 from Boston, Massachusetts. It's theCUBE, covering WTG Transform 2019. Brought to you by Winslow Technology Group. Hi, I'm Stu Miniman, and this is theCUBE at WTG Transform 2019, here at Home Game in Boston, Massachusetts. Our third year of the event happened to welcome back to the program, second time on the program. It is. In less than a year, Matt Koslowski, who's the Vice President of Professional Services, Winslow Technology Group. Matt, thanks so much for joining us. Thank you. Second tie I've had on the program, but first vest and cufflinks like today, so showing your own individual style. Going for the TED Talk look. Absolutely, so we will keep this under 18 minutes. It'll probably be more like about 12 there, and no slides. But tell us a deep story of change and inspiration. But in all seriousness there, what I actually want to hear is the story of change that we're seeing inside of Winslow Tech. So, question I asked some of your peers in the company is if I thought about Winslow Tech just a couple of years ago, it's like, oh hey, great deal partner, know the talent side, picking up the servers and some of the other pieces here. You bring it on board, professional services, security. Tell us a little bit about what we were doing since the last time we caught up. Sure, so if you think about years ago where we had not just Winslow, but like VARs as a whole came from, it was like we sell boxes and we sell things. And now we're transitioning where people are using cloud or the hybrid cloud models, and they're actually using software and infrastructure as services. And we need like professional services and consulting to help people on that journey. That's like the simplified version of it. Yeah, and just I want to play something back for you and see if it resonates with you. If I go back, let's say five to 10 years ago, it was we get the boxes and the VAR gets it. And they got to spend a lot of work to configure it and do all the pieces. And that kind of day one rollout when we talked about, okay, how many months from when the equipment got to the VAR versus when we are up and running. When we rolled out converged infrastructure, hyper-converged infrastructure and all this cloudy stuff, it actually shifted things backwards. Now, before it gets there, there's a lot of work that either the customer or the partner with the customer needs to do. So it shifted it because once it gets on site, well, there's less wiring and cabling and configuration I need to do, but it just shifted where that engagement and service happened. It did not eliminate it. Is that what you're saying? Yeah, yeah, so there's a lot in terms of like planning. I mean, even like integration work that we do ahead of time, I would say things that have changed even over the last like three or four years is like the complexity of everything is gone up. We're trying to simplify IT. We're simplifying maybe the delivery of it to end users, but behind the scenes, certainly it's more complicated, I would say, than ever. Yeah, we're no longer just yeah, let's lock the door and have physical security and put the firewall in place. Now it's like, oh, well, it's microsegmentation in all the places and my application spread out across how many locations or how many services. And therefore, right, everything's become a little bit more complicated. So how do we make sure we stay secure in 2019? So I think there's a couple areas there. So first is like maintaining that same kind of sense of securing people, infrastructure and things along those lines that we've kind of been doing for a while now. You're basic like firewalls and even vulnerability assessments and things like that. But I think over the last like couple years in this as we move to like more of a like distributed workforce, like people working from home, people working remotely, finding like the right people, there's going to be more of a focus on like endpoint protection and like protecting users at like the endpoint or the mobile level than ever before. A lot of talking to Keynote this morning about cloud. And you said, where does that put things? So, give us from your standpoint, obviously services are a hugely important piece of it. As the box and the location becomes a little bit less important, despite the fact that even when you have things like serverless, we know that there's ultimately hardware that runs underneath it somewhere. Where does Winslow play today in the future? Okay, so I'm going to give you two kind of conflicting answers to that. So the first one is if you look at reasons why people don't go to the cloud, it's they're not comfortable in the security of it. I'll say in like my like real world, not in the academic or statistical version of it. One of the reasons people do go to the cloud is for security, right? Look at like a lot of healthcare organizations are going to like cloud based electronic medical record systems. I feel like that in some ways has insulated or shifted some of the burden of the risk in keeping those systems secure to the provider that's hosting them, which is probably better for us as patients, right? And for the healthcare providers in general in that case. One of the things we know is that what you need to do as a user is you can't just keep doing things the old way because your competition will move faster. And we know from a security standpoint, my friends that are deep in security is like you need to be able to move fast. One of the great things about the cloud is if I'm running on Azure or AWS, hey, that latest patch in that security vulnerability, did that get rolled out? Well, I'm not responsible. Yes, they absolutely did. I didn't have to wait for that rollout. So there's that piece of it. So just how do I keep up with change? I need to, as user, do some updates and therefore I'm not saying everything goes in the public cloud, but how do I make sure that it's not, oh, I update my software every two years, it's I need to make sure that I'm closing those gaps and vulnerabilities and taking advantage of things where it's needed. I think there's going to be like a shift in changing from like normal sys admins or thinking about like patching windows and patching Linux and operating systems. But like once we move information to the cloud, if you think about it more as like information security, so now data is in the cloud. I'm not patching the systems anymore because we'll just assume that AWS, Microsoft, they're doing a great job with that. But like once data say is in one drive, like how am I governing like where that data is going, who's accessing it, who it's being shared with, how it's being backed up, things along those lines. It's just a different mindset that people need to adopt in relation to securing information, not systems. All right, man, I'm trying to figure, we got to replace Patch Tuesday with some celebration or some gathering event where we can try to tackle some of these new challenges there. What does that mean to some of the changing roles that you're seeing in the customers though? I guess here at Winslow Tech, I was talking to Arctic Wolf and the typical customer doesn't have their whole security team that runs 24-7, that's where you're partnering with them. So where does security fit in the organization? As I said, if it was a large enterprise, it's a board level discussion, you've got your CISO or somebody like that, what does the typical kind of mid to small size company security team look like? Yeah, it looks like I'm going to partner with someone or that's what it should look like because even if companies have like a managed provider that's doing like patch management and things along those lines, there's something to be said for having a third party and another party as your security partner because if the people that are doing the patching, they're probably doing a great job at it, but you might not want them being the ones also doing your vulnerability assessments. It's good to have different parties in there so I feel like for smaller, medium businesses it's getting comfortable partnering and using professional services, frankly, to do that. All right, so it's really interesting, next week actually, Amazon is holding a cloud security show here in Boston called Reinforce, so Boston seems an interesting place. The RSA conference has always been out in San Francisco. Give us kind of the state of security here in the area. Okay, so I think I have a unique perspective on this because I'm not from the area. Like I'm from Connecticut, so I come up here. You realize most people in the United States would be like, Connecticut, isn't that just a suburb of Boston? Either that or New York? Or New York, yeah, exactly. That's the one. You need to know, where are you on the Yankee Red Sox line that goes down the middle of the state, right around Hartford? Yeah, our claim to fame is being in between both cities, so yeah. We do see though Boston emerging as a regional tech hub, if not the tech hub of the East Coast, frankly. So I feel like why not have it here? Like why wouldn't we have it here compared to everywhere else? Like there's so many tech companies and this just does feel like a tech hub of the region certainly. Okay, well, Matt, I'm all in favor of things where I can take the train or drive to rather than have to fly around the globe for these events, so I'm hugely supportive. You gave a session here and talked about some ransomware. Give us some of the key takeaways and things for the audience that they should be thinking about today. So in that session I kind of invented a completely fictional account of a ransomware attack on a hospital. It was built on real world scenarios that I just kind of like merged together. So I would say up front, things that I would say that were important to talk about and that were cyber security awareness training, making sure people understand like the risks involved with email security. Advanced like modern endpoint protection, we kind of touched on that a little bit earlier. So like older signature based detections just not really effective anymore. Having a good tamper proof backup strategy is important too. Let's say like systems get ransomware and everything's encrypted, like you need a way to restore that data without necessarily paying the ransom and like tamper proof backups are the way to do that really. So. All right, Matt, I want to give you the final word. WTG, Transform 2019, give us a little insight some of the customers you're talking to, some of the top of mind issues or any final word. For me, a lot of the top of mind issues around security seriously, but also like modernizing people's data centers. So that delivering on the hybrid cloud message of like installing a hardware and software that not just provides like data storage services on-prem, but can do a lot of cloud tier and or cloud archiving also. Matt Kosolowski, really appreciate the updates. Thank you, Mr. Saren with our audience. I want to thank our audience here. We've had a full day here, got to talk to some of the users, some of the partners and of course our host for the event, Winslow Technology Group, Scott Winslow and the team. Great to see the growth. Always love to be able to dig in with the users and what's happening locally. For myself, Stu Miniman, want to thank the whole team here at theCUBE for helping us to be able to support these events. And be sure to check out thecube.net. You can do some searches there. You can find all the guests here and see previously what they've been talking about. See what future events we're going at and dig through our archive. And as always, if you have any questions, feel free to reach out to myself, the rest of the team and always a pleasure to be able to share with you. And thank you for watching theCUBE.