 From Las Vegas, it's theCUBE, covering QALIS Security Conference 2019. Welcome to you by QALIS. Hey, welcome back, everybody. Jeff Frick here with theCUBE. We're in Las Vegas at the QALIS Security Conference here at the Bellagio. 19 years they've been doing this conference. It's our first time here, but we've got a real veteran who's been here for 16 years who can really add some depth and perspective. We're happy to welcome Samid Takar. He's the president and chief product officer for QALIS. Nice to see you. Thank you, Jeff. Thanks for having me. Pleasure. So I was just telling Lori before, getting ready for this day, listening to the earnings call, and you got a really nice shout out in the last earnings call and your promotion. And just to let everybody know what Samid's got underneath his plate, R&D, QA, Ops, product marketing and customer support and adding worldwide field sales ops. You're a busy guy. Yeah, but the good thing is that no matter who you are, you only have 24 hours in the day. That's true. Just as Lee and I are on the da Vinci did. You just have to make the best of that time. But I am curious, because you've been here for a while. You've seen a lot of technology kind of waves and yet here you guys still are. You've got an architecture that's built to take advantage of things like open source, to take advantage of things like cloud, as you kind of take a breath between customer meetings and running from panel to panel. And you think about kind of the journey. What kind of strikes you that you guys are still here, still successful, still have a founding CEO? It's a unique position. Yeah, it's actually very interesting. And I've been here for 16 years, started as a software engineer and I've been doing a lot of stuff, doing product management now, engineering and all of that. And I think one thing that's really part of the DNA for us and which has really helped us keep growing is being innovative continuously, right? Because five years ago, nobody would have said container technology, Docker. So as new security, new infrastructure paradigms have come about, we've just been on our toes and making sure that we are addressing all these different newer areas. And so the key is not so much about what new technology is going to come because two years from now, there will be something that we don't even know about right now. What's key is that we have built a platform that we keep adding additional capabilities that continue to quickly and nimble be able to address customers' needs from that perspective. Yeah, we just had Lori on it. She talked quite a bit about your, kind of customer engagement model being different than the traditional ones, really trying to build a long lasting relationship and to collect that data from the customers to know what their priorities are all about. Yeah, and it's because we've been subscription based since day one. This is the, we're not incentivized to go and try to sell our customers big, fat, multi-million dollar deals then we don't disappear, like enterprise sales usually does on perpetual licenses. So we have to earn our keep and we want to make sure customers are, we understand their needs so that they actually buy and purchase only what they are going to use so we can go back and they can grow more. We show the value. And so that's a very different model. And at the end of the day, that is the model of the cloud. So everybody who is in this consumption based model has to ensure that they are every year going back and showing the value and earning their subscription back. So in that sense, security, not a lot of vendors have done that for a long time. We've been the ones since the beginning to kind of follow this model and it's worked very well for us. It's a great model. Customers are happy as we add more solutions. We show the value and it's very easy for them to upgrade and get additional value out of QALIS at a very reasonable cost to them. It's interesting, Filipe talked about an early conversation that he had with Marc Benioff at Salesforce and I would argue that it was really Salesforce to kind of crack the code in terms of enterprising being comfortable with a cloud based system and kind of pass the security and the trust and this and that. So to make that gamble on the cloud so early, very, very fortunate and for two of us. The other thing I think that does not get enough play which he just touched on is a subscription business model forces you to deliver every month. If they're paying every month, you got to deliver every month. This is a very different relationship than a once a year or not even once a year to go get that big lump sum and get the renewal because you're in bed with them every single day. Yeah, absolutely. So that's really a very interesting model. So as you look forward, I know you're just giving a talk on kind of starting to look at the next big wave of trends. How do you get out ahead of it? What are you thinking about? What keeps you up at night? What are you excited about? So the very cool part about my job is that I also had engineering and product for quality and security. So we are living that digital transformation that our customers are going through as well. So we have a massive platform. We have like three trillion data points that we index. We have one million writes per second on Cassandra clusters. So we are dealing with the same infrastructure innovation that our customers are doing. And so that is helping us also learn how to secure our own platform. What our customers are thinking because as they are moving into DevOps, we have already moved into that. We have learned our lessons. So we relate to what they are going through. And that's really the next big thing is how do we enable security tools to really be built into the DevOps tool chain so that we eliminate a lot of the issues upfront before they ever even become an issue. And my talk this morning was about started with the notion of TTR, which is the time to remediate. And the best time to remediate is the time of zero. If you don't ever let the issue get into your production environment, you never have to worry about fixing it. And that's really the next big thing for us is how do we create a platform that helps customers not to look at security in multiple silos, but to have a single platform where they can go all the way from DevOps to production, to remediation, to response, all orchestrated to the same platform. Right, it's pretty interesting because that was Richard Clark's keynote, the author. We used to always break companies down into two buckets. Either those that have been breached and those that have been breached just don't know about it yet. And then he introduced his third concept, which is those that got breached but actually got on it, remediated it, maybe not to time zero, but in a way that it did not become a big issue. Because let's face it, you're going to get breached at some level. How do you keep it from becoming a big nightmare? Exactly, and that is really the only measure of effectiveness of your security, right? It's not about how many people you have, how many dollars you spend on security, how big your security team is, how many vendors you have, how quickly can you get in there, find and fix any issue that comes up. That's it, that's the only thing matter. If you can do that with no people and no resources that are being put to it with automation, then that's great. If you do that with 50 people, that's great. But you just need to be able to get to that point. And today, of course, with hybrid infrastructure, we are realizing quickly, throwing more people at the problem is not really solving the problem. We just cannot keep going. We need to leverage that same scalable technology that is being used in the digital transformation to provide that similar stuff from a security perspective to the customers as well. Right, and even if you wanted to hire the people, there aren't enough people. And that's another point. There aren't enough people, right? So the other thing that you must be really excited about is on the artificial intelligence and machine learning side. You know, a lot of buzz in the press talk about robots and machines and this type of stuff. But as you know, as we know, where that rubber really hits the road is applied AI and bringing the power of that technology to specific problems. Complete game changer, I would assume, for which you guys can do, looking forward. Yeah, I mean, you can really only have good machine learning and good AI if you really have a massive historic data that you can really mine to find out trends and understand how patterns have evolved, right? So only cloud-based solutions can actually do that because they have a large amount of customer telemetry that they can understand and do that. So from that sense, QOLIS platform is absolutely suited for that. But having said that, again, all of these have their specific application. So there's vendors who are coming out and claiming that machine learning is going to solve world hunger and everything's going to be great just because you have machine learning. But no, machine learning and the prediction that comes with that and the prioritization is one element of your toolkit. You still have to do your DevOps, you still have to fix things, you still have to do a lot of things. But then how do you predict out of all that chaos, how can you try to focus on some things that may become a real problem, which are not now? So that's really the exciting part is to be able to bring that as an additional toolkit for the customer in their arsenal is to be able to respond to threats much faster and better than they have in the past. Right, and as a cloud-based platform, you guys are sitting in the capitol seat for that. What about on the other side though, on the edge side? Another kind of new thing that's coming rapidly. Edges are messy, they don't have nice pristine data center, your environments, there's connectivity problems, power problems, all types of issues. As you look at kind of edge and IoT more generally, increasing the threat surface dramatically, how do you kind of think about that? How do you approach it to make it not necessarily a problem but really an opportunity for follow-ups? I mean, that's a great question because there is no magic pill for that, right? It's like you just have to be able to leverage continuous telemetry collection and data collection to be able to see these devices, see these patterns. And so that works really well for us because to be able to do that in a global organization almost every organization is global. Global organization has multiple infrastructure, multiple people in different locations, multiple offices. And if you look at the IoT architecture, it is about sensors that are pushing data into one common platform which controls them and which updates them and all of that. And that's the platform that Qualys has built since the beginning is multiple of these different sensors that are continuously collecting data, pushing it back into our platform and that's the only way you can get the visibility across your global infrastructure. So in many ways, we are well suited to do that and which is the big reason why we gave out our global IT asset inventory product for free, for customers because we truly believe that that's the first step for them to start to get secure and because we have the architecture and the platform, it becomes significantly easier for us to be able to give them that capability which is truly wide and not just say, oh, I have visibility in my cloud here but then container visibility is somewhere there and IoT visibility is somewhere else. We bring all of that together in one place. Right. All right, Spindle, I know you've got to run off to your next commitment. We could keep going but I think we'll have to leave it there again, congrats on your promotion. Thank you very much. Thank you. All right, Smith, I'm Jeff, you're watching theCUBE. We're at the Qualys security conference in Las Vegas. Thanks for watching. We'll see you next time. Thanks.