 Hey everyone, good morning. Welcome back to theCUBE, the leader in live tech coverage, live at CrowdStrike's Falcon 23 from Caesars Palace in Las Vegas. I'm Lisa Martin with Dave Vellante. We're very pleased to welcome the Protector, the CrowdStrike Protector of the Year from Salesforce, Kelly McCracken, SVP Detection and Response. Kelly, great to have you. Congratulations on Salesforce being the Protector of the Year. That's a big award. Thank you, thank you very much. I'm very excited to receive the award on behalf of my team. You were on a panel with other CISOs and folks during the main stage presentation this morning. We caught part of it. Give us a little bit of a recap for anybody that didn't catch that. What are some of the main things that you talked about and sort of tell us about Salesforce's security posture? Yeah, so one of the things we talked about was securing the cloud. And I think one of the most important things when you are thinking about cloud security is really the shared security model. I think to me, people go to a cloud security provider and think that they've pushed the responsibility to the cloud provider, which they have for the most part, but there is the shared security model. And one of the biggest threats out there is the misconfigurations that people have within their cloud deployments. And so really what Salesforce likes to do is make sure that we are providing our customers all the knowledge and making it as easy as possible to make sure that they're configuring their Salesforce product. The other thing is making sure that you are partnering. Partnering with everyone in the industry because this is an important, years ago we didn't always partner as well as we do today. And so I think that having these partnerships with your vendors where you can really help make the partners better by partnering with them from building their products. At Salesforce we have a very complex and diverse environment that a lot of vendors have not seen before. So working with CrowdStrike and having their partnership has not only made them better, but it has made us better as well. So Salesforce has always been very security conscious. You're kind of a pain in a good way as a user. You always make me change my password every few months, which is one of the few SaaS platforms that actually forces that. So that's a good thing, even though it's annoying in the moment. And also you just sort of forced multi-factor authentication, but not with SMS, which is another good thing, which my bank would do that. You kind of forced with a third party authenticator, which again, just sort of underscores your focus on security. I wonder if you could talk about the culture of security at Salesforce. You have an interesting title. It's the SVP of detection and response and what the regime looks like within Salesforce to handle security. So trust is the number one value at Salesforce. It is the forefront of everything we do. Right now, we are the number one AICRM, and to do that we had to make sure that our customers trusted our platform. We have a very large detection response team that is world-class. We have structured ourselves so that we are being a threat and tell driven organization. I have a team of engineers that sit within my organization that are building for no one else except for my threat management team and my security response center. So we set ourselves up from a strategy perspective every year identifying what are our top threats? What are we trying to defend against? And then identifying where do we have any of those gaps? Not just from a protection standpoint, but from a detection and a response perspective. So we leverage our threat management team, which includes a data science team that's focused on our artificial intelligence capability. We have a threat intelligence team, a threat detection team, and a team that's looking at the abuse of Salesforce platforms. And they're working to provide us the information that we need to make sure that we're defending against the top threat actors. My security response center, the Salesforce security response center, is where my incident responders, my defenders live. And they are working very closely hand in hand to understand what the threats are from the threat intelligence that we provide so that they are ready in the event that we see a threat actor targeting Salesforce to be able to respond in the right way. Is there a CISO title at Salesforce? There's a, we have a chief trust officer, Vikram Rao. And you report to the chief trust officer? I report up through the, we have a security, yeah. But ultimately goes up to, and that de facto CISO or CISO chief trust officer reports where? He reports into the president of engineering for Salesforce, and who then reports to the platform engineer and then into Mark. Okay. So we bring, because security is so important and trust is our number one value, it is important for us to have security sit side by side with those engineers that are developing the products. I'm kind of a Mark fanboy. And so I listened to him when he speaks. I don't hear him talking about security a ton, but I would imagine it's coming from the top. Yes. Mark definitely has a vested interest in making sure that we keep Salesforce secure. He's very values driven. And as I said, you know, trust being our number one value. He always is understanding he's what, how are we securing our product? And we're not going to go to market unless we are sure that we have secured Salesforce. Question for you. I was telling you before we went live that I went into my hot tub store over the weekend, this little Sundance spas in California and they just started using Salesforce and they, oh, have you heard of it? Yeah, I think I've heard of that. But Salesforce serves customers in a variety of industries with varying security requirements. How does the company tailor its incident response approach to meet the needs of different types of customers based on industry? So that's an interesting question. You have to really think about how, as you said, how is the customer using our product? Not everyone uses it from a CRM perspective. They are using it for a variety of things. I use it as my case management system for security incident response. I use service cloud. So you have to think about how they're using it and think about the threats that may be targeting them. Salesforce has a, we have a unique position for our customers to understand who may be targeting them. They're not trying to get Salesforce. The threat actors are really interested in our customers. So we partner with our customers to try to share information with them so that they understand what they may be seeing so that they can start protecting themselves on the other side of the shared security model. Everyone is a Salesforce customer whether they know it or not because our customers' data is being stored with us and everyone is a customer of one of our customers. You have a long history in AI. You mentioned it up on the stage today. What, how would you describe that history and how has the AI heard around the world last November made you think differently or have you, are you're thinking about it differently and hence your vision at all? I wonder if you could discuss that. Yes, from a detection response perspective we've used AI for years. We've been helping protect our customers with their detection on their side of shared security model through our Shield product. And so we've been doing AI for a long time but when we brought it in house and said how can we use AI, everyone was really excited over the last year and I had a ton of people on my team come to me and say I want to do this with AI, I want to do that with AI. I had to kind of pause them for a minute and said let's think about this from a strategic standpoint. What can we solve that we're not already solving? Let's not continue to solve the same problem over and over again that we can solve with automation. What are the problems that we can solve with AI and let's focus on those because that's where we need to improve if we want to really improve the meantime to respond and have enhanced detections. So we took a bunch of time to really come up with that strategy and now we're implementing that strategy but partnering AI with automation in addition to workflows. Do you think in the fullness of time to borrow kind of a Andy Chassis statement that AI is going to be more beneficial to attackers or defenders? Two part question, near term and long term. So I think that anything that is for good can be used for bad. It's one of the things that keeps me up at night is worrying about how these advanced threat actors not even advanced threat actors, a high school kid can now be considered an advanced threat actor towards all of us because he has everything at his fingertips. So in the near term I think the adversaries are going to have a one up on us. Long term I think we will catch up but then they're going to pivot to something. There's going to be a new technology that comes out and we're going to be in the same boat. So it's a little bit of a cat in the mouse thing at the moment but I think we've made it easier for incident responders but we've made it a lot easier for the adversaries because they just have to be right one time. We have to be right all the time. Salesforce always very acquisitive companies made a number of key acquisitions. How does that affect how you think about your role and what kind of challenges that brings and how do you deal with those challenges? So when I think about my role, but I take it very seriously as I set up on stage. I am protecting all of our data including my own and that's important and I think that when I'm looking at how to do that I have to think about what's the fastest way as George mentioned. We're getting down to single digits that we have to be able to detect and respond and so I need to look at what's my strategy around being able to enable my team to do that and so whether it's AI, automation or partnering with vendors like CrowdStrike I have to look at that whole strategy and not look at them individually because bringing them all together will be much more powerful. Do you, how much of your time do you spend on sort of protecting Salesforce and its customers as opposed to protecting Salesforce with its own sort of other SaaS offerings and other capabilities that you guys bring? I don't think you could say it's one or the other. It's a whole thing because if I'm not focused on my SaaS providers, my vendors and how they are securing on their side and how we're securing our side of shared security model with them, then I'm putting my customers at risk. So it's a comprehensive approach to security. It's not one or the other. I have to do it all together. Have you ever had to tap a SaaS vendor in the show and say, guys, you got some best practice here. Let's talk. I think not necessarily from best practices, but I think Log4J was an interesting case where I had vendors coming to me saying, when are you guys going to be patched? And I had to go back to them and say, I can't be patched until you're patched. So it was a circular relationship. We were all asking each other, but we were all waiting on each other to get patched so we could fully say we're patched. How well known is the shared security model with them, the customer base? Is there still a lot of education and awareness that needs to go on there? Unfortunately, I think there is. I've had a bunch of people come up to me since the panel being like, can you tell me more about the shared security model? The security practitioners don't know it. When companies go out to buy a cloud service offering, it's usually the IT department, the CIO that's buying. They implement it. The security department's not thinking about, like, wait, what's our role in making sure that products now move that to that provider, but they have a role. So I don't think that a lot of people know about it from the security perspective. At Salesforce, like I said, we are doing as much as we can to provide that enablement out to the customers. But the security teams really need to think through this as well and not just rely on their CIO or their IT department to think through all the different vectors. Well, George showed that wall in this morning during his keynote that separates traditionally security from IT. How is Salesforce approaching that differently to really help those teams come together and then maybe be a great example for some of your customers? Right, so we have, we leverage business information security officers. They actually sit in my team. They're helping to be at the table with our CIO. So we have them with every business unit, but we have a senior leader that is partnering with our CIO to make sure that we are having that partnership, that we have a seat at the table, that we're bringing issues to them, that we're listening to what's going on in our CIOs, office of CIO, and bringing that back to security. So we can have that partnership. When we do our strategic plan at the beginning of the year, which we call a V2 mom, we are partnering with them, understanding like here is where we need to focus from a security perspective. How can you fit this into your plans from an IT perspective? And vice versa. This is where they want to go. How do we fit that into our thing? Because you can't have the conflict, conflicting between the two teams. To be strong collaborators. Exactly. Excellent. What's next for Salesforce? Direct detection and response. Obviously a big event going on in Vegas in the last week or so, but what are some of the things that we can expect to see, especially with the power of CrowdStrike? You know, I would say that we will continue to partner with CrowdStrike. The things that got released today were very interesting to me. Very exciting. I want to go back to my team and ask like, how can we use this? I think it's, you know, looking at the agent, having multiple agents on an endpoint really slows things down. So seeing that CrowdStrike is focusing not on just being the EDR that they'd made us started with 10 plus years ago, but looking at how can they be a data platform. Much like Salesforce, we're a platform and we're a platform to help our customers connect with their customers. And so I think, you know, continuing to partner with CrowdStrike and our other vendors to see how can we come up with this comprehensive strategy and all work together towards a 100% solution. How will you determine if what we saw today on stage with Charlotte is something that you can utilize? You know, I talked about my AI strategy at the beginning that I'm working with on my team and I don't want to recreate the wheel. Salesforce has done a lot with AI, but you know, there's a lot for AI for security operations that we can do with a CrowdStrike test. I need to look at see how I can build Charlotte possibly into my AI strategy. I don't want to keep leveraging my resources internally to do something that I could get from a vendor, but there may be things that I can do from an AI perspective that CrowdStrike can't do because you know, Salesforce has unique challenges and so I want to use my resources to focus on the unique challenges of Salesforce and use my vendors to focus on the challenges that we all have across the industry. So you got to do some work there and figure that out. Yeah. Good strategy. Kelly, congratulations again on Salesforce being the CrowdStrike protector of the year. It's a very big accomplishment. We appreciate you coming on the program really describing Salesforce's security posture and how you're really working and partnering with CrowdStrike and vice versa. Thank you for your time. Thank you for having me. Our pleasure. For Kelly McCracken and Dave Vellante, I'm Lisa Martin. You're watching theCUBE, the leader in live tech coverage covering CrowdStrike Falcon 23. Stick around, our next guest joins us in just a minute.