 Okay, it's a one o'clock block on a Monday, actually. And this is Think Tech Tech Talk, so we're going to talk about tech today. And let me just introduce the subject by saying, you know, we can't be complacent about the underlying tech that we benefit from in our lives. We rely on tech in so many ways. Our whole civilization, our global civilization relies on most of the information technology but other kinds too. And so once in a while we have to take a look at the companies that are involved in providing it, whether we realize we are, you know, benefiting by them or not. And this is one of those occasions. We have the Yanis, okay? We have Isabelle Yanni and Terry Yanni from Cisco Systems. Fabulous. God, they've been around for a long time and you guys have worked for them for a long time. So let me give you titles, okay? It's important to give you titles, okay? Terry is the cybersecurity, a cybersecurity specialist for Cisco Systems and Isabelle is manager of partner sales. You guys are going to have to explain this to me. Manager of partner sales. Are partners different from regular people? No, partners are amazing people too. So over 85% of Cisco's business, which were a $50 billion a year company, over 85% of that business goes through our partner community and our partners are highly certified and specialized resellers who help us with our customers and help sell to our customers and take care of them. So the team that I lead manages our partner relationships for Southern California, Arizona, New Mexico and Nevada. Where are you located? Where are you working? We're based out of Phoenix. Okay, wow. Yep. Cisco has offices in pretty much every major city all over the world. And what is Cisco selling? I mean, where is its focus these days? I mean, you know, when I was a young child, investing in the stock market, buying shares in Cisco, CSCO, I always, you know, I thought of Cisco as a switchmaker. And if you look down with X-ray vision down below the street, you would see all these cables and switches and they all said Cisco on them. Is this still the case? It's definitely still the case and we've really expanded outside of switching and routing, which were, you know, our first two products. But we sell across all of the enterprise needs and from networking to data center, to collaboration technology as well as security and then all of the services that go around that too. So it sounds to me, and we'll get into greater detail about this, is that the name of the game in information technology is collaboration with other companies. You have to fit together. And I'm reminded of the story of Wang. My law firm had a Wang system and Wang was very proprietary. Nobody could connect with Wang yet how to buy special gizmos if anyone was going to, you know, use, you know, connect some other system with Wang and ultimately output. And so you have these days, especially right there. Oh yeah, absolutely. It's absolutely critical that we're not siloing ourselves and limiting our understanding of the world just through our lens. It's critical to be able to work with even our competitors to understand, you know, the value that they bring, a collaboration of ideas. And it's to the benefit of the customer. The customers, in my experience, have been demanding for years that we work with our competitors to deliver a better outcome for them. I have security tools from Cisco, I have security tools from McAfee, I have security tools from Checkpoint. Wouldn't it be great if all of those work together, talked to each other, shared intelligence, so they can understand what threats look like and be more effective in eliminating those threats. I mean, that's really something that I've seen come to fruition. After years and years of customers asking for this, we've kind of got the framework now for these tools to work better together. And it is a competition in some regards because we are trying to compete for business in some areas, but we really have to understand to the benefit of the customer and their customers, especially if it's healthcare, to the benefit of the patients, how do we protect their information? How do we deliver patient safety? How do we deliver all of the things that they're looking to deliver in the most effective manner? So you're working on API program or interfaces where you can allow other companies access and you get access to their stuff. But my question is, talking about, for example, privacy in healthcare and talking about cybersecurity, and I want to talk about that in length, there's a risk that if you give away an API, if you give that to someone else, it might fall into the wrong hands and they can muck up your system, isn't it true? Long story short, API is just an application programming interface allows a structure or a framework for somebody to communicate with your equipment. In the groundwork of how we would do this for a customer, all of those interfaces have to be protected. So that's part of the security system. So part of it is to allow us to communicate with other tools in their environment, but all of that environment needs to be protected against an outside threat. So people should not have access to those unless they are designated access to those. And there should be different levels of access based on your role. You're controlling that? Of course. Of course. Yeah, we call that our back or role-based access control, and that is paramount to a security system. Serious. This also goes with the partners, doesn't it? You can't let anyone be a partner either. You have got to make sure that that partner is a real person or a company as a case may be. That partner is not going to divulge information or access that would compromise either Cisco or its customers. Absolutely. Cisco has one of the most mature and well-developed partner programs that's out there. That's part of the reason why it's called as a pinnacle of for partner programs in our industry, which is really amazing and wonderful. And we have really, really stringent requirements and certifications that our partners go through and agreements that we enter into together that we're going to protect our customers' information, that we're going to, you know, follow a set of policies and processes to make sure that we're always doing the right thing for the customer. Check up on them. So, I mean, really the center discussion as far as I'm concerned is about the role that Cisco plays in cybersecurity. And to get to that, we should talk about what cybersecurity is and what it's intended to deal with and how fast it's moving in a world, especially in an information technology world that is moving so fast and so globally with all kinds of players, including players you wouldn't have a beer with, you know what I mean? Absolutely. So, what's going on in cybersecurity and what does it need to deal with these days? Yeah, so that's an excellent question. I think I'm going to bring up two things that I, there's so many things to talk about, I'd like to start with just two. One, and this is kind of a call to action to anybody out there interested in the information security business. There is a 12x demand for IT professionals who have a security background, who have learned about security. That is one of the biggest shortcomings we have today. We are way understaffed and more than any other role out there, they are looking for security experts and, you know, they'll take, I've heard stories where they take truck drivers and put them in a security operations center. Six months later, they'll go on and move on to another job because they've got six months of experience in a sock and they'll move on to another job that pays them twice as much. It's just an amazing vacancy for these types of positions. 12x, can you explain that? Yeah, so if you're looking at IT professionals across the board and the demand for those professionals, the demand for security-focused professionals in the information technology is 12x greater than that for any other IT professional out there. So that's one of those things that we're extremely short staffed. So I did, and I'll bring in a live example, I had a health care customer who had 40 open headcount for security professionals because they had been breached and they were looking for a build out of security team. They tried to run it with a team of, I believe, 12. And it did not work for them, they had to expand the team, they had to bring in outside help, they had to bring in all kinds of things. But 40 open headcount, and it took them over 12 months to fill half of those positions because they just could not find qualified individuals for those roles. A lot of that was also filled by retooling network professionals. They took network professionals and said, we're just going to have to get you guys up to speed. That's not the ideal, but I like that they tried to make that effort to reintegrate some of the current staff and retrain them and get them up to speed because those two areas of IT are blending together. Well, if I wanted to do this, and I think there should be, we hope there are a lot of people who want to do this because it's important. What do I have to study in school? Is English literature helpful? You know, you're talking to a guy who was a studio art major. Is that right? Yeah, yeah. Must be a connection there somewhere. Yeah, you know, they actually say that the folks who study music make excellent developers because thinking about music theory and how to orchestrate music and get it all to fit together is very similar to writing good code. So from my standpoint, I would just say anybody can apply. I mentioned the truck driver scenario. Yeah. As we see things like Uber and self-driving cars take over that industry, it will be interesting to see if we can retool the, I think it's five million workers in that business who may need to find a new occupation or a new job. So it's an interesting example in that regard. I would say anybody. Anybody who has an interest, that would be who I would target. If you have an interest and you find this cybersecurity work riveting as I do, you may want to pick up a book and read, start reading some of the online trade rags, explore, experiment, talk to companies who are looking to hire these people. It's not just coding though, it's strategies also. It's figuring out what the black cats want to do. Yeah, absolutely. So we have all kinds of programs around that. There's industry standard programs. For example, CISSP certification. Please don't ask me what that stands for. I took mine years ago, and it's a long acronym. But it's an industry standard and well-accepted certification that you could take. There are different companies offer their own certification programs. Cisco, of course, has security certification programs that can get you started. I know that a lot of our competitors have those as well. And then the school part, yeah, if you do learn how to code and you learn scripting languages, we're seeing a whole lot more emphasis on security professionals who used to just be policy writers. And that was really the strategies around writing policy and enacting and executing that policy to make it effective. They're now being asked to do more coding, to be able to execute against that policy. So it's one thing to be able to understand security principles and write the policy. But now it's the demand is, hey, I need you to execute that as well. So let's make sure that you know how to write code and do some scripting to execute that in the system. How do you keep a lid on it? I mean, a member of Snowden, he could take secrets and give them to the wrong people. So I suppose there are black hats who come in and want to have white hat jobs. And there are people who used to be white hats who sell themselves to the enemy. How do you keep that door closed? I think, I got to be honest, I think that that's a game of numbers. And when I say it's a game of numbers, it's like anything else in life. They're going to be good people and they're going to be bad people. And you have to accommodate or hedge in your system for those types of things. So a great example of that is, it's not a question of if you're going to get breached. We can't prevent all breaches. Something bad will happen. It's a question of what systems you have in place to deal with that. So if you do have bad people in your organization, how quickly can you limit the amount of access they have to do real damage? How quickly can you remediate what they've done? And how quickly can you have a return to normal? You know, Isabella, I'm going to tell you anything you don't know. But in a year and a few months, we're going to have an election. And there's a lot of concern around the information technology that has to do with polling and voting machines and all that. Is Cisco involved in that? And how do you assure your clientele that you're taking the best steps possible to avoid incursions on our democracy? So I think that's a really interesting question because politics and what's going on in our political system is something that's really interesting to me. I can't speak for how Cisco is involved. We certainly do a lot of work with a lot of governments. But one of the things that I think is really interesting about our last elections, and if you look at what's going on in how social media has been used as a tool to move an electorate in one way or another, I think that's one of the areas where we all need to be really, really vigilant and really think about what kind of news are we being fed? What kind of news are we seeing on a daily basis? How is that influencing our thoughts and our decisions around who we vote for? And how do we make sure that we're turning to really credible news sources and not just exposing ourselves to the types of ads and the media onslaught that we've seen in social media that has caused huge swings in elections, it seems like? Well, it's essentially propaganda. And there's not necessarily validity to it. So I think that's one of the biggest things is finding trusted news sources. People actually have journalistic integrity. And that's not something that the company would deal with. That's something that you as an individual have to understand. You really have to be critical in your thinking and I think maybe start by saying, is this opinion or is this fact? Or analysis. Or analysis. Or analysis, yeah, exactly. And what's the source of this information? And is this a trusted reputable source who does source vetting, sorry, trusted information from a source that does vet their actual sources? Oh, interesting. I want to take a break. I have some more questions about that very thing. And it's sort of in a creative way. Oh, I can hardly wait to bounce my questions off you guys. Take a short break, come back, and then we'll get into it. Sounds good. Aloha. I'm Keisha King, host of At the Crossroads, where we have conversations that are real and relevant. We have spoken with community leaders from right here locally in Hawaii and all around the world. Won't you join us on thinktechhawaii.com or on YouTube on the Think Tech Hawaii channel. Our conversations are real, relevant, and lots of fun. I'll see you at the Crossroads. Aloha. Aloha, I'm Winston Welch, host of Out and About. It's a show that we have every other Monday on Think Tech Live here. We explore a variety of topics that are really interesting. We have poor organizations, events, and the people who fuel them in our city, state, country, and world. We've got some amazing guests on here, like all the shows at Think Tech. So if you want to catch up on stuff, tune into my show every other Monday and other shows here on Think Tech Live. It's a great place to learn about stuff, to be informed, and if you have some ideas, come on my show. Let's talk about it. See you later, and Aloha. Okay, so we have people like Mr. Putin who would like to interfere and deceive our electorate. And who knows who else these days, because the interesting thing is a lot of that internet research agency, IRA, and all the deception and misinformation in Moscow has actually been copied here. It started there and it spread here, I think, in some ways. So it'll be a feature in a year or so or less. So the question is, with all the strategies that you have to use in dealing with the bad guys, why can't we use artificial intelligence to spot information that is likely to be deceptive? And you may not be able to do a perfect job, but at least you can raise a little red flag, a little red flag at the top of the screen and says, watch out for this one. There's something fishy about this, and then let the user make his own mind up. Is that happening? Absolutely, you should ask that. Yeah, we absolutely use artificial intelligence, machine learning, behavioral analysis. We have all kinds of tools to understand what normal behavior should look like, to understand not only who's talking to who, because that's important to know. We tie identity to conversations that have been online and internally and externally, but who's talking to what, because sometimes people are working with machines that are what we call headless. Nobody logs into them, they have a purpose, they serve a purpose, they do a certain thing. Your AC sensor, for example, is going to be connected to the internet and taking instructions. And then the most, in my mind, and the most nefarious is what's talking to what. So devices that have no login and that are headless that only talk to each other, so maybe an HVAC controller that controls all AC sensors in the building. And if I can impersonate one of those, I can do some, I can wreak some havoc to a large, large swath of the population. So we want to understand what that behavior should look like and we want to make sure, you know, hey, and then cross-reference that with intelligence. What we have is we call threat intelligence. So we study the current threat landscape. We understand how it's evolving. We understand where the bad guys live. We understand there are bad IP addresses out there that have always been bad and have never done anything but nefarious stuff. If anybody in your corporation is reaching out to one of those, we should know about it. You should know about it as a career professional. So we have those tools in place. And then understanding, hey, you know, if we're transferring lots of data at off hours from this place to a place outside of our network, why would we do that? So raise the red flag and understand that that's happening. And then lastly, what if J logs in? Here in Honolulu, but also from China at the same time. Should that be possible? Should that ever happen? We'd want somebody to know about it. Right. Yeah. A little red flag. Yeah. I'd like to know about it. Yeah, you certainly would like to know about that. Yeah. You know, you realize, well, first of all, a partner is kind of a customer too, isn't it? Absolutely. A partner is a customer. And so you have to discuss these things with at least some of your customers. How deeply can you get involved in it? How much can you share about that? And can you tell them, as I would if I were you, Cisco is saving you a democracy? Yeah. This is really important, you know? Well, I'm not sure I would go so far as to say Cisco's saving your democracy. But I would say that our customers and partners alike have to make decisions every day with the limited resources that they have for how they are going to run their business effectively, continue to innovate and digitize and grow their businesses all while understanding that attacks are inevitable. Everybody is a target these days. My mom is a target, right? I mean, she gets pop-ups on her screen. Your computer has been locked and does this much in iTunes gift cards. Just like a big corporation would be. So what can customers do with the limited amount of resources they have to stay secure while they're trying to do the main thing, which is running their business, whatever that might be. Whatever it is, yeah. And Cisco is an incredible business partner who are customers in that sense because we do constantly innovate both our own technologies as well as acquire other companies that complement the technology portfolio that we have available to them. But the technology is only one piece of the equation for how customers are going to stay secure. They have to make sure that they also have the right services in place, the right staffing in place with the right training. One of the points that Terry brought up, which I'd be remiss not to talk about, is Cisco has this amazing program called the Cisco Networking Academy, which is a program in high schools all over the world, helping young high school students get ready for careers in technology, for careers in coding or cybersecurity. So thinking about if there are young viewers out there, is there a Networking Academy or a similar program out there near them where they can get involved now and be an advocate for a network and a system that will really help drive business outcomes, but also stay secure the whole time. Are we winning this battle? If I'm your partner hyphen customer and I come and say, look, I represent a number of say small cities in Florida, and they come to me for ransom, they're near with ransomware, can you protect me? Because it's always changing, and those guys out there are mischievous and smart. What can you say to me as a customer, and I worry about that, because in Florida, one of them paid $600,000 and others in the same vein. What can we do for our customers on that kind of thing? Yeah, absolutely. So that's once again a game of numbers and a trade-off. So one of the things that Cisco's done is we have one of the largest threat intelligence organizations outside of government, and that we feed all of the security tools with that threat intelligence, and we participate in the Cyber Threat Alliance with our competitors and our co-operatition, so to speak, the folks that we work with who may compete with us on a day-to-day, but we share that intelligence and we work towards feeding all of those devices. So devices think of, I mean, they're tools, they're static, they serve a purpose, but if you can arm them with threat intelligence, you've just up the game quite a bit, and a lot of times we can actually stop some of these ransomware before they even break out, ransomware attacks before they even break out, because we understand the mechanism that's weaponized them, and we can understand how to kill it and take it offline. And in that case, we can do it, but we can't do it all the time, and that's the game of numbers. So we have that instances where even when they call the FBI, Cyber Crime Division comes in and says, look man, this is a hospital, you've got patients in the ICU, and things are locked up. It's $17,000, either. Just get it done. We'll figure it out on the back. Sometimes that happens, so it's just a judgment call to understand, do we have the intelligence, or do we need to service the end user for the, in this case, the patient? I know you could develop a fail-safe way to identify the people who are asking for the ransom. I would like to sit on the jury. So that's an interesting, it's interesting that you say that, though, because a lot of the ransomware is malware that you can download and buy, it could be anybody. You could go home and buy yourself a nice shrink-wrapped package of malware and then find a weaponization mechanism or vehicle to send it out and make it propagate. And if you knew a few lines of codes, you may be able to alter it. You may even be able to call their tech support because it probably comes with tech support to help you alter your malware. I'm telling you, this is big business. Yeah, but one other example, remember the city of Baltimore who didn't pay it? And for weeks, people couldn't pay their utility bills and whatnot because the city refused to pay the ransomware? Yeah, that's another way of dealing with it. Costs a lot of money, I'm sure. So what about the internet of things? We're not just talking about the city, we're talking about every refrigerator. Yeah, we literally are. So if I was really bent on destruction, I could use this sort of malware to bring everything down, am I right? You know, yes and no, a little of both. It's just dependent on how well those devices were developed and what was the chain of custody through development and then how bad or how good is the code that it was written on. So I'll use personal experience. I did deal with a very large manufacturer who had a very stringent process around everything that they made, whether it was a fan, like a bedroom fan or a humidifier, any of those types of things. And they were also investigating ways to make those devices report intelligence back to them so that they could understand if there was a threat and they could mitigate it before it affected their customers, which I thought was really cool. But the other thing is I did work as an executive who had very large hotel properties. His concern was what if some tax in and dials all of the AC units up because they're all connected to the internet. Turns them up to 99 degrees, they'll have a mass exodus on my hands. And if you move large numbers of people, people get hurt. We've seen that in evacuations of buildings when there's a fire, people trip and fall and stairwells, break bones. So he was very concerned about that. Well, new threats all the time and you guys are like it or not, you're in the middle of it because you're the infrastructure and also the software. But we've had a lot of news lately about the tech industry in general and its interaction with the United States government. And with the Chinese Huawei and all that. And I'm wondering how that changes things for not only Cisco, but all of them. I mean, for example, last week there was this meeting in the White House. I don't know if Cisco was there or supposed to be there, but there were a number of big tech companies, highly capitalized companies that were there and some of them got disinvited. And this has got to be disruptive. So the relationship of the tech industry I surmise is different now than it was say five years ago or even three. Tell me about that, what you was about. I mean, I think that tech is something that whether you like it or not is a part of our lives, it's a part of society, it's a part of how we are continuing to innovate and change how we do things for the better in many cases, despite all of the malicious actors we were just talking about. And the role that tech, understanding that number one, it's here to stay and whether you love technology or work in every day or you hate it, you're benefiting from it in some way, shape or form, most likely, right? We're all totally committed to it at this point. Yeah, I mean, even those of us, we work in the tech industry and we try to keep our kids away from tech and outside of playing and developing in different ways because we know that eventually they're gonna end up doing something related to tech most likely. But when I think about how tech industries are being scrutinized, a lot of it is taking stances on how they're gonna treat their content. We were listening to a podcast or to a podcast about YouTube and whether or not they were gonna take down content that maybe contained hate speech. Companies are under a lot of scrutiny right now about the decisions they make based on political or social decisions. And one of the things, one of the reasons I love working for Cisco is number one, it's not a Facebook so we're not in the content business. But because of our position, we have this great ability to make a huge corporate social impact. So as employees, we're given a week off every year just to go give back to our communities. You can go build houses for Habitat for Humanity, for example, or these things like that. That's great, that's wonderful. What a statement that is. I mean, I think it's really, really amazing. We're headquartered on the Bay Area in California and we committed $50 million to help end homelessness in Santa Clara County, which is fantastic. But every decision that we make, whether it's regarding our technology or regarding what we do with our 77,000 employees has an impact on society and we have to recognize that. And I'm really proud to work for a great company that's made some really great decisions around that recently. You guys have been working for Cisco for some years now. Long time. Long time. You think you'll stay with it? I mean, is it a career? You know, I hear all these stories about people moving back and forth and being drawn away by promises of larger salaries still. So is this a lifelong thing, do you think? Any thoughts about that? I'll interject just because I did leave. And I did work at a competitor for a couple of years and I came back. I think just you have to make a personal decision about that, but for the both of us and for our family, especially for young kids and whatnot, having a similar work schedule helps a lot with our work-life balance. And a company that cares about keeping the family unit strong, we're happy, we're gonna be productive. Yeah, corporate culture is so important. And I just talked about this yesterday with a friend of mine at a birthday party and they have left their position because of corporate culture. And I think corporate culture is a big reason why we are really happy with the system. Well, you know, the country in general, the corporate world in general, globally, can learn a lot from that. Absolutely. And it draws you and it's a great statement about the company. Thank you, Isabella. Thank you, Terry. It's great to talk to you. You have to come back soon. Sure.