 We're here with Herb Kelsey, who leads Project Fort Zero for Dell Technologies. Fort Zero was introduced at Dell Tech World, 2020, and to me, it's like a one-stop initiative to get your arms around an end-to-end zero-trust strategy and implementation. So Herb, great to have you. Thanks for coming on. Absolutely. Happy to be here. Happy to have this conversation. Yeah, so with Fort Zero, you bring together an ecosystem of partners because you can't do it alone. You tackle this emergent framework to help, as I say, customers operationalize the sort of different parts of the puzzle. But before we dive into that, you have had a kind of an interesting and extensive career in cyber, both at Dell and prior to joining Dell in 2021. What led you down the cyber security path, and in particular into the government sector, and then into Dell? So what led me through my career, I've had three sections of my career. The first I was doing a fair amount of commercial work for large organizations, working with financial institutions, automotive, and building out large-scale systems. Once that alignment happened, our team got asked to go support the U.S. government. And what it really turned out is that cyber security at the time, wasn't quite coined to that, is about building large, complex environments that can defend the data. And so having done large-scale infrastructures, it was a pretty natural fit. So supporting both our imagery customers in the U.S. government, as well as our DOD support agencies as well. I got a pretty much 10-year background in building secure systems, which culminated in doing some of the first secure clouds for the U.S. DOD. After that, I started working with a lot of private equity firms, helping them introduce their capital into the technology and the security market. And toward the end of my career, with a lot of friends in the industry, I got asked by Dell to join the CTO's office about two years ago to help build out the security strategy for Dell. Interesting. You've seen it all. And of course, seeing the investment side of the equation, too, as you well know, security is a very complicated matter, a lot of different tools. A lot of investment goes in to solve the latest problem. And it's very important, but it's also complicated for customers. And I feel as though there are a lot of products out there, Dell as well as a product company. And then this concept of zero trust comes in. Prior to the pandemic, it was sort of a buzzword. Post-pandemic, it's become really a framework and a bit of a mandate and obviously a journey. So I'm interested in how Dell is aligning its security north star on zero trust as a framework and a model for the future. Certainly. So you mentioned kind of how the pandemic accelerated things. I believe what really happened is that organizations had to deal with the fact that their security perimeter was now their employee and their customer sitting at home at the end of some device, whether it was a phone or a laptop. And that really stretched the boundaries for most enterprises. And so coming out of the pandemic and then also with the US government is showing the mandate, the zero trust framework became a much more prominent element of security for both government customers as well as private sector customers. And what's really happening is that it's a collection of best practices. It's collecting these best practices across a whole number of capabilities and activities that the government has determined with best secure system. And so that's why we need an ecosystem. You need to be able to bring all of those capabilities together and make sure that they're integrated at the same time and interoperating, working together to bring about the security that zero trust promises for an organization. So for Dell, it's been looking at all of our capabilities internally and making sure that we're supporting a zero trust framework, but also project for zero, bringing that together into an integrated solution, managing that ecosystem and meeting the government standard for zero trust that DOD put forward so that we can ensure that we have a solution that's validated by the government as meeting the zero trust maturity that the government needs. So given your very background, I'm sure you can, you can empathize with both the cyber security pros that are getting inundated, you know, and the government, although sometimes I have to say you may not like this, but I feel like sometimes the government is finger wagging and the poor cyber security pro is like, I'm doing my best here. And so people talk about the idea of security generally zero trust as a team sport, you know, you hear things like it takes a village, but I want to know what that means specifically and how Dell is building an ecosystem to do more than Dell can do alone specifically as it relates to zero trust and cyber resiliency to help that poor practitioner who's getting inundated. So that's a good point. And that practitioner, if we extend it, it's an individual, it's a CISO, he or she, but it's also an enterprise. In terms of the idea that the government usually finger wags, I would say that in this case, the government has done something different. They've done it for security and zero trust. It's similar to what they're doing for artificial intelligence. In this case, what the government did is they issued a mandate from the executive branch that mandate then has been followed up with funding. That has also been followed up with a very detailed architecture for zero trust to implement zero trust that's come out of the U.S. DoD. So in this case, they've issued a mandate, they've funded that mandate, and they've prescribed how to go about building that system. So in terms of helping the practitioner, what we learned as we spoke to a number of our customers, both private sector and public sector, is that their number one concern was how do we integrate all of the various components of a solution into a complete solution? How do we do that? How do we relieve that integration burden and that integration debt, if you will, as well as find all of the right people that we need to have the skills to do that? So as we looked at that landscape, we made the decision, again, with Project Fort Zero, that we were going to take on the integration burden, build the relationships with each of the companies that we needed to in order to meet the needs of the zero trust solution and that we would do the integration. We were asked to do that on behalf of the U.S. government. And as we've spoken to our largest customers around the world, we're finding a very receptive audience because while we're building out that technology solution and making sure that it meets the architecture that DOD put forward, they're then free to start looking at their organizational and policy requirements to implement it. So it's a great example of public and private partnership. The fact that I thank you for sharing that this is not yet another unfunded mandate that they're putting the necessary funding behind it. And, you know, that integration burden that you talked about. I mean, building a zero trust model. The big thing I hear from customers is it's really hard to operationalize. So what I'm hearing is that you are helping with bringing specific expertise and talent that companies and organizations might not have. And I think I'm getting this, that you're helping address that talent gap that CISOs tell me is their number one challenge. I believe we are with the system. We have individuals that have solid backgrounds in each of the elements of the zero trust solution, as well as in identity management. It's taken some time to assemble that team. But what we're really doing with that team is reducing this to something that will be generally available. We're reducing this private cloud to something that Dell can ship as a solution. We are not proclaiming that we're zero trust. We're actually being evaluated by the government to ensure that we meet their maturity level for zero trust. They have to target in advance, not at DOD. Our objective is to meet the advanced criteria. By doing that and being able to deliver that as a solution out of Dell as a generally available capability, you now have the ability to put a private cloud in your environment and expand it to meet the operational needs that you have. We're reducing the operational impact by not disrupting your current environment, allowing you to move workloads into our environment as you prioritize, as you see fit. And so, yes, we are really trying to address what we were told were the top issues for our customers, whether that was helping resolve the integration burden or help closing the talent gap on their behalf. Thank you for that. So I want to come back to Project Fort Zero. It was announced earlier this year at DTW in May. We've seen a pattern over the past couple of years at Dell Technology Worlds where Dell will announce a project and then a year later, it turns into a product, but zero trust is different. So can you explain a little bit more about the initiative and how we should think about the project's progression, where we're at and what we should expect going forward? So when you say zero trust is different, I'm going to interpret that. I'm going to interpret that as saying it's not just using Dell capability, it's using capability from, as we spoke into and announced, over 35 different partners. So yes, that makes a difference. It raises the complexity of how we bring a solution to market, but that work is well underway. We've done our design and build. We're in a test phase now. We are anticipating being assessed by the government here shortly. And we are going through Dell's process to take this solution out of our incubation environment, if you will, and bring it to market, just as we would any other engineered solution that comes out of Dell. And so it's different in some of its aspects. It's different in some of the complexity. But what we will have is a solution that allows you to purchase a zero trust environment and scale it to meet your needs. And we've had, again, a great deal of success with potential customers who like this approach and who are waiting with great anticipation when they can start consuming and piloting this capability. So we hope to follow the trend of Dell. As you rightly said, there's a progression from Dell at BTW. We announced a project and, you know, shortly thereafter, we announced a product and then we start shipping. And that's the process that we are undertaking. Very good. We are talking, you alluded to AI a little bit earlier and it's obviously top of mind. I wonder if we can get your perspective on Gen AI in a couple of dimensions. You know, one is AI safety. I almost feel like Herb, if you want to be safe with AI, don't use it. And it's going to be impossible not to use it because it's going to be everywhere. So the public policy has a real challenge there. But that's one dimension. The other, of course, is related to the impacts on the attacker and the defender, you know, the increasing threats versus deterrence and how that all fits into zero trust principles. Can you help us put the puzzle pieces together there? Yeah, let me let me try and approach it this way. There are there are two aspects that we look at from Project Fort Zero. One aspect is that one of the large changes in in the evolution of zero trust itself was using AI in the pursuit of securing your data and your system. And so what that looks like within zero trust is the ability to use all of the logging and telemetry that we get from both what the users do and how they access data and applications and combine that with all the telemetry of attacks and problems or incidents within the infrastructure itself. You combine all that together and you can build very sophisticated AI models that help you speed up the responses to attacks against your system. That's core that automation and orchestration and logging and telemetry is all core to the evolution of the zero trust architecture. And we're building that into our system. We can build an AI that tracks how a user behaves within the system. If somebody happens to get through some of the defenses and steals credentials, if they don't behave exactly in the manner or within a tolerance of the behavior of the person whose credentials they've stolen, we can flag them and kick them off the system. So that's one way in which I think AI is important for us from a security perspective. Now, the other thing is that AI models require data and that data needs to have integrity and as when I was doing investment work, one of the things that we looked at was what's the ownership of that data? What's the provenance of the data? What's the sequencing of that data to build the models? And so major organizations are reviewing that from an AI machine learning perspective. And so you need to be able to protect that, if you will, source data that builds the models. Now, once you have that model, that model is a critical piece of your intellectual property. You're using it to generate revenue. You're using it to interact with your customers. It knows a lot about your organization. I would liken it to the value of a high frequency training model in the financial world. It becomes the AI model becomes something that you absolutely have to protect because it's going to impact your operations. If it's gone, it's going to impact your revenue. If it's gone. And so when we talk about AI here, we talk about how we're using it to speed up the automation and orchestration and responses to attacks. But we also talk about it in terms of it being a high value piece of intellectual property that needs to be protected. And we talk about it in terms of securing the data that actually builds the models. And that's what's been resonating with was several of our customers over the last six months to a year. And that notion of provenance and lineage with respect to AI resonates with me, Herb, and a company like Dell that's trusted, I think brings a lot of credibility to the zero trusted environment. Herb, thank you so much. It was really a pleasure speaking with you today. Well, thank you very much. I appreciate the questions and I look forward to an opportunity to do so again. Love to have you back. Okay, we are rolling along live in studio and on demand from our Palo Alto studios. You're watching navigating the road to cyber resiliency, a summit bringing together practitioners, cyber experts, analysts and technologists to explore cyber security and data protection. Keep it right there.