 Live from Washington D.C., it's theCUBE. Covering.conf 2017, brought to you by Splunk. Welcome back here on theCUBE. Continuing our coverage of .conf 2017. Splunk's big get-together in your nation's capital. We are live here at the Walter Washington Convention Center in Washington D.C., along with Dave Vellante. I'm John Walls, joined now by a couple of CUBE alums. Actually, you guys were here about a year ago. Yeah, Robert Herjavek from the Herjavek Group. Of course, you all know him from Shark Tank fame and Atif Gawri, who is the VP of Customer Service Success at the Herjavek Group. I love that title, Atif. We're going to get into that in just a little bit. Welcome. Thank you, we're seeing you all, yeah. We're not CUBE groupies, we're more like CUBE groupies. Alums. Alums. Alums, oh, yeah, yeah. I mean, you're part of the promo reel. Yeah, Robert, you just saw it. We love it here. We get free mugs with the beautiful supplies. This doesn't happen all the time, does it? Yes. No, no, I get those. Yeah, you can't have it here. Dave, I'll share, I'll share. So again, for folks at home, what brings you here? What's the focus here for the Herjavek Group in terms of what you're seeing here in the Splunk community and I assume it's very security-driven? Yeah, well, we've been part of the Splunk community for many years, going on, gosh, eight, nine years. We're Splunkers and we use Splunk as our core technology to provide our managed service and we manage a lot of customer environments with Splunk and we've been really at the forefront of Splunk as a SIM technology for a long time. And then, Atif, excuse me, Dave, just the title, VP of Customer Service Success. I mean, what's under that umbrella? Yeah, it's actually pretty simple and straightforward, given especially what Splunk's aligned the same way. Customer success is king, right? If our customers are successful, then how are we going to be successful? So what we're trying to do there is putting the customer first and helping growing accounts, growing our services, starting with our customers that we have today. It was actually Doug Merritts. I have to give him full credit. It was him and I were on a flight and I said to him, what's really critical to you? Growing revenue, efficiency, innovation, and he said, number one for us is customer success. And so we're very happy to steal other people's ideas if they're better. So security's changing so fast. You mentioned SIM. Splunk's narrative is that things are shifting from a traditional SIM world to one of an analytic-driven remediation world. I wonder if you could talk about what you're seeing in the customer base. Are people actually shifting their spending and how fast and where do you see it all going? Yeah, so the days of chasing IOCs is a dead end. Because that's just a nonstop effort. What's really happening now is technique detection. So defining, looking at how hackers are doing their trade craft and then pattering that. And so Splunk has ideas on it, other vendors have ideas on how to go about trying to detect pattern recognitions of attack a trade craft. And so what that's really what's driving what's next when it comes to security automation, security detection for our customers today. You know, we always tell people, and it's dead on, but the challenge is people want to buy the sexy, exciting thing. And what I always try to say to customers is you're a dad and you have three kids and you have a minivan. You don't really want to own a minivan. You want a really nice Ferrari or Corvette. But at the end of the day you have three kids and you got to get to the store. And in the security world it's a little bit like that. People talk about artificial intelligence and better threat metrics and analytics. But the core foundational basis still is logs. You have to manage your log infrastructure. And the beauty of Splunk is it does it better than anyone and gives you an upstream effect to be able to do the analytics and all those other things. But you still got to do the foundation. You still got to get three kids into the minivan and bring back groceries. So there's a lot of focus, obviously security's become a board level topic. You hear that all the time. You used to not hear it all the time. You used to be an IT problem. So as a... Absolutely, the only way I could get a meeting with a CEO or a CIO was because I was on Shark Tank. But as a security guy, I would never meet with executives. Oh yeah, I spend 80% of my time meeting with CEO, not just CIOs, but CEOs and boards and that kind of stuff. Absolutely. How should the CIO be communicating to the board about security? How often? What should be the narrative transparency? I wonder if you could give us your thoughts on that. It's a great question. There's a new financial regulation that's coming out where CIOs and CIOs actually have to sign off on financial statements related to cybersecurity. And there's a clause in there that says if they knowingly are negligent, it carries criminal charges. So the regulations coming into cybersecurity are very similar to what we're seeing in Sarbanes-Oxley. Like if a CEO signs an audit statement that he suspects might have some level of negligence to it. And I'm not talking about outright criminal fraud, but just some level of negligence, it carries a criminal offense. If you look at the latest Equifax breach, a lot of the media around it was that there should be criminal charges around it. And so the, as soon as you use words like criminal, compliance, audit, CEOs, executives really care. And so the message from the CIO has to be we're doing everything in our power based on industry standards to be as secure as we can. Number one. And number two, we have the systems in place that if we are breached, we can detect it as quickly as possible. So I was watching CNBC the other day and what you don't want to see as a board member, every board member's picture from Equifax was up there with the term. Really? Is that true? Yeah, yeah, yeah. See, but isn't that different? Like you never, like if we think back on all the big breaches, Target and Sony, they were all seminal in their own way. Target was seminal because the CEO got fired. And that was the first time it happened. I think we're going to remember Equifax. I didn't know that about the board, but that- For 30 seconds it was up there. I had the sound off. Still, you don't want to be a board member. Oh my God, it's the last thing. I mean, I hate to say it, but it's got to be great for your business. First of all, it's another reason not to be a public company. There's one more hurdle, but if you are, they need help. They absolutely need help. And you know, one point I don't want to lose is that what we're seeing with CISOs, Chief Information Security Officers, is that that role is transcending. That role is actually reporting directly into CEOs now, directly into CFOs now, away from the CIO, because there's some organizational dynamics that keep the CISO from telling what's really going on. You know, Fox and Henhouse dynamic, right? So you want to separate those roles. And you're seeing that more often. I mean, what percent of the CISOs and CIOs are separate in your experience? It's organizations that have a mature security program that have evolved where it's really a risk-based decision, and then the security function becomes more like risk management, right? Just what they've been doing for decades, right? But now you have a security person leading that charge. So it's, we really always say in theCUBE, it's not a matter of if, it's when you're going to get infiltrated. So do you feel as though that boards and CIOs, CISOs are transparent about that. The boards understand that, that it's really, the remediation and the response that's most important now, or there's still some education that has to go on there? Yeah, and when Robert speaks to the boards all the time, he can comment, but they really want to know two things. How bad is it and how much money do you need, right? And those are the key questions that's driving from a board perspective, what's going to happen next? What's worse, that Equifax got breached, or that Equifax was breached for months and didn't know about it? I mean, as a board member, the latter is much worse. There's an acceptance, like I have a beautiful house and I have big windows and lots of alarms and a dog, not a big dog, but still I have a dog. A yipper. Yeah, I have a yipper. It's worse to me if somebody broke into my house, was there for a while and my wife came home at night and that person was still there. That to me is fundamentally worse than getting an alarm and saying somebody broke the window, went in, stole a picture frame. You're going to get breached. It's how quickly you respond and what the assets are. And is it all shapes and sizes too? I mean, we talk about big companies here, you mentioned three, but is it the mid-level guys and do smaller companies have the same concerns or same threats and risks right now? These are the breaches you heard about, right? What about all the breaches you don't know about? Right, that's the point. How big of a problem are you talking about? It's a wide-scaling problem, right? And to the previous question, the value now in 2017 is what is the quality of your intelligence? Like what actions can I take with the software that you're giving me or that the service that you're giving me? Because you could detect all day, but what are you going to do about it, right? And we're getting being held accountable for that. Well, I'm watching the service now screen over here and I've seen them flash the stat, 191 days to detect an infiltration. And then... It seems optimistic to me. I think most people would be happy with that if they could guarantee that. I would think the number's 250 to 300. So now maybe they're claiming they can squeeze that down, but are you seeing any compression in that number? I mean, it's early days, I know. I think that the industry continues to be extremely complicated. There's a lot of vendors, there's a lot of products. The average Fortune 500 company has 72 security products. There's a stat at RSA this year that there's 1500 new security startups every year. Every single year. How are they going to survive? And which ones do you have to buy because they're critical and provide valuable insights? And which ones are going to be around for a year or two and you're never going to hear about again? So it's an extremely challenging, complex environment. I think one of the bad guys are so much more sophisticated going from hacktivists to, I mean, whether it's state-sponsored or criminal. That's the bottom line. I mean, the bad guys are better, right? Now the bad guys are winning. The white hats called the white hats and the black hats, right? The white hats are trying hard. We're trying to get organized. We're trying to win battles, but the war is clearly won by the black hats. And that's something that as an industry we're getting better at and we're working towards. Robert, as an investor, how's your sentiment around valuations right now? And do you feel as though? Not high enough. Yeah, oh boy. Managed security companies should be trading way higher value. And do you feel like they're somewhat insulated? No, you know, it's a real, it's a really good question. So we're in that space. You know, we're about a $200 million private company where the largest privately held managed security company in the world actually. And so I always think every time we're worth more I think, wow, we couldn't be worth more. The market can't get bigger. Because your value is always based for potential size. Nobody values you for what you're worth today. Because an investor doesn't buy history. An investor doesn't buy present state. An investor buys future state. And so if the valuations are increasing it's a direct correlation because the macro factors are getting bigger. And so the answer to your question is values are going to go up because the market is just going to be fundamentally bigger. Is everybody going to survive? No, but I think you're going to see valuations continue to increase. Well, in digital business, everybody talks about digital business. We look at digital businesses, how well you leverage data. And we think the value of data is going through the roof. But I'm not sure customers understand the intrinsic value of the data or have a method to actually value their data. If they did, we feel like they would find it's way more valuable and they need to protect it better. What are you seeing in that regard with customers? There's an explosion of data in that with IoT, the internet of things and the amount of additional data that's coming up. But to your point, how do you sequence and label data? That's been a multi-decade old question where organizations struggle with. And many have gone and say that it's all important. So let's protect it all, right? And versus having layers of approach. So it's a challenging problem. I don't think across all our customer base, that's something that they're each wrestling with to try to solve individually for their companies. Well, I think you also have the reality, though, of money. So it's easy to say all the data is important, structured and unstructured, but you look at a lot of the software and tools that you need around this floor are sold to you on a per user or per ingestion model. So even though all your data is critical, you can't protect all your data. It's like your house. You can't protect every single component of it. You try and every year it gets better. Maybe you get a better alarm. Maybe I'll get rid of the yappy dog and get a Doberman. You know, you're constantly upgrading, but you can't protect everything because the reality is you still live in an unstructured, unsafe world. So is that the complexity then? Because the simple question is why does it take so long to find out if there's something wrong with your house? I think it's highly complex because we're dealing with people who are manipulating what we know to their benefit in ways we've never done it. You know, the WannaCry breach was done in a way that had not been done before. If it had done before, we could have created some analytics around it. We could have created some metrics around it, but these are attacks that are happening in a way we've never seen before. And so it's this element of risk and data, and then you always have human nature. Gary Moore was at the council this morning, the writer of Crossing the Chasm, legendary book, and he said something very interesting, which was why do people always get on a flight and say, you know, good luck with the flight, hope you fly safe, but they don't think twice about hopping in their car and driving to the grocery store? Whereas statistically, your odds of dying in that car are fundamentally greater. And it's human nature, it's how we perceive risk. And so it's the same with security and data and cybersecurity. As security experts, I'm curious, and we're here in DC, how much time you think about and what your thoughts might be in the geopolitical implications of security, cyber war, you know, Stuxnet, fast forward, whatever, 10 years, what are your thoughts as security practitioners in that regard? The longest and most heated battles in the next world war will not be on earth, they'll be in cyber space, right? It's accepted, it's given, that's the way this country's moving, that's the way our financial systems are tied together, and that's the way we're moving forward. It's an interesting dynamic, we had Robert Gates on last year, and he was saying, you know, we have to be really careful because while we have, the United States has the best security technologies, we also have the most to lose with our infrastructure and it's a whole new, you know, gamification or game theory balance that you have to I would agree with him that we have some of the best security technology in the world, but I would say that our barometer and our limiter is the freedom of our society. By nature, what we love about our country and Canada is that we love freedom and we love giving people access to information and data and free speech. By nature, we have countries that may not have as good a security, but have the ability to limit access to outsiders, and I'm not saying that's good by any means, but it does make security a little bit easier from that perspective. Whereas in our system, we're never going to go to that and we shouldn't go to that. And so not, we have to have better security just to stay even. But to Dave's point, you talk about the geopolitical pressures, the regulatory environment, being what it is, as you know, legislators, if they smell blood, right? Yeah. In terms of compliance and what have you, what are you seeing in terms of that shift, focus from the hill? Great question. I did a speech to about 2,000 CIOs, CISOs not long ago, and I said, how many people in this room buy security to be more secure? And how many people buy it because you have to be compliant? 50-50. 50-50. Even the security ones admitted that how they got budget was leveraging the compliance guys. It was easier to walk into CIO's office and say, look, we have to buy this to meet some kind of a political compliance board issue than it was to say, this will make us better. Better is a hard sell. So they had to go to the head to pull the trigger to do so? I think in this geopolitical environment, it's look at the elections, look at all the rhetoric. It's just, there's just going to be more of that stuff. How about blockchain and crypto and its potential applications and together more, more money poured into ICOs in the first half than venture-backed crypto opportunities? What do you see in there? There are practical applications of blockchain technology all across the board, right? But it's, yeah, as you mentioned, it's fundamentally built on cryptology and on core gut security work and making a community of people decide whether something's authentic or not, right? It's a game changer as far as what we could do from a platform standpoint to secure our financial systems. And short answer, it's volatile, right? As you saw with the fluctuation of Bitcoin and the currency of Bitcoin, how it's going up and down, it's quite volatile right now because there's a lot of risk. That's okay, what's the next Bitcoin in six months or in 18 months and what's going to happen to the old Bitcoin, right? And then all the money that's into there, where's that going to go? So that's a pivot point, I think, for the financial services industry and more and more of the larger institutions are trying to get involved with that whole network of blockchain. Well, cryptocurrency is really interesting. In some ways, it's the fuel that's funding the cybersecurity ransomware. I mean, it's one of the easiest ways to send money and be completely anonymous. If you didn't have cryptocurrency, how would you pay for ransomware? You'd give them your checking account, your deposit into their checking account, right? So I think that you're seeing a big surge of it, but if you look at the history of money or even checks, checks were developed by a company called Deluxe here in the United States 104 years ago. They're a customer of ours, that's why we know this. But the basis of it is that somebody, a real institution with bricks and mortar and people in suits is backing that check or that currency. Who's backing cryptocurrency today? And so you have, by nature, you have this element of volatility and I don't know if it's going to make it or it's not going to make it, but inevitably it has to cross from a purely electronic crypto form to some element of a note or a tender that I can take from that world and get backing on it. That's kind of what Warren Buffett has said about it. I mean, I would respond is it's the community, whatever that means, that's backing it. I mean, what backs the green back? It's the U.S. government and the U.S. military. It's an interesting thing. Right, right, like at the end of the day, I would still rather take a U.S. dollar than even a Canadian dollar or a U.K. dollar, but. Well gentlemen, thanks for being with us. Great discussion. Thank you, and thank you for the coffee. You bet. This is incredible. Dude, there's actually stuff in it too, so be careful. My drag kid is not okay. Should I go to the hospital? Let's see if thanks for the time and Robert, good luck with that new dog. Don't tell my wife to go right over dog. In time, in time, in time. All things at time. TheCube continues live here, Washington, D.C. at.com for 2017. Right after this.