Okay. We're back at AWS reinforced 2022. My name is Dave Vellante, and this is the cube we're here in Boston, home of lobster and CDA. And we're here, the convention center where the cube got started in 2010, Shariq Qureshi is here the senior manager at Deloitte and two LL P and merit bear is back on the cube. Good to see >>You guys can't keep me away, >>Right? No. Well, we love having you on the cube shark set up your role at, at Deloitte and toosh what do you actually, what's your swim lane, if you will. >>Yeah, sure. You know, I spend, I wear a lot of hats. I spend a lot of time in the assurance, the controls advisory audit type of role. So I spend our time, a lot of time working with our clients to understand, you know, regulatory requirements, compliance requirements, and then controls that they need to have in place in order to address risks, technology risks, and ultimately business risks. >>So I like to put forth premise, you know, when I walk around a show like this and come up with some observations and then I like to share 'em and then people like me. Well, you know, maybe so help me course correct. My epiphany at this event is the cloud is becoming the first line of defense. The CISO at your customers is now the second line of defense. I think audit is maybe the th third line of defense. Do, do you buy that the sort of organizational layered approach? >>No, because in fact, what we're here to talk about today is audit manager, which is integrated, right? Like if you're doing so the whole notion of cloud is that we are taking those bottom layers of the stack, right? So the concrete floors up through layer for the hypervisor, the, the racks and stacks and HVAC and guards and gates up through the hypervisor, right? Our, our proprietary hardware nitro ecosystem, which has security inheritance is okay upon that. We are then virtualized. Right? And so what we're really talking about is the ways that audit looks different today, that you can reason about what you're doing. So you're doing infrastructure as code. You can do securities code, you can do compliances code, and that's the beauty of it. So like for better, or in your case for worse in your analogy, you know, these are integrated, these are woven together and they are an API call >>Seamless. >>It, it is like easy to describe, right? I mean, like you can command line knowledge about your resources. You can also reason about it. So like, this is something that's embedded, for example, an inspector you can do network reachability know whether you have an internet facing endpoint, which is a PCI, you know, requirement, but that'll be dashboarded in your security hub. So there's the cloud is all the stuff we take away that you don't have to deal with. And also all the stuff that we manage on top of it that then you can reason about and augment and, and take action on. >>Okay. So at the same time you can't automate the audit entirely. Right? So, but, but talk about the challenges of, of, of, of automating and auditing cloud environment. >>Yeah. I mean, when I look at cloud, you know, organizations move to take advantage of cloud characteristics and cloud capabilities, right? So elasticity, scalability is one of them. And, you know, for market conditions, business, business outcomes, you know, resources expand and contract. And one of the questions that we often get as an auditor is how do you maintain a control environment for resources that weren't there yesterday, but are there today, or that are, that are no longer there and that are there today. So how do you maintain controls and how do you maintain security consistently uniformly throughout an audit environment? It's not there. So that's a challenge auditors, you know, historically when you look at the on-prem environment, you have servers that are there, it's a physical, it's a physical box. You can touch it and see it. And if it goes down, then, you know, it's still there. You can hug >>It if you're some people >>It's still there. So, but you know, with, you know, with cloud things get torn down that you don't see. So how do you maintain controls? That's, you know, it, one challenges, it >>Sounds like you're describing a CMDB for audit. >>I mean, that's a, that's an outcome of having, you know, getting good controls of having a CMDB to keep track and have an inventory of your assets. >>But the problem with CMDB is they're out of date, like so, so quickly, is it different in the cloud world? >>Yeah, exactly. I mean, yes. And yes, they are outta date. Cuz like anything static will be manual and imprecise, like it's gonna be, did John go calculate, like go count how many servers we have. That's why I was joking about server huggers versus like virtualizing it. So you put out a call and you know, not just whether it exists, but whether it's been patched, whether it's, you know, like there are ways that we can reason about what we've done, permissioning pruning, you know, like, and these, by the way, correspond to audit and compliance requirements. And so yes, we are not like there, it's not a click of a, whatever, a snap of the fingers, right. It takes work to translate between auditors and us. And it also takes work to have customers understand how they can augment the way that they think about compliance. But a lot of this is just the good stuff that they already need to be doing, right? Knowing internet facing endpoints or whatever, you know, like pruning permissioning. And there's a lot of ways that, you know, access analyzer, for example, these are automated reasoning tools that come from our formal reasoning group, automated reason group that's in identity. Like they, computers can reason about things in ways that are more complex, as long as it can be resolved. It's like EEU utility in mathematics. You don't go out and try to count every prime number. We accept the infinitude of primes to be true. If you believe in math, then we can reason about it. >>Okay. So hearing that there's a changing landscape yeah. In compliance shift from a lot of manual work to one that's much more highly automated, maybe not completely integrated and seamless. Right. But, but working in that direction, right. Yeah. Is that right? And maybe you could describe that in a little bit more detail, how that, you know, journey has progressed. >>I mean, just the fact alone that you have, you know, a lot of services, a lot of companies that are out there that are trying to remove the manual component and to automate things, to make things more efficient. So then, you know, developers can develop and we can be more agile and to do the things that, you know, really what the core competencies are of the business to remove those manual, you know, components to take out the human element and there's a growing need for it. You know, like we always look at security as, you know, like a second class citizen, we don't take advantage of, you know, the, you know, the opportunities that we need to, to do to maintain controls. So, you know, there's an opportunity here for us to look at and, and automate compliance, to automate controls and, and to make things, you know, seamless >>As a fun side benefit, you will actually hopefully have improved your actual security and also retain your workforce because people don't wanna be doing manual processes. You know, they wanna be doing stuff that humans are designed for, which is creative thinking, innovation, you know, creating ways to make new pathways instead of just like re walking these roads that a computer can analyze, >>You mentioned audit manager, what is that? I mean, let's give a plug for the product or the service. What's that all about what problems does it solve? Let's get >>Into that. Yeah. I mean, audit manager is a first of its kind service. You're not gonna find this offered through any other hyperscaler it's specifically geared and tailored towards the second line, which is security and compliance and a third line function, which is internal audit. So what is it looking to do and what is it looking to address some of those challenges working in a cloud space working, and if you have a cloud footprint. So for example, you know, most organizations operate in a multi account strategy, right? You don't just have one account, but how do you maintain consistency of controls across all your accounts? Auto manager is a service that can give, you know, kind of that single pane of view that to see across your entire landscape, just like a cartographer has a map to see, you know, the entire view of what he's designing auto managers does the same thing only from a cloud perspective. So there's also other, you know, features and capabilities that auto managers trying to integrate, you know, that presents challenges for those in compliance those in the audit space. So, you know, most companies, organizations they have, you know, not just one framework like SOC two or GDPR, high trust, HIPAA PCI, you know, you can select an industry accepted framework and evaluate your cloud consumption against, you know, an industry accepted framework to see where you stand in terms of your control posture, your security hygiene, >>And that's exclusive to AWS. Is that what you're saying? You won't find that on any other hyper scale >>And you'll find similarities in other products, but you won't find something that's specifically geared towards the second line and third line. There's also other features and capabilities to collect evidence, which is, I don't see that in the marketplace. >>Well, the only reason I ask that is because, you know, you, everybody has multiple clouds and I would love, I would love a, you know, an audit manager that's, that's span that transcends, you know, one cloud, is that possible? Or is that something that is just not feasible because of the, the, the deltas between clouds? >>I mean, anything's possible with the APIs right now, the way that, you know, you have to ingrain in, right. There's, you know, a, a feature that was introduced recently for audit manager was the ability to pull in APIs from third party sources. So now you're not just looking, looking exclusively at one cloud provider, you're looking at your entire digital ecosystem of services, your tools, your SA solutions that you're consuming to get a full, comprehensive picture of your environment. >>So compliance, risk, audit security, they're like cousins that are all sort of hanging out on the same holiday, but, but they're different. Like what help us understand and squint through those different disciplines. >>Yeah. I mean, each of them have, you know, a different role and a hat to wear. So internal audit is more of your independent arm of management working or reporting directly towards, you know, to the audit committee or to the board to give an independent view on company control and posture security and compliance works with management to help design the, that there that are intended to prevent, detect, or even correct, you know, controls, breakdowns, you know, those action, those action verb items that you wanna prevent unauthorized access, or you wanna restrict changes from making its way into production unless it's approved and, and documented and tracked and so on and so forth. So each, you know, these roles they're very similar, but they're also different in terms of what their function is. >>How are customers dealing with regional differences? You mentioned GDPR, different regulations, data sovereignty, what are the global nuances and complexities that, that, that cloud brings. And how are you addressing those? >>Yeah. Merit, I don't know if you had any thoughts on that one. >>I mean, I think that a lot of what, and this will build off of your response to the sort of Venn diagrams of security and risk and compliance and audit. I think, you know, what we're seeing is that folks care about the same stuff. They care about privacy. They care about security. They care about incentivizing best practices. The form that that takes when it's a compliance framework is by definition a little bit static over time. Whereas security tends to be more quickly evolving with standards that are like industry standards. And so I think one of the things that, you know, all these compliance frameworks have in, in mind is to go after those best practices, the forms that they take may take different forms. You know what I mean? And so I, I see them as hopeful in the motivation sense that we are helping entities get the wherewithal, they need to grow up or mature or get even more security minded. I think there are times that they feel a little clunky, but you know, that's just Frank. Yeah. >>It, it, it can audit manager sort of help me solve that problem. Is that the intent? And I see what you're saying, merit, that there security is at a different pace than, than, you know, GDPR, a privacy, you know, person, >>Right. I mean, like security says, we want this outcome. We want to have, you know, data be protected. The compliance may say, it must be this particular encryption standard. You know what I mean? Like the form I see things taking over time will evolve and, and feels dynamic. Whereas I think that sometimes when we think about compliance and it's exactly why we need stuff like audit manager is to like help manage exactly what articulation of that are we getting in this place at this time for this regulated industry? And like almost every customer I have is regulated. If you're doing business, you're probably in PCI, right. >>And there's never just one silver bullet. So security is, is a number of things that you're gonna do, the number of tools that you're gonna have. And it's often the culture in, in what you develop in your people, your process and technology. So auto manager is one of the components of robust strategy on how to address security. >>But it's also one of those things where like, there are very few entities, maybe Deloitte is one that are like built to do compliance. They're built to do manufacturing, automotive hospitality. Yeah. You know, like they're doing some other industry as their industry. Right. And we wanna let them have less lag time as they make sure that they can do that core business. And the point is to enable them to move our, I mean like sure. I think that folks should move to the pod because of security, but you don't have to, you should move because it enables your business. And this is one of the ways in which it just like minimizes, you know, like whatever our tailwinds lagging or push it anyway, it pushes you. Right. I mean, like it minimizes the lag >>Definitely tailwind. So are you suggesting merit that you can inject that industry knowledge and specificity into things like audit manager and, and actually begin to automate that as, and of course Deloitte has, you know, industry expertise char, but, but, but how should we think about that? >>I mean, you're gonna, you're gonna look at your controls comprehensively a across the board. So if you operate in an industry, you're gonna look to see like, what's, what's important for you. What do you have to, you know, be mindful of? So if you have data residency concerns, you wanna make sure that you've tailored your controls based on the risks that you're addressing. So if there's a framework >>And remember that you can go in the console and choose what region you're, you know, like we never remove your data from your region that you have chosen, you know, like this is, there's an intentionality and an ability to do this with a click of a mouse or with an API call that's, you know, or with a cloud formation template. That's like, there is a deliberateness there. There's not just like best wishes. >>You know, >>ESG is in scope. I presume, you know, helping the CISO become more green, more diverse. Increasingly you're seeing ESG reports come out from major organizations. I presume that's part of the compliance, but maybe not, maybe it hasn't seeped in yet. Are you seeing >>For that? I think it's still a new service auto manager. It's still, you know, being developed, but, you know, continuous feedback to make sure that, you know, we're covering a, a broad range of services and, and, and those considerations are definitely in the scope. Yeah. >>I mean, are you hearing more of that from >>Clients? So, I mean, we have an internal commitment to sustainability, right. That has been very publicly announced and that I'm passionate about. We also have some other native tools that probably, you know, are worth mentioning here, like security hub that does, you know, CIS benchmarking and other things like that are traffic lighted in their dashboard. You know, like there are ways a lot of this is going to be the ways that we can take what might have been like an ugly ETL process and instead take the managed ness on top of it and, and consume that and allow your CISO to make high velocity decision, high velocity, high quality decisions. >>What's the relationship between your two firms? How do you work >>To I'm like we just met. >>Yeah. I sense that, so is it, is it, how do you integrate, I guess is >>A question. Yeah. I mean, I mean, from the audit perspective, our perspective, working with clients and understanding, you know, their requirements and then bringing the service audit manager from the technical aspect and how we can work together. So we have a few use cases, one we've working with the tech company who wanted to evaluate, you know, production workload that had content, you know, critical client information, client data. So they needed to create custom controls. We were working with them to create custom controls, which auto manager would evaluate their environment, which would, you know, there's a reporting aspect of it, which was used to, you know, to present to senior leadership. So we were working together with AWS and on helping craft what those custom controls were in implement at the customer. >>Yeah. I mean, among other things, delight can help augment workforce. It can help folks interpret their results when they get outputs and act upon them and understand industry standards for responsiveness there. I mean, mean like it's a way to augment your approach by, you know, bringing in someone who's done this before. >>Yeah. Cool, cool. Collaboration on a topic that's generally considered, sorry. Don't, don't hate me for saying this boring, but really important. And the fact that you're automating again makes it a lot more interesting guys. Excellent. Thanks for your sharp first time on the cube. Thank you. Absolutely on, appreciate it. Rapidly. Becoming a VIP. Thanks. Coming on. Hey, I'll take it. All right. Keep it right there. Thank you. This is Dave ante for the cube. You're watching our coverage of AWS reinforce 2022 from Boston. We'll be right back.

>> Announcer: Live from Nassau in the Bahamas, it's the Cube. Covering Polycon '18. Brought to you by Polymath. >> Welcome back, everyone. This is the Cube's exclusive coverage. We're live in the Bahamas, here for day two of our wall to wall coverage of Polycon '18. It's a security token conference, securitizing, you know, token economics, cryptography, cryptocurrency. All this is in play. Token economics powering the world. New investors are here. I'm John Furrier, Dave Vellante. Our next guest is Nithin Eapen Who's the Chief Investment Officer for Arcadia Crypto Ventures. Welcome to the Cube. >> Thank you very much gentlemen. >> Thanks for joining us. >> Thanks for coming out. >> Excited to have you on for a couple reasons. One, we've been talking since day one, lot of hallway conversations. Small, intimate conference, so we've had a chance to talk. Folks haven't heard that yet, so let's kind of get some of the key things we discussed. You are very bullish and long on cryptocurrency and Blockchain. You guys are doing a variety of deals. You're also advising companies and you guys are rolling your sleeves up. So kind of interesting dynamics. So take a minute to explain what you guys are doing, your model. >> Okay. >> And we're going to try to get some of your partners on later. You have a great team. >> Yep. >> Experienced pros in investing. And you got wales, you got pros. So you got a nice balance. >> Yes we do. >> So take a minute to explain Arcadia, your approach and philosophy. >> Okay. Okay. So Arcadia Crypto Ventures primarily we are a private fund. We invest other money. We believe in the whole crypto space. We believe this market is expanding and it is growing and it's going to be the biggest thing that ever happened. It's going to be this fusion of internet and PC and mobile. And everything is going to go batshit, okay. We believe in the whole tokenization world. Everything is going to be tokenized. So as a whole, we believe this space is going to go very big. Okay, so that's one piece and because of that, we invest in the space, the whole space. Not one bitcoin or Ethereum, but everything in the space that makes sense. People who have a use case. Now the second piece of it is we advised great founders. We want to get founders to come out and build these new things because this is the new internet of the new era and people have to come out and build these things. And so many of them are traditional businesses and we have to explain to them why this matters, why you should come to this space and be decentralized and reach the whole world. Because initially, the internet came. The idea of the internet was everybody gets information. Now information did get everywhere. You don't have to worry that the mailman is there to deliver your email anymore. Even if it's a Sunday, your mail will get delivered. So that part was good. But now you have these few companies that's holding all your data. It's okay for most people, but they do censor a lot of people. So that is one point. That censorship. We want a censorship-resistant world where everybody's ideas get out. So that way, we believe that's how this whole internet space itself is going to change because of that. See this is if I explained in one word, this is the greatest sociopolitical economic experimental revolution ever that has happened in humankind. >> In the history of the world. I mean this is important. I'd said that on my opening today. >> Uh-huh. >> Dave and I were riffing and Dave and I have always been studying. We've been entre-- We are entrepreneurs. We live in Silken Valleys in Boston and so you seeing structural change going on. So it's not just make money. >> Nope. >> There's mission-based, younger demographics. So you starting to see really great stuff. So I want to ask you specifically, 'cause you guys are unique in the sense that you're investing in a lot of things. But startups, pure-playing startups? >> Which had only one path before, or two paths. >> Right, yeah. >> Cashflow financing and venture capital. >> Okay. >> So that's a startup model. The growing companies that are transform their growth business with token economics, those would have long odds. Those are the best deals. >> Okay. Then there's like the third deal. Well we're out of business, throw the Hail Mary, repivot. (laughs) Right, so categorically, you're starting to see the shape of the kinds of swim lanes of deals. >> Okay. >> Okay, pivoting, that Hail Mary. Okay, you can evaluate that pretty much straight up on that. Startups need nurturing, right? >> Yeah. >> So the VC1 al-oc-chew works really well for startups because of the product market fits going to be developed. You got cloud computing so you can go faster. So you guys are nurturing startups. At the same time, you're also doing growth deals. >> We do. >> Explain the dynamic between those kinds of deals, how you guys approach them. What's the dynamic? What are the key things that you're bringing? Is it just packaging? Is it tech? So on, so forth. >> So with a lot of people, when they are on the advisory side. Primarily we look at the founder and the tech. What are they trying to solve? That is key. If it's a turd, you can't package it. No matter how you package it, that's not going to work. >> You can't package dog you-know-what. >> Yeah, exactly, okay. >> So that's one thing that we look at. The founders and their idea. Now their idea, can it be decentralized? Some models are meant to be centralized maybe so it doesn't work, okay. Like, see it all boils down to-- Let me break it down. We look at it. Okay, do you have an asset? Behind the scenes, is there an asset? Is that asset being transferred among parties? If you have an asset and it's being transferred, is there some central mechanism in between? Because if there is a central mechanism in between, that means you're going to be paying rent to that. Okay, all right. You have these things. Okay, great. Now you have your asset. Do you have that in between party? But in some of them, let's say you have money in your pocket. You walk, it falls down. Somebody else pick ups the money. It's his. It's a bearer asset, okay? So that's where bitcoin solved a very big problem. It was bearer asset. >> Unless they hack your wallet, then they take your money. >> Right. That happens in real life too, right? Somebody can take money from your wallet. So it can happen in bitcoin. They can hack your wallet. All right. So bitcoin was solving that problem. Now the second piece is a registered asset. And I mean by registered asset is take your car. You buy your car, you go to the DMV, stand in line, register. There's a record of data at the DMV in their central database. If somebody steals your car, the car is still not his. It's only if they can change the record over there in DMV. Then it becomes his. Now there maybe you do want the DMV to be there. Or maybe we can-- But the DMV being there, now you have a problem. They're going to charge you rent and they can decide, oh you know what? John, I'm not going to give him a license or a car in the state of California. They can decide, right? So that is where now you decide do you want to go the centralized route or the decentralized route? So we break it down to the asset. >> So there could be a fit for decentralized. I get that. >> Yeah. >> Let me ask you a tactical question, because I know a lot of entrepreneurs out there. They're watching and they'll hear this. A big strategic decision up front is, obviously, token selection. >> So it's pretty clear that security token works really well for funding and whatnot. Then there's a role for security tokens. I mean utility tokens. >> Yes. >> So do people, should they start from a risk management standpoint, a new company. So let's just say we had an existing business. Entrepreneur says, "Hey, you know what? We're doing well. We're doing 10 million dollars in revenue and I want to do tokenize 'cause we're a decentralized business. That's a perfect fit." Do they start a new company or do they just use the security token with their existing stable company? >> I would suggest, usually at that time, that's more of a legal question at that time. I don't know if I'm a lawyer to answer that. I tell them, you have a business. The business model is going well. If you're happy with it, let that be there. Make a new company. If your business model was not doing good, you might as well start from there because you figure out it's not working. But again, at that time, we tried to come up with this question. Are you trying to put the old wine in a new bottle kind of thing? If the wine is old, it ain't going to work. You have to get to that realization. So, here. >> People are being sued. So mainly the legal question is do I want to risk being. >> All right, let me hop in here. I wanted to ask, go back to something you said about censorship. I had this conversation with my kid the other day. I was explaining Google essentially censors your search results based on what they think you're going to click on. >> They do that. >> He's like no and then he thought about it and he's like okay, yeah they kind of do that. Okay, so that's an underpinning of we're going to take back the internet, right? >> Yeah. >> Okay, I just wanted to sort of clarify that. From an investment philosophy standpoint, you're technical, yet you don't exclusively vet or invest in infrastructure protocols and dig deep into what-- You read the white papers, but there are some folks out there hedge funds, et cetera. All they do is just invest in utility tokens. They're trying to invest in stuff that's going to be infrastructure for the next internet. Your philosophy is different. You're saying, we talked about this, we don't really know what's going to win, but we make prudent investments in areas that we think will win. We like to spread it around a little bit. Why that philosophy? May reduce your return, but it also reduces your risk. Maybe you could describe that a little bit. >> Sure. See, in general, picking winners in the long run has been-- It's a proved fact that nobody could pick winners. Like if you take active hedge fund managers. Active hedge fund managers, in the long run, if you take 10 to 20 years, they lag the S and P. So if you had money, if you give it to an active hedge fund manager, and so that you just had to buy the S and P, you will have beaten 93%. >> That's Buffet's advice. Buy an S and P 500. >> Buffet made a bet for a billion dollars or something where, you know. So take Warren Buffet for that matter, his fund is lagging too. In reality, all his stock investments are down. He put it in IBM at $200 after eight years, it's at the 143 or something, right? So realistically,-- There's a lot of luck element, okay. You can do all of the analysis and you could still end up buying Enron, Lehman, and Bear Stearns, right? >> Right, yeah. >> And at that time, see they were using some models that they knew 'til then. Most people, investment comes from, you have this background that you know, okay this is what I look at. Cash flow, discounted cash flow. Great. If that is there, price to earnings, I'm going to buy. But then an Amazon came, most of the traditional investors never invested in Amazon. They were like, it's a loss- making company. They never going to survive. But they forgot the fact that companies like that there's this network effect and once the people are there, at any point, Jeff Bezos can just turn off the switch and take off the discount. You're not going to change your shopping from Amazon at that point because this month I lost my 15%. We're so used to it so people missed that. Nowadays they see that, but when it came to Blockchain they're like, oh, no, no, this is a fad. That's what most people said. >> So we talked about discounted cashflow as a classic valuation method. I see guys trying to do DCF on these investments. I mean, we were joking about that. (laughs) How do you-- What's your reaction to that? >> If anybody's saying that if they come to me and I'm like you-- I don't know what Kool-Aid do you drink at that point because what cashflow are they discounting? There's no cashflow. It's not like you're going to get dividends from these tokens. There's no dividends. It's like can you find out how many people are going to use it. What is the network effect? And again, for that, a lot of people are coming with a lot of these matrices or matrix right now. But I think even that, they're trying to retrofit into it. They're like, oh I can use this matrix. But, really we don't know. >> So people tend to want metrics. Dave and I talk about this all the time. When people part with their money, they need to know what they're betting on. So the question is when you look at investments, when you spend cash, when you write checks, what is your valuation technique? Do you look for the l-- How do you play that long game? What's the criteria? Besides like the normal stuff like founders, disruptive, like you got to write the check, let's say. Okay, buying a token. It's got to be worth something in the future, obviously. >> So we look at that space, where invariably they are trying to disrupt. Is there a big market? And even if it's a niche market, okay? So we're doing an error chain token. It's a very niche market. It's just the pilot, the maintenance folks, and the charter people, or the plain charter guys. It's a very small market, but that's good enough. It's very niche. They can have an ecosystem between themselves rather than being incentivized to long game miles and stuff like that, right? It doesn't have to be a very big market. We just look at it, okay. Founder is good, he has an idea, it is a space that can be decentralized and people can come in and they feel that they're part of the ecosystem. See the whole thing with the token economy and a traditional economy like let's say I'm spending money to buy a stock. So I buy stock. As an investor, what do I want? I want maximum returns. The employee, he wants to get maximum pay. And the consumer who's buying the product, he wants to get it at the cheapest price. So there's a-- It start aligned, okay? The moment you give 'em the cheapest price, my profits go down. If I increase the employees' salary, my profits go down. So we are all three of us are totally misaligned. >> If I for an important point, do you favor certain asset classes, you know, token, security tokens, or utility tokens, or you looking for equity? I mean, maybe just ... >> Right now, we've moved away from the whole equity bonds, or any of those things. We are totally concentrated on the utility or security tokens. We don't mind if it's a security token or utility token. >> And if it's a security token, are you looking for dividends, are you looking for >> At that point it's some kind of dividend. >> So you're not expecting equity as part of that security token? >> No, I like to expect equity, but if they are saying okay my token, if people buy and if they pay me $10, and out of that you're going to get $1 back, okay that's fine. We don't mind that as long as it's legal and all those things we're fine because it just makes the process easier. Earlier you invest and you didn't know when you could get out of your investment. At this point, it's become so liquid, at any point of time within two or three months, the token is less to people are either buying and selling. We know, otherwise, earlier when we used to do Ren Chain investments, we would get into our product, have it it's time seven to 10 years to get out. And in the meanwhile, they say great stories. Oh we're doing great. Who do I check with that we are doing great? I'm not getting any dividends. Nobody's buying this from me. How do I know? Where am I? I really don't know. I can make these values up and on my Excel sheet and say okay we valuing this company at a billion. >> So your technique is to say okay look at the equity plays the long game. You need an exit on liquidity, either M and A or IPO. >> Yes. >> Now you have a new liquidity market, so you play the game differently. I won't say spray and pray, but you have multiple bets going on so you can monitor liquidity opportunity. So that's a new calculation. >> And it's a great calculation, also. Because see we're in the market and now we know at any point of time, we don't have things on our books that are like we don't know what the value is. We know what that price is because the market is there, the exchange is there. What other people are willing to pay for us doesn't surprise. It's like saying my house is worth a million dollars. Actually it might be worth to me. It depends on what people are willing to pay me. >> Right exactly. >> If I have to synthesize this, you're taking high frequency trading techniques with classic venture investing, handling token from those two perspectives. >> Yes. >> High frequency trading meaning I'm looking at volatility and then option to abandon and get rid of whatever or whatever. >> The only thing is, we're not exiting our positions. We are in the long game. We believe the score market is supposed to at least reach eight trillion. When we started this whole investing, at that time, the whole market was at six billion and we said okay this market, based on our thesis, is supposed to reach eight trillion. Until then, we keep buying, okay? >> But to your HFT, you're not really arbitraging. >> No, no, we're not doing any of those. Because see >> They're applying real time techniques to token evaluations so they're game is try to get into a winner. >> Yes. >> With some tokens. >> A lot of the funds, they're doing this arbitrage more. They're trying to do arbitrage. But the problem is they're missing the big picture that way. So, arbitrage works in a very tight market. So S and P, let's say, somebody's doing 5% return on S and P. The guy with a arbitrage is coming and saying I made five point three, 5.5% or 6%. That's great in the equity world. Now, I want returns last year are 10 x or 30 x or 50 x. And somebody comes and tells me I made an extra 0.2%, doesn't really matter to me. I'm like instead of wasting that time doing arbitrage and paying taxes, I might just hold it. >> You believe in the fundamentals. >> You guys are in New York. Obviously, Arcadia Crypto Ventures, that's how they get ahold of you guys. Final question for you to end the segment. As new real pros come in, and let's take New York as a since you're in New York. The New York crowd comes in or the Silken Valley comes crowd existing market players other markets come in here. How important is optics packaging and compatibility with the sector, meaning I just can't throw my weight around on the hedge fund scene. We do it this way, I got money. Because people here have money. So what's the dynamic of pros coming in, we're seeing institutional folks come in, we're seeing real pros come in. They've never been to Burning Man. So, you know, they get that Burning Man culture exists, but this is not a Burning Man industry. >> Right, right. >> Business doesn't run like Burning Man. Maybe it should, that's a debate we'll have. Your take. >> So the new funds that are coming in, so they have a fear that they have missed out. They are missing the picture that this is just the beginning. So they've seen that this industry has gone from six billion to 500 billion in a year or year and a half. They're like, oh my god, I missed it. >> It's got to be over. >> So I have to write these big checks to get this. We don't write big checks. We write much smaller checks because we believe that if a founder is raising money, he has to raise it through small checks from everybody. That means all those people are really interested in this. And they're all of them really want the token to go up. Whether it's the investor, the user, and the employee who is working there because all of them they're interests are aligned. The moment you give a big check, so let's say you could raise 10 million from 10,000 people or you could raise it from one person. So when the big check is there, let's say I go to raise my money. There's this fund who's missed it and he says here's 10 million dollars. Okay, now I've got me and the fund and my tokens. Nobody else knows about my tokens. My tokens are as good as valueless. Now the funders looking okay, I need to exit. Nobody knows about my tokens. The fund is the only guy who has my tokens, he's trying to exit. Obviously the market is going to crash. There's no market. And he's like why did I get into this. So he missed that point that you need people around you. It's not just you alone. See, earlier days when ... >> This is your point about understanding how token economics works. >> Yes. >> So having more people in actually creates a game mechanic for trading. >> Because then you know that you're not the only guy interested in this. And earlier venture capital space there were these bunch of few venture capitals who wanted to capture that whole thing and tried to sell it to the next guy. Here, I'm what I'm saying is, we all have to come in together. We all can be together at the same price, which is good because the small person has, the common man has a chance to be a VC right now. Earlier you could never be a VC. I could only see Google, after IPO. I could never get it at what KPCB or Sequoia got it at. I had to wait 'til they got through CDA, CDB, which they bought at five cents. I would get at about $40 maybe. In this case, the big fund has a lot more money than me, but I can have my small 5,000 or 10,000. I can invest in the ICO. >> If you picked the right spot and you were there at the right place, the right time. 'Cause you are seeing guys come in and try to buy up all the tokens early on. >> They're trying to do that. They don't get it, but they will understand. So it is a learning (mumbles). Even they will evolve. They're like okay this is not how it works. And you have to make mistakes. >> Sorry, got to ask you one final, final since you brought it up. More people the better. So we're hearing rumors inside the hallways here that big wales are buying full allocations and then sharing them with all their friends. >> Possible, it is possible. >> We see some of that behavior. Dave calls it steel on steel, you know. Groups, you know. I'm going to take this whole deal down. We see that in venture capital. Used to be syndicates. Now you seeing Andreessen Horowitz doing the whole deals. That kind of creates some alienation, my opinion, but what's your take on that? I'm a big wale. I'm taking down the whole allocation. >> It's okay. Some of those things are going to happen, okay. It is fine. The only problem is usually when that happens the big wale who takes it he will realize very quickly. >> He's got to get more people. >> He needs more people otherwise he might be able to exit to his five buddies who were always taking it from him. Now those guys, they also have to exit at some point. Nobody knows about the product. Might as well just take a small piece, even the founders in this case typically in a token model. Founders who've taken 20% or 10% have done better than founders who took 60% of the whole tokens. >> Right. Nithin, great to have you on. Love your business model. Arcadia Crypto Ventures. They got real pros, they got a wale, they got people who know what they're doing, and they're active. They understand the ethos. I think you guys are well-aligned and you're not trying to come in and saying this is how we did it in New York before. You get the culture. You're aligned and you're making investments. Great perspective. Thanks for sharing. >> Thank you so much. >> This is the Cube, bringing the investor perspective live here in the Bahamas. More exclusive Cube coverage. Token economics, huge opportunity for entrepreneurs and investors to create value and capture it. That's Blockchain, that's crypto, that's token economics. I'm John with Dave Vallante. We'll be back with more coverage after this short break. (futuristic digital music)

>> Announcer: Live from Washington, D.C., it's theCUBE, covering .conf2017. Brought to you by Splunk. >> Welcome back. Here on theCUBE, we continue our coverage of .conf2017, Splunk's get together here with some 7,000 plus attendees, 65 countries, we're right on the showfloor. A lot of buzz happening down here and it's all good. Along with Dave Vellante, I'm John Walls. We are live, as I said, in our nation's capital, and we're joined by a guest who represents her organization that is a member of the Splunk4Good program. We're going to explain that in just a little bit, but Sherrie Caltagirone is the founder and executive director of the Global Emancipation Network, and Sherry, thanks for being with us. We appreciate your time. >> Thanks so much for having me on, John. >> So your organization has to do with countering and combating global trafficking, human trafficking. >> That's right. >> We think about sex trafficking, labor trafficking, but you're a participant in the Splunk4Good program, which is their ten year pledge to support organizations such as yours to the tune of up to $100 million over that ten years to all kinds of organizations. So first off, let's just talk about that process, how you got involved, and then we want to get into how you're actually using this data that you're mining right now for your work. So first off, how'd you get involved with Splunk? >> Absolutely. It was really organic in that it's a really small community. There are a lot of people in the tech space who I found really want to use their skills for good, and they're very happy to make connections between people. We had a mutual friend actually introduce me to Monzy Merza, who's the head of security here at Splunk, and he said, "I'm really passionate about trafficking, I want to help "fight trafficking, let me connect you with Corey Marshall "at Splunk4Good." The rest is really history, and I have to tell you, yes, they have pledged up to $100 million to help, and in products and services, but what's more is they really individually care about our projects and that they are helping me build things, I call them up all the time and say, "Hey let's brainstorm an idea, "let's solve a problem, "let's figure out how we can do this together, and they really are, they're part of my family. They're part of GEN and Global Emancipation Network. >> That's outstanding. The size of the problem struck me today at the keynote when we talked about, first off, the various forms of trafficking that are going on; you said up to two dozen different subsets of trafficking, and then the size and the scale of 25 to 40-some million people around the globe are suffering. >> Yeah. >> Because of trafficking conditions. That puts it all in a really different perspective. >> You're right. Those weren't even numbers that we can really fathom what that means, can we? We don't know what 20 million looks like, and you're right, there's such a wide discrepancy between the numbers. 20 million, 46 million, maybe somewhere in between, and that is exactly part of the problem that we have is that there is no reliable data. Everyone silos their individual parts of the data that they have for trafficking, all the the different stakeholders. That's government, NGOs, law enforcement, academia, it's all kinds. It runs the gamut, really, and so it's really difficult to figure out exactly what the truth is. There's no reliable, repeatable way to count trafficking, so right now it's mostly anecdotal. It's NGOs reporting up to governments that say, "We've impacted this many victims," or, "We've encountered so-and-so who said that the "trafficking ring that they escaped from had 20 other people "in it," things like that, so it's really just an estimate, and it's the best that we have right now, but with a datalet approach, hopefully we'll get closer to a real accurate number. >> So talk more about the problem and the root of the problem, how it's manifesting itself, and we'll get into sort of what we can do about it. >> Yeah. It's really interesting in that a lot of the things that cause poverty are the same things that cause trafficking. It really is, you know, people become very vulnerable if they don't have a solid source of income or employment, things like that, so they are more willing to do whatever's necessary in order to do that, so it's easy to be lured into a situation where you can be exploited, for example, the refugee crisis right now that's happening across Europe and the Middle East is a major player for trafficking. It's a situation completely ripe for this, so people who are refugees who perhaps are willing to be smuggled out of the country, illegally, of course, but then at that point they are in the mercy and the hands of the people who smuggled them and it's very easy for them to become trafficked. Things like poverty, other ways that you're marginalized, the LGBTQ community is particularly vulnerable, homeless population, a lot of the same issues that you see in other problems come up, creates a situation of vulnerability to be exploited, and that's all trafficking really is: the exploitation of one individual through force, coercion, fraud, position of authority, to benefit another person. >> These individuals are essentially what, enslaved? >> Yeah. It's modern day slavery. There's lots of different forms, as you mentioned. There's labor trafficking, and that's several different forms; it can be that you're in a brick factory, or maybe you're forced into a fishing boat for years and years. Usually they take away your passport if you are from another country. There's usually some threats. They know where your family lives. If you go tell anyone or you run away, they're going to kill your family, those sorts of things. It is, it's modern day slavery, but on a much, much bigger scale, so it's no longer legal, but it still happens. >> How does data help solve the problem? You, as an executive director, what kind of data, when you set the North Star for the organization from a data perspective, what did that look like, and how is it coming into play? >> Well, one of the benefits that we have as an organization that's countering trafficking is that we are able to turn the tables on traffickers. They are using the internet in much the way that other private enterprises are. They know that that's how they move their product, which in this case is sadly human beings. They advertise for victims online. They recruit people online. They're using social media apps and things like Facebook and Kick and Whatsapp and whatnot. Then they are advertising openly for the people that they have recruited into trafficking, and then they are trying to sell their services, so for example, everyone knows about Backpage. There's hundreds of websites like that. It runs the gamut. They're recruiting people through false job advertisements, so we find where those sites are through lots of human intelligence and we're talking to lots of people all the time, and we gather those, and we try to look for patterns to identify who are the victims, who are the traffickers, what can we do about it? The data, to get back to your original question, is really what is going to inform policy to have a real change. >> So you can, in terms of I guess the forensics that you're doing, or whatever you're doing with that data, you're looking at not only the websites, but also the communications that are being spawned by those sites and looking to where those networks are branching off to? >> Yeah. That's one of the things that we really like to try to do. Instead of getting a low-level person, we like to try to build up an entire network so we can take down an entire ring instead of just the low fish. We do, we extract all the data from the website that we can to pull out names, email addresses, physical addresses, phone numbers, things like that, and then begin to make correlations; where else have we seen those phone numbers and those addresses on these other websites that we're collecting from, or did this person make a mistake, which we love to exploit mistakes with traffickers, and are they using the same user handle on their personal Flickr page, so then we can begin to get an attribution. >> John: That happens? >> Absolutely. >> It does, yeah. >> Sherrie: Without giving away all my secrets, exactly. >> Yeah, I don't to, don't give away the store, here. How much, then, are you looking internationally as opposed to domestically, then? >> We collect right now from 22 different countries, I think 77 individual cities, so a lot of these websites are usually very jurisdictionally specific, so, you know, like Craigslist; you go into Washington state and click on Seattle, something like that. We harvest from the main trafficking points that we can. We're collecting in six different languages right now. A lot of the data that we have right now is from the U.S. because that's the easier way to start is the low-hanging fish. >> What does your partner ecosystem look like? It comprises law enforcement, local agencies, federal agencies, presumably, NGOs. Will you describe that? >> Yeah. We do, we partner with attorneys general, we partner with law enforcement, those are the sort of operational partners we look for when we have built out intelligence. Who do we give it to now, because data is useless unless we do something with it, right? So we we build out these target packages and intelligence and give it to people who can do something with it, so those are really easy people to do something with. >> How hard is that, because you've got different jurisdictions and different policies, and it's got to be like herding cats to get guys working with you. >> It is, and it's actually something that they're begging for, and so, it's a good tool that they can use to deconflict with each other, 'cause they are running different trafficking-related operations all the time, and jurisdictions, they overlap in many cases, especially when you're talking about moving people, and they're going from one state to another state, so you have several jurisdictions and you need to deconflict your programs. >> Okay, so they're very receptive to you guys coming to them with they data. >> They are; they really want help, and they're strapped for resources. These are for the most part, not technically savvy people, and this is one of the good things about our nonprofit is that it is a staff of people who are very tech-savvy and who are very patient in explaining it and making it easy and usable and consumable by our customers. >> So if I'm an NGO out there, I'm a non-profit out there, and I'm very interested in having this kind of service, what would you say to them about what they can pursue, what kind of relationship you have with Splunk and the value they're providing, and what your experience has been so far. >> It's been wonderful. I've been over at the Splunk4Good booth all day helping out and it's been wonderful to see not only just the non-profits who have come up and said, "Hey, I run a church, "I'm trying to start a homeless shelter for drug-addicted "individuals, how can you help me," and it's wonderful when you start to see the light bulbs go off between the non-profit sector and the tech sector, between the philanthropic organizations like Splunk4Good, the non-profits, and then, we can't forget the third major important part here, which is, those are the tech volunteers, these are the people who are here at the conference and who are Splunk employees and whatnot and teaching them that they can use their skills for good in the non-profit sector. >> Has cryptocurrency, where people can conduct anonymous transactions, made your job a lot more difficult? >> No, it hasn't, and there's been a lot of research that has gone into block chain analysis, so for example, Backpage, all the adds are purchased with Bitcoin, and so there's been a wonderful amount of research then, trying to time the post to when the Bitcoin was purchased, and when the transactions happen, so they've done that, and it's really successful. There are a couple of other companies who do just that, like Chainalysis, that we partner with. >> You can use data to deanonymize? >> That's correct. It's not as anonymous as people think it is. >> Love it. >> Yeah, exactly. We love to exploit those little things like that. A lot of the websites, they put their wallets out there, and then we use that. >> Dave: You're like reverse hackers. >> That's right. It's interesting that you say that, because a lot of our volunteers actually are, they're hacker hunters. They're threat and intel analysts and whatnot, and so, they've learned that they can apply the exact same methods and techniques into our field, so it's brilliant to see the ways in which they do that. >> Dave: That's a judo move on the bad guys. >> Exactly. How long does this go on for you? Is this a year-to-year that you renew, or is it a multi-year commitment, how does that work? >> It's a year-to-year that we renew our pledge, but they're in it for the long haul with us, so they know that they're not getting rid of me and nor do they want me to, which is wonderful. It's so good, because they help, they sit at the table with me, always brainstorming, so it's year-to-year technically, but I know that we're in it together for the long haul. >> How about fundraising? A big part of your job is, you know. >> Of course it is. >> Fundraising. You spend a lot of time there. Maybe talk about that a little bit. >> Yeah, absolutely. Some of our goals right now, for example, is we're really looking to hire a full-time developer, we want a full-time intelligence analyst, so we're always looking to raise donations, so you could donate on our website. >> John: Which is? >> Which is globalemancipation.ngo. Globalemancipation.ngo. We're also always looking for people who are willing to help donate their time and their skills and whatnot. We have a couple of fundraising goals right now. We're always looking for that. We receive a lot of product donations from companies all over the world, mostly from the tech sector. We're really blessed in that we aren't spending a lot of money on that, but we do need to hire a couple of people so that's our next big goal. >> I should have asked you this off the top. Among your titles, executive director and founder, what was the founder part? What motivated you to get involved in this, because it's, I mean, there are a lot of opportunities to do non-profit work, but this one found you, or you found it. >> That's right. It's a happy circumstance. I've always done anti-human trafficking, since my college days, actually. I started volunteering, or I started to intern at the Protection Project at Johns Hopkins University, which was a legislative-based program, so it was really fantastic, traveling the world, helping countries draft legislation on trafficking, but I really wanted to get closer and begin to measure my impact, so that's when I started thinking about data anyways, to be able to put our thumb, is what we're doing. Working. How are we going to be able to measure success and what does that look like? Then I started volunteering for a rescue operations organization; the sort of knock down the doors, go rescue people group, and so, I really liked having the closer impact and being able to feel like hey, I can do something about this problem that I know is terrible and that's why it spread. A lot of the people I worked with, including my husband, come from the cyberthreat intelligence world, so I feel like those ideas and values have been steeped in me, slowly and surely, over the last decade, so that just ages myself a little bit maybe, but yes, so those ideas have been percolating over time, so it just kind of happened that way. >> Well, you want to feel young, hang around with us. (laughing) I should speak for myself, John, I'm sorry. >> No, no, you're right on, believe me. I was nodding my head right there with you. >> Can you comment on the media coverage? Is it adequate in your view? Does there need to be more? >> On trafficking itself? You know, it's really good that it's starting to come into the forefront a lot more. I'm hearing about it. Five years ago, most of the time, if I told people that there are still people in slavery, it didn't end with the Civil War, they would stand at me slackjawed. There have been a few big media pushes. There's been some films, like Taken, Liam Neeson's film, so that's always the image I use, and that's just one type of trafficking, but I'm hearing more and more. Ashton Kutcher runs a foundation called Thorn that's really fantastic and they do a similar mission to what I do. He has been able to raise the spotlight a lot. Currently there's a debate on the floor of the Senate right now, too, talking about section 230 of the CDA, which is sort of centered around the Backpage debate anyway. Where do we draw the line between the freedom of speech on the internet, with ESPs in particular, but being able to still catch bad guys exactly. The Backpage sort of founder idea. It's really hot and present in the news right now. I would love to see the media start to ask questions, drill down into the data, to be able to ask and answer those real questions, so we're hoping that Global Emancipation Network will do that for the media and for policy makers around the world. >> Well it is extraordinary work being done by an extraordinary person. It's a privilege to have you on with us, here on theCUBE. We thank you, not only for the time, but for the work you're doing, and good luck with that. >> Thank you very much for having me on. I really appreciate it. >> You bet. That's the Global Emancipation Network. Globalemancipation.ngo right? Fundraising, always helpful. Back with more here on theCUBE in Washington D.C., right after this. (electronic beats)