 Live from Boston, Massachusetts, extracting the signal from the noise. It's theCUBE, covering HP Big Data Conference 2015, brought to you by HP Software. Now your hosts, John Furrier and Dave Vellante. Okay, welcome back everyone. We are live in Boston, Massachusetts for HP's special presentation of their Big Data Conference. This is the CUBE Silicon Angles flagship program. We go out to the events and extract the signal noise. I'm John Furrier, the founder of Silicon Angles. I'm your host, Dave Vellante, founder of Wikibon.com. Our next guest is Rick Hansen, VP, Worldwide VP of Sales for HP Software. 30 years in the security business, it makes kind of sense to kind of connect the dots, software security. Welcome to CUBE. Oh, thank you, good to be here. Love to have you on. We love security, it's great conversations. But software right now is, quote, eating the world, according to Mark Andreessen's famous memo, but really is seeing software leading all the conversations. Yep, provisioning infrastructure, big data's a big part of it now. Data's part of the application space. So, all this is going on. So, what's your view now of the software business in general, not so much HP, the landscape. What's changed over the past decade? It's an incredible transformation, right? To the app space. I mean, Apple started with the app. It's all about the app. And how do you secure that app? And, you know, you look at it on the consumer level. You know, it's about the app. You look at it on a corporate basis in your infrastructure. Where's everyone secure in your critical applications, right? What are we putting up in the cloud? Our critical application. So, I think we've now come to the point where we're compartmentalizing IT into an application space. And because I come from the security space, I think people are actually putting too much information in single apps. And, you know, critical apps is critical data and critical risk. And so now, this comes to the question of with virtualization, all these new technologies with DevOps, with the cloud, you got public, private. Great space to be. Perimeter security does not exist anymore. So, we always ask the question, it's like, okay, if there's no perimeter, everything's an API economy. Which is great, we love the API economy, but it's like Swiss cheese for the bad guys. Secure from the inside, yeah. So, how do you guys talk about that? Well, you secure from the inside, right? It's the old antage when I built a castle. What's first thing I did is I put a mode around it, and then I realized I need food. Oh shoot, I need a drawbridge. Put the drawbridge down, they delivered me a horse. Now I got a trojan inside my organization. There was nothing to protect that trojan once you're in. So, I think what's happened through the evolution of security is we figured out we have to secure from the inside out. And I mentioned the application space because the application space is key to that. And making sure that we're coding effectively, making sure that our application code is effective, making sure that the data surround us is encrypted in the right way, and in a smart way, is where we really have to focus. And it's the built-in security, right? And now we're actually in a great time because we're rebuilding our data centers. We have a lot of new infrastructure coming on, so we can start securing our infrastructures from the inside. And we had this bolt-on mentality, right? Put firewalls around everything. Then we had applications, what did we do? We built an application firewall, right? It makes sense. And it's only going to last so long until we can really take that security inside and start securing it inside. But now the Queen's leaving her castle more and more. So, does the security follow the Queen? It does. And so you're going to have to be smart, right? And so we're at a big data conference. It's using the data you have, to make smart analytical decisions. And you hear that buzzword, predictive analytics. And predictive analytics and security means if I know what's going on inside, and if I know what's going on outside because we have a lot of intelligence feeds, I could probably make a pretty smart guess on what's going to happen next, and I should be able to secure that. And now with some of the big data analytics that we have at our disposal, we can start making even smarter decisions on the servers to use, servers not to use, where my load is, where my load isn't. So when the Queen is gone, we're making decisions that need to be made based on the data. So is that the interesting predictive analytics and prescriptive? Can you break that down? Because that's the new law on set. Most people overlook. Okay, predictive analytics would predict something. Right. Prescriptive means what? I mean, break that down for us. So, prescriptive analytics is, in my mind, is a, I have a process that I'm going to follow and when I see X, Y is done. Right, I mean, that's what happens on the process flow. In predictive analytics, right, it's more machine learning. And it's more if and why and when, and if and, and I'm going to find a medium. This may happen, some probability learnings. Right, and I look for medians, right? I look for medians and then I take actions outside the medians. And machine learning certainly is hot. Now, insights they're saying in the market, what we are and others analysts are saying, I have too many dashboards. I need another dashboard like the hole in the head. So now the focus is on insights. Right. Actual insights. What's the state of the union there? What's your assessment there? So, I'm going to talk more from a securities perspective than I am from I want to know what's going on in my organization. So from a security perspective on a dashboard, and if I, you know, because again, how much data do I have? I'm logging data from everywhere. And I'm looking for that single threat, right? The bad guy can be right, be wrong a hundred times. You can only be wrong one time, right? And so, you know, I think you look at the behavior analytics, whether it's human behavior or machine behavior. And then you, again, you find that baseline and you look for the anomaly above the baseline and you report out on that. Because if you look at a large organization, they're going to get probably somewhere in the neighborhood of two billion events a day and they got to action that down to about 20 to be able to take action on. So it comes more manageable where I only want to see the things that are important to me at a dashboard level and how do you do that, right? You do that by getting your data and being smart about where the mean line is on your data and only viewing the outer part of it. So, good. I was at a conference at MIT a few weeks ago and they were talking about this thing called Enigma. And Enigma was inspired by Bitcoin. And when I see Bitcoin, John and I have been talking, you know, John. Bitcoin, what the hell is Bitcoin, right? So now. You're talking about Enigma, the computer tracker? No, not the Alan Turing thing. That's what I know of. But MIT puts forth this project called Enigma that's sort of inspired by Bitcoin where everything's encrypted, everything's distributed. There's no third-party verification. It's blockchain-based. It's a blockchain-based, right. Are we looking at sort of a new era of security where we throw out the old, this new era is ushered in? Are we going to see the evolution of these capabilities? What's your thought on that? So, we have to evolve, right? Because, you know, big surprise, it's not working, right? Nothing we're doing is working. And if you look at, you know, the new style of encryption, right? Used to say in the old days, it's encrypted everything. Well, okay, that's real good, but you have to use that data, which begins what? I have to unencrypt it, right? And then you have all kinds of problems. So, now we're using things like format preserving encryption, where applications can use it without being modified. We're using tokenization of encryption. So, I think we're evolving that way and that's kind of what you're kind of speaking about, right? It's the same old encryption. It's just being used in different ways and being accessed in different ways because the evolving world, both on the attack spectrum and both on our computing spectrum. And then the other piece, and we talked about analytics earlier, but it came up in the keynotes this morning that on average it takes 200 days to detect an intrusion. I actually thought it was higher than that, but young John said it was 200 days. So how, yeah, okay, so how do analytics play? The bad guys don't want to be found, right? It used to be, yeah, let's make a lot of noise, we're in, virus, now it's like, keep it quiet, stucks in it, and it changed all that. Right, they don't want you to know you're in, right? So how are analytics being used to improve detection and solve that problem? It's looking for the anomaly, right? What is current state and what is bad state? So that's the first thing we have to figure out is what does bad state look like and what does good state look like? And we do that through data, right? Get all the data for six months and you can tell what current state or what right state looks like. And so what we try to do is we try to find, you know, the baseline and above or below that baseline. So where is the anomaly? And then take action on the anomaly. So that's where analytics plays a huge role in determining where that baseline is. If we know what good state is over a certain period of time, it should be easy for us to find out what bad state is. Yeah, and you have those outliers that you couldn't explore in the past. Could not explore, you're spoiling too many. No, there's open up new dimensions, like that movie Contact with Jody Foster, that little, little, little small piece of data can blow up into a massive opportunity. Absolutely. I would use that example, it takes my age. But okay, so let's get back to, okay. I was going to say, you think of that outliers, right? How long ago was that book outliers? I mean, we were talking about outliers for how much, and I tell you what, it's more real now than it ever was before. Well, you can measure everything. I mean, think about this today. I mean, the concept is historic in the world of business history. You can actually measure everything. I mean, that's mind-blowing. So now you apply the social change to that. And a lot of things we hear from customers, it's not so much the technology, it's the process. It's like, I got to train people to think differently. That's right. So that is now coming up as the new problem space. Not so much, hey, jam more stuff into Vertica, that's being worked on and going well. But now it's like, wait a minute, I got to train everyone to think differently, whether they're teachers or the boardroom. I mean, so, I mean, you guys seeing that as well. And something that, you know, when I go in and talk to customers, I'm very clear. And I'm a technologist sales guy. And I will always say, people, process, and then technology. That's Dave's line. You cannot buy technology if you don't have the right people or the process to run that technology. You will fail before you get out the gate. And that's something that I don't think people give enough credence to, and that we understand. And I think there's a lot of software companies that go in and try to sell software without understanding. Jam it. And you know what, you know what that happens? A lot of hardware companies come shelf out of this company. I mean, that's what our industry does, is we jam technology, but we've learned. We've learned. We've loaded software, so the software's thinning out, right? What's happening is you have now composite apps as Colin was talking about. Chip was just on here, you got startups, OEMing, you're engine. I mean, VC-backed companies, this is tier one VCs. They would never allow that. Build your own, we can't let each be, oh yeah. But now they can just, it's okay, it's not threatening to their value proposition. So total time shift going on now with that investment community. So how does that work for you guys? Cause you guys were the one selling the old solutions, right? So HP, you know, I'm just going to say old solutions, but like, you know, the old, go back 10 years, go back 20, SAP days, remember the glory days of client server? I mean, I mean, those were gravy trains, six month migrations, planning. Services, yeah. Six years in some cases. See, listen, from my perspective, and I come from security, right? I'm fortunate enough to lead all sales for software at HP, but I come from security, and security is one thing. Security is services led. You have to have credible solutions. You have to be credible yourself. You have to have confidence and trust in a customer. If you take how we sell security, because security is not a product, right? They're buying you as much as they're buying any type of product you have, because you can only sniff so many packets, right? So if you take that same manage, and you apply it to today's software, such as we're going to cloud-based, and, oh my goodness, and you look at it more there, and building that confidence and credibility with a services-led process in people, then technology. I mean, listen, coming from a sales guy, that's how your deal gets bigger, right? Our customers are going to buy from you. They're going to bridge the process. They're going to buy more from you, if you can add value, and you can actually distinguish that value before a piece of code is installed in their service. Okay, so how are you handling the sales? You walk in and say, put that coffee down. I mean, what's the sales process like? I mean, are the sales be closer to you? Coffee's a closer, right? A B C, I always be closing. That's right. Are the sales guys? We have a cape and everything there. We have a cape and everything there. We're getting TwinGarry, TwinRoss comments into the interview. Coffee's for closers. I would have done it. Yeah, but the sales also have to change. So now it's, you know, I sold this product line. I'm monolithic, you know, I was a very siloed sales guy. So interdisciplinary becomes a pretty big deal now. It does, right? They buy from me as a human, as much as they buy from any solution that I'm selling, number one. In the old days, right, the sales manager, I've had sales managers that said, you know, you sit in that lobby until he comes out. You sit in the lobby, wait in your car until he comes out. It's just some work today. If you don't provide value, and you don't educate your customers, and you can't build credibility, confidence and trust that customer, you are not selling that customer's software. I mean, there's no, and so I spend a lot of time. Trust relationships, critical. Absolutely. And I have, you know, again, I came from security. So I have a lot of security contacts in the industry that follow me every, you know, depending on what company I'm at, I call them up, they trust me. And I'm very ethical and high integrity. Those are important parts of sales that don't actually go with sales. The word sales and integrity and ethics don't go together. They have to now or we're going to go bankrupt. Okay, so if you think about the big players in security, obviously HP, IBM's there, RSA is there, you know, Symantec actually, they're getting acquired today. That's a different dimension. No, just the Veritas. Just the Veritas side. Okay, but still, for those big three, you got some, you know, major players. How does HP differentiate, and especially with that game being trust and up against some trusted partners? Well, so even better. So I've been fortunate enough in my life. I spent 14 years with RSA security. I spent about three or four years with Symantec. One thing that HP has that none of them have are extended value, right? So when I can go in and talk, let's look at, we're at a big data conference. And I'm going in and I'm talking about the evolution of your data collecting and the evolution to a big data problem. I can now talk about security within that context and offer solutions that are both, both for your big data issues, as well as your security issues. I can also supply you servers. I can also supply you your networking gear, right? I can really walk in and solve an end to end problem with that credibility, with that services led that I couldn't do anywhere else, right? When I was with RSA and I would go in and talk about encryption or talked about identity management, I was handcuffed to my solution. And I'll tell you what, at HP, we have a pretty wide in-breath solution. And not only us, it's our partners. We're very partner-centric. So we look to our partners to provide even more value. So I might provide some services, but our partner ecosystem will provide that services. So now you think of the credibility I can provide my customers now, speaking as a HP Enterprise employee is incredible. Now do you guys have your own Salesforce or is it kind of blended in or are you guys sharing? So we have our own Salesforce within HP software. And we're about somewhere, you know, 3,500, 4,000 sales strong within our organization. Globally, correct. And there's certain accounts where you partner with others or they're named, you have big accounts. Yeah, we have named account where HP has a account general manager strategy, and we work with that account name, a GAM, or AGM. We think we call it AGM. We've been nine years back in the day. That's right. So we have at large customer, we have points where we all can kind of leverage that. And others, people like specialty. They want expertise. You don't come in and if you know security and they want to talk big data, you're not the guy. Let's get our big data team in there to go in and really give that customer what they need. It certainly helps in having a printer guy going there. Yeah, that will work. So now that's separated. So the focus is clear. So you got your direct sales force, that's good. You guys hiring, looking for expertise. Always hiring. I mean, listen, there's areas where you can't find enough people. And one is security. And there is not enough security people to support the industry and the problems and the issues we have. And now the same is going for our big data infrastructure. I mean, knowing people who understand the problem is probably half of it, right? And with that background. So those are the two areas where SE is especially. So your ideal sales candidate is not someone waiting for the guy to leave the office. It's not. It's the customer waiting in his office. If you can't provide value. The customer's waiting for you, right? If you cannot provide value to your customer and to your company, don't apply here. Okay, so what's your goals this year? If you're new to the big role, but you've been there, done that on the sales side with security, that's going to be the security pieces under software still, right? Yeah, yeah. There's not that in there. So that's going to be a big part of it. What's the plan? What's your goals for the year? So the number one is to bring software together. Software was last year and before, it was a lot of acquired companies that have run pretty siloed. So even as far as last year, we have a security silo. We have an IT management silo and we have a big data silo, which used to be Vertica silo and even autonomy silo. And one thing that we're doing that Robert's doing is bringing those much tighter together and being able to add more value to our customers to be able to walk in and talk a higher story. There's synergies between those groups. Well, there's synergies and there should be a message that every sales rep in the world, no matter if they're a security, big data, IT management, they should be able to tell the HP software story. Here's the problem. Here's the software issue. Here's the areas we solve. Oh, by the way, here's what you asked me about in security or big data or IT management. But we have to walk in and we have to educate on the larger software story, our transformation areas and how those apply. Yeah, Shippa nailed it. I mean, they got a platform strategy which is very solid and they have a developer and partner ecosystem. So we see the partners, where are the developers? Mostly DevOps, corporate guys. I mean, they've got the startup thing going on, but are you guys see more of that? More developers, more engineering? More, because I mean, we have developer solutions. We have no developer conference, not in the classic sense. Correct. It's more, these guys are just in DevOps engineers or cloud or IT guys coding away and then the front end guys of the app guys are kind of cobbled together, right? Right, right. Okay, cool. And what do you think about the conference here? It's pretty cool. I mean, here's the great thing. I'm from Boston, right? And listen, I travel the world and especially in this new job, I'm gone all the time. So when something pops up and we got a big data conference in Boston, like, I'm there. I'm in, I'm in, I'm in, I'm in. I'm the same way. What do you really do? Oh, Boston. So it's, and just to know that you may look around, look at the floor and the partners that are here and the amount of people and the excitement, it's pretty cool. It's pretty cool. They really nailed it. I mean, three years ago, when we were here for the first year, it was a rogue operation. It was like guerrilla, you know? But they wanted to bring the DevOps guys because a lot of the early vertical customers were the big hyper scalers, you know, the guys who love the product. So that's now mainstream. Full stack developers are in big demand. And I'm learning a lot of that. This is a learning experience for me as well and understanding what the problems are. You live in a security world. I understand the concepts of big data. I played in big data. Security's a big data problem, right? Totally. But understanding, you know, the in-depths and how it works. And I've been asking people to give me demos and you know, you're a sales guy, right? But yeah, I've learned it a lot. It's been great. Thanks for coming on theCUBE. Really appreciate taking the time. Thanks for joining us. This is theCUBE live in Boston, Massachusetts. We'll be right back with more from the special presentation of theCUBE at HP's Big Data 2015. We'll be right back after this short break.