 And the guy at the counter recognized me and said, are you listening? Yes, I'm tweeting away. I tweet, I'm tweeting away. He is kind of rude that way. F***ing keyboard. John Cleese joins the CUBE alumni. Welcome, John. You got any phone calls you need to answer? Hold on, let me check. From Silicon Valley, it's theCUBE, covering RSA Conference 2017. Now, here's your host. John Furrier. I've been in the studio back from the floor at RSA. I'm John Furrier, watching theCUBE. And we are here with Akash, who's Oracle Security. Welcome to theCUBE. Yeah, thanks. It's great to be here, John. So you're running security practice within Oracle. What's your job at Oracle? Yeah, absolutely. So my role is really around helping to secure our cloud. And we believe that's a key and very important aspect for security going forward is protecting and securing the cloud. And then also a number of security products and services and solutions that help organizations deal with today's changing landscape, security landscape, and help their SOC deal with those threats. So a lot of solutions that we have both on-premise as well as a lot of new security cloud services. So Akash, tell us about the landscape on the threat side. Because what's different at RSA this year to me is, at least from our observations we up there for the past two days, we'll be up there tonight in some of the VIP parties to get the scuttle by most of the industry. But the industry seems to be evolving very quickly around a call to arms, if you will. There seems to be a call to arms around the cyber threats. It has almost a military feel to it this year. Obviously you have a lot of government officials up there. This isn't like the hackers anymore uniting to fight the bad guys. This is a complete industry call to arms. Do you see it that way? And what's your reaction to this year's RSA? What's bubbling up to you as the top trending topics and themes? A great question, John. So I think one thing that I've seen a trend over the last few years is that just in terms of the type of people that come to RSA, security has become a very relevant and pervasive topic across business leaders, across government leaders around the world. And so it's no longer just an IT problem or conversation. It's a CEO conversation, it's a board conversation, it's a presidential conversation. So one is you just see the type of people that are there. The other thing that I definitely, there's definitely a couple of themes that have emerged at RSA for me. One of the themes is definitely around the more sophisticated types of attacks. And you see all these new technologies that have come out, you talk about cloud or you talk about artificial intelligence, mobile. And one of the first people adopting those are attackers and cyber criminals taking advantage of those and revolutionizing their techniques, tools and procedures around these new technologies. It just seems so easy to me to fix this problem. I mean, I have an answer in the answer is encryption, right? I mean, why not just encrypt everything and have some awesome endpoint verification biometrics. I mean, outside of the case when Tom Cruise takes his eyeballs out in a minority report. But I mean, at some point, there'll always be a fail on the human side, but like, can't we just solve this in encryption? I mean, this has been a big conversation. I mean, just encrypt everything. Yeah, and definitely, I think like, if you think about it, there's definitely encryption, it definitely plays a key role as part of the overall security posture. But when you think about, you know, things like defense and depth architecture securing at every layer, those are also really important. And one of the things is with a lot of security to date, what's happened, John, is people haven't been able to even turn security on because it's been very cost prohibitive, very, you know, impacts your performance. So if I turn on security on your laptop, yeah. From a technical perspective, you know, cycles and compute, but also business performance, do people have the people to do it? I mean, can you, I mean, you mean both or one or the other? It's absolutely both. It's definitely both. And from a performance standpoint, like one of the things Overhead in terms of like resources. Yeah, yeah, because one of the things that's really interesting is we talk about technology side, but if you talk about the people side, one of the professions that is significantly under staff today is cybersecurity professionals. They did a survey recently and you'd be surprised, John, they're saying there's over a million job openings for cybersecurity professionals and 66% of those can't be filled, will not be filled because there's not enough talent to fill those jobs. So there's a huge gap in terms of, you know, to type of work. All right, so this is the thing that gets me excited because, you know, we have the tech truth as our kind of open source of news reporting. And we've been saying that, you know, women in tech and certainly the diversity side is being worked on. But on the other end of the spectrum, our new theme with our tech truth is cyber warfare, cyber talent. I mean, my young kids are gaming, they're on steam, they're on multiplayer game. This is the profile of our next potential candidates. So all those gamers out there sitting around, you know, gaming, where do they go to get trained on this? Because I think there's an appetite between the new generation of digital natives who are very fluent in coding and doing, whether they're throwing R at something on some of that data science or they're multi-faceted, multi-tool player, if you will. Yeah, it is great. It's great to see that a lot of the curriculum today is starting to incorporate cyber security as a theme. Everything from the policy side to the technology side, you know, across the board, so security. What would you recommend? So a couple of things I would say, like, and things that I found for myself to be really practical, one is just get involved. Like, find organizations that help, you know, join the local meetups. There's so many meetups. Like who? Like who would be a good one to join? So like in the Bay Area, for example, we have Bay Area cyber security meetups, right? A lot of organizations, like companies, also sponsor a lot of events, like even Oracle. We have every single one of our events. If you come to an Oracle event, whether it's a Cloud World, a Cloud Day, Oracle Code, there are security sessions there to learn about what's happening in security, what cyber security professionals are doing. So those are great ways to learn more. What's the big walk away for you this year at the show? What jumped out at you that may or may not have been expected? I think two things. One that I would say I was expecting is that, you know, security really is a reason to move to the Cloud now. And so the type of security- They wouldn't have said that before. Before it was don't go to the Cloud for security reasons. Now you're saying- You're going to get much better security in the Cloud now. And that is, you know, provided that, and here's the key takeaway, John, is that provided you go with the right Cloud vendor, you can absolutely get much better security. So you get all the agility, all the benefits of Cloud, but you also get more security. And there's a list of things. We actually, one of the panels I was on, we talked about, what are the best practices? How do you choose a good, you know, Cloud partner and especially around assessing the security capabilities? Okay, so on the other side of that coin, I want to ask you the question. What's the noise? What was the noise at the show? Every show has a lot of the, you know, noise layers, whether it's security washing, what was the thing that just was that fell flat this year in your mind? You know, there's a couple of things. I think like every year you will see there's a lot of new emerging technologies that are out there. And I think that some of them, you know, what's happening today is cybersecurity professionals are saying, look, we got millions of alerts. I don't need any more alerts. I just need to figure out, what are the most important alerts out of those millions? And how can I quickly, more quickly respond to those? So a lot of the technologies that I think are like, hey, let's get you a lot more alerts. That's something that's not resonating a lot more. Monitoring package. Yeah. Come on, just give me one more platform. So there's some sprawling solutions, you're saying. Yeah, definitely. And I think like one of the things though, you know, so there's definitely some sprawl, but there's definitely some solutions that are really around unifying what you have and bringing intelligence, automation, and identity at the center of them to help you solve today's challenges. And I think those type of solutions and best practices are really what security operations centers need today to deal with today's challenges. So here's the theme that we saw. I want to get your thoughts and commentary on this. Our reaction is the cyber threat alliance that we were out on the first day, Monday, Fortinet was involved, Intel, which is McAfee Intel, which you know, there's rumors about that spinning out, actually news. You had Cisco there, you had Symantec, you had Palatine Networks. All the chiefs of those businesses out there saying, we're going to share information. So data sharing seems to be a big thing. Is that real? Is that something that's actually going to happen? Are people sharing? Because it seems to be that in security, we noticed at Splunk's event this year that we covered. This is now a new ethos where the security organizations are pretty tightly know each other. I mean, it's a small community relatively speaking. Is it a small community? I mean, what's your thoughts on that? What's your commentary on this? You know, two things I would say. First of all, a lot of the vendors you mentioned, I've been on panels with them and presented at their booth at RSA just yesterday and the day before, I think that as an industry and for the betterment of security, absolutely intelligence and intelligence sharing is at the center of improving your security posture. So understanding who the attackers are, being able to correlate information around those attackers, how to respond, is at the center of helping security operation centers. And even if you think about it, even at the, you know, a lot of the things, even at the government level that have been, you know, been thought about, President Obama has been a big advocate during his tenure around democratizing security intelligence, sharing it in more effective ways. And I think that is kind of something that we need to do. You think that's a good formula? Do you think it's workable? There's both pros and cons to this, John. I think at one hand to solve a lot of, you know, like what I would call petty type of, you know, everyday type of malware. Court scan or whatever, the normal low-end stuff. Those types of intelligence sharing are very effective and they're very important. There's always going to be some types of threats that are, you know, very new and those techniques are not going to be sufficient for every type of attack. It's definitely a good best practice, but it's not sufficient by itself. Yeah, so you use rules and heuristics to look at all the common patterns you trap on those. But it's really the new ones that people got to be careful of and there's no pattern there. What you're saying, big data can't solve a pattern. It hasn't seen. Right, and one of the things, and the reason I say this in particular is because if you look at some of the most advanced attackers, they're so persistent, they're so well-funded, they will find a way in. And in fact, when you look at organizations that do instant response and do investigations, they're saying organizations are already breached, but they don't know whether attackers are still in data yet, right? They have backdoors, they have CNC communication at the vast majority of organizations. So that just shows that persistent attackers will find a way in. So you have to assume that they're in. That's kind of like the mindset. Okay, cool, so final question, going forward as RSA and got Black Hat coming around the corner as well. State of the industry, I mean, the level of attacks and threats have changed. We were talking before we came on camera about your time at McKinsey, where there was no CISOs roles were just kind of coming on board. Now everyone has a CISO. There's all kinds of new challenges around that. So you got challenges and opportunities. What's the current state of the landscape? Visa V, kind of where you were when you were at McKinsey. What's the evolution trajectory look like? So I think a couple of things. I think one is that your attackers will continue to get more sophisticated. And we've seen that. We've seen APTs have ran somewhere to just recently seeing attacks, like distributed denial of service using global internet of thing devices. I mean, like five years ago, a lot of those technologies didn't even exist. And now attackers are doing that. So attackers will continue to get more sophisticated and leverage latest technologies. On the other hand, and this is where I think the real opportunity is, security operation centers need to rev up their game and keep pace with the attackers. And some of the things that I think you're gonna see in the future, one is concepts around things like identity sock where users are the new perimeter. Your network perimeter is dissolving. IT admin can't say, hey, John and everybody will keep you safe. Just sit in the office behind our firewall. People are mobile. People are accessing application in the cloud. And now users are the new perimeter. You and I and every one of us are the new perimeter. The devices we use, the apps we use, we're the perimeter. So we need solutions like identity sock that are tied together all your solutions with intelligence, with automation because there's too many alerts. So we need intelligence. We need automation. We need identity at the center of it to help security operation centers keep pace with the attackers. All right, Akash Bagarava, who's on both Oracle security. Thanks for coming on and sharing this live conversation. RSA coverage continues with theCUBE here in Palo Alto. We'll be up in San Francisco later today. Jeff Frick and I were there for the past two days. Wall-to-wall coverage, we'll be right back after this short break. Hi everybody, Jeff Frick here with theCUBE. We are on the ground in Dearborn, Michigan at a huge Ford event. It's called hashtag Ford Trends. It's a two-day event where Ford is bringing in some kind of social media people from all over the world to really talk about disruption. It's all about disruption. Mobility sometimes talked about as autonomous vehicles, but really it's a two-day slate full of a lot of key executives from the Ford team. We got to go out and drive on the autonomous vehicles. But really, again, talking about disruption, changes in the way cars are powered with hybrids and electronics, changes in ownership patterns with ride sharing versus individual ownership. A lot...