. Try fail, move on, learn, iterate, go. >> Satish: Correct. >> You guys have a great partnership with Red Hat and Boston University. You're speaking about that later today. >> Satish: Yes. >> Unpack that for us. What, from a technical perspective, what are you doing and what's it resulting in? >> Yeah, I think the biggest thing is Becky was talking about as during this transformation journey, is lot has changed in very small amount of time. So we traditionally been like, "Hey, here's a spreadsheet of things I need you to deliver for me" to "Here is a catalog of things, you can get it today and be successful with it". That is frightening to several of our developers. The goal, one of the things that we've been working with Q By Example, Red Hat and all the thing, is that how can we lower the bar for the developers, right? Kubernetes is great. It's also a wall of YAML. >> It's extremely complex, number one complaint. >> The question is how can I zero on? I'm like, if we go back think like when we talk about in cars with human-machine interfaces, which parts do I need to know? Here's the steering wheel, here's the gas pedal, or here's the brake. As long as you know these two, three different things you should be fairly be okay to drive those things, right? So the idea of some of the things with enablementing we are trying to do is like reduce that barrier, right? Reduce- lower the bar so that more people can participate in it. >> One of the ways that you did that was Q By Example, right, QBE? >> Satish: Yes, Yes. >> Can you tell us a little bit more about that as you finish this answer? >> Yeah, I think the biggest thing with Q By Example is like Q By Example gives you the small bite-sized things about Kubernetes, right? >> Savannah: Great place to start. >> But what we wanted to do is that we wanted to reinforce that learning by turning into a real world living example app. We took part info, we said, Hey, what does it look like? How do I make sure that it is highly available? How do I make sure that it is secure? Here is an example YAML of it that you can literally verbatim copy and paste into your editor and click run and then you will get an instant gratification feedback loop >> I was going to say, yeah, they feel like you're learning too! >> Yes. Right. So the idea would be is like, and then instead of giving you just a boring prose text to read, we actually drop links to relevant blog posts saying that, hey you can just go there. And that has been inspirational in terms of like and reinforcing the learning. So that has been where we started working with the Boston University, Red Hat and the community around all of that stuff. >> Talk a little bit about, Becky, about some of the business outcomes. You mentioned things like upskilling the workforce which is really nice to hear that there's such a big focus on it. But I imagine too, there's more participation in the community, but also from an end customer perspective. Obviously, everything Ford's doing is to serve the end customers >> Becky: Right. How does this help the end customer have that experience that they really, these days, demand with patience being something that, I think, is gone because of the pandemic? >> Right? Right. So one of the things that my team does is we create the platforms that help Accelerate developers be successful and it helps educate them more quickly on appropriate use of the platforms and helps them by adopting the platforms to be more secure which inherently lead to the better results for our end customers because their data is secure because the products that they have are well created and they're tested thoroughly. So we catch all those things earlier in the cycle by using these platforms that we help curate and produce. And that's really important because, like you had mentioned, this steep learning curve associated with Kubernetes, right? >> Savannah: Yeah. >> So my team is able to kind of help with that abstraction so that we solve kind of the higher complex problems for them so that developers can move faster and then we focus our education on what's important for them. We use things like Q By Example, as a source instead of creating that content ourselves, right? We are able to point them to that. So it's great that there's that community and we're definitely involved with that. But that's so important to help our developers be successful in moving as quickly as they want and not having 20,000 people solve the same problems. >> Satish: (chuckles) Yeah. >> Each individually- >> Savannah: you don't need to! >> and sometimes differently. >> Savannah: We're stronger together, you know? >> Exactly. >> The water level rises together and Ford is definitely a company that illustrates that by example. >> Yeah, I'm like, we can't make a better round wheel right? >> Yeah! So, we have to build upon what we have already been built ahead of us. And I think a lot of it is also about how can we give back and participate in the community, right? So I think that is paramount for us as like, here we are in Detroit so we're trying to recruit and show people that you know, everything that we do is not just old car and sheet metal >> Savannah: Combustion. >> and everything and right? There's a lot of tech goes and sometimes it is really, really cool to do that. And biggest thing for us is like how can we involve our community of developers sooner, earlier, faster without actually encumbering them and saying that, hey here is a book, go master it. We'll talk two months later. So I think that has been another journey. I think that has been a biggest uphill challenge for us is that how can we actually democratize all of these things for everybody. >> Yeah. Well no one better to try than you I would suspect. >> We can only try and hope everything turns out well, right? >> You know, as long as there's room for the bumpers on the lane for if you fail. >> Exactly. >> It sounds like you're driving the program in the right direction. Closing question for you, what's next? Is electric the future? Is Kubernetes the future? What's Ford all in on right now, looking forward? (crowd murmuring in the background) >> Data is the king, right? >> Savannah: Oh, okay, yes! >> Data is a new currency. We use that for several things to improve the cars improve the quality of autonomous driving Is Level 5 driving here? Maybe will be here soon, we'll see. But we are all working towards it, right? So machine learning, AI feedback. How do you actually post sale experience for example? So all of these are all areas that we are working to. We are, may not be getting like Kubernetes in a car but we are putting Kubernetes in plants. Like you order a Marquis or you order a Bronco, you see that here. Here's where in the assembly line your car is. It's taking pictures. It's actually taking pictures on Kubernetes platform. >> That's pretty cool. >> And it is tweeting for you on the Twitter and the social media platform. So there's a lot of that. So it is real and we are doing it. We need more help. A lot of the community efforts that we are seeing and a lot of the innovation that is happening on the floor here, it's phenomenal. The question is how we can incorporate those things into our workflows. >> Yeah, well you have the right audience for that here. You also have the right attitude, >> Exactly. >> the right appetite, and the right foundation. Becky, last question for you. Top three takeaways from your talk today. If you're talking to the developer community you want to inspire: Come work for us! What would you say? >> If you're ready to invest in yourself and upskill and be part of something that is pretty remarkable, come work for us! We have many, many different technical career paths that you can follow. We invest in our employees. When you master something, it's time for you to move on. We have career growth for you. It's been a wonderful gift to me and my family and I encourage everyone to check us out careers.ford.com or stop by our booth if you're happen to be here in person. >> Satish: Absolutely! >> We have our curated job openings that are specific for this community, available. >> Satish: Absolutely. >> Love it. Perfect close. Nailed pitch there. I'm sure you're all going to check out their job page. (all laugh) >> Exactly! And what you talked about, the developer experience, the customer experience are inextricably linked and you guys are really focused on that. Congratulations on all the work that you've done. We got to go get a selfie with that car girl. >> Yes, we do. >> Absolutely. >> We got to show them, we got to show the audience what it looks like on the inside too. We'll do a little IG video. (Lisa laughs) >> Absolutely. >> We will show you that for our guests and my cohost, Savannah Peterson. Lisa Martin here live in Detroit with theCUBE at KubeCon and CloudNativeCon 2022. The one and only John Furrier, who you know gets FOMO, is going to be back with me next. So stick around. (all laugh) (bright music)

(upbeat music) >> Narrator: Live, from San Diego, California, it's theCUBE! Covering KubeCon, and CloudNativeCon. Brought to you by RedHat, the Cloud Native Computing Foundation, and its ecosystem partners. >> Welcome back, this is theCUBE's fourth year of covering KubeCon and CloudNativeCon. This is the North America show here in San Diego it's 2019, he is John Troyer, I am Stu Miniman, and happy to welcome to the program, first of all, I have Murli Thirumali, who is the co-founder and CEO of Portworx, and Murli, thank you so much for bringing one of your customers on the program, Satish Puranam, who is a Technical Specialist with Ford Motor Company. Gentlemen, thank you so much for joining us. >> Delighted to be here. >> All right, so Satish, we're going to start with you because, you know, the growth of this ecosystem has been phenomenal, there were End Users up on the mainstage, we've already had them, there's over, there's 129 now CNCF End User Participants there, but, you know, bring us in Ford, you know, we were getting ready for this, we're talking, there's so much change going in from, you know, of course, everybody talks about autonomous vehicles, and what there have, but, you know, technology has really embedded itself deeply into a company like Ford, so before we get into all the crew, just, bring us a little about into your world, what's happening, changing, and, you know, what your team does. >> Sure, in like uh, Ford generally has been in like a transformation journey for about the last two years now, that includes like, completely redoing our Data Centers, our Application Portfolio, as part of this monolithic journey, we started our journey with Cloud Foundry, we have been a huge favorite to Cloud Foundry shops for some time. And then, we also would like to start dabbling with like, Kubernetes and things, associated technologies primarily do for like, looking for like, data services, messaging services, lot of the stateful things, right? Cloud Native and like, Kubernetes, and I- Cloud Foundry, I am sorry, Did great wonders for us, for qualified graphs. So what do we do with like, stateful things? And that's what we started dabbling with Kubernetes and things like that. >> Yeah, Satish, if I could, I want to step back one second here, and say, you know, you do a transformation, consolidation, moving from monoliths to microservices, what was the business driver here, was it one day, some executive got up and said, you know, "hey this sounds really cool, go do it", or was there a specific driver in the business that now, your organization needs to respond to? >> I think the business drive is cost efficiency. Like, uh, there were, like, a lot of things that we would have not done, so there's a lot of technical debt we have to pay down, because of various fragmentation and various other things, so it's always about realizing business efficiencies, and most importantly, speed at which we deliver services to our customers internally, so that was the main driving force for our engaging in this transformation journey for like, about the last few years. >> Okay, Murli we'd love to have bring you to this conversation here. You obviously, agility is one of the things I hear most from customers, the driver of what new things. Infrastructure for the longest time, in many ways, it was like a boat anchor of what held us back. >> Murli: Yep. >> Especially you know, our friends in Networking and Storage, it is difficult to change and keep up with, with what's driving there, so bring us uh, bring us up to speed with Portworx and how you fit into Ford and more broadly. >> Yeah, just a quick introduction to Portworx, we've been around for about five years, now, right from the early days of containers and Kubernetes, and you know, we have quite a few customers now in Production, we have about 130 customers, 50 of the uh, the global 2k and so on, many, almost all those customers are in Production, deploying stat significant workloads. The interesting thing about Kubernetes in the last couple of years, especially, is that everybody recognizes it has won the war for orchestrating containers and applications, but the reality is, the customer still has to manage the whole stack, the stack of not just the app but the data itself underneath, and that's kind of the role of Portworx, Portworx is the platform for storage for Kubernetes, and we orchestrate all the underlying storage and the data applications, with that being said, I think one of the things that we've seen that Ford has kind of led the way in, and has been really amazing, is some of the many surprising things that people don't really know about Kubernetes, which has been happening now with customers like Ford for a while, one of them, for example, is just the use of Kubernetes in on-prem applications. Very few people really kind of, they think of Kubernetes as something that was born in the Cloud, and therefore, has kind of really only mushroomed in the Cloud, and you know, the, one of the key things about Kubernetes, and most of our customers are actually on-prem, and it to me is transforming the Data Center. The agility that Satish speaks about, is something that you don't just need because you are operating in the Cloud, you need that for all of your on-prem applications, too, and that's been one of the unique characteristics that we've seen from Ford. >> Yeah, and that's, I mean, you talked about your journey, Satish, you know, the pivotal folks really talk a lot about transformation and agility you know, no matter where your apps were sitting, I'm kind of curious in terms of the storage and the stateful- statefulness of the applications that your working with now, you know, what kind of a, if I looked at it, the diagram, what kind of a set-up would there be? So there's a Portworx layer underneath and beside Kubernetes that's managing some of the storage and some of the replication? Is it then, is the data sitting in a, you know, on a SAN somewhere, is it sitting in the Cloud, I mean, can you kind of describe what a typical application would look like? >> With your typical application, yes we draw storage, we've been drawing storage for the past several years from NetApp as being as the primary source of our data, and then we run on top of that, we run some kind of storage overlays, we dabble with quite a few technologies, including, uh, Rook, NetApp Trident, Uh, Loster, You know I'm like a, it was a journey A journey that we took us, to ultimately lead us to Portworx and we just didn't started with Portworx, but the toughest aspect has been the gravity that the stories bring along with it, and all the things that are, Cloud Native is great but Cloud Native has stayed somewhere and that has to be managed someplace, and we said "Hey, can we do that with Kubernetes?" Right? So, I think we have done a- I won't say an outstanding job but at least we've done a reasonably good job at actually at least wrapping our heads around it and we have quite a few workloads in production that are actually stateful, whether they are Base Systems, uh, there are also like Data Messaging Systems, many cards applications and all that stuff so that has been something that we have been working on for the past few years on our platforms at least. >> Yeah, well I wonder if you could expand a little bit on kind of the application suite you know, "What can we do? What can't we do?" Listen to the keynote this morning I definitely heard it was, if you look at a multi cluster environment, You know, you want to mirror and have the same things there. Well I can't just magically have all the data everywhere and data has gravity and the laws of physics do apply so I can't just automatically replicate terabytes from here to the Cloud or back so help us understand where we are. >> So, you know, one of the, uh, one of the things Satish told me yesterday which I loved was he saying, he said: "Stateful is almost easier than stateless now because of the fact that we have these extensions of Kubenetes." So, one of the things that's been very very impactful is that Kubernetes is now these extensions for managing you know, storage networking and so on, and in fact the way they do that is through an API that just an overlay, so we are an example of an overlay. And so think about it this way, if a customer about 60 percent of our customers are building a platform as their service, in many cases they don't even know what applications are going to be in there, so over our customer base we see the same alphabet soup over and over and over again. Guess what it is, Postgress, Cassandra's, all the databases Redis, right? You know, all of the messaging queues, right? Things like Kafta and uh, you know, Streaming Data, for example, Spark workloads. And so, one of the key things that is happening around with customers particularly on the enterprise side, like large enterprises, they are using all kinds of applications and they're all stateful. I mean they're very few enterprises that are not stateful and they're all running on some kind of a storage substrate that has virtualized the underlying storage. So we run on top of the underlying hardware, but then we're enabled to kind of work with all of the orchestration that Kubernetes provides but we're adding the orchestration of the Data infrastructure as well as the storage itself And I think that's one of the key things that's changed with Kubernetes in the last, I would say, two and a half years is, most people used to think of it as "in the cloud and stateless" but now it's "on-prem and stateful." >> So Satish, one of the things we've talked to customers is their journey of modernizing their applications, it's, there's things that you might build brand-new and are great here but, you know, I'm sure you have thousands of applications and-- >> Satish: Absolutely. >> You know, going from the old way to a brand new thing, there's lot of different ways to get there. Some of it you might need to just-- Where are you with the journey of getting things onto this platform layer that we're talking about? And what will that journey look like for Port? >> Net new apps, anything being new we're talking about writing and like Cloud Native, Twelve factor Apps, like, but anything new, I'm like, anything existing data services, messaging services, what we affectionately call as table stakes services, right? So, which are the Twelve Factor Apps rely on, we are targeting towards Kubernetes. The idea is, "are we there yet?" Probably "no" like We are getting there with along with our partners to put it on the platforms like Kubernetes, right? So, we are also doing a lot of automation orchestration on VMs itself. But the idea is heavy and heavier workloads are going to be lining on Kubernetes platforms, and there will be a lot of work in the upcoming years particularly 2020, where we will be concentrating more on those things and with the continuing growth would be on Twelve Factor, Net New, would be Twelve Factor, Net New, could be in Cloud Foundry, could be in Kubernetes. Time will tell, but uh, that's the guiding philosophy, so to speak, but uh, There's a lot that we have to learn in this journey right now. >> Well I was kind of curious about that Satish, we've talked about an alphabet soup, we've talked about a lot of different projects, and certainly here at KubeCon, the thing about the Cloud Native Computing Foundation is that not that they don't have opinions, but everybody has an opinon, there's lots of different components here, it's not one stack, it's a collection of things that could be put together in several different ways. So you've tried a bunch of different things with storage, I'm actually, I'm interested if there are, if there were kind of surprises or, you know, containerized activity is probably different than I/O activity and storage I/O is probably different than in a virtual machine, the storage itself has some different assumptions built into it, so like, do you have any advise for people? I'm interested in the storage case but also just in, you don't have to evaluate nerworking and security and compliance and a lot of different things. Like, how do you go about approaching this sort of evaluation in this trial; in this journey of when you have-- when you're facing an "alphabet soup" of options? >> I think uh, it all comes down to basic engineering, right? So, what I make, think about "what are your failure points?" I'm like, "could be servers failing, infrastructure, hardware failing" right? So, the basic tendance is that we try to introduce failure as early as possible, like, "what happens if you pull the wire?" and "what happens if the server failure, failure happens?" The question that always comes back is that "is there a way I can compose the same infrastructure so that I can spread it across a couple of failure domains?" I think that was the whole idea of when we started, is like, "can we decompose the problem such that we can actually take advantage of primitives that begged into Kebernetes?" The great thing with CSI, that we're just realizing, before that were all flex drivers, but, how do you actually organize storage in the back end that actually allows you to actually compose this thing on the front end using the Kubernetes primitives. I think that was the process we though. >> John: And CSI is a standard API, >> Correct. >> Yeah, storage API, yeah. >> Exactly. I mean that's what we are relying, we're hoping that it's going to help us with things like, uh, moving compute, uh, to the storage rather than moving storage to the compute. That's one of the evolving, thinking that we're working with. Portworx, we've been working with the community folks from work and a couple of other areas. It's, there's lot to be done here, like we're just in still early days I would say. >> Murli, want to make sure we get out there, Portworx had some updates for this week so what do you say to latest? >> Yeah, so, the updates actually relate to exactly to what Satish was talking about, you know, the idea of, so, container storage has kind of been on it's own journey right? In the early days that John remembers well, it was really providing storage per system, making that data available everywhere. It's then clearly moved to HA being having the High Availability say within the cluster and so on. So, but the data life cycle for the application that's been containerized extends well beyond that so we are making extensions to our own product that are kind of following that path. So, one of the things we launched a few months ago was disaster recovery, DR, which is very very specific to containers, so, container granular DR, so you can kind of you know, take a snapshot, not just of the data, but of the application state as well as the Kubernetes pods back and recover all three of them. At this KubeCon we're announcing two other things. One of them is backup, so our customers, as they make the journey through their app life cycle, inevitably they need to backup their data and we have, again, container granular backup, that will provide all of, by the way, on existing storage. We're not asking anybody to up change, there's underneath their hardware storage substructure. The last thing we're introducing is storage capacity management which is fully automated. You know one of the characteristics of Kubernetes is all of that is "get the person" "get the trouble to get out of the picture," right? The world is going to be automated. Kubernetes is one of the ways people are doing that. And what we have provided is the ability to auto-resize volumes, and auto-resize pods of storage and add more nodes automatically based on policy that is completely automated so that again, these applications, you know when the characteristics of containerized workloads, they aren't predictable; they go up and down and they grow very fast sometimes, and so all of that management, so autopilot, uh, you know, backup DR have now been added in addition to persistent in HA. >> Alright, so before I let you both go, uh, want to talk about 2020? >> So soon. >> Satish, I want to give you a wish. You talked about all the things you'd do the next couple of years, if you could get one thing more out if this ecosystem to make your lives easier for you and your team, you know? What would that be? >> I think standardization on more of these interfaces. Kerbenetes provides a great platform for everybody to interact equally. Uh, more things like CSI, CRI, stuff that's happening in the community. And more standardization will lead to actually, make my life and things and end prizes a lot more easier. Will like to see continue that happening, GPU space looks very interesting, um, so we'll see. That would be my wish at least. >> Alright so Murli, I'm not giving you a wish. You're going to tell me, what should we be looking for from Portworx in participation in, you know, in this community over the next year. >> I think one of the big changes that's happened, really, in the last couple of years that is really kind of achieving a hockey stick is that enterprises are recognizing that stateful apps are really, should be using Kubernetes and can use Kubernetes. So to me, what I predict is that I think, Kubernetes is going to move from not, from just managing applications, to actually managing infrastructure like storage. And so I, you know, my belief is that 2020 is the beginning of where Kubernetes becomes the control plane across the Data Center and Cloud. It's the new control plane. No, what Openstack was aspiring to be many years ago, and that it will be looking upwards to manage applications and downwards to manage infrastructure and, it's not just us who are doing that, folks like VMware with Project Pacific have kind of kind of indicated that that's the direction that we see. So I think it's roll is now much more than just an app orchestrator, it's really going to be the new control plane for infrastructure and apps in the enterprise and in the Cloud. >> Murli, Satish, thank you so much for sharing all the update. >> Thank you >> Pleasure to catch up with both of you >> Thanks. >> Northbound, Southbound, Multi Cloud, theCube is at all of these environments and all the shows. For John Trayer, I'm Stu Miniman as always, thank you for watching theCube.

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back to Vegas, guys and girls, it's great to have you with us. The Cube Live. Si finishing our second day of coverage of Palo Alto Ignite. 22 from MGM Grand in Las Vegas. Lisa Martin here with Dave Valante. Dave Cybersecurity is one of my favorite topics to talk about because it is so interesting. It is so dynamic. My other favorite thing is to hear the voice of our vendors' customers. And we could to >>Do that. I always love to have the customer on you get you get right to the heart of the matter. Yeah. Really understand. You know, what I like to do is sort of when I listen to the keynotes, try to see how well it aligns with what the customers are actually doing. Yeah. So let's >>Do it. We're gonna unpack that now. Michael Fagan joins us, the Chief Transformation Officer at Village Roadshow. Welcome Michael. It's great to have you >>And thank you. It's a pleasure to be here. >>So this is a really interesting entertainment company. I find the name interesting, but talk to us a little bit about Village Roadshow so the audience gets an understanding of all of the things that you guys do cuz theme parks is part of >>This. Yeah, so Village Road show's Australia's largest cinema exhibitor in conjunction with our partners at event. We also own and operate Australia's largest theme parks. We have Warner Brothers movie World, wet and Wild. SeaWorld Top Golf in Australia is, is operated by us plus more. We also do studio, we also own movie studios, so Aquaman, parts of the Caribbean. We're, we're filming our movie studios Elvis last year. And we also distribute and produce movies and TV shows. Quite diverse group. >>Yeah, you guys have won a lot of awards. I mean, I don't know, academy Awards, golden Globe, all that stuff, you know, and so it's good. Congratulations. Yeah. >>Thank you. >>Cool stuff. I wanna also, before we dig into the use case here, talk to us about the role of a chief transformation officer. How long have you been in that role? What does it encompass and what do you get to drive from a transformation perspective? Yeah, >>So the, the, the nature and pace of disruption is accelerating and on, on one side. And then on the other side, the running business as usual is becoming increasingly complex and, and more difficult to do. So running both simultaneously and at pace can put organizations at risk, both financially and and other ways. So in my role as Chief Transformation officer, I support the rest of the executive team by giving them additional capacity and also bring capability to the team that wasn't there before. So I do a lot of strategic and thought leadership. There's some executive coaching in there, a lot of financial modeling and analysis. And I believe that when a transformation role in particularly a chief transformation role is done correctly, it's a very hands-on role. So there's certain things where I, I dive right down and I'm actually hands in, hands-on leading teams or leading pieces of work. So I might be leading particular projects. I tried to drive profit revenue and profitability across the divisions and does any multi or cross-divisional opportunities or initiative, then I will, I will lead those. >>The transformation, you know, a while ago was cloud, right? Okay, hey, cloud and transformation officers, whether or not they had that title, we'll tell you, look, you gotta change the operating model. You can't just, you know, lift and shift in the cloud. That's, you know, that's pennies. We want, you know, big bucks. That's the operating. Now it's, I'm my question is, is did the pandemic just accelerate your transformation or, or was it, you know, deeper than that? >>Yeah, so what in my role have both digital and business transformation, some of it has been organizational. I think the pandemic has had a, a significant and long lasting effect on society, not just on, on business. So I think if you think about how work work used to be a, a place you went to and how it was done beforehand, before the, before COVID versus now where, you know, previously, you know, within the enterprise you had all of the users, you had all of the applications, you had all of the data, you had all of the people. And then since March, 2020, just overnight, that kind of inverted and, you know, you had people working from home and a person working from home as a branch office of one. So, so we ended up with another thousand branches literally overnight. A lot of the applications that we use are now SASS or cloud-based, whether that's timekeeping with Kronos or communica employee communication or work Jam. So they're not sitting within our data center, they're not sitting within, within our enterprise. It's all external. >>So from a security perspective, you obviously had to respond to that and we heard a lot about endpoint and cloud security and refactoring the network and identity. These guys aren't really an identity. They partner for that, but still a lot of change in focus that the CISO had to deal with. How, how did you guys respond to that? And, and you had a rush to do it. Yeah. And so as you sit back now, where do you go from here? >>Well we had, we had two major triggers for our, our network and security transformation. The first being COVID itself, and then the second beam, we had a, a major MPLS telco renewal that came up. So that gave you an opportunity to look at what we were doing and essentially our network was designed for a near, that no longer exists for when, for when p like I said, when people, when people were from home, all the applications were inside. So, and we had aging infrastructure, our firewalls were end of life. So initially we started off with an SD WAN at the SD WAN layer and an SD WAN implementation. But when we investigated and saw the security capabilities that are available now, we that to a full sassy WAN implementation. >>Why Palo Alto Networks? Because you, you had, you said you had an aging infrastructure designed for an era that doesn't exist anymore, but you also had a number of tools. We've been talking about a consolidation a lot the last couple days. Yeah. How did, what did you consolidate and why with Palo Alto? >>So we had a great partner in Australia, incidentally also called Cube. Cube Networks. Yeah. That we worked with great >>Names. Yeah, right. >>So we, so we, we worked for Cube. We ran a, a form of tender process. And Palo Alto with, you know, Prisma access and Global Global Protect was the only, the only solution that gave us everything that we needed in terms of network modernization, the agility that we required. So for example, in our theme part, we want to send out a hotdog cart or an ice cream cart, and that becomes, all of a sudden you got a new branch that I want to spin up this branch in 10 minutes and then I wanna spin it back down again. So from agility perspective, from a flexibility perspective, the security that, that we wanted, you know, from a zero trust perspective, and they were the only, certainly from a zero trust perspective, they're probably the only vendor that, that exists that, that actually provided the, the, all those capabilities. >>And did you consolidate tools or you were in the process of consolidating tools now? >>Yeah, so we actually, we actually consolidated down to, to, to a, to a single vendor. And in my previous role I had, I had implemented SD WAN before and you know, interoperability is a, is a major issue in the IT industry. I think there's, it's probably the only industry in the, the only industry I can think of certainly that where we, we ship products that aren't ready. They're not of all the features, they, they don't have all the features that they should have. They're their plans. They were releasing patches, releasing additional features every, every couple of months. So, you know, if you, if if Ford sold the card, I said, Hey, you're gonna give you backseats in a couple of months, they'd be uproar. But, but we do that all the time in, in it. So I had, when I previously implemented an Sdwan transformation, I had products from two tier one vendors that just didn't talk to one another. And so when I went and spoke to those vendors, they just went, well, it's not me. It's clearly, clearly those guys. So, so there's a lot to be said for having a, you know, a champion team rather than a team of champions. And Palo Alto have got that full stack fully integrated that was, you know, exactly meant what we were looking for. >>They've been talking a lot the last couple days about integration and it, and I've talked with some of their executives and some analysts as well, including Dave about that seems to be a differentiator for them because they really focus on that. Their m and a strategy is very, it seems to be very clear and there's purpose on that backend integration instead of leaving it to the customer, like Village Road show to do it. They also talked a lot about the consolidation. I'm just curious, Michael, in terms of like what you've heard at the show in the last couple of days. >>Yeah, I mean I've been hearing to same mess, but actually we've, we've lived in a >>You're living it. That's what I wanted to >>Know. So, so, you know, we had a choice of, you know, do you try and purchase so-called best of breed products and then put a lot of effort into integrating them and trying to get them to work, which is not really what we want to spend time doing. I don't, I don't wanna be famous for, you know, integration and, you know, great infrastructure. I want to be, I want Village to be famous for delivering great experiences to our customers. Memories that last a lifetime. And you know, when kids grow up in Australia, they, everybody remembers going to the theme parks. That's what, that's what I want our team to be doing and to be delivering those great experiences, not to be trying to plug together bits of software and it may or may not work and have vendors pointing at one another and then we are left carrying the cannon and holding the >>Baby. So what was the before and after, can you give us a sense as to how life changed, you know, pre that consolidation versus post? >>Yeah, so our, our, our infrastructure, say our infrastructure was designed for, you know, the, you know, old ways of working where we had you knowm routers that were, you know, not designed for cloud, for modern traffic, including cloud Destin traffic, an old MPLS network. We used to back haul all the traffic from, from our branches back to central location run where we've got, you know, firewall walls, we've got a dmz, we could run advanced inspection services on that. So if you had a branch that wanted to access a website that was housed next door, even if it was across the country, then it would, we would pull that all the way back to Melbourne. We would apply advanced inspection services to it, send it up to the cloud out back across the country. Traffic would come back, come down to us, back out to our branch. >>So you talk about crossing the country four times, even at the website is, is situated next door now with, with our sasi sdwan transformation just pops out to the cloud now straight away. And the, the difference in performance for our, for our team and for our customers, it, it's phenomenal. So you'll talk about saving minutes, you know, on a log on and, and seconds then and on, on an average transaction and second zone sound like a lot. But when you, it's every click up, they're saving a second and add up. You're talking about thousands of man hours every month that we've saved. >>If near Zuke were sitting right here and said, what could we do better? You know, what do you need from us that we're not delivering today that you want to, you want us to deliver that would change your life. Yeah, >>There's two things. One, one of which I think they're all, they're already doing, but I actually haven't experienced myself. It's around the autonomous digital experience management. So I've now got a thousand users who are sitting at home and they've got, when they've got a problem, I don't know, is it, is it my problem or is it their problem? So I know that p were working on a, an A solution that digital experience solution, which can actually tell, well actually know you're sitting in your kitchen and your routes in your front room, maybe you should move closer to the route. So there, there they, that's one thing. And the second thing is using AI to tell me things that I wouldn't be able to figure out with a human training. A lot of time sifting through data. So things like where I've potentially overcompensated and, you know, overdelivered on the network and security side or of potentially underdelivered on a security side. So having AI to, you know, assess all of those millions and probably billions of, you know, transactions and packets that are moving around our network and say, Hey, you could optimize it more if you, if you dial this down or dial this up. >>So you said earlier we, this industry has a habit of shipping products before, you know they're ready. So based on your experience, seems like, first of all, it sounds like you got a at least decent technical background as well. When do you expect to have that capability? Realistically? When can we expect that as an industry? >>I think I, I think, like I said, the the rate and nature of change is, is, I think it's accelerating. The halflife of degree is short. I think when I left university, what I, what I learned in first year was, was obsolete within five years, I'd say now it's probably obsolete of you. What'd you learn in first year? It's probably obsolete by the time you finish your degree. >>Six months. Yeah, >>It's true. So I think the, the, the rate of change and the, the partnership that I see Palo building with the likes of AWS and Google and that and how they're coming together to, to solve, to jointly solve these problems is I think we will see this within 12 months. >>Who, who are your clouds? You got multiple clouds >>Or We got multiple clouds. Mostly aws, but there are certain things that we run that run in run in Azure as well. We, we don't really have much in GCP or, or, or some of the other >>Azure for collaboration and teams, stuff like that. >>Ah, we, we run, we run SAP that's we hosted in, in Azure and our cinema ticketing system is, is was run in Azure. It's, it was only available in, in in Azure the time we're mo we are mostly an AWS >>Shop. And what do you do with aws? I mean, pretty much everything else is >>Much every, everything else, anything that's customer facing our websites, they give us great stability. Great, great availability, great performance, you know, we've had and, and, and, and a very variable as well. So, we'll, you know, our, our pattern of selling movie tickets is typically, you know, fairly flat except when, you know, there's a launch of a, of a new movie. So all of a sudden we might say you might sell, you know, at 9:00 AM when, you know, spider-Man went on sale last year, I think we sold 100 times the amount of tickets in the forest, 10 minutes. So our website didn't just scale look beautifully, just took in all of that extra traffic scale up. We're at only any intervention and then scale back down >>Taylor Swift needs that she does need that. So yeah. And so is your vision to have Palo Alto networks security infrastructure have be a common sort of layer across those clouds and maybe even some on-prem? Is it, are you, are you working toward that? Yeah, >>We, yeah, we, yeah, we, we'd love to have, you know, our end, our end customers don't really care about the infrastructure that we run. They won't be >>Able to unless it breaks. >>Unless it breaks. Yeah. They wanna be able to go to see a movie. Do you wanna be able to get on a rollercoaster? They wanna be able to go, you know, play around around a top golf. So having that convergence and that seamless integration of working across cloud network security now for most of our team, they, they don't know and they don't need to know. In fact, I, I frankly don't want them to know and be, be thinking about networks and clouds. I kind of want them thinking about how do we sell more cinema tickets? How do we give a great experience to our guests? How do we give long lasting lifetime memories to, to the people who come visit our parks? >>That's what they want. They want that experience. Right. I'd love to get your final thoughts on, we, we had you give a great overview of the ch the role that you play as Chief transformation officer. You own digital transformation, you want business transformation. What advice would you give to either other treat chief transformation officers, CISOs, CSOs, CEOs about partnering, what's the right partner to really improve your security posture? >>I think there's, there's two things. One is if you haven't looked at this in the last two years and made some changes, you're outta date. Yeah. Because the world has changed. We've seen, I mean, I've heard somebody say it was two decades worth of, I actually think it's probably five 50 years worth of change in, in Australia in terms of working habits. So one, you need to do something. Yeah. Need to, you need to have a look at this. The second thing I think is to try and partner with someone that has similar values to your organization. So Village is a, it's a wonderful, innovative company. Very agile. So the, like the, the concept of gold class cinema, so, you know, big proceeds, recliners, waiter service, elevated foods concept that, that was invented by village in 1997. Thank you. And we had thanks finally came to the states so decade later, I mean we would've had the CEO of every major cinema chain in the world come to come to Melbourne and have a look at what Village is doing and go, yeah, we're gonna export that back around around the world. It's probably one of, one of Australia's unknown exports. Yeah. So it's, yeah, so, so partnering. So we've got a great innovation history and we'd like to think of ourselves as pretty agile. So working with partners who are, have a similar thought process and, and managed to an outcome and not to a contract Yeah. Is, is important for us. >>It's all about outcomes. And you've had some great outcomes, Michael, thank you for joining us on the program, walking us through Village Roadshow, the challenges that you had, how you tackled them, and, and next time I think I'm in a movie theater and I'm in reclining chair, I'm gonna think about you and village. So thank you. We appreciate your insights, your time. Thank you. Thanks Michael. For Michael Fagan and Dave Valante. I'm Lisa Martin. You've been watching The Cube. Our live coverage of Palo Alto Networks. Ignite comes to an end. We thank you so much for watching. We appreciate you. You're watching the Cube, the leader in live enterprise and emerging emerging tech coverage next year. >>Yeah.

(bright upbeat music) >> Greetings, brilliant community and thank you so much for tuning in to theCUBE here for the last three days where we've been live from Detroit, Michigan. I've had the pleasure of spending this week with Lisa Martin and John Furrier. Thank you both so much for hanging out, for inviting me into the CUBE family. It's our first show together, it's been wonderful. >> Thank you. >> You nailed it. >> Oh thanks, sweetheart. >> Great job. Great job team, well done. Free wall to wall coverage, it's what we do. We stay till everyone else-- >> Savannah: 100 percent. >> Everyone else leaves, till they pull the plug. >> Lisa: Till they turn the lights out. We're still there. >> Literally. >> Literally last night. >> Still broadcasting. >> Whatever takes to get the stories and get 'em out there at scale. >> Yeah. >> Great time. >> 33. 33 different segments too. Very impressive. John, I'm curious, you're a trend watcher and you've been at every single KubeCon. >> Yep. >> What are the trends this year? Give us the breakdown. >> I think CNCF does this, it's a hard job to balance all the stakeholders. So one, congratulations to the CNCF for another great KubeCon and CloudNativeCon. It is really hard to balance bringing in the experts who, as time goes by, seven years we've been all of, as you said, you get experts, you get seniority, and people who can be mentors, 60% new people. You have vendors who are sponsoring and there's always people complaining and bitching and moaning. They want this, they want that. It's always hard and they always do a good job of balancing it. We're lucky that we get to scale the stories with CUBE and that's been great. We had some great stories here, but it's a great community and again, they're inclusive. As I've said before, we've talked about it. This year though is an inflection point in my opinion, because you're seeing the developer ecosystem growing so fast. It's global. You're seeing events pop up, you're seeing derivative events. CNCF is at the center point and they have to maintain the culture of developer experts, maintainers, while balancing the newbies. And that's going to be >> Savannah: Mm-hmm. really hard. And they've done a great job. We had a great conversation with them. So great job. And I think it's going to continue. I think the attendance metric is a little bit of a false positive. There's a lot of online people who didn't come to Detroit this year. And I think maybe the combination of the venue, the city, or just Covid preferences may not look good on paper, on the numbers 'cause it's not a major step up in attendance. It's still bigger, but the community, I think, is going to continue to grow. I'm bullish on it. >> Yeah, I mean at least we did see double the number of people that we had in Los Angeles. Very curious. I think Amsterdam, where we'll be next with CNCF in the spring, in April. I think that's actually going to be a better pulse check. We'll be in Europe, we'll see what's going on. >> John: Totally. >> I mean, who doesn't like Amsterdam in the springtime? Lisa, what have been some of your observations? >> Oh, so many observations. The evolution of the conference, the hallway track conversations really shifting towards adjusting to the enterprise. The enterprise momentum that we saw here as well. We had on the show, Ford. >> Savannah: Yes. We had MassMutual, we had ING, that was today. Home Depot is here. We are seeing all these big companies that we know and love, become software companies right before our eyes. >> Yeah. Well, and I think we forget that software powers our entire world. And so of course they're going to have to be here. So much running on Kubernetes. It's on-prem, it's at the edge, it's everywhere. It's exciting. Woo, I'm excited. John, what do you think is the number one story? This is your question. I love asking you this question. What is the number one story out KubeCon? >> Well, I think the top story is a combination of two things. One is the evolution of Cloud Native. We're starting to see web assembly. That's a big hyped up area. It got a lot of attention. >> Savannah: Yeah. That's kind of teething out the future. >> Savannah: Rightfully so. The future of this kind of lightweight. You got the heavy duty VMs, you got Kubernetes and containers, and now this web assembly, shows a trajectory of apps, server-like environment. And then the big story is security. Software supply chain is, to me, was the number one consistent theme. At almost all the interviews, in the containers, and the workflows, >> Savannah: Very hot. software supply chain is real. The CD Foundation mentioned >> Savannah: Mm-hmm. >> they had 16,000 vulnerabilities identified in their code base. They were going to automate that. So again, >> Savannah: That was wild. >> That's the top story. The growth of open source exposes potential vulnerabilities with security. So software supply chain gets my vote. >> Did you hear anything that surprised you? You guys did this great preview of what you thought we were going to hear and see and feel and touch at KubeCon, CloudNativeCon 2022. You talked about, for example, the, you know, healthcare financial services being early adopters of this. Anything surprise either one of you in terms of what you predicted versus what we saw? Savannah, let's start with you. >> You know what really surprised me, and this is ironic, so I'm a community gal by trade. But I was really just impressed by the energy that everyone brought here and the desire to help. The thing about the open source community that always strikes me is, I mean 187 different countries participating. You've got, I believe it's something like 175,000 people contributing to the 140 projects plus that CNCF is working on. But that culture of collaboration extends far beyond just the CNCF projects. Everyone here is keen to help each other. We had the conversation just before about the teaching and the learnings that are going on here. They brought in Detroit's students to come and learn, which is just the most heartwarming story out of this entire thing. And I think it's just the authenticity of everyone in this community and their passion. Even though I know it's here, it still surprises me to see it in the flesh. Especially in a place like Detroit. >> It's nice. >> Yeah. >> It's so nice to see it. And you bring up a good point. It's very authentic. >> Savannah: It's super authentic. >> I mean, what surprised me is one, the Wasm, or web assembly. I didn't see that coming at the scale of the conversation. It sucked a lot of options out of the room in my opinion, still hyped up. But this looks like it's got a good trajectory. I like that. The other thing that surprised me that was a learning was my interview with Solo.io, Idit, and Brian Gracely, because he's a CUBE alumni and former host of theCUBE, and analyst at Wikibon, was how their go-to-market was an example of a modern company in Covid with a clean sheet of paper and smart people, they're just doing things different. They're in Slack with their customers. And I walked away with, "Wow that's like a playbook that's not, was never, in the go-to-market VC-backed company playbook." I thought that was, for me, a personal walk away saying that's important. I like how they did that. And there's a lot of companies I think could learn from that. Especially as the recession comes where partnering with customers has always been a top priority. And how they did that was very clever, very effective, very efficient. So I walked away with that saying, "I think that's going to be a standard." So that was a pleasant surprise. >> That was a great surprise. Also, that's a female-founded company, which is obviously not super common. And the growth that they've experienced, to your point, really being catalyzed by Covid, is incredibly impressive. I mean they have some massive brand name customers, Amex, BMW for example. >> Savannah: Yeah. >> Great point. >> And I interviewed her years ago and I remember saying to myself, "Wow, she's impressive." I liked her. She's a player. A player for sure. And she's got confidence. Even on the interview she said, "We're just better, we have better product." And I just like the point of view. Very customer-focused but confident. And I just took, that's again, a great company. And again, I'm not surprised that Brian Gracely left Red Hat to go work there. So yeah, great, great call there. And of course other things that weren't surprising that I predicted, Red Hat continued to invest. They continue to bring people on theCUBE, they support theCUBE but more importantly they have a good strategy. They're in that multicloud positioning. They're going to have an opportunity to get a bite at the apple. And I what I call the supercloud. As enterprises try to go and be mainstream, Cloud Native, they're going to need some help. And Red Hat is always has the large enterprise customers. >> Savannah: What surprised you, Lisa? >> Oh my gosh, so many things. I think some of the memorable conversations that we had. I love talking with some of the enterprises that we mentioned, ING Bank for example. You know, or institutions that have been around for 100 plus years. >> Savannah: Oh, yeah. To see not only how much they've innovated and stayed relevant to meet the demands of the consumer, which are only increasing, but they're doing so while fostering a culture of innovation and a culture that allows these technology leaders to really grow within the organization. That was a really refreshing conversation that I think we had. 'Cause you can kind of >> Savannah: Absolutely. think about these old stodgy companies. Nah, of course they're going to digitize. >> Thinking about working for the bank, I think it's boring. >> Right? >> Yeah. And they were talking about, in fact, those great t-shirts that they had on, >> Yeah, yeah, yeah, yeah. were all about getting more people to understand how fun it is to work in tech for ING Bank in different industries. You don't just have to work for the big tech companies to be doing really cool stuff in technology. >> What I really liked about this show is we had two female hosts. >> Savannah: Yeah. >> How about that? Come on. >> Hey, well done, well done on your recruitment there, champ. >> Yes, thank you boss. (John laughs) >> And not to mention we have a really all-star production team. I do just want to give them a little shout out. To all the wonderful folks behind the lines here. (people clapping) >> John: Brendan. Good job. >> Yeah. Without Brendan, Anderson, Noah, and Andrew, we would be-- >> Of course Frank Faye holding it back there too. >> Yeah, >> Of course, Frank. >> I mean, without the business development wheels on the ship we'd really be in an unfortunate spot. I almost just swore on television. We're not going to do that. >> It's okay. No one's regulating. >> Yeah. (all laugh) >> Elon Musk just took over Twitter. >> It was a close call. >> That's right! >> It's going to be a hellscape. >> Yeah, I mean it's, shit's on fire. So we'll just see what happens next. I do, I really want to talk about this because I think it's really special. It's an ethos and some magic has happened here. Let's talk about Detroit. Let's talk about what it means to be here. We saw so many, and I can't stress this enough, but I think it really matters. There was a commitment to celebrating place here. Lisa, did you notice this too? >> Absolutely. And it surprised me because we just don't see that at conferences. >> Yeah. We're so used to going to the same places. >> Right. >> Vegas. Vegas, Vegas. More Vegas. >> Your tone-- >> San Francisco >> (both laugh) sums up my feelings. Yes. >> Right? >> Yeah. And, well, it's almost robotic but, and the fact that we're like, oh Detroit, really? But there was so much love for this city and recognizing and supporting its residents that we just don't see at conferences. You uncovered a lot of that with your swag-savvy segments, >> Savannah: Yeah. >> And you got more of that to talk about today. >> Don't worry, it's coming. Yeah. (laughs) >> What about you? Have you enjoyed Detroit? I know you hadn't been here in a long time, when we did our intro session. >> I think it's a bold move for the CNCF to come here and celebrate. What they did, from teaching the kids in the city some tech, they had a session. I thought that was good. >> Savannah: Loved that. I think it was a risky move because a lot of people, like, weren't sure if they were going to fly to Detroit. So some say it might impact the attendance. I thought they did a good job. Their theme, Road Ahead. Nice tie in. >> Savannah: Yeah. And so I think I enjoyed Detroit. The weather was great. It didn't rain. Nice breeze outside. >> Yeah. >> The weather was great, the restaurants are phenomenal. So Detroit's a good city. I missed some hockey games. I'd love to see the Red Wings play. Missed that game. But we always come back. >> I think it's really special. I mean, every time I talked to a company about their swag, that had sourced it locally, there was a real reason for this story. I mean even with Kasten in that last segment when I noticed that they had done Carhartt beanies, Carhartt being a Michigan company. They said, "I'm so glad you noticed. That's why we did it." And I think that type of, the community commitment to place, it all comes back to community. One of the bigger themes of the show. But that passion and that support, we need more of that. >> Lisa: Yeah. >> And the thing about the guests we've had this past three days have been phenomenal. We had a diverse set of companies, individuals come on theCUBE, you know, from Scott Johnston at Docker. A really one on one. We had a great intense conversation. >> Savannah: Great way to kick it off. >> We shared a lot of inside baseball, about Docker, super important company. You know, impressed with companies like Platform9 it's been around since the OpenStack days who are now in a relevant position. Rafi Systems, hot startup, they don't have a lot of resources, a lot of guerilla marketing going on. So I love to see the mix of startups really contributing. The big players are here. So it's a real great mix of companies. And I thought the interviews were phenomenal, like you said, Ford. We had, Kubia launched on theCUBE. >> Savannah: Yes. >> That's-- >> We snooped the location for KubeCon North America. >> You did? >> Chicago, everyone. In case you missed it, Bianca was nice enough to share that with us. >> We had Sarbjeet Johal, CUBE analyst came on, Keith Townsend, yesterday with you guys. >> We had like analyst speed dating last night. (all laugh) >> How'd that go? (laughs) >> It was actually great. One of the things that they-- >> Did they hug and kiss at the end? >> Here's the funny thing is that they were debating the size of the CNC app. One thinks it's too big, one thinks it's too small. And I thought, is John Goldilocks? (John laughs) >> Savannah: Yeah. >> What is John going to think about that? >> Well I loved that segment. I thought, 'cause Keith and Sarbjeet argue with each other on Twitter all the time. And I heard Keith say before, he went, "Yeah let's have it out on theCUBE." So that was fun to watch. >> Thank you for creating this forum for us to have that kind of discourse. >> Lisa: Yes, thank you. >> Well, it wouldn't be possible without the sponsors. Want to thank the CNCF. >> Absolutely. >> And all the ecosystem partners and sponsors that make theCUBE possible. We love doing this. We love getting the stories. No story's too small for theCUBE. We'll go with it. Do whatever it takes. And if it wasn't for the sponsors, the community wouldn't get all the great knowledge. So, and thank you guys. >> Hey. Yeah, we're, we're happy to be here. Speaking of sponsors and vendors, should we talk a little swag? >> Yeah. >> What do you guys think? All right. Okay. So now this is becoming a tradition on theCUBE so I'm very delighted, the savvy swag segment. I do think it's interesting though. I mean, it's not, this isn't just me shouting out folks and showing off t-shirts and socks. It's about standing out from the noise. There's a lot of players in this space. We got a lot of CNCF projects and one of the ways to catch the attention of people walking the show floor is to have interesting swag. So we looked for the most unique swag on Wednesday and I hadn't found this yet, but I do just want to bring it up. Oops, I think I might have just dropped it. This is cute. Is, most random swag of the entire show goes to this toothbrush. I don't really have more in terms of the pitch there because this is just random. (Lisa laughs) >> But so, everyone needs that. >> John: So what's their tagline? >> And you forget these. >> Yeah, so the idea was to brush your cloud bills. So I think they're reducing the cost of-- >> Kind of a hygiene angle. >> Yeah, yeah. Very much a hygiene angle, which I found a little ironic in this crowd to be completely honest with you. >> John: Don't leave the lights on theCUBE. That's what they say. >> Yeah. >> I mean we are theCUBE so it would be unjust of me not to show you a Rubik's cube. This is actually one of those speed cubes. I'm not going to be able to solve this for you with one hand on camera, but apparently someone did it in 17 seconds at the booth. Knowing this audience, not surprising to me at all. Today we are, and yesterday, was the t-shirt contest. Best t-shirt contest. Today we really dove into the socks. So this is, I noticed this trend at KubeCon in Los Angeles last year. Lots of different socks, clouds obviously a theme for the cloud. I'm just going to lay these out. Lots of gamers in the house. Not surprising. Here on this one. >> John: Level up. >> Got to level up. I love these 'cause they say, "It's not a bug." And anyone who's coded has obviously had to deal with that. We've got, so Star Wars is a huge theme here. There's Lego sets. >> John: I think it's Star Trek. But. >> That's Star Trek? >> John: That's okay. >> Could be both. (Lisa laughs) >> John: Nevermind, I don't want to. >> You can flex your nerd and geek with us anytime you want, John. I don't mind getting corrected. I'm all about, I'm all about the truth. >> Star Trek. Star Wars. Okay, we're all the same. Okay, go ahead. >> Yeah, no, no, this is great. Slim.ai was nice enough to host us for dinner on Tuesday night. These are their lovely cloud socks. You can see Cloud Native, obviously Cloud Native Foundation, cloud socks, whole theme here. But if we're going to narrow it down to some champions, I love these little bee elephants from Raft. And when I went up to these guys, I actually probably would've called these my personal winner. They said, again, so community focused and humble here at CNCF, they said that Wiz was actually the champion according to the community. These unicorn socks are pretty excellent. And I have to say the branding is flawless. So we'll go ahead and give Wiz the win on the best sock contest. >> John: For the win. >> Yeah, Wiz for the win. However, the thing that I am probably going to use the most is this really dope Detroit snapback from Kasten. So I'm going to be rocking this from now on for the rest of the segment as well. And I feel great about this snapback. >> Looks great. Looks good on you. >> Yeah. >> Thanks John. (John laughs) >> So what are we expecting between now and KubeCon in Amsterdam? >> Well, I think it's going to be great to see how they, the European side, it's a chill show. It's great. Brings in the European audience from the global perspective. I always love the EU shows because one, it's a great destination. Amsterdam's going to be a great location. >> Savannah: I'm pumped. >> The American crowd loves going over there. All the event cities that they choose are always awesome. I missed Valencia cause I got Covid. I'm really bummed about that. But I love the European shows. It's just a little bit, it's high intensity, but it's the European chill. They got a little bit more of that siesta vibe going on. >> Yeah. >> And it's just awesome. >> Yeah, >> And I think that the mojo that carried throughout this week, it's really challenging to not only have a show that's five days, >> but to go through all week, >> Savannah: Seriously. >> to a Friday at 4:00 PM Eastern Time, and still have the people here, the energy and all the collaboration. >> Savannah: Yeah. >> The conversations that are still happening. I think we're going to see a lot more innovation come spring 2023. >> Savannah: Mm-hmm. >> Yeah. >> So should we do a bet, somebody's got to buy dinner? Who, well, I guess the folks who lose this will buy dinner for the other one. How many attendees do you think we'll see in Amsterdam? So we had 4,000, >> Oh, I'm going to lose this one. >> roughly in Los Angeles. Priyanka was nice enough to share with us, there was 8,000 here in Detroit. And I'm talking in person, we're not going to meddle this with the online. >> 6500. >> Lisa: I was going to say six, six K. >> I'm going 12,000. >> Ooh! >> I'm going to go ahead and go big I'm going to go opposite Price Is Right. >> One dollar. >> Yeah. (all laugh) That's exactly where I was driving with it. I'm going, I'm going absolutely all in. I think the momentum here is building. I think if we look at the numbers from-- >> John: You could go Family Feud >> Yeah, yeah, exactly. And they mentioned that they had 11,000 people who have taken their Kubernetes course in that first year. If that's a benchmark and an indicator, we've got the veteran players here. But I do think that, I personally think that the hype of Kubernetes has actually preceded adoption. If you look at the data and now we're finally tipping over. I think the last two years we were on the fringe and right now we're there. It's great. (voice blares loudly on loudspeaker) >> Well, on that note (all laugh) On that note, actually, on that note, as we are talking, so I got to give cred to my cohosts. We deal with a lot of background noise here on theCUBE. It is a live show floor. There's literally someone on an e-scooter behind me. There's been Pong going on in the background. The sound will haunt the three of us for the rest of our lives, as well as the production crew. (Lisa laughs) And, and just as we're sitting here doing this segment last night, they turned the lights off on us, today they're letting everyone know that the event is over. So on that note, I just want to say, Lisa, thank you so much. Such a warm welcome to the team. >> Thank you. >> John, what would we do without you? >> You did an amazing job. First CUBE, three days. It's a big show. You got staying power, I got to say. >> Lisa: Absolutely. >> Look at that. Not bad. >> You said it on camera now. >> Not bad. >> So you all are stuck with me. (all laugh) >> A plus. Great job to the team. Again, we do so much flow here. Brandon, Team, Andrew, Noah, Anderson, Frank. >> They're doing our hair, they're touching up makeup. They're helping me clean my teeth, staying hydrated. >> We look good because of you. >> And the guests. Thanks for coming on and spending time with us. And of course the sponsors, again, we can't do it without the sponsors. If you're watching this and you're a sponsor, support theCUBE, it helps people get what they need. And also we're do a lot more segments around community and a lot more educational stuff. >> Savannah: Yeah. So we're going to do a lot more in the EU and beyond. So thank you. >> Yeah, thank you. And thank you to everyone. Thank you to the community, thank you to theCUBE community and thank you for tuning in, making it possible for us to have somebody to talk to on the other side of the camera. My name is Savannah Peterson for the last time in Detroit, Michigan. Thanks for tuning into theCUBE. >> Okay, we're done. (bright upbeat music)

>>Set restaurants. And who says TEUs had got a little ass more skin in the game for us, in charge of his destiny? You guys are excited. Robert Worship is Chief Alumni. >>My name is Dave Ante, and I'm a long time industry analyst. So when you're as old as I am, you've seen a lot of transitions. Everybody talks about industry cycles and waves. I've seen many, many waves. Met a lot of industry executives and of a little bit of a, an industry historian. When you interview many thousands of people, probably five or 6,000 people as I have over the last half of a decade, you get to interact with a lot of people's knowledge and you begin to develop patterns. And so that's sort of what I bring is, is an ability to catalyze the conversation and, you know, share that knowledge with others in the community. Our philosophy is everybody's expert at something. Everybody's passionate about something and has real deep knowledge about that's something well, we wanna focus in on that area and extract that knowledge and share it with our communities. This is Dave Ante. Thanks for watching the Cube. >>Hello everyone and welcome back to the Cube where we are streaming live this week from CubeCon. I am Savannah Peterson and I am joined by an absolutely stellar lineup of cube brilliance this afternoon. To my left, a familiar face, Lisa Martin. Lisa, how you feeling? End of day two. >>Excellent. It was so much fun today. The buzz started yesterday, the momentum, the swell, and we only heard even more greatness today. >>Yeah, yeah, abs, absolutely. You know, I, I sometimes think we've hit an energy cliff, but it feels like the energy is just >>Continuous. Well, I think we're gonna, we're gonna slide right into tomorrow. >>Yeah, me too. I love it. And we've got two fantastic analysts with us today, Sarge and Keith. Thank you both for joining us. We feel so lucky today. >>Great being back on. >>Thanks for having us. Yeah, Yeah. It's nice to have you back on the show. We were, had you yesterday, but I miss hosting with you. It's been a while. >>It has been a while. We haven't done anything in since, Since pre >>Pandemic, right? Yeah, I think you're >>Right. Four times there >>Be four times back in the day. >>We, I always enjoy whole thing, Lisa, cuz she's so well prepared. I don't have to do any research when I come >>Home. >>Lisa will bring up some, Oh, sorry. Jeep, I see that in 2008 you won this award for Yeah. Being just excellent and I, I'm like, Oh >>Yeah. All right Keith. So, >>So did you do his analysis? >>Yeah, it's all done. Yeah. Great. He only part, he's not sitting next to me too. We can't see it, so it's gonna be like a magic crystal bell. Right. So a lot of people here. You got some stats in terms of the attendees compared >>To last year? Yeah, Priyanka told us we were double last year up to 8,000. We also got the scoop earlier that 2023 is gonna be in Chicago, which is very exciting. >>Oh, that is, is nice. Yeah, >>We got to break that here. >>Excellent. Keith, talk to us about what some of the things are that you've seen the last couple of days. The momentum. What's the vibe? I saw your tweet about the top three things you were being asked. Kubernetes was not one of them. >>Kubernetes were, was not one of 'em. This conference is starting to, it, it still feels very different than a vendor conference. The keynote is kind of, you know, kind of all over the place talking about projects, but the hallway track has been, you know, I've, this is maybe my fifth or sixth CU con in person. And the hallway track is different. It's less about projects and more about how, how do we adjust to the enterprise? How do we Yes. Actually do enterprise things. And it has been amazing watching this community grow. I'm gonna say grow up and mature. Yes. You know, you know, they're not wearing ties yet, but they are definitely understanding kind of the, the friction of implementing new technology in, in an enterprise. >>Yeah. So ge what's your, what's been your take, We were with you yesterday. What's been the take today to take aways? >>NOMA has changed since yesterday, but a few things I think I, I missed talking about that yesterday were that, first of all, let's just talk about Amazon. Amazon earnings came out, it spooked the market and I think it's relevant in this context as well, because they're number one cloud provider. Yeah. And all, I mean, almost all of these technologies on the back of us here, they are related to cloud, right? So it will have some impact on these. Like we have to analyze that. Like will it make the open source go faster or slower in, in lieu of the fact that the, the cloud growth is slowing. Right? So that's, that's one thing that's put that's put that aside. I've been thinking about the, the future of Kubernetes. What is the future of Kubernetes? And in that context, I was thinking like, you know, I think in, when I put a pointer there, I think in tangents, like, what else is around this thing? So I think CN CNCF has been writing the success of Kubernetes. They are, that was their number one flagship project, if you will. And it was mature enough to stand on its own. It it was Google, it's Google's Borg dub da Kubernetes. It's a genericized version of that. Right? So folks who do tech deep down, they know that, Right. So I think it's easier to stand with a solid, you know, project. But when the newer projects come in, then your medal will get tested at cncf. Right. >>And cncf, I mean they've got over 140 projects Yeah. Right now. So there's definitely much beyond >>Kubernetes. Yeah. So they, I have numbers there. 18 graduated, right, 37 in incubation and then 81 in Sandbox stage. They have three stages, right. So it's, they have a lot to chew on and the more they take on, the less, you know, quality you get goes into it. Who is, who's putting the money behind it? Which vendors are sponsoring like cncf, like how they're getting funded up. I think it >>Something I pay attention to as well. Yeah. Yeah. Lisa, I know you've got >>Some insight. Those are the things I was thinking about today. >>I gotta ask you, what's your take on what Keith said? Are you also seeing the maturation of the enterprise here at at coupon? >>Yes, I am actually, when you say enterprise versus what's the other side? Startups, right? Yeah. So startups start using open source a lot more earlier or lot more than enterprises. The enterprise is what they need. Number one thing is the, for their production workloads, they want a vendor sporting them. I said that yesterday as well, right? So it depend depending on the size of the enterprise. If you're a big shop, definitely if you have one of the 500 or Fortune five hundreds and your tech savvy shop, then you can absorb the open source directly coming from the open source sort of universe right. Coming to you. But if you are the second tier of enterprise, you want to go to a provider which is managed service provider, or it can be cloud service provider in this case. Yep. Most of the cloud service providers have multiple versions of Kubernetes, for example. >>I'm not talking about Kubernetes only, but like, but that is one example, right? So at Amazon you can get five different flavors of Kubernetes, right? Fully manage, have, manage all kind of stuff. So people don't have bandwidth to manage that stuff locally. You have to patch it, you have to roll in the new, you know, updates and all that stuff. Like, it's a lot of work for many. So CNCF actually is formed for that reason. Like the, the charter is to bring the quality to open source. Like in other companies they have the release process and they, the stringent guidelines and QA and all that stuff. So is is something ready for production? That's the question when it comes to any software, right? So they do that kind of work and, and, and they have these buckets defined at high level, but it needs more >>Work. Yeah. So one of the things that, you know, kind of stood out to me, I have good friend in the community, Alex Ellis, who does open Fast. It's a serverless platform, great platform. Two years ago or in 2019, there was a serverless day date. And in serverless day you had K Native, you had Open Pass, you had Ws, which is supported by IBM completely, not CNCF platforms. K native came into the CNCF full when Google donated the project a few months ago or a couple of years ago, now all of a sudden there's a K native day. Yes. Not a serverless day, it's a K native day. And I asked the, the CNCF event folks like, what happened to Serverless Day? I missed having open at serverless day. And you know, they, they came out and said, you know what, K native got big enough. >>They came in and I think Red Hat and Google wanted to sponsor a K native day. So serverless day went away. So I think what what I'm interested in and over the next couple of years is, is they're gonna be pushback from the C against the cncf. Is the CNCF now too big? Is it now the gatekeeper for do I have to be one of those 147 projects, right? In order enough to get my project noticed the open, fast, great project. I don't think Al Alex has any desire to have his project hosted by cncf, but it probably deserves, you know, shoulder left recognition with that. So I'm pushing to happen to say, okay, if this is open community, this is open source. If CNC is the place to have the cloud native conversation, what about the projects that's not cncf? Like how do we have that conversation when we don't have the power of a Google right. Or a, or a Lenox, et cetera, or a Lenox Foundation. So GE what, >>What are your thoughts on that? Is, is CNC too big? >>I don't think it's too big. I think it's too small to handle the, what we are doing in open source, right? So it's a bottle. It can become a bottleneck. Okay. I think too big in a way that yeah, it has, it has, it has power from that point of view. It has that cloud, if you will. The people listen to it. If it's CNCF project or this must be good, it's like in, in incubators. Like if you are y white Combinator, you know, company, it must be good. You know, I mean, may not be >>True, but, >>Oh, I think there's a bold assumption there though. I mean, I think everyone's just trying to do the best they can. And when we're evaluating projects, a very different origin and background, it's incredibly hard. Very c and staff is a staff of 30 people. They've got 180,000 people that are contributing to these projects and a thousand maintainers that they're trying to uphold. I think the challenge is actually really great. And to me, I actually look at events as an illustration of, you know, what's the culture and the health of an organization. If I were to evaluate CNCF based on that, I'd say we're very healthy right now. I would say that we're in a good spot. There's a lot of momentum. >>Yeah. I, I think CNCF is very healthy. I'm, I'm appreciative for it being here. I love coupon. It's becoming the, the facto conference to have this conversation has >>A totally >>Different vibe to other, It's a totally different vibe. Yeah. There needs to be a conduit and truth be told, enterprise buyers, to subject's point, this is something that we do absolutely agree on, on enterprise buyers. We want someone to pick winners and losers. We do, we, we don't want a box of Lego dumped on our, the middle of our table. We want somebody to have sorted that out. So while there may be five or six different service mesh solutions, at least the cncf, I can go there and say, Oh, I'll pick between the three or four that are most popular. And it, it's a place to curate. But I think with that curation comes the other side of it. Of how do we, how, you know, without the big corporate sponsor, how do I get my project pushed up? Right? Elevated. Elevated, Yep. And, and put onto the show floor. You know, another way that projects get noticed is that startups will adopt them, Push them. They may not even be, I don't, my CNCF project may not, my product may not even be based on the CNCF product. But the new stack has a booth, Ford has a booth. Nothing to do with a individual prod up, but promoting open source. What happens when you're not sponsored? >>I gotta ask you guys, what do you disagree on? >>Oh, so what, what do we disagree on? So I'm of the mindset, I can, I can say this, I I believe hybrid infrastructure is the future of it. Bar none. If I built my infrastructure, if I built my application in the cloud 10 years ago and I'm still building net new applications, I have stuff that I built 10 years ago that looks a lot like on-prem, what do I do with it? I can't modernize it cuz I don't have the developers to do it. I need to stick that somewhere. And where I'm going to stick that at is probably a hybrid infrastructure. So colo, I'm not gonna go back to the data center, but I'm, I'm gonna look, pick up something that looks very much like the data center and I'm saying embrace that it's the future. And if you're Boeing and you have, and Boeing is a member, cncf, that's a whole nother topic. If you have as 400 s, hpu X, et cetera, stick that stuff. Colo, build new stuff, but, and, and continue to support OpenStack, et cetera, et cetera. Because that's the future. Hybrid is the future. >>And sub g agree, disagree. >>I okay. Hybrid. Nobody can deny that the hybrid is the reality, not the future. It's a reality right now. It's, it's a necessity right now you can't do without it. Right. And okay, hybrid is very relative term. You can be like 10% here, 90% still hybrid, right? So the data center is shrinking and it will keep shrinking. Right? And >>So if by whole is the data center shrinking? >>This is where >>Quick one quick getting guys for it. How is growing by a clip? Yeah, but there's no data supporting. David Lym just came out for a report I think last year that showed that the data center is holding steady, holding steady, not growing, but not shrinking. >>Who sponsored that study? Wait, hold on. So the, that's a question, right? So more than 1 million data centers have been closed. I have, I can dig that through number through somebody like some organizations we published that maybe they're cloud, you know, people only. So the, when you get these kind of statements like it, it can be very skewed statements, right. But if you have seen the, the scene out there, which you have, I know, but I have also seen a lot of data centers walk the floor of, you know, a hundred thousand servers in a data center. I cannot imagine us consuming the infrastructure the way we were going into the future of co Okay. With, with one caveat actually. I am not big fan of like broad strokes. Like make a blanket statement. Oh no, data center's dead. Or if you are, >>That's how you get those esty headlines now. Yeah, I know. >>I'm all about to >>Put a stake in the ground. >>Actually. The, I think that you get more intelligence from the new end, right? A small little details if you will. If you're golden gold manak or Bank of America, you have so many data centers and you will still have data centers because performance matters to you, right? Your late latency matters for applications. But if you are even a Fortune 500 company on the lower end and or a healthcare vertical, right? That your situation is different. If you are a high, you know, growth startup, your situation is different, right? You will be a hundred percent cloud. So cloud gives you velocity, the, the, the pace of change, the pace of experimentation that actually you are buying innovation through cloud. It's proxy for innovation. And that's how I see it. But if you have, if you're stuck with older applications, I totally understand. >>Yeah. So the >>We need that OnPrem. Yeah, >>Well I think the, the bring your fuel sober, what we agree is that cloud is the place where innovation happens. Okay? At some point innovation becomes legacy debt and you have thus hybrid, you are not going to keep your old applications up to date forever. The, the, the math just doesn't add up. And where I differ in opinion is that not everyone needs innovation to keep moving. They need innovation for a period of time and then they need steady state. So Sergeant, we >>Argue about this. I have a, I >>Love this debate though. I say it's efficiency and stability also plays an important role. I see exactly what you're talking about. No, it's >>Great. I have a counter to that. Let me tell you >>Why. Let's >>Hear it. Because if you look at the storage only, right? Just storage. Just take storage computer network for, for a minute. There three cost reps in, in infrastructure, right? So storage earlier, early on there was one tier of storage. You say pay the same price, then now there are like five storage tiers, right? What I'm trying to say is the market sets the price, the market will tell you where this whole thing will go, but I know their margins are high in cloud, 20 plus percent and margin will shrink as, as we go forward. That means the, the cloud will become cheaper relative to on-prem. It, it, in some cases it's already cheaper. But even if it's a stable workload, even in that case, we will have a lower tier of service. I mean, you, you can't argue with me that the cloud versus your data center, they are on the same tier of services. Like cloud is a better, you know, product than your data center. Hands off. >>I love it. We, we are gonna relish in the debates between the two of you. Mic drops. The energy is great. I love it. Perspective. It's not like any of us can quite see through the crystal ball that we have very informed opinions, which is super exciting. Yeah. Lisa, any last thoughts today? >>Just love, I love the debate as well. That, and that's, that's part of what being in this community is all about. So sharing about, sharing opinions, expressing opinions. That's how it grows. That's how, that's how we innovate. Yeah. Obviously we need the cloud, but that's how we innovate. That's how we grow. Yeah. And we've seen that demonstrated the last couple days and I and your, your takes here on the Cuban on Twitter. Brilliant. >>Thank you. I absolutely love it. I'm gonna close this out with a really important analysis on the swag of the show. Yes. And if you know, yesterday we were looking at what is the weirdest swag or most unique swag We had that bucket hat that took the grand prize. Today we're gonna focus on something that's actually quite cool. A lot of the vendors here have really dedicated their swag to being local to Detroit. Very specific in their sourcing. Sonotype here has COOs. They're beautiful. You can't quite feel this flannel, but it's very legit hand sound here in Michigan. I can't say that I've been to too many conferences, if any, where there was this kind of commitment to localizing and sourcing swag from around the corner. We also see this with the Intel booth. They've got screen printers out here doing custom hoodies on spot. >>Oh fun. They're even like appropriately sized. They had local artists do these designs and if you're like me and you care about what's on your wrist, you're familiar with Shinola. This is one of my favorite swags that's available. There is a contest. Oh going on. Hello here. Yeah, so if you are Atan, make sure that you go and check this out. The we, I talked about this on the show. We've had the founder on the show or the CEO and yeah, I mean Shine is just full of class as since we are in Detroit as well. One of the fun themes is cars. >>Yes. >>And Storm Forge, who are also on the show, is actually giving away an Aston Martin, which is very exciting. Not exactly manufactured in Detroit. However, still very cool on the car front and >>The double oh seven version named the best I >>Know in the sixties. It's love it. It's very cool. Two quick last things. We talk about it a lot on the show. Every company now wants to be a software company. Yep. On that vein, and keeping up with my hat theme, the Home Depot is here because they want everybody to know that they in fact are a technology company, which is very cool. They have over 500,000 employees. You can imagine there's a lot of technology that has to go into keeping Napa. Absolutely. Yep. Wild to think about. And then last, but not at least very quick, rapid fire, best t-shirt contest. If you've ever ran to one of these events, there are a ton of T-shirts out there. I rate them on two things. Wittiest line and softness. If you combine the two, you'll really be our grand champion for the year. I'm just gonna hold these up and set them down for your laughs. Not afraid to commit, which is pretty great. This is another one designed by locals here. Detroit Code City. Oh, love it. This one made me chuckle the most. Kiss my cash. >>Oh, that's >>Good. These are also really nice and soft, which is fantastic. Also high on the softness category is this Op Sarah one. I also like their bird logo. These guys, there's just, you know, just real nice touch. So unfortunately, if you have the fumble, you're not here with us, live in Detroit. At least you're gonna get taste of the swag. I taste of the stories and some smiles hear from those of us on the cube. Thank you both so much for being here with us. Lisa, thanks for another fabulous day. Got it, girl. My name's Savannah Peterson. Thank you for joining us from Detroit. We're the cube and we can't wait to see you tomorrow.

>>Good evening, brilliant humans. My name is Savannah Peterson and very delighted to be streaming to you. Live from the Cube Studios here in Motor City, Michigan. I've got John Furrier on my left. John, this is our last interview of the day. Energy just seems to keep oozing. How >>You doing? Take two, Three days of coverage, the queue love segments. This one's great cuz we have a practitioner who's implementing all the hard core talks to be awesome. Can't wait to get into it. >>Yeah, I'm very excited for this one. If it's not very clear, we are a community focused community is a huge theme here at the show at Cape Con. And our next guests are actually a provider and a customer. Turning it over to you. Lisa and Jake, welcome to the show. >>Thank you so much for having us. >>It's great to be here. It is our pleasure. Lisa, you're with Cockroach. Just in case the audience isn't familiar, give us a quick little sound bite. >>We're a distributed sequel database. Highly scalable, reliable. The database you can't kill, right? We will survive the apocalypse. So very resilient. Our customers, mostly retail, FinTech game meet online gambling. They, they, they need that resiliency, they need that scalability. So the indestructible database is the elevator pitch >>And the success has been very well documented. Valuation obviously is a scorp guard, but huge customers. We were at the Escape 19. Just for the record, the first ever multi-cloud conference hasn't come back baby. Love it. It'll come back soon. >>Yeah, well we did a similar version of it just a month ago and I was, that was before Cockroach. I was a different company there talking a lot about multi-cloud. So, but I'm, I've been a car a couple of years now and I run community, I run developer relations. I'm still also a CNCF ambassador, so I lead community as well. I still run a really large user group in the San Francisco Bay area. So we've just >>Been in >>Community, take through the use case. Jake's story set us up. >>Well I would like Jake to take him through the use case and Cockroach is a part of it, but what they've built is amazing. And also Jake's history is amazing. So you can start Jake, >>Wherever you take >>Your Yeah, sure. I'm Jake, I'm CEO and co-founder of Offset. Oted is the commercial entity behind Spice Dvy and Spice Dvy is a permission service. Cool. So a permission service is something that lets developers and let's platform teams really unlock the full potential of their applications. So a lot of people get stuck on My R back isn't flexible enough. How do I do these fine grain things? How do I do these complex sharing workflows that my product manager thinks is so important? And so our service enables those platform teams and developers to do those kinds of things. >>What's your, what's your infrastructure? What's your setup look like? What, how are you guys looking like on the back end? >>Sure. Yeah. So we're obviously built on top of Kubernetes as well. One of the reasons that we're here. So we use Kubernetes, we use Kubernetes operators to orchestrate everything. And then we use, use Cockroach TV as our production data store, our production backend data store. >>So I'm curious, cause I love when these little matchmakers come together. You said you've now been presenting on a little bit of a road show, which is very exciting. Lisa, how are you and the team surfacing stories like Jakes, >>Well, I mean any, any place we can obviously all the social medias, all the blogs, How >>Are you finding it though? >>How, how did you Oh, like from our customers? Yeah, we have an open source version so people start to use us a long time before we even sometimes know about them. And then they'll come to us and they'll be like, I love Cockroach, and like, tell me about it. Like, tell me what you build and if it's interesting, you know, we'll we'll try to give it some light. And it's always interesting to me what people do with it because it's an interesting technology. I like what they've done with it. I mean the, the fact that it's globally distributed, right? That was like a really important thing to you. Totally. >>Yeah. We're also long term fans of Cockroach, so we actually all work together out of Workbench, which was a co-working space and investor in New York City. So yeah, we go way back. We knew the founders. I, I'm constantly saying like if I could have invested early in cockroach, that would've been the easiest check I could have ever signed. >>Yeah, that's awesome. And then we've been following that too and you guys are now using them, but folks that are out there looking to have the, the same challenges, what are the big challenges on selecting the database? I mean, as you know, the history of Cockroach and you're originating the story, folks out there might not know and they're also gonna choose a database. What's the, what's the big challenge that they can solve that that kind of comes together? What, what would you describe that? >>Sure. So we're, as I said, we're a permission service and per the data that you store in a permission service is incredibly sensitive. You need it to be around, right? You need it to be available. If the permission service goes down, almost everything else goes down because it's all calling into the permission service. Is this user allowed to do this? Are they allowed to do that? And if we can't answer those questions, then our customer is down, right? So when we're looking at a database, we're looking for reliability, we're looking for durability, disaster recovery, and then permission services are one of the only services that you usually don't shard geographically. So if you look at like AWS's iam, that's a global service, even though the individual things that they run are actually sharded by region. So we also needed a globally distributed database with all of those other properties. So that's what led us >>To, this is a huge topic. So man, we've been talking about all week the cloud is essentially distributed database at this point and it's distributed system. So distributed database is a hot topic, totally not really well reported. A lot of people talking about it, but how would you describe this distributed trend that's going on? What are the key reasons that they're driving it? What's making this more important than ever in your mind, in your opinion? >>I mean, for our use case, it was just a hard requirement, right? We had to be able to have this global service. But I think just for general use cases, a distributed database, distributed database has that like shared nothing architecture that allows you to kind of keep it running and horizontally scale it. And as your requirements and as your applications needs change, you can just keep adding on capacity and keep adding on reliability and availability. >>I'd love to get both of your opinion. You've been talking about the, the, the, the phases of customers, the advanced got Kubernetes going crazy distributed, super alpha geek. Then you got the, the people who are building now, then you got the lagers who are coming online. Where do you guys see the market now in terms of, I know the Alphas are all building all the great stuff and you guys had great success with all the top logos and they're all doing hardcore stuff. As the mainstream enterprise comes in, where's their psychology, what's on their mind? What's, you share any insight into your perspective on that? Because we're seeing a lot more of it folks becoming like real cloud players. >>Yeah, I feel like in mainstream enterprise hasn't been lagging as much as people think. You know, certainly there's been pockets in big enterprises that have been looking at this and as distributed sequel, it gives you that scalability that it's absolutely essential for big enterprises. But also it gives you the, the multi-region, you know, the, you have to be globally distributed. And for us, for enterprises, you know, you need your data near where the users are. I know this is hugely important to you as well. So you have to be able to have a multi-region functionality and that's one thing that distributed SQL lets you build and that what we built into our product. And I know that's one of the things you like too. >>Yeah, well we're a brand new product. I mean we only founded the company two years ago, but we're actually getting inbound interest from big enterprises because we solve the kinds of challenges that they have and whether, I mean, most of them already do have a cockroach footprint, but whether they did or didn't, once they need to bring in our product, they're going to be adopting cockroach transitively anyway. >>So, So you're built on top of Cockroach, right? And Spice dv, is that open source or? >>It >>Is, yep. Okay. And explain the role of open source and your business model. Can you take a minute to talk about the relevance of that? >>Yeah, open source is key. My background is, before this I was at Red Hat. Before that we were at CoreOS, so CoreOS acquisition and before that, >>One of the best acquisitions that ever happened for the value. That was a great, great team. Yeah, >>We, we, we had fun and before that we built Qua. So my co-founders and I, we built Quay, which is a, a first private docker registry. So CoreOS and, and all of those things are all open source or deeply open source. So it's just in our dna. We also see it as part of our go-to market motion. So if you are a database, a lot of people won't even consider what you're doing without being open source. Cuz they say, I don't want to take a, I don't want to, I don't want to end up in an Oracle situation >>Again. Yeah, Oracle meaning they go, you get you locked in, get you in a headlock, Increase prices. >>Yeah. Oh yeah, >>Can, can >>I got triggered. >>You need to talk about your PTSD there >>Or what. >>I mean we have 20,000 stars on GitHub because we've been open and transparent from the beginning. >>Yeah. And it >>Well, and both of your projects were started based on Google Papers, >>Right? >>That is true. Yep. And that's actually, so we're based off of the Google Zans of our paper. And as you know, Cockroach is based off of the Google Span paper and in the the Zanzibar paper, they have this globally distributed database that they're built on top of. And so when I said we're gonna go and we're gonna make a company around the Zabar paper, people would go, Well, what are you gonna do for Span? And I was like, Easy cockroach, they've got us covered. >>Yeah, I know the guys and my friends. Yeah. So the question is why didn't you get into the first round of Cockroach? She said don't answer that. >>The question he did answer though was one of those age old arguments in our community about pronunciation. We used to argue about Quay, I always called it Key of course. And the co-founder obviously knows how it's pronounced, you know, it's the et cd argument, it's the co cuddl versus the control versus coo, CTL Quay from the co-founder. That is end of argument. You heard it here first >>And we're keeping it going with Osted. So awesome. A lot of people will say Zeed or, you know, so we, we just like to have a little ambiguity >>In the, you gotta have some semantic arguments, arm wrestling here. I mean, it keeps, it keeps everyone entertained, especially on the over the weekend. What's, what's next? You got obviously Kubernetes in there. Can you explain the relationship between Kubernetes, how you're handling Spice dv? What, what does the Kubernetes piece fit in and where, where is that going to be going? >>Yeah, great question. Our flagship product right now is a dedicated, and in a dedicated, what we're doing is we're spinning up a single tenant Kubernetes cluster. We're installing all of our operator suite, and then we're installing the application and running it in a single tenant fashion for our customers in the same region, in the same data center where they're running their applications to minimize latency. Because of this, as an authorization service, latency gets passed on directly to the end user. So everybody's trying to squeeze the latency down as far as they can. And our strategy is to just run these single tenant stacks for people with the minimal latency that we can and give them a VPC dedicated link very similar to what Cockroach does in their dedicated >>Product. And the distributed architecture makes that possible because it's lighter way, it's not as heavy. Is that one of the reasons? >>Yep. And Kubernetes really gives us sort of like a, a level playing field where we can say, we're going going to take the provider, the cloud providers Kubernetes offering, normalize it, lay down our operators, and then use that as the base for delivering >>Our application. You know, Jake, you made me think of something I wanted to bring up with other guests, but now since you're here, you're an expert, I wanna bring that up, but talk about Super Cloud. We, we coined that term, but it's kind of multi-cloud, is that having workloads on multiple clouds is hard. I mean there are, they are, there are workloads on, on clouds, but the complexity of one clouds, let's take aws, they got availability zones, they got regions, you got now data issues in each one being global, not that easy on one cloud, nevermind all clouds. Can you share your thoughts on how you see that progression? Because when you start getting, as its distributed database, a lot of good things might come up that could fit into solving the complexity of global workloads. Could you share your thoughts on or scoping that problem space of, of geography? Yeah, because you mentioned latency, like that's huge. What are some of the other challenges that other people have with mobile? >>Yeah, absolutely. When you have a service like ours where the data is small, but very critical, you can get a vendor like Cockroach to step in and to fill that gap and to give you that globally distributed database that you can call into and retrieve the data. I think the trickier issues come up when you have larger data, you have huge binary blobs. So back when we were doing Quay, we wanted to be a global service as well, but we had, you know, terabytes, petabytes of data that we were like, how do we get this replicated everywhere and not go broke? Yeah. So I think those are kind of the interesting issues moving forward is what do you do with like those huge data lakes, the huge amount of data, but for the, the smaller bits, like the things that we can keep in a relational database. Yeah, we're, we're happy that that's quickly becoming a solved >>Problem. And by the way, that that data problem also is compounded when the architecture goes to the edge. >>Totally. >>I mean this is a big issue. >>Exactly. Yeah. Edge is something that we're thinking a lot about too. Yeah, we're lucky that right now the applications that are consuming us are in a data center already. But as they start to move to the edge, we're going to have to move to the edge with them. And it's a story that we're gonna have to figure out. >>All right, so you're a customer cockroach, what's the testimonial if I put you on the spot, say, hey, what's it like working with these guys? You know, what, what's the, what's the, you know, the founders, so you know, you give a good description, little biased, but we'll, we'll we'll hold you on it. >>Yeah. Working with Cockroach has been great. We've had a couple things that we've run into along the way and we've gotten great support from our account managers. They've brought in the right technical expertise when we need it. Cuz what we're doing with Cockroach is not you, you couldn't do it on Postgres, right? So it's not just a simple rip and replace for us, we're using all of the features of Cockroach, right? We're doing as of system time queries, we're doing global replication. We're, you know, we're, we're consuming it all. And so we do need help from them sometimes and they've been great. Yeah. >>And that's natural as they grow their service. I mean the world's changing. >>Well I think one of the important points that you mentioned with multi-cloud, we want you to have the choice. You know, you can run it in in clouds, you can run it hybrid, you can run it OnPrem, you can do whatever you want and it's just, it's one application that you can run in these different data centers. And so really it's up to you how do you want to build your infrastructure? >>And one of the things we've been talking about, the super cloud concept that we've been issue getting a lot of contrary, but, but people are leaning into it is that it's the refactoring and taking advantage of the services. Like what you mentioned about cockroach. People are doing that now on cloud going the lift and shift market kind of had it time now it's like hey, I can start taking advantage of these higher level services or capability of someone else's stack and refactoring it. So I think that's a dynamic that I'm seeing a lot more of. And it sounds like it's working out great in this situation. >>I just came from a talk and I asked them, you know, what don't you wanna put in the cloud and what don't you wanna run in Kubernetes or on containers and good Yeah. And the customers that I was on stage with, one of the guys made a joke and he said I would put my dog in a container room. I could, he was like in the category, which is his right, which he is in the category of like, I'll put everything in containers and these are, you know, including like mis critical apps, heritage apps, since they don't wanna see legacy anymore. Heritage apps, these are huge enterprises and they wanna put everything in the cloud. Everything >>You so want your dog that gets stuck on the airplane when it's on the tarmac. >>Oh >>God, that's, she was the, don't take that analogy. Literally don't think about that. Well that's, >>That's let's not containerize. >>There's always supply chain concern. >>It. So I mean going macro and especially given where we are cncf, it's all about open source. Do y'all think that open source builds a better future? >>Yeah and a better past. I mean this is, so much of this software is founded on open source. I, we wouldn't be here really. I've been in open source community for many, many years so I wouldn't say I'm biased. I would say this is how we build software. I came from like in a high school we're all like, oh let's build a really cool application. Oh you know what? I built this cuz I needed it, but maybe somebody else needs it too. And you put it out there and that is the ethos of Silicon Valley, right? That's where we grew up. So I've always had that mindset, you know, and social coding and why I have three people, right? Working on the same thing when one person you could share it's so inefficient. All of that. Yeah. So I think it's great that people work on what they're really good at. You know, we all, now you need some standardization, you need some kind of control around this whole thing. Sometimes some foundations to, you know, herd the cats. Yeah. But it's, it's great. Which is why I'm a c CF ambassador and I spend a lot of time, you know, in my free time talking about open source. Yeah, yeah. >>It's clear how passionate you are about it. Jake, >>This is my second company that we founded now and I don't think either of them could have existed without the base of open source, right? Like when you look at I have this cool idea for an app or a company and I want to go try it out, the last thing I want to do is go and negotiate with a vendor to get like the core data component. Yeah. To even be able to get to the >>Prototypes. NK too, by the way. Yeah. >>Hey >>Nk >>Or hire, you know, a bunch of PhDs to go and build that core component for me. So yeah, I mean nobody can argue that >>It truly is, I gotta say a best time if you're a developer right now, it's awesome to be a developer right now. It's only gonna get better. As we were riff from the last session about productivity, we believe that if you follow the digital transformation to its conclusion, developers and it aren't a department serving the business, they are the business. And that means they're running the show, which means that now their entire workflow is gonna change. It's gonna be have to be leveraging services partnering. So yeah, open source just fills that. So the more code coming up, it's just no doubt in our mind that that's go, that's happening and will accelerate. So yeah, >>You know, no one company is gonna be able to compete with a community. 50,000 users contributing versus you riding it yourself in your garage with >>Your dogs. Well it's people driven too. It's humans not container. It's humans working together. And here you'll see, I won't say horse training, that's a bad term, but like as projects start to get traction, hey, why don't we come together as, as the world starts to settle and the projects have traction, you start to see visibility into use cases, functionality. Some projects might not be, they have to kind of see more kind >>Of, not every feature is gonna be development. Oh. So I mean, you know, this is why you connect with truly brilliant people who can architect and distribute sequel database. Like who thought of that? It's amazing. It's as, as our friend >>You say, Well let me ask you a question before we wrap up, both by time, what is the secret of Kubernetes success? What made Kubernetes specifically successful? Was it timing? Was it the, the unambitious nature of it, the unification of it? Was it, what was the reason why is Kubernetes successful, right? And why nothing else? >>Well, you know what I'm gonna say? So I'm gonna let Dave >>First don't Jake, you go first. >>Oh boy. If we look at what was happening when Kubernetes first came out, it was, Mesosphere was kind of like the, the big player in the space. I think Kubernetes really, it had the backing from the right companies. It had the, you know, it had the credibility, it was sort of loosely based on Borg, but with the story of like, we've fixed everything that was broken in Borg. Yeah. And it's better now. Yeah. So I think it was just kind and, and obviously people were looking for a solution to this problem as they were going through their containerization journey. And I, yeah, I think it was just right >>Place, the timing consensus of hey, if we just let this happen, something good might come together for everybody. That's the way I felt. I >>Think it was right place, right time, right solution. And then it just kind of exploded when we were at Cores. Alex Povi, our ceo, he heard about Kubernetes and he was like, you know, we, we had a thing called Fleet D or we had a tool called Fleet. And he's like, Nope, we're all in on Kubernetes now. And that was an amazing Yeah, >>I remember that interview. >>I, amazing decision. >>Yeah, >>It's clear we can feel the shift. It's something that's come up a lot this week is is the commitment. Everybody's all in. People are ready for their transformation and Kubernetes is definitely gonna be the orchestrator that we're >>Leveraging. Yeah. And it's an amazing community. But it was, we got lucky that the, the foundational technology, I mean, you know, coming out of Google based on Go conferences, based on Go, it's no to coincidence that this sort of nature of, you know, pods horizontally, scalable, it's all fits together. I does make sense. Yeah. I mean, no offense to Python and some of the other technologies that were built in other languages, but Go is an awesome language. It's so, so innovative. Innovative things you could do with it. >>Awesome. Oh definitely. Jake, I'm very curious since we learned on the way and you are a Detroit native? >>I am. Yep. I grew up in the in Warren, which is just a suburb right outside of Detroit. >>So what does it mean to you as a Michigan born bloke to be here, see your entire community invade? >>It is, I grew up coming to the Detroit Auto Show in this very room >>That brought me to Detroit the first time. Love n a I a s. Been there with our friends at Ford just behind us. >>And it's just so interesting to me to see the accumulation, the accumulation of tech coming to Detroit cuz it's really not something that historically has been a huge presence. And I just love it. I love to see the activity out on the streets. I love to see all the restaurants and coffee shops full of people. Just, I might tear up. >>Well, I was wondering if it would give you a little bit of that hometown pride and also the joy of bringing your community together. I mean, this is merging your two probably most core communities. Yeah, >>Yeah. Your >>Youth and your, and your career. It doesn't get more personal than that really. Right. >>It's just been, it's been really exciting to see the energy. >>Well thanks for going on the queue. Thanks for sharing. Appreciate it. Thanks >>For having us. Yeah, thank you both so much. Lisa, you were a joy of ball of energy right when you walked up. Jake, what a compelling story. Really appreciate you sharing it with us. John, thanks for the banter and the fabulous questions. I'm >>Glad I could help out. >>Yeah, you do. A lot more than help out sweetheart. And to all of you watching the Cube today, thank you so much for joining us live from Detroit, the Cube Studios. My name is Savannah Peterson and we'll see you for our event wrap up next.

>>Good morning and welcome back to the Cube where we are excited to be broadcasting live all week from Detroit to Michigan at Cuban slash cloud Native con. Depending on who you're asking, Lisa, it's day two things are buzzing. How are you feeling? >>Good, excited. Ready for day two, ready to have more great conversations to see how this community is expanding, how it's evolving, and how it's really supporting it itself. >>Yeah, Yeah. This is a very supportive community. Something we talked a lot about. And speaking of community, we've got some very bold and brave folks over here. We've got this CTO and the head of product from Storm Forge, and they are on a mission to automate Kubernetes. Now automatic and Kubernetes are not words that go in the same sentence very often, so please welcome Patrick and Yasmin. Thank you both for being here. Hello. How you doing? >>Thanks for having us. >>Thanks for having us. >>Talk about what you guys are doing. Cause as you said, Kubernetes auto spelling is anything but auto. >>Yeah. >>The, what are some of the challenges? How do you help >>Eliminate this? Yeah, so the mission at Storm Forge is primarily automatic resource configuration and optimization essentially. So we started as a machine learning company first. And it's kind of an interesting story cuz we're one of those startups that has pivoted a few times. And so we were running our machine learning workloads. Most >>Have, I think, >>Right? Yeah. Yeah. We were, we started out running our machine learning workloads and moving them into Kubernetes. And then we weren't quite sure how to correctly adjust and size our containers. And so our ML team, we've got three PhDs and applied mathematics. They said, Well, hang on, we could write an algorithm for that. And so they did. And then, Oh, I love this. Yeah. And then we said, Well holy cow, that's actually really useful. I wonder if other people would like that. And that's kind of where we got our start. >>You solved your own problem and then you built a business >>Around it. Yeah, exactly. >>That is fantastic. Is, is that driving product development at Storm Forge still? That kind of attitude? >>I mean that kind of attitude definitely drives product development, but we're, you know, balancing that with what the users are, the challenges that they have, especially at large scale. We deal with a lot of large enterprises and for us as a startup, we can relate to the problems that come with Kubernetes when you're trying to scale it. But when you're talking about the scale of some of these larger enterprises, it's just a different mentality. So we're trying to balance that of how we take that input into how we build our product. Talk >>About that, like the, the end user input and how you're taking that in, because of course it's only going to be a, you know, more of a symbiotic relationship when that customer feedback is taken and >>Acted on. Yeah, totally. And for us, because we use machine learning, it's a lot of building confidence with our users. So making sure that they understand how we look at the data, how we come up with the recommendations, and actually deploy those changes in their environment. There's a lot of trust that needs to be built there. So being able to go back to our users and say, Okay, we're presenting you this type of data, give us your feedback and building it alongside them has helped a lot in these >>Relationships. Absolutely. You said the word trust, and that's something that we talk about at every >>Show. I was gonna jump on that too. It's >>Not, Yeah, it's not a buzzword. It's not, It shouldn't be. Yeah. It really should be, I wanna say lived and breathed, but that's probably grammatically incorrect. >>We're not a gram show. It's okay darling. Yeah, thank >>You. It should be truly embodied. >>Yeah. And I, I think it's, it's not even unique to just what we do, but across tech in general, right? Like when I talk about SRE and building SRE teams, one of the things I mentioned is you have to build that trust first. And with machine learning, I think it can be really difficult too for a couple different reasons. Like one, it tends to be a black box if it's actually true machine learning. Totally. Which ours is. But the other piece that we run into. Yeah. And the other piece we run into though is, is what I was an executive at United Health Group before I joined Storm Forge. And I would get companies that would come to me and try to sell me machine learning and I would kind of look at it and say, Well no, that's just a basic decision tree. Or like, that's a super basic whole winter forecast, right? Like that's not actually machine learning. And that's one of the things that we actually find ourselves kind of battling a little bit when we talk about what we do in building that trust. >>Talk a little bit about the latest release as you guys had a very active September. Here we are. And towards the, I think end of October. Yeah. What are some of the, the new things that have come out? New integrations, new partnerships. Give us a scoop on that. >>Yeah, well I guess I'll start and then I'll probably hand it over to you. But like the, the big thing for us is we talked about automating Kubernetes in the very beginning, right? Like Kubernetes has got a vpa it's >>A wild sentence anyway. Yeah, yeah. >>It it >>Has. We're not gonna get over at the whole show. Yeah. >>It as a VPA built in, it has an HPA built in and, and when you look at the data and even when you read the documentation from Google, it explicitly says never the two should meet. Right. Because you'll end up thrashing and they'll fight each other. Well the big release we just announced is with our machine learning, we can now do both. And so we vertically scale your pods to the correct up. Yeah. >>Follow status. I love that. >>Yeah, we can, we can scale your pods to the correct size and still allow you to enable the HPA and we'll make recommendations for your scaling points and your thresholds on the HPA as well so that they can work together to really truly maximize your efficiency that without sacrificing your performance and your reliability of the applications that you're running. That >>Sounds like a massive differentiator for >>Storm launch, which I would say it is. Yeah. I think as far as I know, we're the first in the industry that can do this. Yeah. >>And >>From very singularity vibes too. You know, the machines are learning, teaching themselves and doing it all automatically. Yep. Gets me very >>Excited. >>Yeah, absolutely. And from a customer demand perspective, what's the feedback been? Yeah, it's been a few >>Weeks. Yeah, it's been really great actually. And a lot of why we went down this path was user driven because they're doing horizontal scale and they want to be able to vertically size as they're scaling. So if you put yourself in the shoes of someone that's configuring Kubernetes, you're usually guessing on what you're setting your CPU requests and limits do. But horizontal scale makes sense. You're either adding more things or removing more things. And so once they actually are scaled out as a large environment and they have to rethink, how am I gonna resize this now? It's just not possible. It's so many thousands of settings across all the different environments and you're only thinking about CPU memory, You're not thinking about a lot of things. It's just, but once you scale that out, it's a big challenge. So they came to us and said, Okay, you're doing, cuz we were doing vertical scaling before and now we enable vertical and horizontal. And so they came to us and said, I love what you're doing about right sizing, but we wanna be able to do this while also horizontally scaling. And so the way that our software works is we give you the recommendations for what the setting should be and then allow Kubernetes to continue to add and remove replicas as needed. So it's not like we're going in and making changes to Kubernetes, but we make changes to the configuration settings so that it's the most optimal from a resource perspective. >>Efficiency has been a real big theme of the show. Yeah. And it's clear that that's a focus for you. Everyone here wants to do more faster Of course. And innovation, that's the thing to do that sometimes we need partners. You just announced an integration with Datadog. Tell us about that. Yeah, >>Absolutely. Yeah. So the way our platform works is we need data of course, right? So they're, they're a great partner for us and we use them both as an input and an output. So we pull in metrics from Datadog to provide recommendations and we'll actually display all those within the Datadog portal. Cause we have a lot of users that are like, Look, Datadog's my single pane of glass and I hate using that word, but they get all their insights there. They can see their recommendations and then actually go deploy those. Whether they wanna automatically have the recommendations deployed or go in and actually push a button. >>So give me an example of a customer that is using the, the new release and some of the business outcomes they're achieving. I imagine one of the things that you're enabling is just closing that ES skills gap. But from a business level perspective, how are they gaining like competitive advantages to be able to get products to market faster, for example? >>Yeah, so one of the customers that was actually part of our press release and launch and spoke about us at a webinar, they are a SaaS product and deal with really bursty workloads. And so their cloud costs have been growing 40% year over year. And their platform engineering team is basically enabled to provide the automation for developers and in their environment, but also to reduce those costs. So they want to, it's that trade off of resiliency and cost performance. And so they came to us and said, Look, we know we're over provisioned, but we don't know how to tackle that problem without throwing tons of humans at the problem. And so we worked with them and just on a single app found 60% savings and we're working now to kind of deploy that across their entire production workload. But that allows them to then go back and get more out of the, the budget that they already have and they can kind of reallocate that in other areas, >>Right? So there can be chop line and bottom >>Line impact. Yeah. And I, I think there's some really direct impact to the carbon emissions of an organization as well. That's a good point. When you can reduce your compute consumption by 60%. >>I love this. We haven't talked about this at all during the show. Yeah. And I'm really glad that you brought this up. All of the things that power this use energy. Yeah. >>What is it like seven to 8% of all electricity in the world is consumed by data centers. Like it's crazy. Yeah. Yeah. And so like that's wild. Yeah. Yeah. So being able to make a reduction in impact there too, especially with organizations that are trying to sign green pledges and everything else. >>It's hard. Yeah. ESG initiatives are huge. >>Absolut, >>It's >>A whole lot. A lot of companies have ESG initiatives where they can't even go out and do an RFP with a business, Right. If they don't have an actual active starting, impactful ESG program. Yes. Yeah. >>And the RFPs that we have to fill out, we have to tell them how they'll help. >>Yeah. Yes. It's so, yeah, I mean I was really struck when I looked on your website and I saw 54% average cost reduction for Yeah. For your cloud operations. I hadn't even thought about it from a power perspective. Yeah. I mean, imagine if we cut that to 3% of the world's power grid. That is just, that is very compelling. Speaking of compelling and exciting future things, talk to us about what's next? What's got you pumped for 2023 and and what lies >>Ahead? Oh man. Well that seems like a product conversation for sure. >>Well, we're super excited about extending what we do to other platforms, other metrics. So we optimize a lot right now around CPU and memory, but we can also give people insights into, you know, limiting kills, limiting CPU throttling, so extending the metrics. And when you look at hba and horizontal scale today, most of it is done with cpu, but there are some organizations out there that are scaling on custom metrics. So being able to take in more data to provide more recommendations and kind of extend what we can do from an optimization standpoint. >>That's, yeah, that's cool. And what house you most excited on the show floor? Anything? Anything that you've seen? Any keynotes? >>There's, Well, I haven't had a lot of time to go to the keynotes unfortunately, but it's, >>Well, I'm shock you've been busy or something, right? Much your time here. >>I can't imagine why. But no, there's, it's really interesting to see all the vendors that are popping up around Kubernetes focus specifically with security is always something that's really interesting to me. And automating CICD and how they continue to dive into that automation devs, SEC ops continues to be a big thing for a lot of organizations. Yeah. Yeah. >>I I do, I think it's interesting when we marry, Were you guys here last year? >>I was not here. >>No. So at, at the smaller version of this in Los Angeles. Yeah. I, I was really struck because there was still a conversation of whether or not we were all in on Kubernetes as, as kind of a community and a society this year. And I'm curious if you feel this way too. Everyone feels committed. Yeah. Yeah. I I I feel like there's no question that Kubernetes is the tool that we are gonna be using. >>Yeah. I I think so. And I think a lot of that is actually being unlocked by some of these vendors that are being partners and helping people get the most outta Kubernetes, you know, especially at the larger enterprise organizations. Like they want to do it, but the skills gap is a very real problem. Right. And so figuring out, like Jasmine talked about figuring out how do we, you know, optimize or set up the correct settings without throwing thousands of humans at it. Never mind the fact you'll never find a thousand people that wanna do that all day every day. >>I was gonna, It's a fold endeavor for those >>People study, right? Yeah. And, and being able to close some of those gaps, whether it's optimization, security, DevOps, C I C D. As we get more of those partners like I just talked about on the floor, then you see more and more enterprises being more open to leaning into Kubernetes a little bit. >>Yeah. Yeah. We've seen, we've had some great conversations the last day and, and today as well with organizations that are history companies like Ford Motor Companies for >>Example. Yeah. Right. >>Just right behind us. One of their EVs and, and it's, they're becoming technology companies that happen to do cars or home >>Here. I had a nice job with 'em this morning. Yes. With that storyline, honestly. >>Yes. That when we now have such a different lens into these organizations, how they're using technologies, advanced technologies, Kubernetes, et cetera, to really become data companies. Yeah. Because they have to be, well the consumers on the other end expect a Home Depot or a Ford or whomever or your bank Yeah. To know who you are. I want the information right here whenever I need it so I can do the transaction I need and I want you to also deliver me information that is relevant to me. Yeah. Because there, there's no patience anymore. Yeah. >>And we partner with a lot of big FinTech companies and it's, it's very much that. It's like how do we continue to optimize? But then as they look at transitioning off of older organizations and capabilities, whether that's, they have a physical data center that's racked to the gills and they can't do anything about that, so they wanna move to cloud or they're just dipping their toe into even private cloud with Kubernetes in their own instances. A lot of it is how do we do this right? Like how do we lean in and, Yeah. >>Yeah. Well I think you said it really well that the debate seems to be over in terms of do we go in on Kubernetes? That that was a theme that I think we felt that yesterday, even on on day one of the keynotes. The community seems to be just craving more. I think that was another thing that we felt yesterday was all of the contributors and the collaborators, people want to be able to help drive this community forward because it's, it's a flywheel of symbiosis for all of the vendors here. The maintainers and, and really businesses in any industry can benefit. >>Yeah. It's super validating. I mean if you just look at the floor, there's like 20 different booths that talk about cost reporting for Kubernetes. So not only have people moved, but now they're dealing with those challenges at scale. And I think for us it's very validating because there's so many vendors that are looking into the reporting of this and showing you the problem that you have. And then where we can help is, okay, now you know, you have a problem, here's how we can fix it for you. >>Yeah. Yeah. That, that sort of dealing with challenges at scale that you set, I think that's also what we're hearing. Yeah. And seeing and feeling on the show floor. >>Yeah, absolutely. >>What can folks see and, and touch and feel in your booth? >>We have some demos there you can play around with the product. We're giving away a Lego set so we've let >>Gotta gets >>Are right now we're gonna have to get some Lego, We do a swag segment at the end of the day every day. Now we've >>Some cool socks. >>Yep. Socks are hot. Let's, let's actually talk about scale internally as our closing question. What's going on at Storm Forge? If someone's watching right now, they're excited. Are you hiring? We are hiring. Yeah. How can they stalk you? What's the >>School? Absolutely. So you can check us out on Storm forge.io. We're certainly hiring across the engineering organization. We're hiring across the UX a product organization. We're dealing, like I said, we've got some really big customers that we're, we're working through with some really fun challenges. And we're looking to continue to build on what we do and do new innovative things like especially cuz like I said, we are a machine learning organization first. And so for me it's like how do I collect all the data that I can and then let's find out what's interesting in there that we can help people with. Whether that's cpu, memory, custom metrics, like as said, preventing kills, driving availability, reliability, What can we do to, to kind of make a little bit more transparent the stuff that's going on underneath the covers in Kubernetes for the decision makers in these organizations. >>Yes. Transparency is a goal of >>Many. >>Yeah, absolutely. Well, and you mentioned fun. If this conversation is any representation, it would be very fun to be working on both of your teams. We, we have a lot of fun Ya. Patrick, thank you so much for joining. Thanks for having us, Lisa, As usual, thanks for being here with me. My pleasure. And thank you to all of you for turning into the Cubes live show from Detroit. My name's Savannah Peterson and we'll be back in a few.

>>Hello and welcome back to the live coverage of the Cube here. Live in Detroit, Michigan for Cub Con, our seventh year covering all seven years. The cube has been here. M John Fur, host of the Cube, co-founder of the Cube. I'm here with Lisa Mart, my co-host, and our new host, Savannah Peterson. Great to see you guys. We're wrapping up day one of three days of coverage, and our guest analyst is Sario Wall, who's the cube analyst who's gonna give us his report. He's been out all day, ear to the ground in the sessions, peeking in, sneaking in, crashing him, getting all the data. Great to see you, Sarvi. Lisa Savannah, let's wrap this puppy up. >>I am so excited to be here. My first coupon with the cube and being here with you and Lisa has just been a treat. I can't wait to hear what you have to say in on the report side. And I mean, I have just been reflecting, it was last year's coupon that brought me to you, so I feel so lucky. So much can change in a year, folks. You never know where you're be. Wherever you're sitting today, you could be living your dreams in just a few >>Months. Lisa, so much has changed. I mean, just look at the past this year. Events we're back in person. Yeah. Yep. This is a big team here. They're still wearing masks, although we can take 'em off with a cube. But mask requirement. Tech has changed. Conversations are upleveling, skill gaps still there. So much has changed. >>So much has changed. There's so much evolution and so much innovation that we've also seen. You know, we started out the keynote this morning, standing room. Only thousands of people are here. Even though there's a mass requirement, the community that is CNCF Co Con is stronger than I, stronger than I saw it last year. This is only my second co con. But the collaboration, what they've done, their devotion to the maintainers, their devotion to really finding mentors for mentees was really a strong message this morning. And we heard a >>Lot of that today. And it's going beyond Kubernetes, even though it's called co con. I also call it cloud native con, which I think we'll probably end up being the name because at the end of day, the cloud native scaling, you're starting to see the pressure points. You're start to see where things are breaking, where automation's coming in, breaking in a good way. And we're gonna break it all down Again. So much going on again, I've overs gonna be in charge. Digital is transformation. If you take it to its conclusion, then you will see that the developers are running the business. It isn't a department, it's not serving the business, it is the business. If that's the case, everything has to change. And we're, we're happy to have Sarib here with us Cube analysts on the badge. I saw that with the press pass. Well, >>Thank you. Thanks for getting me that badge. So I'm here with you guys and >>Well, you got a rapport. Let's get into it. You, I >>Know. Let's hear what you gotta say. I'm excited. >>Yeah. Went around, actually attend some sessions and, and with the analysts were sitting in, in the media slash press, and I spoke to some people at their booth and the, there are a few, few patterns, you know, which are, some are the exaggeration of existing patterns or some are kind of new patterns emerging. So things are getting complex in open source. The lawn more projects, right. They have, the CNCF has graduated some projects even after graduation, they're, they're exploring, right? Kubernetes is one of those projects which has graduated. And on that front, just a side note, the new projects where, which are entering the cncf, they're the, we, we gotta see that process and the three stages and all that stuff. I tweeted all day long, if you wanna know what it is, you can look at my tweets. But when I will look, actually write right on that actually after, after the show ends, what, what I saw there, these new projects need to be curated properly. >>I think they need to be weed. There's a lot of noise in these projects. There's a lot of overlap. So the, the work is cut out for CNCF folks, by the way. They're sort of managerial committee or whatever you call that. The, the people who are leading it, they're try, I think they're doing their best and they're doing a good job of that. And another thing actually, I really liked in the morning's keynote was that lot of women on the stage and minorities represented. I loved it, to be honest with you. So believe me, I'm a minority even though I'm Indian, but from India, I'm a minority. So people who have Punjab either know that I'm a minority, so I, I understand their pain and how hard it is to, to break through the ceiling and all that. So I love that part as well. Yeah, the >>Activity is clear. Yeah. From day one. It's in the, it's in the dna. I mean, they'll reject anything that the opposite >>Representation too. I mean, it's not just that everyone's invited, it's they're celebrated and that's a very big difference. Yeah. It's, you see conferences offer discounts for women for tickets or minorities, but you don't necessarily see them put them running where their mouth is actually recruit the right women to be on stage. Right. Something you know a little bit about John >>Diversity brings better outcomes, better product perspectives. The product is better with all the perspectives involved. Percent, it might go a little slower, maybe a little debates, but it's all good. I mean, it's, to me, the better product comes when everyone's in. >>I hope you didn't just imply that women would make society. So >>I think John men, like slower means a slower, >>More diversity, more debate, >>The worst. Bringing the diversity into picture >>Wine. That's, that's how good groups, which is, which is >>Great. I mean, yeah, yeah, >>Yeah, yeah. I, I take that mulligan back and say, hey, you knows >>That's >>Just, it's gonna go so much faster and better and cheaper, but that not diversity. Absolutely. >>Yes. Well, you make better products faster because you have a variety >>Of perspectives. The bigger the group, there's more debate. More debate is key. But the key to success is aligning and committing. Absolutely. Once you have that, and that's what open sources has been about for. Oh God, yeah. Generations >>Has been a huge theme in the >>Show generations. All right, so, so, >>So you have to add another, like another important, so observation if you will, is that the security is, is paramount right. Requirement, especially for open source. There was a stat which was presented in the morning that 60% of the projects in under CNCF have more vulnerabilities today than they had last year. So that was, That's shocking actually. It's a big jump. It's a big jump. Like big jump means jump, jump means like it can be from from 40 to 60 or or 50 or 60. But still that percentage is high. What, what that means is that lot more people are contributing. It's very sort of di carmic or ironic that we say like, Oh this project has 10,000 contributors. Is that a good thing? Right. We do. Do we know the quality of that, where they're coming from? Are there any back doors being, you know, open there? How stringent is the process of rolling those things, which are being checked in, into production? You know, who is doing that? I've >>Wondered about that. Yeah. The quantity, quality, efficacy game. Yes. And what a balance that must be for someone like CNCF putting in the structure to try and >>That's >>Hard. Curate and regulate and, and you know, provide some bumpers on the bowling lane, so to speak, of, of all of these projects. Yeah. >>Yeah. We thought if anybody thought that the innovation coming from, or the number of services coming from AWS or Google Cloud or likes of them is overwhelming, look at open source, it's even more >>Overwhelming. What's your take on the supply chain discussion? More code more happening. What are you hearing there? >>The supply chain from the software? Yeah. >>Supply chain software, supply chain security pays. Are people talking about that? What are you >>Seeing? Yeah, actually people are talking about that. The creation, the curation, not creation. Curation of suppliers of software I think is best done in the cloud. Marketplaces Ive call biased or what, you know, but curation of open source is hard. It's hard to know which project to pick. It's hard to know which project will pan out. Many of the good projects don't see the day light of the day, but some decent ones like it becomes >>A marketing problem. Exactly. The more you have out there. Exactly. The more you gotta get above the noise. Exactly. And the noise echo that. And you got, you got GitHub stars, you got contributors, you have vanity metrics now coming in to this that are influencing what's real. But sometimes the best project could have smaller groups. >>Yeah, exactly. And another controversial thing a little bit I will say that is that there's a economics of the practitioner, right? I usually talk about that and economics of the, the enterprise, right? So practitioners in our world, in software world especially right in systems world, practitioners are changing jobs every two to three years. And number of developers doubles every three years. That's the stat I've seen from Uncle Bob. He's authority on that software side of things. Wow. So that means there's a lot more new entrance that means a lot of churn. So who is watching out for the enterprise enterprises economics, You know, like are we creating stable enterprises? How stable are our operations? On a side note to that, most of us see the software as like one band, which is not true. When we talk about all these roles and personas, somebody's writing software for, for core layer, which is the infrastructure part. Somebody's writing business applications, somebody's writing, you know, systems of bracket, some somebody's writing systems of differentiation. We talk about those things. We need to distinguish between those and have principle based technology consumption, which I usually write about in our Oh, >>So bottom line in Europe about it, in your opinion. Yeah. What's the top story here at coupon? >>Top story is >>Headline. Yeah, >>The, the headline. Okay. The open source cannot be ignored. That's a headline. >>And what should people be paying attention to if there's a trend coming out? See any kind of trends coming out or any kind of signal, What, what do you see that people should pay attention to here? The put top >>Two, three things. The signal is that, that if you are a big shop, like you'd need to assess your like capacity to absorb open source. You need to be certain size to absorb the open source. If you are below that threshold, I mean we can talk about that at some other time. Like what is that threshold? I will suggest you to go with the managed services from somebody, whoever is providing those managed services around open source. So manage es, right? So from, take it from aws, Google Cloud or Azure or IBM or anybody, right? So use open source as managed offering rather than doing it yourself. Because doing it yourself is a lot more heavy lifting. >>I I, >>There's so many thoughts coming, right? >>Mind it's, >>So I gotta ask you, what's your rapport? You have some swag, What's the swag look >>Like to you? I do. Just as serious of a report as you do on the to floor, but I do, so you know, I come from a marketing background and as I, I know that Lisa does as well. And one of the things that I think about that we touched on in this is, is you know, canceling the noise or standing out from the noise and, and on a show floor, that's actually a huge challenge for these startups, especially when you're up against a rancher or companies or a Cisco with a very large budget. And let's say you've only got a couple grand for an activation here. Like most of my clients, that's how I ended up in the CU County ecosystem, was here with the A client before. So there actually was a booth over there and I, they didn't quite catch me enough, but they had noise canceling headphones. >>So if you just wanted to take a minute on the show floor and just not hear anything, which I thought was a little bit clever, but gonna take you through some of my favorite swag from today and to all the vendors, you know, this is why you should really put some thought into your swag. You never know when you're gonna end up on the cube. So since most swag is injection molded plastic that's gonna end up in the landfill, I really appreciate that garden has given all of us a potable plant. And even the packaging is plantable, which is very exciting. So most sustainable swag goes to garden. Well done >>Rep replicated, I believe is their name. They do a really good job every year. They had some very funny pins that say a word that, I'm not gonna say live on television, but they have created, they brought two things for us, yet it's replicated little etch sketch for your inner child, which is very nice. And given that we are in Detroit, we are in Motor City, we are in the home of Ford. We had Ford on the show. I love that they have done the custom K eight s key chains in the blue oval logo. Like >>Fords right behind us by the way, and are on you >>Interviewed, we had 'em on earlier GitLab taking it one level more personal and actually giving out digital portraits today. Nice. Cool. Which is quite fun. Get lap house multiple booths here. They actually IPOed while they were on the show floor at CubeCon 2021, which is fun to see that whole gang again. And then last but not least, really embracing the ship wheel logo of a Kubernetes is the robusta accrue that is giving out bucket hats. And if you check out my Twitter at sabba Savvy, you can see me holding the ship wheel that they're letting everyone pose with. So we are all in on Kubernetes. That cove gone 2022, that's for sure. Yeah. >>And this is something, day one guys, we've got three. >>I wanna get one of those >>Hats. We we need to, we need a group photo >>By the end of Friday we will have a beverage and hats on to sign off. That's, that's my word. If I can convince John, >>Don, what's your takeaway? You guys did a great kind of kickoff about last week or so about what you were excited about, what your thoughts were going to be. We're only on day one, There's been thousands of people here, we've had great conversations with contributors, the community. What's your take on day one? What's your, what's your tagline? >>Well, Savannah and I had at we up, we, we were talking about what we might see and I think we, we were right. I think we had it right. There's gonna be a lot more people than there were last year. Okay, check. That's definitely true. We're in >>Person, which >>Is refreshing. I was very surprised about the mask mandate that kind of caught me up guard. I was major. Yeah. Cause I've been comfortable without the mask. I'm not a mask person, but I had to wear it and I was like, ah, mask. But I understand I support that. But whatever. It's >>Corporate travel policy. So you know, that's what it is. >>And then, you know, they, I thought that they did an okay job with the gates, but they wasn't slow like last time. But on the content side, definitely Kubernetes security, top line headline, Kubernetes at scale security, that's, that's to me the bumper sticker top things to pay attention to the supply chain and the role of docker and the web assembly was a surprise. You're starting to see containers ecosystem coming back to, I won't say tension growth in the functionality of containers cuz they have to solve the security problem in the container images. Okay, you got scanning technology so it's a little bit in the weeds, but there's a huge movement going on to fix that problem to scale it so it's not a problem area contain. And then Dr sent a great job with productivity interviews. Scott Johnston over a hundred million in revenue so far. That's my number. They have not publicly said that. That's what I'm reporting from sources extremely well financially. And they, and they love their business model. They make productivity for developers. That's a scoop. That's new >>Information. That's a nice scoop we just dropped there on the co casually. >>You're watching that. Pay attention to that. But that, that's proof. But guess what, Red Hat's got developers too. Yes. Other people have to, So developers gonna go where it's the best. Yeah. Developers are voting with their code, they're voting with their feet. You will see the winners with the developers and that's what we've talked about. >>Well and the companies are catering to the developers. Savannah and I had a great conversation with Ford. Yeah. You saw, you showed their fantastic swag was an E for Ev right behind us. They were talking about the, all the cultural changes that they've really focused on to cater towards the developers. The developers becoming the influencers as you say. But to see a company that is as, as historied as Ford Motor Company and what they're doing to attract and retain developer talent was impressive. And honestly that surprised me. Yeah. >>And their head of deb relations has been working for, for, for 29 years. Which I mean first of all, most companies on the show floor haven't been around for 29 years. Right. But what I love is when you put community first, you get employees to stick around. And I think community is one of the biggest themes here at Cuco. >>Great. My, my favorite story that surprised me and was cool was the Red Hat Lockheed Martin interview where they had edge deployments with micro edge, >>Micro shift, >>Micro >>Shift, new projects under, there's, there are three new projects under, >>Under that was so, so cool because it was an edge story in deployment for the military where lives are on the line, they actually had it working. That is a real world example of Kubernetes and tech orchestrating to deploy the industrial edge. And I think that's proof in my mind that Kubernetes and this ecosystem is gonna move faster through this next wave of growth. Because once things start clicking, you get hybrid on premise to super cloud and edge. That was, that was my favorite cause it was real. That was real >>Story that it can make is literally life and death on the battlefield. Yeah, that was amazing. With what they're doing and what >>They're talking check out the Lockheed Martin Red Hat edge story on Silicon Angle and then a press release all pillar. >>Yeah. Another actually it's impressive, which we knew this which is happening, but I didn't know that it was happening at this scale is the finops. The finops is, I saw your is a discipline which most companies are adopting bigger companies, which are spending like hundreds of millions dollars in cloud average. Si a team size of finops for finops is seven people. And average number of tools is I think 3.5 or around 3.7 or something like that. Average number of tools they use to control the cost. So finops is a very generic term for years. It's not financial operations, it's the financial operations for the cloud cost, you know, containing the cloud costs. So that's a finops that is a very emerging sort of discipline >>To keep an eye on. And well, not only is that important, I talked to, well one of the principles over there, it's growing and they have real big players in that foundation. Their, their events are highly attended. It's super important. It's just, it's the cost side of cloud. And, and of course, you know, everyone wants to know what's going on. No one wants to leave there. Their Amazon on Yeah, you wanna leave the lights on the cloud, as we always say, you never know what the bill's gonna look like. >>The cloud is gonna reach $3 billion in next few years. So we might as well control the cost there. Yeah, >>It was, it was funny to get the reaction I found, I don't know if I was, how I react, I dunno how I felt. But we, we did introduce Super Cloud to a couple of guests and a, there were a couple reactions, a couple drawn. There was a couple, right. There was a couple, couple reactions. And what I love about the super cloud is that some people are like, oh, cringing. And some people are like, yeah, go. So it's a, it's a solid debate. It is solid. I saw more in the segments that I did with you together. People leaning in. Yeah. Super fun. We had a couple sum up, we had a couple, we had a couple cringes, I'll say their names, but I'll go back and make sure I, >>I think people >>Get 'em later. I think people, >>I think people cringe on the, on the term not on the idea. Yeah. You know, so the whole idea is that we are building top of the cloud >>And then so I mean you're gonna like this, I did successfully introduce here on the cube, a new term called architectural list. He did? That's right. Okay. And I wanna thank Charles Fitzgerald for that cuz he called super cloud architectural list. And that's exactly the point of super cloud. If you have a great coding environment, you shouldn't have to do an architecture to do. You should code and let the architecture of the Super cloud make it happen. And of course Brian Gracely, who will be on tomorrow at his cloud cast said Super Cloud enables super services. Super Cloud enables what Super services, super service. The microservices underneath the covers have to be different. High performing, automated. So again, the debate and Susan, the goal is to keep it open. And that's our, that's our goal. But we had a lot of fun with that. It was fun to poke the bear a little bit. So >>What is interesting to see just how people respond to it too, with you throwing it out there so consistently, >>You wanna poke the bear, get a conversation going, you know, let let it go. We'll see, it's been positive so far. >>There, there I had a discussion outside somebody who is from Ford but not attending this conference and they have been there for a while. I, I just some moment hit like me, like I said, people, okay, technologists are horizontal, the codes are horizontal. They will go from four to GM to Chrysler to Bank of America to, you know, GE whatever, you know, like cross vertical within vertical different vendors. So, but the culture of a company is local, right? Right. Ford has been building cars for forever. They sort of democratize it. They commercialize it, right? But they have some intense culture. It's hard to change those cultures. And how do we bring in the new thinking? What is, what approach that should be? Is it a sandbox approach for like putting new sensors on the car? They have to compete with te likes our Tesla, right? Yeah. But they cannot, if they are afraid of deluding their existing market or they're afraid of failure there, right? So it's very >>Tricky. Great stuff. Sorry. Great to have you on as our cube analyst breaking down the stories. We'll document that, that we'll roll out a post on it. Lisa Savannah, let's wrap up the show for day one. We got day two and three. We'll start with you. What's your summary? Quick bumper sticker. What's today's show all about? >>I'm a community first gal and this entire experience is about community and it's really nice to see the community come together, celebrate that, share ideas, and to have our community together on stage. >>Yeah. To me, to me it was all real. It's happening. Kubernetes cloud native at scale, it's happening, it's real. And we see proof points and we're gonna have faster time to value. It's gonna accelerate faster from here. >>The proof points, the impact is real. And we saw that in some amazing stories. And this is just a one of the cubes >>Coverage. Ib final word on this segment was well >>Said Lisa. Yeah, I, I think I, I would repeat what I said. I got eight, nine years back at a rack space conference. Open source is amazing for one biggest reason. It gives the ability to the developing nations to be at somewhat at par where the dev develop nations and, and those people to lift up their masses through the automation. Cuz when automation happens, the corruption goes down and the economy blossoms. And I think it's great and, and we need to do more in it, but we have to be careful about the supply chains around the software so that, so our systems are secure and they are robust. Yeah, >>That's it. Okay. To me for SAR B and my two great co-host, Lisa Martin, Savannah Peterson. I'm John Furry. You're watching the Cube Day one in, in the Books. We'll see you tomorrow, day two Cuban Cloud Native live in Detroit. Thanks for watching.

(upbeat techno music) >> Hello, everyone. Welcome to theCUBE here live in Detroit for KubeCon + CloudNativeCon 2022. I'm John Furrier, host of theCUBE. This is our seventh consecutive KubeCon + CloudNativeCon. Since inception, theCube's been there every year. And of course, theCUBE continues to grow. So does the community as well as our host roster. I'm here with my co-host, Lisa Martin. Lisa, great to see you. And our new theCube host, Savannah Peterson. Savannah, welcome to theCUBE. >> Thanks, John. >> Welcome. >> Welcome to the team. >> Thanks, team. It's so wonderful to be here. I met you all last KubeCon and to be sitting on this stage in your company is honestly an honor. >> Well, great to have you. Lisa and I have done a lot of shows together and it's great to have more cadence around. You know, more fluid around the content, and also the people. And I would like you to take a minute to tell people your background. You know the community here. What's the roots? You know the Cloud Native world pretty well. >> I know it as well as someone my age can. As we know, the tools and the tech is always changing. So hello, everyone. I'm Savannah Peterson. You can find me on the internet @SavIsSavvy. Would love to hear from you during the show. Big fan of this space and very passionate about DevOps. I've been working in the Silicon Valley and the Silicon Alley for a long time, helping companies scale internationally as a community builder as well as a international public speaker. And honestly, this is just such a fun evolution for my career and I'm grateful to be here with you both. >> We're looking forward to having you on theCUBE. Appreciate it. Lisa? >> Yes. >> KubeCon. Amazing again this year. Just keeps growing bigger and bigger. >> Yes. >> Keynote review, you were in there. >> Yup. >> I had a chance to peek in a little bit, but you were there and got most of the news. What was the action? >> You know, the action was really a big focus around the maintainers, what they're doing, giving them the props and the kudos and the support that they deserve. Not just physically, but mentally as well. That was a really big focus. It was also a big focus on mentoring and really encouraging more people- >> Love that. >> I did, too. I thought that was fantastic to get involved to help others. And then they showed some folks that had great experiences, really kind of growing up within the community. Probably half of the keynote focus this morning was on that. And then looking at some of the other projects that have graduated from CNCF, some of these successful projects, what they're doing, what folks are doing. Cruise, one of the ones that was featured. You've probably seen their driverless cars around San Francisco. So it was great to see that, the successes that they've had and where that's going. >> Yeah. Lisa, we've done how many shows? Hundreds of shows together. When you see a show like this grow and continue to mature, what's your observation? You've seen many shows we've hosted together. What jumps out this year? Is it just that level of maturization? What's your take on this? >> The maturization of the community and the collaboration of the community. I think those two things jumped out at me even more than last year. Last year, obviously a little bit smaller event in North America. It was Los Angeles. This year you got a much stronger sense of the community, the support that they have for each other. There were a lot of standing ovations particularly when the community came out and talked about what they were doing in Ukraine to support fellow community members in Ukraine and also to support other Ukrainians in terms of getting in to tech. Lot of standing ovations. Lot of- >> Savannah: Love that, yeah. >> Real authenticity around the community. >> Yeah, Savannah, we talked on our intro prior to the event about how inclusive this community is. They are really all in on inclusivity. And the Ukraine highlight, this community is together and they're open. They're open to everybody. >> Absolutely. >> And they're also focused on growing the educational knowledge. >> Yeah, I think there's a real celebration of curiosity within this community that we don't find in certain other sectors. And we saw it at dinner last night. I mean, I was struck just like you Lisa walking in today. The energy in that room is palpably different from last year. I saw on Twitter this morning, people are very excited. Many people, their first KubeCon. And I'm sure we're going to be feeding off of that, that kind of energy and that... Just a general enthusiasm and excitement to be here in Detroit all week. It's a treat. >> Yeah, I even saw Stu Miniman earlier, former theCube host. He's at Red Hat. We were talking on the way in and he made an observation I thought was interesting I'll bring up because this show, it's a lot "What is this show? What isn't this show?" And I think this show is about developers. What it isn't is not a business show. It's not about business. It's not about industry kind of posturing or marketing. All the heavy hitters on the dev side are here and you don't see the big execs. I mean, you got the CEOs of startups here but not the CEOs of the big public companies. We see the doers. So, I mean, I think my take is this show's about creating products for builders and creating products that people can consume. And I think that is the Cloud Native lanes that are starting to form. You're either creating something for builders to build stuff with or you're creating stuff that could be consumed. And that seems for applications. So the whole app side and services seem to be huge. >> They also did a great job this morning of showcasing some of the big companies that we all know and love. Spotify. Obviously, I don't think a day goes by where I don't turn on Spotify. And what it's done- >> Me neither. >> What it's done for the community... Same with Intuit, I'm a user of both. Intuit was given an End User Award this morning during the keynote for their contributions, what they're doing. But it was nice to see some just everyday companies, Cloud Native companies that we all know and love, and to understand their contributions to the community and how those contributions are affecting all of us as end users. >> Yeah, and I think those companies like Intuit... Argo's been popular, Arlo now new, seeing those services, and even enterprises are contributing. You know, Lyft is always here, popular with Envoy. The community isn't just vendors and that's the interesting thing. >> I think that's why it works. To me, this event is really about the celebration of developer relations. I mean, every DevRel from every single one of these companies is here. Like you said, in lieu of the executive, that's essentially who we're attracting. And if you look out over the show floor here, I mean, we've probably got, I don't know, three to four extra vendors that we had last year. It totally is a different tone. This community doesn't like to be sold to. This community likes to be collaborative. They like to learn and they like to help. And I think we see that within the ecosystem inside the room today. >> It's not a top down sales pitch. It's really consensus. >> No. >> Do it out in the open transparency. Don't sell me stuff. And I think the other thing I like about this community is that we're starting to see that... And then we've said this in theCube before. We'll say it again. Maybe be more controversial. Digital transformation is about the developer, right? And I think the power is going to shift in every company to the developer because if you take digital transformation to completion, everything happens the way it's happening, the company is the application. It's not IT who serves the organization- >> I love thinking about it like that. That's a great point, John. >> The old phase was IT was a department that served the business. Well, the business is IT now. So that means developer community is going to grow like crazy and they're going to be in the front lines driving all the change. In my opinion, you going to see this developer community grow like crazy and then the business side on industry will match up with that. I think that's what's going to happen. >> So, the developers are becoming the influencers? >> Developers are the power source for all companies. They're in charge. They're going to dictate terms to how businesses will run because that's going to be natural 'cause digital transformation's about the app and the business is the app. So that mean it has to be coded. So I think you're going to see a lot of innovation around app server-like experiences where the the apps are just being developed faster than the infrastructures enabling that completely invisible. And I think you're going to see this kind of architecture-less, I'll put it out there that term architecture-less, environment where you don't need an architecture. It's just you code away. >> Yeah, yeah. We saw GitHub's mentioned in the keynote this morning. And I mean, low code, no code. I think your fingers right on the pulse there. >> Yeah. What did you guys see? Anything else you see? >> I think just the overall... To your point, Savannah, the energy. Definitely higher than last year. When I saw those standing ovations, people really come in together around the sense of community and what they've accomplished especially in the last two plus years of being remote. They did a great job of involving a lot of folks, some of whom are going to be on the program with us this week that did remote parts of the keynote. One of our guests on today from Vitess was talking about the successes and the graduation of their program so that the sense of community, but also not just the sense of it, the actual demonstration of it was also quite palpable this morning, and I think that's something that I'm excited for us to hear about with our guests on the program this week. >> Yeah, and I think the big story coming out so far as the show starts is the developers are in charge. They're going to set the pace for all the ops, data ops, security ops, all operations. And then the co-located events that were held Monday and Tuesday prior to kickoff today. You saw WebAssembly's come out of the woodwork as it got a lot of attention. Two startups got funded heavily on Series A. You're starting to see that project really work well. That's going to be an additional to the container market. So, interesting to see how Docker reacts to that. Red Hat's doing great. ServiceMeshCon was phenomenal. I saw Solo.iOS got massive traction with those guys. So like Service Mesh, WebAssembly, you can start to see the dots connecting. You're starting to see this layer below Kubernetes and then a layer above Kubernetes developing. So I think it's going to be great for applications and great for the infrastructure. I think we'll see how it comes out and all these companies we have on here are all about faster, more integrated, some very, very interesting to see. So far, so good. >> You guys talked about in your highlight session last week or so. Excited to hear about the end users, the customer stories. That's what I'm interested in understanding as well. It's why it resonates with me when I see brands that I recognize. Well, I use it every day. How are they using containers and Kubernetes? How are they actually not just using it to deploy their app, their technologies, that we all expect are going to be up 24/7, but how are they also contributing to the development of it? So I'm really excited to hear those end users. >> We're going to have Lockheed Martin. And we wrote a story on SiliconANGLE, the Red Hat, Lockheed Martin, real innovation on the edge. You're starting to see educate with the edge. It's really the industrial edge coming to be big. It'd be very interesting to see. >> Absolutely, we got Ford Motor Company coming on as well. I always loved stories, Savannah, that are history of companies. Ford's been around since 1903. How is a company that- >> Well, we're in the home of Ford- as well here. >> We are. How they evolved digitally? What are they doing to enable the developers to be those influencers that John says? It's going to be them. >> They're a great example of a company that's always been on the forefront, too. I mean, they had a head of VRs 25 years ago when most people didn't even know what VR was going to stand for. So, I can't wait for that one. You tease the Docker interview coming up very well, John. I'm excited for that one. One last thing I want to bring up that I think is really refreshing and it's reflected right here on this stage is you talked about the inclusion. I think there's a real commitment to diversity here. You can see the diversity stats on CNCF's website. It's right there on KubeCon. At the bottom, there's a link in every email I've gotten highlighting that. We've got two women on this stage all week which is very exciting. And the opening keynote was a woman. So quite frankly, I am happy as a female in this industry to see a bit more representation. And I do appreciate just on the note of being inclusive, it's not just about gender or age, it's also about the way that CNCF thinks about your experience since we're in this kind of pandemic transitional period. They've got little pins. Last year, we had bracelets depending on your level of comfort. Equivocally like a stoplight which is... I just think it's really nice and sensitive and that attention to detail makes people feel comfortable. Which is why we have the community energy that we have. >> Yeah, and being 12 years in the business... With theCUBE, we've been 12 years in the business, seven years with KubeCon and Cloud Native, I really appreciate the Linux Foundation including me as I get older. (Lisa and Savannah laugh) >> Savannah: That's a good point. >> Ageism were, "Hey!" Thank you. >> There was a lot of representation. You talked about females and so often we go to shows and there's very few females. Some companies are excellent at it. But from an optics perspective, to me it stands out. There was great representation across. There was disabled people on stage, people of color, women, men of all ages. It was very well-orchestrated. >> On the demographic- >> And sincere. >> Yeah, yeah. >> And the demographics, too. On the age side, it's lower too. You're starting to see younger... I mean, high school, college representation. I saw a lot of college students last night. I saw on the agenda sessions targeting universities. I mean, I'm telling you this is reaching down. Open source now is so great. It's growing so fast. It's continuing to thunder away. And with success, it's just getting better and better. In fact, we were talking last night about at some point we might not have to write code. Just glue it together. And that's why I think the supply chain and security thing is an issue. But this is why it's so great. Anyone can code and I think there's a lot of learning to have. So, I think we'll continue to do our job to extract the signal from the noise. So, thanks for the kickoff. Good commentary. Thank you. All right. >> Of course. >> Let's get started. Day one of three days of live coverage here at KubeCon + CloudNativeCon. I'm John Furrier with Lisa Martin, and Savannah Peterson. Be back with more coverage starting right now. (gentle upbeat music)

>>Hey everyone. Welcome back to Chicago. Lisa Martin here with John Furrier. We're live with the Cube at Ansible Fest 2022. This is not only Ansible's 10th anniversary, John Wood. It's the first in-person event in three years. About 14 to 1500 people here talking about the evolution of automation, really the democratization opportunities. Ansible >>Is money, and this segment's gonna be great. Cub alumni are back, and we're gonna get an industry perspective on the automation journey. So it should be great. >>It will be great. We've got two alumni back for the price of wine. Scott Canine joins us, Director of Worldwide Automation at Kendra. A Nelson Shoe is back as well. Product marketing director at Red Hat. Guys, great to have you back on the, on the live cube. >>Oh, thank you for having us. And, and you know, it's really great to be back here live and in person and, and, you know, get a chance to see you guys again. >>Well, and also you get, you get such a sense of the actual Ansible community here. Yeah. And, and only a fraction of them that are here, but people are ready to be back. They're ready to collaborate in person. And I always can imagine the amount of innovation that happens at these events, just like off the show floor, people bumping into each other and go, Hey, I had this idea. What do you think, Scott? It's been just about a, a year since Kenel was formed. Talk to us about the last close to a year and what that's been like. Especially as the world has been so, chops >>The world been Yeah, exactly. Topsy turvy. People getting back to working in person and, and everything else. But, you know, you know, throw on that what we've done in the last year, taking Kendra, you know, outside of being a part of ibm Right. In our own company at this point, you know, and you know, you hear a lot of our executives and a lot of our people when we talk about it, like, Oh yeah, it's, you know, it's a $19 billion startup. We got freedom of action. We can do all these different things. But, you know, one of the ways I look at it is we are a $19 billion startup, which means we've got a lot of companies out there that are trusting us to, no matter what change we're doing, continue to deliver their operations, do it flawlessly, do it in a way so they can continue to, to service their clients effectively and, and don't break 'em. And, and so that to me, you know, the way we do that and the way I focusing on that is automation Ansible, obviously corridor strategy, getting there. >>Yeah. And I'd like to get your thoughts too, because we seeing a trend, we've been reporting on this with the cloud growth and the scale of cloud and distributed computing going cloud native, the automation is the front and piece center of all conversations. Automate this, make developers go faster. And with the pandemic, we're coming out of that pandemic. You post pandemic with large scale automation, system architecture, a lot more like architectural conversations and customers leaning on new things. Yeah. What are you seeing in this automation framework that you guys are talking about? What's been the hot playbook or recipe or, or architecture to, you know, play on words there, but I mean, this is kind of the, the key focus. >>Yeah. I mean, if you, one of the things that I com customer comp talks, I've been pulled into a lot recently, have all been around thinking about security, right? A lot in terms of security and compli, I think, I mean, think about the world environment as a whole, right here, everything that's been going on. So, so people are, are conscious of how much energy that's being used in their data centers, right? And people are conscious of how secure they are, right? Are they, you know, the, their end customers are trusting them with data information about them, right? And, and they're trusting us to make sure that those systems are secure to make sure that, you know, all that is taken care of in the right way. And so, you know that what's hot security and compliance, right? What can we do in the energy space, right? Can we do things to, to help clients understand better their energy consumption as, as, you know, especially as we get now in Europe to the winter months, can we do things there that'll help them also be better in that space, Right? Reduce their >>Costs and a lot more cloud rails obviously right there. You got closer and you got now Ansible, they're kind of there to help the customers put it together at scale. This has been the big conversation last year, remember was automate, automate, automate, right? This year it's automation everywhere, in every piece of the, the landscape edge. It's been big discussion tomorrow here about event driven stuff. This is kind of a change of focus and scope. Can you like, share your thoughts on how you see how big this is in terms of the, the, the customer journey >>In terms, I'm sorry, in terms of, >>In terms of their architecture, how they're rolling out automation, >>What's their Yeah, yeah. So, so in terms of their rolling out arch, arch in terms of them consuming architecture, right? And the architecture or consuming automation. Yeah. And rolling out the architecture for how they do that. You know, again, it, to me it's, it's a lot of, it's been focused around how do we do this in the most secure manner possible? How do we deliver the service to them and the most secure managers possible? How do they understand that it, that they can trust the automation and it's doing the right things on their environments, right? So it's not, you know, we're not pushing out or, or you know, it's not making bad policies >>And they're leaning on you guys. >>It's, it's not being putting malware out there, right? At the same time we're doing different things. And so they really rely on, on our customers, rely on us to really help them with that journey. >>I think a, a big part of that with Kendra as such a great partner and so many customers trusting them, is the fact that they really understand that enterprise. And so as, as Scott talks about the security aspect, we're not just talking to the IT operations people, right? We're talking across the enterprise, the security, the infrastructure, and the automation around that. So when we talk about hybrid cloud, we talk about network and security edge is a natural conversation to that, cuz absolutely at the edge network and security automation is critical. Otherwise, how are you gonna manage just the size of your edge as it grows? >>Yeah. And, and we've been, and that's another area that we've been having a a lot more conversations with clients on, is how do you do automation for IOT and edge based devices, right? We, you know, traditionally data center cloud, right? Kind of the core pieces of where we've been focusing on, but I, you know, recently I've been seeing a lot more opportunities and a lot more companies coming forward saying, you know, help us with the network space, help us with the iot space. We really wanna start getting to that level of automation and that part of our environments. And what >>Are some of the key barriers that customers are coming to you with saying, help us overcome these so that they can, you're smiling so that they can, can obviously attract and retain the right talent and also be able to determine what processes to automate to extract the most value and the most ROI for the organization. >>Yeah. And, and, and you know, that's, that's an interesting, the ROI conversation's always an interesting one, right? Because when you start having that with customers, some of the first things they think about, or the first, the natural place people go is, >>Oh, >>Labor takeout. I can do this with less people. Right? But that's not the end all be all of automation. In fact, you know, my personal view is that's, you know, maybe the, the the bottom 30%, right? That's kind of, then you have to think about the value you get above and beyond that standard operations, standardized processes, right? How are you gonna able to do those faster? How's that enabling your business, right? What's all the risks that's now been taken out by having these changes codified, right? By having them done in a manner that is repeatable, scalable, and, and, and really gets them to the point of, you know, what their business needs from an operational standpoint and >>Extracting that value. Nelson, talk about the automation journey from your perspective, How have you seen that evolve from your lens, especially over the last couple of years? >>It's a great question. You know, it's interesting because obviously all of our customers are at different stages of their automation journey. We have someone that just beginning looking at automation, they've been doing old scripts, if you will, the past. And then we have more that are embracing it, right? As a culture. So we have customers that are building cultures of automation, right? They have standups, they have automation guilds. It's, it's kind of a little bit of a, of a click. It's kind of, you know, building up steam in that momentum. And then we have, you know, the clients that Kindra works with, right? And they're very much focused on automation because they understand that they have a lack of resources, they don't have the expertise, they don't have the time to be able to deliver all this. Yeah. And that's really, Kendra really comes into effect to really help those customers accelerate their automation. Yeah. Right. And to that point, you know, we're doing a lot of innovation work with Kendra and we lean on them heavily because, you know, they're willing to make that commitment as a partner both on the, the, the day to day work that we do together as well as Ford looking at different architectures. >>Yeah. And, and the community aspect from our side internally has been tremendous in terms of us being able to expand what we'll be doing with automation and, and what a's been able to do with that community to get there. Right? Yeah. So to last month we did about 33 million day one, day two operations through automation, right? So that's what we've done. If you look at it, you know, if I break it down, it's really 80% of that standard global process stuff that we bring to the table. 20% of that is what our, our account teams are bringing specifically to their clients based on their needs and what they need to get done. Right. You know, one of my favorite examples of of, of this, right? We have a automation example out there for a, a client we've got in Japan, right? They tie, you know, they're, they're obviously concerned, you know, security a everything else that we've been talking about. >>They're also concerned about resiliency, right? In the face of natural disasters. Yeah. So they took our automation, they said, Okay, we're gonna tie your platform to seismic data that's coming through, and we understand what seismic data's happening. Okay, it's hitting a certain event. Let's automatically start kicking off resiliency operations so we can be prepared and thus keeps serving our clients when that's happening. Right? And that's not something like when you talk about a global team coming in and, and saying, we're gonna do all this. It's that community aspect, getting, getting the account focus, getting to that level, right? That's really brings value to clients. And that's one of the use cases, you know, and aaps enabled us to do with the a the community approach. We've got >>Now talk about this partnership. I think earlier when we were talking to Stephanie and Tom, the bottoms up Ansible community with top down kind of business objectives kind of come into play. You guys have a partnership where it's, there's some game changing things happening because Ansible's growing, continuing to have that scope grow from a skill set standpoint, expand the horizons, doing more automation at scale, and then you got business objectives where people wanna move faster in their, in their digital transformation. So to me, it's interesting that this part kind of hits both. >>It does really hit both. I mean, you know, the community cloud that Kendra has is so critical, right? Because they build that c i CF architecture internally, but they follow that community mantra, if you will. And community is so important to us, right? And that's really where we find innovation. So together with what we were call discussing about validated content earlier today becomes critical to build that content to really help people get started, Right? Validated content, content they can depend on and deliver, right? So that becomes critical on the other side, as you mentioned, is the reality of how do we get this done? Yeah. Right? How do we mature, how do we accelerate? And without the ability to drive those solutions to them to fix, if you are the problems that the line of business has. Well, if you don't answer those questions with the innovation, with the community, and then with the ap, it's, it, it does, it's gotta all come >>Together as, I mean, that community framework is interesting. I think we hear a lot in the cube, you know, Hey, let's do this. Sounds good. Who's gonna do it? Someone who's the operator. So there's a little skills gap going on. It's also a transformation in the roles of the operators in particular, and the dev, So the DevOps equation's completely going to the next level, right? And this is where people wanna move faster. So you're seeing a lot more managed services, a lot more Yes. Services that's, I won't say so much top down, but more like, let's do it and here's a play to get it done, right? Then backfill on the hiring, whether it's taking on a little bit of technical debt or going a little faster to get the proof points, >>Right? And I think one of the critical aspects is, you know, Ansible has it certified collections, right? And oftentimes we, we don't, I don't, I meet with customers two, three times a week, right? There's not a single one that doesn't emphasize the importance of partners and the importance of certified collections, Right? And kindra is included in that, right? Because they bring a lot of those certified collections. Use them, leverage them, it's helps customers get a jumpstarter, right? It's a few, it's their easy button, right? But they only get that and they value that because of the support that's there. >>Yeah. Right? They get the with >>The cert. Yeah. I was gonna say, just adding on the certified collections, right? We, so, you know, it was, it was great to see the hub come out with those capabilities because, you know, as we've gone through the last 12 months and, and change, one of the things that we focused more in on is network devices, network support, right? And, and so, you know, some of the certified collections out there for Cisco for F five, right? Some of those things we've been able to take back in and now build on top of with the expertise that we, we have in that space as well. And then use that as a starting point to more value for our clients. >>How is Kentrell working together with, with Red Hat and with Ansible to help organizations like you mentioned Nelson, they're on the journey varies considerably. Some are well on their way, others aren't. But for those to really start developing an automation, first culture, we talked a lot about cultural ship, we talked about it this morning. You can feel the power of that community and driving it, but how do you guys work together to help companies and any industry kind of really start understanding what an automation first culture is and then building it internally and getting some grounds? Well, >>Well, it's interesting, right? One of the, one of the things that really is we found really helpful is assessments, right? So you have silos and pockets of automation, and that's that challenge, right? So to be able to bring that, if you are automation community within an enterprise together, we often go out and we'll do an assessment, right? An automation assessment to really understand holistically how the enterprise could leverage automation not just in the pockets, but to bring it together. And when they bring that automation together, they can share, playbooks can share their experiences, right? And with Kindra and the multiple and the practices they have, right? They really bring that home from an industry perspective. They also bring that home, if you will, from a technology perspective. And they bring that together. So, you know, Kindra in that respect is the glue for our customer success. >>What's news? What's the next big thing that you guys see? Because if this continues down the road, this path, people are gonna get, the winds gonna get the successes. The new beachhead, if you will, is established. You got the edge around the corner. What's next for you guys in the partnership? How do you see it developing? >>No, we're looking at >>No, it's all good. So really, you know, I, I mentioned it earlier and, and the jour the automation journey paralleled by innovation, right? Customers today are automating, they're doing a great job. There's multiple tools out there. We understand we're not gonna be the only tool in the shed, but Ansible can come in and integrate that entire environment. And in a hybrid cloud environment, you want that there, right? I think what next is obviously the hybrid cloud is critical. The edge is critical, right? And I think that, you know, the needs and the requirements that Kindra hears that we have is kind of that future. And, you know, we, we often, often in, in Red Hat, we talk about a north star, right? And when I work with partners, ikin, do we talk about the North Star, where we want to get to? And that is the acceleration of automation. And I think both by the practical aspect of working with our customers and the innovation as partners, as business partners, technology partners will help accelerate >>That. Yeah. Scott, your perspective to bridge to the future is obviously hybrid and edge, how you bringing your customers along? >>Yes. So, so we see, you know, when we talk about my, when I talk about my automation strategy, our automated strategy, right? It's about being automated, orchestrated and intelligent, right? Kind of those, those three layers of the stack. We've been building out a lot of work, what we call our integrated AIOps layer for actionable insights, right? We've got a, you know, a goal to integrate that and, and we have integrated into our automation service for how we're delivering the whole package to our clients so they can better see opportunities for automation. What's the best way to go about it? You know, what are the, what are some of the, the issues they have, vulnerabilities they have in their environment and really bringing it to them in, in a real holistic manner. In fact, we internally, we call it our F five steering wheel, right? Based on the, the race thing, right? >>Because you think about the, the racing cars, f fives know they're right there, right? They got everything they need in front of 'em. Yeah. So our goal is been to, to include that into our automation view and service and build that out, right? So that's one way we're doing it. The additional way is, is through some announcements you probably heard, hopefully heard the last couple weeks through something called Kendra Bridge, right? Kendra Bridge is more the digitization of, of the way we deliver services for our clients to make it easier for them to consume and, and to, to make the barrier to entry for things like getting automation, getting it more in their environment, right? Lower as much as possible, right? So really integrated AIOps kind bridge. Those are really the two ways we see it as, as going forward. >>It's interesting, you know, we live through a lot of these different inflection points in the industry. Every time there's a big inflection point, there's more complexity that needs to be tamed, you know? And so you got innovation. If you got innovation coming and you got the clients wanna simplify and tame the complexity, this is a big part of what you guys do. >>Absolutely. Yeah. I mean, how do we, you know, most, when the clients come to us, right? Like I said, one, it's about trust. They trust us to do it because we can make it easy for them to not have to worry about that, right? Yeah. They don't have to worry about what it takes to secure the environment, manage it, run it, design it, build it for the, the cloud. We give 'em the ability, we give them the ability to focus on their core business while we do the stuff that's important to them, which >>Is absolutely critical that you, you can't emphasize trust in this relationship enough. I wish we had more time, guys, you're gonna have to come back. I think that's basically what this is boil down to. But thanks so much guys for talking with John and me about how Kendra and and Ansible are working together, really enabling your customers to, to unlock the value of automation across their organization and really make some big business changes. We appreciate your insights and your time. Fantastic. Thank you. Happy to do it and happy to do it any time. All right. Our pleasure. Thank you so much for our guests and John Furrier. I'm Lisa Martin. You're watching The Cube Live from Chicago. This is day one of our coverage of Ansible Fest 22. Don't go anywhere. Our next guest joins us in just a minute.

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>Hey everyone. Welcome to the Cube's presentation of the AWS startup showcase. Season two, episode four, I'm your host. Lisa Martin. This topic is cybersecurity detect and protect against threats. Very excited to welcome a Cub alumni back to the program. SNA hall, autonomy, the co-founder and CEO of horizon three joins me SNA hall. It's great to have you back in the studio. >>Likewise, thanks for the invite. >>Tell us a little bit about horizon three. What is it that you guys do you we're founded in 2019? Got a really interesting group of folks with interesting backgrounds, but talk to the audience about what it is that you guys are aiming to do. >>Sure. So maybe back to the problem we were trying to solve. So my background, I was a engineer by trade. I was a CIO at G capital CTO at Splunk and helped, helped grows scale that company and then took a break from industry to serve within the department of defense. And in every one of my jobs where I had cyber security in my responsibility, I suffered from the same problem. I had no idea I was secure or that we were fixing the right vulnerabilities or logging the right data in Splunk or that our tools and processes and people worked together well until the bad guys had showed up. And by then it was too late. And what I wanted to do was proactively verify my security posture, make sure that my security tools were actually effective, that my people knew how to respond to a breach before the bad guys were there. And so this whole idea of continuously verifying my security posture through security testing and pen testing became a, a passion project of mine for over a decade. And I, through my time in the DOD found the right group of an early people that had offensive cyber experience that had defensive cyber experience that knew how to build and ship and, and deliver software at scale. And we came together at the end of 2019 to start horizon three. >>Talk to me about the current threat landscape. We've seen so much change in flux in the last couple of years globally. We've seen, you know, the threat actors are just getting more and more sophisticated as is the different types of attacks. What are you seeing kind of horizontally across the threat landscape? >>Yeah. The biggest thing is attackers don't have to hack in using zero days. Like you see in the movies. Often they're able to just log in with valid credentials that they've collected through some mechanism. As an example, if I wanted to compromise a large organization, say United airlines, one of the things that an attacker's gonna go off and do is go to LinkedIn and find all of the employees that work at United airlines. Now you've got, say 7,000 pilots of those pilots. You're gonna figure out quickly that their use varie and passwords or their use varie@leastarefirstnamelastinitialatunited.com. Cool. Now I have 7,000 potential logins and all it takes is one of them to reuse a compromise password for their corporate email. And now you've got an initial user in the system and most likely that initial user has local admin on their laptops. And from there, an attacker can dump credentials and find a path to becoming a domain administrator. >>And what happens oftentimes is security tools. Don't detect this because it looks like valid behavior in the organization. And this is pretty common. This idea of collecting information on an organization or a topic or target using open source intelligence, using a mix of credentialed spraying and kinda low priority or low severity exploitations or misconfigurations to get in. And then from there systematically dumping credentials, reusing those credentials and finding a path towards compromise and almost less than 2% of, of CVEs are actually used in exploits. Most of the time attackers chain together misconfigurations bad product defaults. And so really the threat landscape is attackers don't hack in. They log in and organizations have to focus on getting the basics right and fundamentals right first, before they layer on some magic, easy button that is some security AI tools hoping that that's gonna save their day. And that's what we found systemically across the board. >>So you're finding that across the board, probably pan industry, that, that a lot of companies need to go back to basics. We talk about that a lot when we're talking about security, why do you think that >>Is? I think it's because one, most organizations are barely treading water. When you look at the early rapid adopters of horizon threes, pen testing, product, autonomous pen testing, the early adopters tended to be teams where the it team and the security team were the same person and they were barely treading water. And the hardest part of my job as a CIO was deciding what not to fix because the bottleneck in the security processes, the actual capacity to fix problems. And so fiercely prioritizing issues becomes really important, but the, the tools and the processes don't focus on prioritizing what's exploitable, they prioritize, you know, by some arbitrary score from some arbitrary vulnerability scanner. And so we have as a fundamental breakdown of the small group of folks with the expertise to fix problems, tend to be the most overworked and tend to have the most noise to need to sift through. So they don't even have time to get to the basics. They're just barely treading water doing their day jobs. And they're often sacrificing their nights and weekends. All of us at horizon three were practitioners at one point in our career, we've all been called in on the weekend. So that's why, what we did was fiercely focus on helping customers and users fix problems that truly matter, and allowing them to quickly retack and verify that the problems were truly fixed. >>So when it comes to today's threat landscape, what is it that organizations across the board should really be focused on? >>I think systemically what we see are bad password or credential policies, least access, privileged management type processes, not being well implemented. The domain user tends to be the local admin on the box, no ability to understand what is a valid login versus a, a malicious login. Those are some of the basics that we see systemically. And if you layer that with, it's very easy to say misconfigure vCenter, or misconfigure a piece of Cisco gear, or you're not gonna be installing monitoring and OB observa security observability tools on that. HP integrated lights out server. And so on. What you'll find is that you've got people overworked that don't have the capacity to fix. You have the fundamentals or the basics, not, not well implemented. And you have a whole bunch of blind spots in your security posture, and defenders have to be right. Every time attackers only have to be right once. And so what we have is this asymmetric fight where attackers are very likely to get in. And we see this on the news all the time. >>So, and, and nobody of course wants to be the next headline. Right? Talk to me a little bit about autonomous pen testing as a service, what you guys are delivering and what makes it unique and different than other tools that have been out there as, as you're saying that clearly have >>Gaps. Yeah. So first and foremost was the approach we took in building our product. What we set up front was our primary users should be it administrators, network, engineers, and P. And that, that it intern who in three clicks should have the power of a 20 year pen testing expert. So the whole idea was empower and enable all of the fixers to find, fix in verify their security weaknesses continuously. That was the design goal. Most other security products are designed for security people, but we already know they're they're task saturated. They've got way too many tools under the belt. So first and foremost, we wanted to empower the fixers to fix problems. That truly matter, the second part was we wanted to do that without having to install credentialed agents all over the place or writing your own custom attack scripts, or having to do a bunch of configurations and make sure that it's safe to run against production systems so that you could, you could test your entire attack surface your on-prem, your cloud, your external perimeter. >>And this is where AWS comes in to be very important, especially hybrid customers where you've got a portion of your infrastructure on AWS, a portion on-prem and you use horizon three to be able to attack your complete attack surface. So we can start on Preem and we will find, say the AWS credentials file that was mistakenly saved on a, a share drive, and then reuse that to become admin in the cloud. AWS didn't do anything wrong. The cloud team didn't do anything wrong. A developer happened to share a password or save a password file locally. That's how attackers get in. So we can start from on-prem and show how we can compromise the cloud, start from the cloud and, and, and show how we can compromise. On-prem start from the outside and break in. And we're able to show that complete attack surface at scale for hybrid customers. >>So showing that complete attack surface sort of from the eyes of the attacker, >>That's exactly right, because while blue teams or the defenders have a very specific view of their environment, you have to look at yourself through the eyes of the attacker to understand what are your blind spots? What do do they see that you don't see? And it's actually a discipline that is well entrenched within military culture. And that's also important for us as the company. We're about a third of horizon, three served in us special operations or the intelligence community with the United States, and then do OD writ large. And a lot of that red team mindset view yourself through the eyes of the attacker and this idea of training. Like you fight in building muscle memories. So you know how to react to the real incident when it occurs is just ingrained in how we operate. And we disseminate that culture through all of our customers as well. >>And, and at this point in time, it's, every business needs to assume an attacker's gonna get in >>That's right. There are way too many doors and windows in the organization. Attackers are going to get in, whether it's a single customer that reused their Netflix password for their corporate email, a patch that didn't get applied properly, or a new zero day that just gets published a piece of Cisco software that was misconfigured, you know, not by anything more than it's easy to misconfigure. These complex pieces of technology attackers are going to get in. And what we want to understand as customers is once they're in, what could they do? Could they get to my crown Jewel's data and systems? Could they borrow and prepare for a much more complicated attack down the road? If you assume breach, now you wanna understand what can they get to, how quickly can you detect that breach and what are your ways to stifle their ability to achieve their objectives. And culturally, we would need a shift from talking about how secure I am to how defensible are we. Security is kind of a state, a point in time, state of your organization, defense ability is how quickly you can adapt to the attacker to stifle their ability to achieve their objective >>As things are changing >>Constantly. That's exactly right. >>Yeah. Talk to me about a typical customer engagement. If there's, you mentioned folks treading water, obviously there's the huge cybersecurity skills gap that we've been talking about for a long time. Now that's another factor there, but when you're in customer conversations, who were you talking to? What typically are, what are they coming to you for help? >>Yeah. One big thing is you're not gonna win and, and win a customer by taking 'em out to steak dinners. Not anymore. The way we focus on, on our go to market and our sales motion is cultivating champions. At the end of the proof of concept, our internal measure of successes is that person willing to get a horizon three tattoo. And you do that, not through state dinners, not through cool swag, not through marketing, but by letting your results do the talking. Now, part of those results should not require professional services or consulting it. The whole experience should be self-service frictionless and insightful. And that really is how we've designed the product and designed the entire sales motion. So a prospect will learn or discover about us, whether it's through LinkedIn, through social, through the website, but often because one of their friends or colleagues heard about us saw our result and is advocating on our behalf. >>When we're not in the room from there, they're gonna be able to self-service just log to our product through their LinkedIn ID, their Google ID. They can engage with a salesperson if they want to, they can run a pen test right there on the spot against their home, without any interaction with a sales rep, let those results do the talking, use that as a starting point to engage in a, in a more complicated proof of value. And the whole idea is we don't charge for these. We let our results do the talking. And at the end, after they've run us to find problems they've gone off and fixed those issues. And they've rerun us to verify that what they've fixed was properly fixed, then they're hooked. And we have a hundred percent technical win rate with our prospects when they hit that fine fix verify cycle, which is awesome. And then we get the tattoo for them, at least give them the template. And then we're off to the races >>That it sounds like you're making the process more simple. There's so much complexity behind it, but allowing users to be able to actually test it out themselves in a, in a simplified way is huge. Allowing them to really focus on becoming defensible. >>That's exactly right. And you know, the value is we're all, especially now in security, there's so much hype and so much noise. There's a lot more time being spent, self discovering and researching technologies before you engage in a commercial discussion. And so what we try to do is optimize that entire buying experience around enabling people to discover and research and learn the other part, right. Remember is offensive cyber and ethical hacking. And so on is very mysterious and magical to most defenders. It's such a complicated topic with many nuance tools that they don't have the time to understand or learn. And so if you surface the complexity of all those attacker tools, you're gonna overwhelm a person that is already overwhelmed. So we needed the, the experience to be incredibly simple and, and optimize that fine fix verify aha moment. And once again, be frictionless and be insightful, >>Frictionless and insightful. Excellent. Talk to me about results. You mentioned results. We, we love talking about outcomes. When a customer goes through the, the POC POB that you talked about, what are some of the results that they see that hook them? >>Yeah. The biggest thing is what attackers do today is they will find a low from machine one, plus a low from machine two equals compromised domain. What they're doing is they're chaining together issues across multiple parts of your system or your organization to hone your environment. What attackers don't do is find a critical vulnerability and exploit that single machine it's always a chain is always, always multiple steps in the attack. And so the entire product and experience in actually our underlying tech is around attack pads. Here is the path, the attack path an attacker could have taken. You know, that node zero, our product took here is the proof of exploitation for every step along the way. So, you know, this isn't a false positive, in fact, you can copy and paste the attacker command from the product and rerun it yourself and see it for yourself. >>And then here is exactly what you have to go fix and why it's important to fix. So that path proof impact and fix action is what the entire experience is focused on. And that is the results doing the talking, because remember, these folks are already overwhelmed. They're dealing with a lot of false positives. And if you tell them you've got another critical to fix their immediate reaction is Nope. I don't believe you. This is a false positive. I've seen this plenty of times. That's not important. So you have to in your product experience in sales process and adoption process immediately cut through that defensive or that reflex and its path proof impact. Here's exactly what you fix here are the exact steps to fix it. And then you're off to the races. What I learned at Splunk was you win hearts and minds of your users through amazing experience, product experience, amazing documentation, yes, and a vibrant community of champions. Those are the three ingredients of success, and we've really made that the core of the product. So we win on our documentation. We win on the product experience and we've cultivated pretty awesome community. >>Talk to me about some of those champions. Is there a customer story that you think really articulates the value of no zero and what it is that, that you are doing? Yeah. >>I'll tell you a couple. Actually, I just gave this talk at black hat on war stories from running 10,000 pen tests. And I'll try to be gentle on the vendors that were involved here, but the reality is you gotta be honest and authentic. So a customer, a healthcare organization ran a pen test and they were using a very well known, managed security services provider as their, as their security operations team. And so they initiate the pen test and they were, they wanted to audit their response time of their MSSP. So they run the pen test and we're in and out. The whole pen test runs two hours or less. And in those two hours, the pen test compromises, the domain gets access to a bunch of sensitive data. Laterally, maneuvers rips the entire entire environment apart. It took seven hours for the MSSP to send an email notification to the it director that said, Hey, we think something's suspicious is wow. Seven hours. That's >>A long time >>We were in and out in two, seven hours for notification. And the issue with that healthcare company was they thought they had hired the right MSSP, but they had no way to audit their performance. And so we gave them the, the details and the ammunition to get services credits to hold them accountable and also have a conversation of switching to somebody else. >>That accountability is key, especially when we're talking about the, the threat landscape and how it's evolving day to day. That's >>Exactly right. Accountability of your suppliers or, or your security vendors, accountability of your people and your processes, and not having to wait for the bad guys to show up, to test your posture. That's, what's really important. Another story is interesting. This customer did everything right. It was a banking customer, large environment, and they had Ford net installed as their, as their EDR type platform. And they, they initiate us as a pen test and we're able to get code execution on one of their machines. And from there laterally maneuver to become a domain administrator, which insecurity is a really big deal. So they came back and said, this is absolutely not possible. Ford net should have stopped that from occurring. And it turned out because we showed the path and the proof and the impact Forder net was misconfigured on three machines out of 5,000. And they had no idea. Wow. So it's one of those you wanna don't trust that your tools are working. Don't trust your processes. Verify them, show me we're secure today. Show me we're secured tomorrow. And then show me again, we're secure next week, because my environment's constantly changing. And the, and the adversary always has a vote, >>Right? The, the constant change in flux is, is huge challenge for organizations, but those results clearly speak for themselves. You, you talked about the speed in terms of time, how quickly can a customer deploy your technology, identify and remedy problems in their environment. >>Yeah. You know, this fine fix verify aha moment. If you will. So traditionally a customer would have to maybe run one or two pen tests a year and then they'd go off and fix things. They have no capacity to test them cuz they don't have the internal attack expertise. So they'd wait for the next pen test and figure out that they were still exploitable. Usually this year's pen test results look identical the last years that isn't sustainable. So our customers shift from running one or two pen tests a year to 40 pen tests a month. And they're in this constant loop of finding, fixing and verifying all of the weaknesses in their infrastructure. Remember there's infrastructure, pen testing, which is what we are really good at. And then there's application level pen testing that humans are much better at solving. Okay. So we focus on the infrastructure side, especially at scale, but can you imagine so 40 pen tests a month, they run from the perimeter, the inside from a specific subnet from work from home machines, from the cloud. And they're running these pen tests from many different perspectives to understand what does the attacker see from each of these locations in their organization and how do they systemically fix those issues? And what they look at is how many critical problems were found, how quickly were they fixed? How often do they reoccur? And that third metric is important because you might fix something. But if it shows up again next week, because you've got bad automation, you're not gonna you're in a rat race. So you wanna look at that reoccurrence rate also >>The recurrence rate. What are you most excited about as obviously the threat landscape continues to evolve, but what are you most excited about for the company and what it is that you're able to help organizations across industries achieve in such tumultuous times? Yeah. You >>Know, one of the coolest things is back because I was a customer for many of these products, I, I despised threat intelligence products. I despised them because they were basically generic blog posts maybe delivered as a, as a, as a data feed to my Splunk environment or something. But they're always really generic. Like you may have a problem here. And as a result, they weren't very actionable. So one of the really cool things that we do, it's just part of the product is this concept of, of flares flares that we shoot up. And the idea is not to be, to cause angst or anxiety or panic, but rather we look at threat intelligence and then because all, all the insights we have from your pen test results, we connect those two together and say your VMware horizon instance at this IP is exploitable. You need to fix it as fast as possible or as very likely to be exploited. >>And here is the threat intelligence and in the news from CSUN elsewhere, that shows why it's important. So I think what is really cool is we're able to take together threat intelligence out in the wild combined with very precise understanding of your environment, to give you very accurate and actionable starting points for what you need to go fix or test or verify. And when we do that, what we see is almost like, imagine this ball bouncing, that is the first drop of the ball. And then that drives the first major pen test. And then they'll run all these subsequent pen tests to continue to find and fix and verify. And so what we see is this tremendous amount of AC excitement from customers that we're actually giving them accurate, detailed information to take advantage of, and we're not causing panic and we're not causing alert, fatigue as a result. >>That's incredibly important in this type of environment. Last question for you. If, if autonomous pen testing is obviously critical and has tremendous amount of potential for organizations, but it's not, it's only part of the equation. What's the larger vision. >>Yeah. You know, we are not a pen testing company and that's something we decided upfront. Pen testing is a sensor. It collects and understands a tremendous amount of data for your attack surface. So the natural next thing is to analyze the pen test results over time, to start to give you a more accurate understanding of your governance risk and compliance posture. So now what happens is we are able to allow customers to go run 40 pen tests a month. And that kind of becomes the, the initial land or flagship product. But then from there we're able to upsell or increase value to our customers and start to compete and take out companies like security scorecard or risk IQ and other companies like that, where there tended to be. I was a user of all those tools, a lot of garbage in garbage out, okay, where you can't fill out a spreadsheet and get an accurate understanding of your risk posture. You need to look at your detailed pen, test results over time and use that to accurately understand what are your hotspots, what's your recurrence rate and so on. And being able to tell that story to your auditors, to your regulators, to the board. And actually it gives you a much more accurate way to show return on investment of your security spend also, which >>Is huge. So where can customers and, and those that are interested go to learn more. >>So horizon three.ai is the website. That's a great starting point. We tend to very much rely on social channels. So LinkedIn in particular to really get our stories out there. So finding us on LinkedIn is probably the next best thing to go do. And we're always at the major trade shows and events also. >>Excellent SNA. It's been a pleasure talking to you about horizon three. What it is that you guys are doing, why and the greater vision we appreciate your insights and your time. >>Thank you, likewise. >>All right. For my guest. I'm Lisa Martin. We wanna thank you for watching the AWS startup showcase. We'll see you next time.

[Music] hello everyone welcome back to the live coverage here in monaco for the monaco crypto summit i'm john furrier host of thecube uh we have a great great guest lineup here already in nine interviews small gathering of the influencers and the people making it happen powered by digital bits sponsored by digital bits presented by digital bits of course a lot happening around decentralization web 3 the metaverse we've got a a powerhouse influencer on the qb ryan gills the founder of openmeta been in the issue for a while ryan great to see you thanks for coming on great to be here thank you you know one of the things that we were observing earlier conversations is you have young and old coming together the best and brightest right now in the front line it's been there for a couple years you know get some hype cycles going on but that's normal in these early growth markets but still true north star is in play that is democratize remove the intermediaries create immutable power to the people the same kind of theme has been drum beating on now come the metaverse wave which is the nfts now the meta verses you know at the beginning of this next wave yeah this is where we're at right now what are you working on tell us what's what's open meta working on yeah i mean so there is a reason for all of this right i think we go through all these different cycles and there's an economic incentive engine and it's designed in because people really like making money but there's a deeper reason for it all and the words the buzzwords the terms they change based off of different cycles this one is a metaverse i just saw it a little early you know so i recognized the importance of an open metaverse probably in 2017 and really decided to dedicate 10 years to that um so we're very early into that decade and we're starting to see more of a movement building and uh you know i've catalyzed a lot of that from from the beginning and making sure that while everything moves to a closed corporate side of things there's also an equal bottom-up approach which i think is just more important and more interesting well first of all i want to give you a lot of props for seeing it early and recognizing the impact and potential collateral damage of not not having open and i was joking earlier about the facebook little snafu with the the exercise app and ftc getting involved and you know i kind of common new york times guy comment online like hey i remember aol wanted to monopolize dial up internet and look the open web obviously changed all that they went to sign an extinction not the same comparable here but you know everyone wants to have their own little walled guard and they feel comfortable first-party data the data business so balancing the benefit of data and all the ip that could come into whether it's a visualization or platform it has to be open without open then you're going to have fragmentation you're going to have all kinds of perverse incentives how does the metaverse continue with such big players like meta themselves x that new name for facebook you know big bully tons of cash you know looking to you know get their sins forgiven um so to speak i mean you got google probably will come in apple's right around the corner amazon you get the whales out there how do is it proprietary is walled garden the new proprietary how do you view all that because it's it's still early and so there's a lot of change can happen well it's an interesting story that's really playing out in three acts right we had the first act which was really truly open right there was this idea that the internet is for the end user this is all just networking and then web 2 came and we got a lot of really great business models from it and it got closed up you know and now as we enter this sort of third act we have the opportunity to learn from both of those right and so i think web 3 needs to go back to the values of web one with the lessons in hindsight of web 2. and all of the winners from web 2 are clearly going to want to keep winning in web 3. so you can probably guess every single company and corporation on earth will move into this i think most governments will move into it as well and um but they're not the ones that are leading it the ones that are leading it are are just it's a culture of people it's a movement that's building and accumulating over time you know it's weird it's uh the whole web 2 thing is the history is interesting because you know when i started my podcasting company in 2004 there's only like three of us you know the dave weiner me evan williams and jack dorsey and we thought and the blogging just was getting going and the dream was democratization at the time mainstream media was the enemy and then now blogs are media so and then all sudden it like maybe it was the 2008 area with the that recession it stopped and then like facebook came in obviously twitter was formed from the death of odio podcasting company so the moment in time in history was a glimmic glimmer of hope well we went under my company went under we all went under but then that ended and then you had the era of twitter facebook linkedin reddit was still around so it kind of stopped where did it where did it pick up was it the ethereum bitcoin and ethereum brought that back where'd the open come back well it's a generational thing if you if you go back to like you know apple as a startup they were trying to take down ibm right it was always there's always the bigger thing that was that we we're trying to sort of unbundle or unpackage because they have too much power they have too much influence and now you know facebook and apple and these big tech companies they are that on on the planet and they're doing it bigger than it's ever been done but when they were startups they existed to try to take that from a bigger company so i think you know it's not an it's not a fact that like facebook or zuckerberg is is the villain here it's just the fact that we're reaching peak centralization anything past this point it becomes more and more unhealthy right and an open metaverse is just a way to build a solution instead of more of a problem and i think if we do just allow corporations to build and own them on the metaverse these problems will get bigger and larger more significant they will touch more people on earth and we know what that looks like so why not try something different so what's the playbook what's the current architecture of the open meta verse that you see and how do people get involved is there protocols to be developed is there new things that are needed how does the architecture layout take us through that your mindset vision on that and then how can people get involved yeah so the the entity structure of what i do is a company called crucible out of the uk um but i i found out very quickly that just a purely for-profit closed company a commercial company won't achieve this objective there's limitations to that so i run a dao as well out of switzerland it's called open meta we actually we named it this six months before facebook changed their name and so this is just the track we're on right and what we develop is a protocol uh we believe that the internet built by game developers is how you define the metaverse and that protocol is in the dao it is in the dow it's that's crucial crucible protocol open meta okay you can think of crucible as labs okay no we're building we're building everything so incubator kind of r d kind of thing exactly yeah and i'm making the choice to develop things and open them up create public goods out of them harness things that are more of a bottom-up approach you know and what we're developing is the emergence protocol which is basically defining the interface between the wallets and the game engines right so you have unity and unreal which all the game developers are sort of building with and we have built software that drops into those game engines to map ownership between the wallet and the experience in the game so integration layer basically between the wallet kind of how stripe is viewed from a software developer's campaign exactly but done on open rails and being done for a skill set of world building that is coming and game developers are the best suited for this world building and i like to own what i built yeah i don't like other people to own what i build and i think there's an entire generation that's that's really how do you feel about the owning and sharing component is that where you see the scale coming into play here i can own it and scale it through the relationship of the open rails yeah i mean i think the truth is that the open metaverse will be a smaller network than even one corporate virtual world for a while because these companies have billions of people right yeah every room you've ever been in on earth people are using two or three of facebook's products right they just have that adoption but they don't have trust they don't have passion they don't have the movement that you see in web3 they don't have the talent the level of creative talent those people care about owning what they create on the on what can someone get involved with question is that developer is that a sponsor what do people do to get involved with do you and your team and to make it bigger i mean it shouldn't be too small so if this tracks you can assume it gets bigger if you care about an open metaverse you have a seat at the table if you become a member of the dao you have a voice at the table you can make decisions with us we are building developing technology that can be used openly so if you're a game developer and you use unity or unreal we will open the beta this month later and then we move directly into what's called a game jam so a global hackathon for game developers where we just go through a giant exploration of what is possible i mean you think about gaming i always said the early adopters of all technology and the old web one was porn and that was because they were they were agnostic of vendor pitches or whatever is it made money they've worked we don't tell them we've always been first we don't tolerate vaporware gaming is now the new area where it is so the audience doesn't want vapor they want it to work they want technology to be solid they want community so it's now the new arbiter so gaming is the pretext to metaverse clearly gaming is swallowing all of media and probably most of the world and this game mechanics under the hood and all kinds of underlying stuff now how does that shape the developer community so like take the classic software developer may not be a game developer how do they translate over you seeing crossover from the software developers that are out there to be game developers what's your take on that it's an interesting question because i come to a lot of these events and the entire web 3 movement is web developers it's in the name yeah right and we have a whole wave of exploration and nfts being sold of people who really love games they're they're players they're gamers and they're fans of games but they are not in the skill set of game development this is a whole discipline yeah it's a whole expertise right you have to understand ik retargeting rigging bone meshes and mapping of all of that stuff and environment building and rendering and all these things it's it's a stacked skill set and we haven't gone through any exploration yet with them that is the next cycle that we're going to and that's what i've spent the last three or four years preparing for yeah and getting the low code is going to be good i was saying earlier to the young gun we had on his name was um oscar belly he's argo versus he's 25 years old he's like he made a quote i'm too old to get into esports like 22 old 25 come on i'd love to be in esports i was commenting that there could be someone sitting next to us in the metaverse here on tv on our digital tv program in the future that's going to be possible the first party citizenship between physical experience absolutely and meta versus these cameras all are a layer in which you can blend the two yeah so that that's that's going to be coming sooner and it's really more of the innovation around these engines to make it look real and have someone actually moving their body not like a stick figure yes or a lego block this is where most people have overlooked because what you have is you have two worlds you have web 3 web developers who see this opportunity and are really going for it and then you have game developers who are resistant to it for the most part they have not acclimated to this but the game developers are more of the keys to it because they understand how to build worlds yeah they do they understand how to build they know what success looks like they know what success looks like if you if you talk about the metaverse with anyone the most you'll hear is ready player one yeah maybe snow crash but those things feel like games yeah right so the metaverse and gaming are so why are game developers um like holding back is because they're like ah it's too not ready yet i'm two more elite or is it more this is you know this is an episode on its own yeah um i'm actually a part of a documentary if you go to youtube and you say why gamers hate nfts there's a two-part documentary about an hour long that robin schmidt from the defiant did and it's really a very good deep dive into this but i think we're just in a moment in time right now if you remember henry ford when he he produced the car everybody wanted faster horses yeah they didn't understand the cultural shift that was happening they just wanted an incremental improvement right and you can't say that right now because it sounds arrogant but i do believe that this is a moment in time and i think once we get through this cultural shift it will be much more clear why it's important it's not pure speculation yeah it's not clout it's not purely money there's something happening that's important for humanity yeah and if we don't do it openly it will be more of a problem yeah i totally agree with you on that silent impact is number one and people some people just don't see it because it's around the corner visionaries do like yourselves we do my objective over the next say three to six months is to identify which game developers see the value in web 3 and are leaning into it because we've built technology that solves interoperability between engines mapping ownership from wallets all the sort of blueprints that are needed in order for a game developer to build this way we've developed that we just need to identify where are they right because the loudest voices are the ones that are pushing back against this yeah and if you're not on twitter you don't see how many people really see this opportunity and i talked to epic and unity and nvidia and they all agree that this is where the future is going but the one question mark is who wants it where are they you know it's interesting i talked to lauren besel earlier she's from the music background we were talking about open source and how music i found that is not open it's proprietary i was talking about when i was in college i used to deal software you'd be like what do you mean deal well at t source code was proprietary and that started the linux movement in the 80s that became a systems revolution and then open source then just started to accelerate now people like it's free software is like not a big deal everyone knows it's what it was never proprietary but we were fighting the big proprietary code bases you mentioned that earlier is there a proprietary thing for music well not really because it's licensed rights right so in the metaverse who's the proprietary is it the walled garden is the is it is it the gamers so is it the consoles is it the investment that these gaming companies have in the software itself so i find that that open source vibe is very much circulating around your world actually open maps in the word open but open source software has a trajectory you know foundations contributors community building same kind of mindset music not so much because no one's it's not direct comparable but i think here it's interesting the gaming culture could be that that proprietary ibm the the state the playstation the xbox you know if you dive into the modding community right the modding community has sort of been this like gray area of of gaming and they will modify games that already exist but they do it with the values of open source they do it with composability and there's been a few breakthroughs counter-strike is a mod right some of the largest games of all time came from mods of other games look at quake had a comeback i played first multiplayer doom when it came out in the 90s and that was all mod based exactly yeah quake and quake was better but you know i remember the first time on a 1.5 cable mode and playing with my friends remember vividly now the graphics weren't that good but that was mod it's mod so then you go i mean and then you go into these other subcultures like dungeons and dragons which was considered to be such a nerdy thing but it's just a deeply human thing it's a narrative building collective experience like these are all the bottom-up type approaches modding uh world building so you're going to connect so i'm just kind of thinking out loud here you're going to connect the open concept of source with open meta bring game developers and software drills together create a fabric of a baseline somewhat somewhat collected platform tooling and components and let it just sell form see what happens better self form that's your imposing composability is much faster yeah than a closed system and you got what are your current building blocks you have now you have the wallet and you have so we built an sdk on both unity and unreal okay as a part of a system that is a protocol that plugs into those two engines and we have an inventory service we have an avatar system we basically kind of leaned into this idea of a persona being the next step after a pfp so so folks that are out there girls and boys who are sitting there playing games they could build their own game on this thing absolutely this is the opportunity for them entrepreneurs to circumvent the system and go directly with open meta and build their own open environment like i said before i i like to own the things i built i've had that entrepreneurial lesson but i don't think in the future you should be so okay with other companies or other intermediaries owning you and what you build i think i mean opportunity to build value yeah and i think i think your point the mod culture is not so much going to be the answer it's what that was like the the the the dynamic of modding yes is developing yes and then therefore you get the benefit of sovereign identity yeah you get the benefit of unbanking that's not the way we market this but those are benefits that come along with it and it allows you to live a different life and may the better product win yeah i mean that's what you're enabling yeah ryan thanks so much for coming on real final question what's going on here why are we here in monaco what's going on this is the inaugural event presented by digital bits why are we here monaco crypto summit i'm here uh some friends of mine brittany kaiser and and lauren bissell invited me here yeah i've known al for for a number of years and i'm just here to support awesome congratulations and uh we'll keep in touch we'll follow up on the open meta great story we love it thanks for coming on okay cube coverage continues here live in monaco i'm john furrier and all the action here on the monaco crypto summit love the dame come back next year it'll be great back with more coverage to wrap up here on the ground then the yacht club event we're going to go right there as well that's in a few hours so we're going to be right back [Music] you

(light music) >> Hello, welcome back everybody to theCUBE's coverage in New York City of AWS Summit 2022. I'm John Furrier, host of theCUBE. We had Dave Vellante, Lisa Martin here earlier. I'm going to wrap it up here with James Forrester, last interview of the day here in New York. Wish we would have had another day. It's a packed house, 10,000 people. James Forrester's the VP Worldwide Technical Leader for VMware's Cloud on AWS. On AWS is a big distinction. James, welcome to theCube. Thanks for coming on. >> Thank you so much, John. It's great to be here. >> So I think it's been like six years since the announcement of VMware's Cloud on AWS, which is a separate instance, separate hardware, but it's changed the game for VMware. You guys have done a lot of work, successful traction with customers. Clarified, I remember at that time, it really clarified VMware's Cloud play. Which then gave VMware more time to work on what it's doing now, which is, you know, using all their assets and their operations with Tanzu, Monterey, Cloud Native, Cross Cloud. What they call you guys call Cross Cloud, I call Super Cloud, action, a lot of stuff happening. So thanks for coming on. Okay. So first question is, what's the future look like for VMware's Cloud on AWS? >> Super bright, super bright. And there's a couple of great reasons for that. I think firstly, what we're seeing is that customers have now made enough progress in their cloud journeys. Many of them have chosen AWS and they're going full force. We're going to help them go faster. We're going to help them get there and get native to those adjacent services much quicker with more confidence and more resiliency. So it's a super exciting time to be doing what we do. >> You know, VMware has had a steady install base, okay. I mean basically it's like almost ingrained in the operations. What do you guys see as that next level step up function? Because you know, obviously Broadcom is buying VMware. Obviously that utility will be in place, but there's more. There's more there that customers can tap into. This is the promise of the cross-cloud. How do you talk about that when you got the AWS action? How does that all integrate? >> Yeah, absolutely. And of course, because so many customers are going to AWS on their own cloud journeys right now, what we get to have the conversation about is how they can get there more confidently. And so for customers who are just starting out, who are looking at their application portfolios, who have a ton of skilled IT professionals who they want to bring into that cloud journey, they can use the skills they already have. For those folks who are a little bit further along but they may be finding that refactoring their applications is more complex, more difficult that they anticipated, we give them a way of moving with confidence and with much less risk so they can do those cloud journeys that they anticipated. >> You know, James, I want to get your thoughts on what the state of the current situation is, vis-à-vis, your customers and your customers' appetite for AWS services. 'Cause one of the promises of the original deal was clarifying messaging but more importantly, customers can get the VMware Cloud and take advantage of the higher level services on AWS. What's the update there? What's the current state of the art? What's some of the patterns that you're seeing on the uptake of services and how they're working together? >> Yeah, it's a great call out. And honestly, one of the misconceptions that I address right out of the gate is that somehow going VMware Cloud takes you away from those services. It doesn't, it gets you closer to them. Full, direct, native access to all of those hundreds of great AWS services. So what we often find is that customers have their enterprise data, inside data workloads in their data centers. But what they want to do is get that up next to the AWS services that can use it, like Redshift and Athena and Glue. They can move those workloads right adjacent to those services to start using them right away. So it's a great way to look at the platform. >> So one of the observations that's pretty well understood right now by most people, I'd say 90%, if not more, not a hundred percent 'cause I've heard people like not get it, but it's pretty clear that the operating model for the the enterprise will be hybrid as a steady state. I don't think there's any debate on that unless you think there is. >> Do you feel the same- >> No debate. No debate. >> Okay. Hybrid's a steady state. What does that mean as clients start to think about edge and their data centers. 'Cause now the private cloud is back in the game. So I've heard people talk about private cloud, which we, I think we coined the term with Dave, Wikibon years ago, but it kind of went away because that was not the public cloud. So public cloud won, on premise didn't go away. We saw Amazon with Outpost. So now they're like, I can still have stuff on prem and run it in a cloud operations. So they're calling that private cloud, I think. So you're starting to hear the same things. What it means basically is that hybrid is winning. It's the standard. What does the hybrid environment look like from a VMware perspective as you guys look at that and have been building that out 'cause you have customers that are on premises. >> Yeah. >> Is it just to the cloud and back? Is it, is there any changes? Is there new connective tissue? Is there a glue layer? What's the operating model for VMware customers? >> Well, customers wanted those same benefits from public cloud agility, cost benefits, elasticity, innovation, sovereignty, sustainability, but they wanted to be able to do that everywhere. They wanted it in their data centers. They wanted it at the edge. And as you've pointed out public cloud delivered that for customers. AWS first out there delivering that for customers. Now with innovations like VMware Cloud and AWS outpost, we're able to bring that back into the data center. We're able to bring those same benefits of public cloud into the customers on-prem environment. And you're right. We see hybrid just rolling and rolling and being able to offer our solution across all of it. >> Yeah, we're big fans of VMware because theCube's 12 years old, we've been at every VMworld. Now they're calling it VMware Explorer, the events coming up. So the folks watching, plug for VMware Explorer, formerly VMworld, it's on the schedule. Content catalog just came out last week. It's looking pretty good. So put a plug out there. We'll be there with theCube, two sets. So you know, if you're going to VMworld, now Explorer go register, get up there. It's in San Francisco, always a great event. vSphere and vSAN, always great products. But you got Carbon Black, you got Security. So these things have all been working kind of pistons for VMware. Tanzu, I know Raghu and those guys are doing it. Craig McLuckie and team, they're working on that. You got Tanzu, you got Monterey. That's the new cloud native thing. How is that tracking vis-à-vis, the operating model of the the core engine, vSphere, vSAN and others. And then with the native services of Cloud. So you got AWS Cloud with VMware Cloud, vSphere, vSAN, Carbon Black, and Security. And then you got the Tanzu over here. How are those three things coming together? >> Well, the services that customers know and love first and foremost that they've been running the mission critical workloads on, vSphere, vSAN, NSX. What VMware cloud and AWS is, is a packaging together of those services. So customers don't have to configure it all themselves and do the heavy lifting. We manage and run it on their behalf. What we are adding to that most recently with Tanzu is now the ability to run containers within the same environment. 'Cause customers tell us they've got parts of their organization that are very much on vSphere VMs. Parts of their organization are moving to containers. We want be able to provide a single operating model, a single layer, a single way of managing all of that. No matter where it's deployed. >> You know, remember back in the day, when Raghu wasn't the CEO, Carl Eschenbach was there, Sanjay Poonen was there. Carl's now at Sequoia Capital, Raghu's a CEO. Sanjay's kind of looking for a next gig. I always said, why doesn't vSphere and NSX become that abstraction layer and commoditize the network so that white boxes and Dell and HP could all play in that layer? It just never happened yet. Is that something you guys talk about at all? Like, I mean in the, in the smokey room, in the execs, is that happening? What's the vision? >> Well, we always work backwards- from customers, right? (John laughing) And what customers are telling us is they want us to help them with that undifferentiated heavy lifting. So who knows where that could take us, but right now we're very focused on helping those customers move with confidence to the cloud. >> You didn't take the bait on that one. I appreciate that. (James laughing) Okay. So let's get some perspective. You're out with customers. What are the big things that you're seeing right now from your customers right now? 'Cause you look behind us here, 10,000 people at this event. This is not a no-show. This is not a throwaway event in, you know, somewhere in the corner of the world. This is New York City, only one summit. This is bigger than Snowflake Summit and that was packed. So from an event standpoint, this is pretty a big game statement here for AWS. These companies are not experiencing headwinds, they're changing. So what are your customers telling you around what they're looking at for the cloud native architecture? I mean obviously the digital transformation is continuing, obviously clouds here. And again, we were saying earlier, this is the first time in history that the cloud hyperscalers have been in market during a so-called downturn. So there's no other data. 2008, I wouldn't call 'em up and running. They were building, but AWS, Azure, others, these cloud players they're in market. And so you're starting to see kind of some data coming out saying, Hey, this thing's still working, the engine of innovation is cranking out and it's not slowing down the digital transformation. It might change the capital markets and valuations but it's not changing customers. That's what I'm hearing. Now, you probably would agree with that, right? >> James: I think that's exactly right. >> Okay. So let's stay with that. If you believe that, then it's like, okay, what are they doing? So what are customers doubling down on? What are some of the patterns you're seeing in the environment today that you could share with the audience? >> Yeah, so I think first and foremost is that steady transition to the cloud to deliver all of those benefits, agility, cost, elasticity, innovation, sovereignty, sustainability that hasn't gone away at all. In fact, it's only accelerated. With workloads like virtual desktops, which became so critical during COVID the need to be able to provide that kind of scalable elastic capacity has only increased. Now, coupled with that, most of these customers are already on a cloud journey. And while some folks may have had the luxury of letting that go a little bit more slowly, nowadays the urgency is pervasive across all of the industries that we get to talk to in New York. Everyone needs to go faster. Everybody's not seeing the progress that they expected that we think we can help them deliver. So the opportunity I think that's come out of COVID is more workloads, different use cases, disaster recovery, ransomware- >> Is that more of an awareness or reality or both? >> Both. Absolutely. >> Okay. So let me ask the next question. 'Cause this is a good conversation, I think. I agree a hundred percent. We're seeing the same exact thing. Now let's talk about how companies are thinking about the real opportunity that's emerged, which is refactoring the business model without actually changing the makeup of the organization per se, to take on new territories and potentially take over categories. >> James: Mm hmm. >> So I mean a data warehouse and a data cloud's kind of the same thing. Snowflake probably wouldn't like me saying that they're a data warehouse because they call themselves a data cloud, but it's kind of the same thing, just refactored on AWS. >> James: Yep. >> That's a super cloud. So that's an opportunity for everyone to do that in every vertical. How many customers are actually thinking that way and actually taking steps to pursue that, capture that opportunity? Or do you agree it's the opportunity? >> No, I think that that is an opportunity and I love that idea of super cloud in that what I think customers have started to realize, over the last couple of years in particular, is it's very difficult to take advantage of all of those great cloud services if your applications are still behind a whole lot of different layers of firewalls and so forth. So getting the application close to those services, in proximity to those services is that first step in modernization. Then it doesn't have to be a change the wings on the plane while it's flying conversation, which- >> John: Yeah. >> You know, is very risky for a lot of organizations. >> John: Exactly. >> It's a let's get the plane going a little bit faster. Let's get the plane going a little bit smoother, and let's get the plane to its destination with less risk. >> You know, James, that reminds me of the old school conversations of non disruptive operations. Remember those days? >> James: I do, yeah. >> Mostly around storage and, and servers. But that's what basically what you're saying. Transform while operating, right? >> James: Exactly. >> So this is, you can do both. You got to make time and it's a talent question too. I'd love to get your thoughts on how customers are thinking about who do you put on which task. 'Cause you want your A players on both areas. You don't want all your A players, what I hear, CSOs and CIOs telling me is that, I put all my A players on transformation, I got no one running the business. >> James: Mm hmm. >> So you got to kind of balance. That's a cultural team decision. >> It's a cultural team decision. It's also a skills marketplace decision. >> John: Yeah. >> And there's a practical reality to the skills that are available and how fast you can hire them. So a big part of the conversation that we have is when customers have existing skills sets, plug those into their transformation, plug those into their business outcomes. I like to use the phrase, "Let's make heroes out of IT" because they can be a much more critical player than they think they can be. Yeah, IT basically is not even around anymore. It's part of the organization. And then you have data science and data engineering coming in. So it's, you know, IT is not a department anymore, it's the company >> Exactly right. >> If you're kind of going down that road, yeah. >> Yeah. Alright, so final question. What's the biggest change you've seen and observed in your current year and a half? You know, we're coming out of COVID, knowing what was before, what sea change, what inflection point are we in now? How would you describe this current market? 'Cause again, we're kind of in a unique market. You know, you got crypto around the corner, people getting attracted to that, little bubbly obviously, reality of cloud and 2.0 or super cloud emerging. On premise is not going away. Edge exploding on the industrial side, especially with machine learning coming along. So this operating model is clearly in sight. What's the biggest observation you've noticed. >> I think it's the sense of urgency over the last couple of years in that most customers I talked to are no longer relaxed about the timing of delivering cloud capabilities to their organizations. Most customers are on sort of a transformation journey of their own and digital transformation and cloud transformation are absolutely fundamental to that. >> One more real quick follow up question if you don't mind, 'cause I appreciate your time. One of the things that's come up a lot in our conversations is the role of the ecosystem. Not only as a part of the business model but also validation of the enablement that cloud offers companies. You have an enabling platform, your ecosystem is well known. And so your customers are starting to develop ecosystems. So if the cloud model kind of trickles like downstream, ecosystem is kind of a proof of something. >> James: Mm hmm. >> What's your view of all this ecosystem discussion as we transform this next generation? >> Yeah, I think it touches on a couple of things. So obviously there is a technology ecosystem, which is evolving very rapidly in support of cloud and cloud transformation. But what's interesting, I think is the business ecosystem that's evolving around it. We're seeing our customers evolve their own businesses to assume that those cloud capabilities will be available to them. And if the cloud capabilities are not available to them in a timely fashion, then the ecosystem starts to have a domino effect. So the ecosystems are interdependent between business, and technology, and skills, and talent. And I think that's a great to be >> James Forrester, they're going to shut us down. The speakers are on, they're going to pull the plug. Thanks for being our last interview here in New York City and bringing us home. Really appreciate you taking the time to come on theCube. >> John, thanks so much. Great to be here, really enjoyed it. Okay. We are wrapping it up here in New York City. I'm John Ford with theCube, great day. For Lisa Martin, Dave Vellante, and the entire crew of theCube here on the ground. Live in person events are back. theCube hybrid, get online, check out our coverage there. The SiliconANGLE and thecube.net. I'm John Furrier signing off from New York City. See you next time. (light music)