 Live from Las Vegas, it's theCUBE, covering Knowledge 16, brought to you by ServiceNow. Here your host, Dave Vellante and Jeff Frick. We're back at Knowledge 16, no 16, ServiceNow's main customer event. This is theCUBE SiliconANGLE's flagship product. We go out to the events, we extract the signal from the noise. Dave, check them in the series. The vice president and CIO of Oshkosh, not the closed company. Dave, welcome to theCUBE, good to see you. Thank you. Heavy equipment, man, talk a little bit about what you guys do. Yeah, we are a multinational company. We own 15 different companies across the world, operations in 23 different countries around the world, about 14,000 team members representing 15 different brands. So we were in the CIO event last night, listening to Secretary Gates speak, and he told a story about some equipment, which happened to be your equipment that they purchased. And it got kind of emotional, actually. I mean, he basically made a visit to your plant, personally, through Holy Water on the deal, and purchased equipment that saved lives. Talk about that moment. Yeah, it was a very stirring moment. He and a Brigadier General from the Marine Corps, who was in charge of acquisition, both came in November of 2009, actually after the fact to thank us. And it was very inspiring that we knew as an organization, that was our defense group. We know that every day that he was receiving as Secretary of Defense personal updates on our progress. And that's the first military acquisition program that, since World War II, that had gone from concept to design to manufacture in a year. And in that following year, we built 9,000 METVs that were airlifted two at a time in a cargo plane over to Afghanistan. These are the anti-IUD vehicles? Yes, the V-shaped hull that we replaced a lot of the Humvees in theater. So we made 9,000 of those, and we replaced a lot of the undercarriages and suspensions of the other METVs in theater, as well as uparmored a lot of the Humvees. So we took a lot of that work and had a large presence. But he came personally, walked the shop floor, thanked everybody, and of course, everybody knew his name by then, and we've been following him very closely. A very nice man. And at the financial analyst meeting, you told a story about a snow plow, if it was in Colorado, or tell that story. Yeah, it was a great story of cross-pollination of our patents and the ability to leverage our intellectual knowledge from our great engineering group. There was a gentleman plowing a pass in the Rockies several years ago, got hit by a landslide and tumbled over 800 feet down a very steep cliff. But based on the patents and engineering that we had across applied from the military from other firefighting patents and the business of pierce manufacturing, as well as the defense group, he was survived without a scratch. He was able to be pulled down into a seat like a cockpit. The gyroscope figured out the engine, cut the engine, filled the compartment with their bags and put him in a locked position as though he were a pilot. It tumbled over 800 feet down on the cliff. He was able to pop the hatch, get out and call his wife without a scratch. It's unbelievable. So even though you guys are high-end, but you got cost to worry about, you're innovating, you got instrumentation now coming to your business, what are the drivers right now in your business? Well, being relevant, right, getting ready. And as a CIO, I worry about things like all of us around the corner of cybersecurity of course is present day, high concern for all of us and a big topic with my board and with my management team but also internet of things, sensors, telemetry, all of those things, every company's racing to do that. And we make very large things. We're not a big three auto manufacturer. We make very large industrial goods that happen to have wheels, highly specialized, right? And as a result, they do many, many things, each of which could have a sensor on it and getting ready for that, I think is going to be one of my main challenges, getting all of our systems of record aligned, getting all of our security wrappers there. We've spent a great deal of money invested in a great security team and are doing very, very well in that regard. But getting ready for that next big wave, right? Not the niche applications, but the wave of how our customers use our products across all of those, whether it's a refuse vehicle, a fire truck, a concrete mixer, mining equipment, repair, fry, empty, all the different things we make around the world. JLG lifts that put people 185 feet in the air. All of those things share those same attributes of how do I keep the data safe? How do I keep, protect your intellectual property? That's what keeps me up at night. And in terms of the discussion with your board around security, you mentioned it consumes a lot of your time, a lot of the conversation is around security. What is the CIO? What do you feel CIO should be communicating to the board about security today and this day and age? And how has that changed over the last decade? Yeah, I think it used to be a wonkish thing that, just make sure you keep the teenage hackers out. Well, that's not really the issue anymore. There's ransomware to consider. There's exposing your private information to the public just to embarrass you or just to hold your hostage. They're stealing your political, stealing your intellectual capital for political reasons. There's many, many different things that cause you, people that want to come after you. And we're a worldwide company. So as we win contracts in foreign countries, we tick people off, right? And we've created a fairly large threat surface. So managing a threat surface in that way with a layered defense. First, you're going to get really smart people. You're better, your smart people are smarter than theirs. Plus defense in depth and resiliency, the ability to bounce back. So we adopted the NIST framework many, many years ago. Most companies, 40% of the companies out there don't even have a framework they're working to. Of all the frameworks, we adopted the NIST framework, which is the most aggressive. Spent a lot of money, built a team and we were able to protect the entire organization, entire corporation, not just the defense facing, but all of our commercial facing companies as well. And although they didn't like it at the time, they all enjoy a very nice veil of privacy to conduct business and a very high standard that more than meets what we're required to do for the Department of Defense. What's the right regime for security? In other words, who's in charge and who's got the responsibility and what are their responsibilities? So I have a Chief Information Security Officer, he reports to me, but I'm always, I look at this rather selflessly, it's whatever's best for the corporation. Some corporations are splitting it off to a COO or even a CEO and I'm preparing my CISO and my whole security organization that they're kind of the Fox that watches the henhouse if they're too close to IT. So I give them a lot of ability to judge the works, the fruit of labor for everybody else. And they go to the board. The CISO, my CISO went to the board and spoke for more than three-fourths of the board meeting last November was spent for my update, him giving his update, educating the board. So the board's been very, very active. And was that part of an update because you'd made some significant improvements? Was it in response to external threats that suddenly became a much bigger topic for them? It's just mounting board interest. I think all boards are realizing for director and office liability and for just responsibility, they want to know, they want to understand and they want to be informed right away when things happen. But they need to do that. And one of the tenants I've had when my tenure is, my basis as a CIO for the last five and a half years has not been a platform. It's been always been getting the organization ready for rough weather. So in good seas, you make good relationships, you form relationships with trusted partners, right? So when the gale is coming, you can speak each other's language, you have trust formed, you know which other are, we have all those relationships just waiting to be triggered if anything bad happens. And the board is one of them. They need to know those things before those things happen. So what two or three things, top two or three things should be on the CIO's checklist when communicating to the board about security? You know, it's a risk management discussion and a level of investment and the shifting trends. So whatever you said, whatever I told you last time, forget about that. It's the game is different this time. It's only been three months, but the game is different. So every time you sit down, you can't take your rest on your laurels. You can't take credit for what you've done. You got to talk about the threat today because the entire landscape has changed. As soon as just like the war in Afghanistan, we adjust our vehicles, they adjust their tactics. We can make a really good hull for going over IEDs. They throw a rocket propelled grenades at with phosphor at you, right? And burl through it. And so you got to prevent that. Same thing with cybersecurity. So the defense in depth and resiliency, talking about how you're monitoring the situation, your relationships with the government agencies and your capability to defend in layers. So if they do get through, you catch them in multiple layers like Swiss cheese. It doesn't do a lot of good to have one big wall that's seemingly impenetrable. The one teenage hacker gets through is in. So you have multiple tripwires. And then once you've figured out how quickly can you recover? And so it's insurance and it's recovery ability. Those are the things that I find they're most interested to build the most confidence. Responding to it becomes increasingly important. Do you treat security as sort of an extension of your business continuity or is it okay? We're highly involved and highly engaged with business continuity planning and risk mitigation, risk management. So it's really just a little giant risk management exercise. And yes, all the money that we spend on cybersecurity, the team, all the relationships, the tools are all really just an insurance policy. But our ability to put it all together connect with the existing company structure, whether it's emergency and crisis management, tabletop exercises with the staff, simulations, different things like that. If you don't do those, it's an insurance policy that you haven't tested. So we're here at knowledge. I mean, you obviously, you participated in the financial analyst meeting on Monday, so you're happy to speak about what your experience is with ServiceNow. What are you doing with ServiceNow? ServiceNow has been a key part for us for the last two years. We changed our approach about two years ago. And as I mentioned to Frank Lutman, CEO, you had me at Simple. Just keep it simple, right? It's the Hockham's razor. The simplest answer must be the best one. And to pull off a culture change where I'm combining 15 different IT groups plus an introducing shared services across all the different countries with over 400 plus IT employees, 50 interns and 250 consultants. They all speak different languages. They all have different backgrounds. They all have different tools. And what ServiceNow has been special for me is it allowed my management team to, it removed all the clutter. I didn't have to teach everybody this math and science behind it and implement services, IT services management, like an ERP, where I had to do it by module and I had to teach everybody the language. It was natural. It was just easy. And anything that got in the way of, or it was a resistor to, in free dynamics or free communication with the customer, was bad, throw it out. It's a little like an airplane running out of gas. If I don't need it and it's a problem, throw it out. And we got to be very, very simple. So I'm very proud that my team has done a great job. Nomads, we implemented worldwide for 700 people with zero modifications turned on analytics 90 days later with zero modifications. We're getting great data. The customers love it. We created a custom portal with a Google-like search engine. Everybody across the world uses it. All 14,000 team members request assets, request services, they get it immediately. And our 700 employees are very, very happy with it. So when we're just in the early stages with our phase three adoption, we still have more to go just for IT. With IT service management. Correct, we still have more to go yet. So you've got a roadmap and you can see bringing that forth. Oh yeah, yep. We've got all the basic IT services management, the analytics and the discovery done and we're going to continue our journey with financial management and others as well. Were you able to get rid of stuff as a result of bringing service around? Oh yeah, we retired a lot of applications. We eliminated 36,000 workflows. To get an iPad, you had to have six, seven, eight signatures and it was different by every company. So every one of our 15 companies, the process was different. It's now the same. It's very simple and all of those workflows are gone. How many of them again? 36,000. 36,000 workflows are now gone. Are gone. People ask for software as long as it hits their budget, it's the same price worldwide and it's pre-approved, it gets installed as soon as you click go. It does the double check and it's installed. This is a recurring theme we see at Knowledge. I mean, we call it GRS, getting rid of stuff. It's hard in IT to get rid of stuff. Yeah, it's very hard. But we see a lot of the service now customers saying, yeah, I retired this app, these workflows, these processes. And you know, the big surprise for me and the big, the cherry on the top was getting rid of dysfunctional relationships with other groups and helping other groups along. The process to hire an employee was very difficult because by the time they got the employee ID assigned, I couldn't order assets till they did. It caused us to go back and do 11,000 hours of process work. So I had to dedicate six people full-time on just fixing processes between our department and others but it had to be done. It's not on service now. That was our dysfunction. It was lying around for years, for decades. But by fixing that, I accelerated work in all of the other departments as well. So kudos to my team and those other departments who went into it with a very service-minded mindset. So that was a catalyst. Your interaction with the other departments, you got to fix that connection and that drives it. Hey, maybe we should fix our side as well. Huge value proposition to say, what if I could get employees the assets they need the day they started? You didn't have to wait till they came. You didn't have to wait two weeks. You didn't have to ask them when they got there. You didn't have to wait for an employee. Or when they were terminated or left the company, you didn't have to wonder what they had. And the value proposition drew people. So you always want to create pull, right? Lean Manufacturing. You create that desire and people just want to come along. And that team that I'm talking about came from all four segments and corporate. So all the badges, colors, all the company affiliations disappeared and they just became one team working for the customer. And it was a great story. I wish we had more time. You're a great guest. We have to leave it there. Dave, thanks very much for coming to theCUBE. Really appreciate your insights. Thank you. I appreciate the time. All right, keep it right there. Everybody will be back with our next guest right after this. This is Silicon Angles theCUBE. We're live at Knowledge 16. Right back. Every once in a while.