 Hello, and welcome to today's session of the 2021 AWS Global Public Sector Partner Awards. I'm your host, Natalie Erlich, and today we'll highlight the best cybersecurity solution. I'm very pleased to welcome our next guests. They are Tina Thorstensen, Executive Public Sector Strategist at CrowdStrike, and Jennifer Dvorak, Information Security Architect for the State of Arizona. Thank you so much for being with me today. Thanks for having us. Yeah, thank you. Perfect. Well, you know, obviously a really wild year with COVID and it certainly pushed a lot of boundaries. Cybersecurity resiliency, also a hot topic as ransomware really spiked up. How have you addressed this concern and really accelerated this push with COVID-19 in the backdrop? I'd love it if either one of you would just like to jump in here. Well, CrowdStrike was one of our initiatives for 2020, and it was significantly increased, the accelerated due to COVID. So we had to roll out in a matter of weeks when we had a matter of months previously, and it really provided us the visibility that we needed for folks taking their computers home. We had no way of triaging any of our incidents when the computers were at home. So rolling out CrowdStrike as quickly as possible, it gave us remote access, it gave us visibility, and that was huge for our organization. Tina, if you could weigh in this as well, that would be terrific. Sure, absolutely. And Jen with the State of Arizona is one of our primary customers, but across the board with the 2021 Global Threat Report that we issue each year, what we saw there is a four-fold increase in the number of intrusions. So to your point about the threat activity, and it's not getting better. So what CrowdStrike is on a mission to do is stop breaches and protect organizations against these bad actors so that we minimize disruptions. It's really been tremendous to see and you would build an ecosystem from a platform approach that started with visibility on the endpoint that Jen was just alluding to. And Jennifer, I'd love to get your insight how the public sector and the private sector can work better in tandem with each other in order to protect customers and also communities against ransomware attacks and other kind of cybersecurity threats that we've seen coming from Russia, for instance. Certainly. So our state's the so Tim Romer, he has definitely encouraged us to make partners with our private sector vendors. So that's one of his strategic initiatives. And we really want partners in the private sector. We want folks that are going to come alongside us and help us with our security goals. And CrowdStrike has been one of those vendors. We don't want to just spend money and then the vendor run away. We want somebody that's going to be with us every step of the way. We've had some incidents this past year. And CrowdStrike was the first team to alert us because it was a different agency or a different part of our organization that we don't typically work with a lot. And that was really helpful because we were able to act quickly and address the issues that arose. So just having somebody that's looking out for your best interests and and and being a true partner is what we're really looking for. And that's the only way that we can circumvent these ransomware attacks. And Tina, I'd love it if you'd weigh in as well. How do you see your role in this effort to protect the public evolving now in 2021? So I love that question. And especially with the role of my role, brand new in COVID, interestingly enough, to create this bi-directional executive alignment with our customers and our internal teams. And overall at CrowdStrike, our goal, as I said, is to stop breaches. And it's really to bring, to minimize the frustration that comes sometimes with rolling out security tools. I've been at this a long time. And and, you know, tools like CrowdStrike are really game changers for for security teams that are really about protecting organizations. And essentially what we do is, you know, we brought a single platform where when it when that when our software is deployed to an organization across their laptops, desktops, server and cloud infrastructure, we were born in the cloud kind of before it was cool. And now we serve more than 11,000 customers and that threat activity goes to a single AWS instance where we where we look across all of the threat activity. And then when we see activity in one area, we can protect all of our customers. That's that's the power of the cloud. Terrific. And I'd love Jennifer's insights here too. What steps are you taking now to keep the public protected and the state cyber ready? And I like Tina's point about being born in the cloud. So State of Arizona is a cloud first state. We are also looking for solutions in the cloud. And I think by leveraging cloud solutions, we're able to be more nimble. We're able to pivot our approach to security and address anything that comes up more quickly. So being cloud first, even though it's it wasn't embraced initially, I think that it's something that we've been driving towards and looking for more partners that support that cloud first initiative that we have. And Tina, what's top of mind? What are some of the key initiatives that your team and teams are going to be focused on in the years ahead? What's the next phase for cybersecurity? Great question. And we've talked quite a bit about the endpoint, but where we're headed and really where we've invested heavily the last couple of years and will continue moving forward is now that we have we've brought this game changing visibility to security teams on the endpoint of each one of the systems in their environment where we've expanded the platform to now include cloud services, like I mentioned, now include indicators of misconfigurations, which are so detrimental to teams working in a hybrid cloud environment. And then we've also moved into the identity protection space and essentially what we're doing there is the same thing we've been doing to protect workloads coming from desktops and laptops across the country and around the world and moved to a model where we're also in a zero trust principles way looking for threat activity coming in through identities, through people logging into these systems and doing the same real time continuous monitoring and taking proactive action to protect organizations where we see malicious activity. Terrific. Well, in light of COVID-19, we saw a big spike in ransomware and I'd love to hear specifically from Tina, why do we need trusted partners rather than software vendors in this fight? It's so important to get out in front of all of adversaries and most recently we've seen huge growth in the e-crime actors that are taking advantage of the tools that are unfortunately in the market today, sometimes even free that allow them to hold organizations hostage. And the reason it's so important to partner with organizations and companies like Crowdstrike is that we've been thinking ahead and we aren't designed in a way to stop an individual breach or adversary attack from occurring, but we've been watching how their adversary works and now we can see their activity very early on before they have a chance to gain a foothold in an organization's server or laptop or even a phone or tablet. And really what we're doing is we're providing protection so that it doesn't even need to move to an analyst to do further review. We just stop it right at the gate before it causes harm. And the reason that this is so important probably is obvious, but we're about making sure that their organizations like the state of Arizona can continue on their business and without these kinds of disruptions. So we haven't designed against one particular adversary, but we've really designed an approach that works across them all because we've been watching so closely how they move through environments for years and we use the power of artificial intelligence delivered from the cloud to protect against all things, including ransomware. Right. It's really an evolving process. You constantly have to be vigilant for the next threat. Now I'd love to hear how you see things change with your tech partners and providers at the moment. So from a cross track perspective, we aim to be absolutely the best in class for the products and services that we provide, whether that's your products that you can purchase, like our endpoint solutions or whether that's services like our 24 seven threat hunting teams or Falcon complete teams that basically serve as an extension of an organization's team. But it's absolutely critical that we move this direction and not try to be the best at everything and instead partner. So we have extensive partnerships with Zscaler and Proofpoint and so many others. Okta, the list goes on and on and on with now hundreds. And we also have a crowdstrike store. So once you're a customer, we've reduced the friction to taking on and trying out new modules either from us or new options that maybe you haven't considered before from our trusted partners, much like the AWS marketplace. We've got the crowdstrike store and it's a growing set of partnerships where we build those integrations. So, you know, my prior life, I was the CISO for Arizona State University most recently and we spent an awful lot of time integrating these solutions in a cross strike. We're about building those integrations so that the teams within the organizations can get on to doing innovative things within their space rather than having to spend all their time tying these technologies together. Yeah, now shifting to Jennifer late last year, we learned that suspected Russian hackers broke into U.S. government agencies, including a county in Arizona. So what measures has the state of Arizona put in place now to ensure that something like that won't happen again or that at least the state is very vigilant and ready to protect citizens and the government against these threats? We're definitely partnering with products like or vendors like Crowdstrike. That's what we're looking to extend those partnerships and not only that, we're developing our information sharing program across state, local, and territorial governments. So we're looking to partner with the cities, the counties. Cybersecurity is a team sport. Cybersecurity is, it takes everyone, it takes the whole state working together and that's one of the things that we've been trying to build. So working in conjunction with the state fusion center, the Arizona Counterterrorism Information Center, we've been working to do more indicators of compromise sharing any intelligence that we've been gathering from these counties that maybe did have an incident or breach. We want to make sure that the information is disseminated to everyone so that we can be stronger and protect against it. Additionally, we're always looking for grants that we can extend so that we're able to extend our products that we use to some of the smaller cities and towns and counties so that they can leverage some of the same technologies like Crowdstrike in their environments at a fraction of the cost or paid for by a grant. Terrific. Well, Tina, how does your experience as a Crowdstrike customer now come into play in your current role? Well, how's it come into play? Well, I think that it makes it really easy for me to be a liaison internally and help internal teams understand what it's like to sit as a CISO or as a CIO or deputy CIO and understand the kinds of challenges that these teams are, these leaders of these teams are facing as they're moving forward with their innovation agenda while making sure to make sure that they're gaining those operational efficiencies that are so important today and wowing their customers all the while. So I think really what I bring to it is that level of experience to make sure that the voices of our customers are heard internally and that we continue to build products and services that make sense for the needs of our customers. Additional capabilities like, you know, we just released Falcon X recon is an example of one of our newer capabilities where we're basically looking at deep and dark web activity and bringing that together in the single platform single event console that we've leveraged for years now and in highlighting that activity, many, in many cases, pre-breach. So before you'd ever see it hit your in an organization's operational environment, we would detect it through that service. So I think it's all those things combined. Terrific. Well, you know, CrowdStrike won a number of key accolades this year and I was curious, Tina, what you attribute to this huge success? Well, you know, I have to tell you that, you know, I've been in the security space for far too long and what I can say is that until CrowdStrike came along, there wasn't a solution, a security solution that we could get software running on an endpoint that wasn't just frustrating across the board. There were conflicts with other software running or the software would work great for one platform, but it wouldn't work for the other. So we really have this new approach and I think that that's what's made us, in fact, I'm sure it's certainly what made me a wildly happy customer, is that staff, faculty, employees, if we hadn't told them the software was being rolled out, they wouldn't have even noticed. It doesn't impact the machines and it's really provided this amazing experience and bringing all that with 150 different adversary groups that we track and we take that on for the customers and just bring visibility for the immediate things they need to take action on. I think those are all the things that got us to this point in building out this platform is going to be really amazing to see in the years to come as we expand across other areas within the security space, either developing our own or really driving partnerships to make it easier for our customers. Yeah, terrific. Well, I pulled up this stat here for us to examine because I think it's really important for our viewers to understand just how important cybersecurity is and how it's going to be even more important for customers and the private citizens and public citizens. According to cybersecurity ventures, cybercrime costs will grow by 15% per year, reaching 10.5 trillion by 2025. That's just in about four years and not only that, cybercrime will become the third largest economy in the world after the United States and China. It's really terrific that you're stepping up. Just if you could both, perhaps Jennifer can go first and then Tina, what are the key lessons that you have for even the federal government to take a more proactive stance against these threats? Well, I think it's clear that this is a very lucrative venture, business venture. It's treated like a business venture by these criminal actors and they have a formula and it works. So I don't see that it's going to be changing anytime soon. And it's also not something that is highly sophisticated, highly technical. It's very easy. It's very much fishing. Users clicking on emails and vulnerabilities in environments. It's really a very easy formula that they continue to repeat. So I think until the federal government has more ways to recoup some of these ransomware payments or we're able to stop some of these ransomware as a service products from being used, I think it's going to continue. So we're defenders, so we need to make sure that we're ready for anything that comes and using products that keep us safe is really the best way and training our users. Terrific and Tina. Thank you. So we are so passionate about making sure that our customers can sleep better at night. When it comes down to tips, it really comes back to the basics in many regards, but the basics are sometimes really hard to do. So they sound simple, but they aren't so easy to do. And it's basics like making sure your systems are patched. Every organization has just a growing number of devices and pieces of software and infrastructure, and all of those things need to be patched nearly immediately to stay out in front of today's adversaries. And Jen's right, some are sophisticated, some are not. But the reality is, if we leave those windows open, we will have adversaries walk into our house, if you will. So the basics like that, also making sure that you have great backups. So if you do run into an instance of ransomware where your systems are locked, that you have the ability to recover quickly, being proactive and making sure that you have the partnership arrangement ahead of time is a third really important thing to do. Many, many organizations now have IR retainers, the incident response retainers that you can use proactively in years where you don't find yourself on your heels in a reactive situation. But then it's there when you need it. Sometimes it's hard to find great services when there are the flood of ransomware attacks like we've seen in recent months. And then lastly, and I should have started with this, because it's the most important part, train your people. It's so important to make sure that security is just a culture, a part of the culture, just like you lock your car and you lock your house, making sure that you're thinking about those things that will help keep you safe and your organization safe. Really excellent points. Thank you both so much for your insights. That was Tina Thorstensen, executive public sector strategist at CrowdStrike, as well as Jennifer Dvorak, information security architect for the state of Arizona. Again, really appreciate your insights. This was a fantastic conversation with you. And that's all for the 2021 AWS Global Public Sector Partner Awards, or this session of that. I'm your host, Natalie Erlich, and see you very soon.