 From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE conversation. Hi, I'm Stu Miniman coming to you from our Boston area studios. The CUBE is happy to participate in the Cloud Health Cloud Live event, Corey Quinn and myself going head to head with the great cloud debate. But of course, one of the things we always love is to talk to the practitioners. And so thank you to the Cloud Health team for bringing us the guests that I'm about to speak to you with. Patrick Heatherton, he is the vice president of TechOps at Jobcase, also a Boston area company. Patrick, thanks so much for joining us. Thanks for having me, appreciate it. All right, so let's start, if you could just give our audience a little bit, Jobcase, what the company does and your role in the org. Sure, so Jobcase, we like to position ourselves as the company that is the people first social platform for empowering America's workers. So we've been working with the front line workers for a number of years, helping them secure jobs. When you looked at companies like LinkedIn or other companies that catered towards more advanced degrees, we're doing more of the front line workers, the blue collar workers, about 80 to 85% of our members don't have advanced degrees. And we are currently at about 110 million members right now. We get 25 million unique visitors a month, but we're basically trying to help those front line workers navigate through these challenging times right now. Well, yeah, Patrick, I have to imagine that right now with the global pandemic going on and jobs in a bit of flux, your team must be really busy. Especially if you talk about front line, there's some very large manufacturing and service companies that are doing massive hiring. I know I poked around you at the Jobcase site quite a bit and saw plenty in the Boston area. So if you could, is that architecturally, is there anything you need to do differently? How are you thinking scale and adjust and to manage with the spike in traffic that I expect you're seeing? Yeah, so it's been interesting. We've seen a lot of different peaks and valleys throughout, but right now what we're doing is we're trying to help a lot of folks. There's certain folks who aren't comfortable going back to the workforce at this time or can't because of daycare situations. So we've done a lot of things about filtering for jobs that are remote only. We've done a lot of things about navigating the unemployment lines and things like that on how to make sure that you're focused on getting things. And those who do wanna go back to work, we've been working with some partners to make sure that those opportunities are presented to our user base. Excellent. Well, your session for the Cloud Health Cloud Live event is about security. Before we get into the security piece, just your role as tech ops, can you give us a little bit of how that fits into the landscape at Jobcase? You know, how do you look at tech ops? You know, my understanding, tech ops very similar to SRE, big buzz job lately for site reliability engineer. So what's your responsibility? How does that fit through the rest of the work? Sure. So I joined Jobcase about four years ago and I was given the role of technical operations or tech ops, which basically meant everything that the developers weren't doing from the technology side. So it was more of IT onboarding and security of the laptops and systems there, a little bit of facility work as far as making sure the office was set up properly and things like that, but also the DevOps or SRE team reported to me. When I first started four years ago, it was one IT person and one DevOps person and now we have six DevOps engineers and three IT people. Excellent. Well, security of course, you know, in general has been a very important topic, something you're speaking on. You know, I've been hearing for years the discussion of security can't be a bolt on, it can't be an afterthought. It is everyone's responsibility. The DevOps movement of course has put that really front and center. So tell us a little bit about how cybersecurity fits into your role and a little taste of what you're going to be sharing at the Cloud Health Cloud Live. Sure. So, you know, it's gone through so many iterations. I mean, you've got DevSecOps, you've got the SREs, you've got, you know, RiskOps. You know, we don't tend to get caught up in the buzzwords too much, but more about roles and responsibilities. So, you know, we started off as traditional Dev and Ops teams that basically Dev wrote the code, we deployed the code. We found that we didn't scale very well at that. And we wanted to make sure that we could get a little bit more velocity in the place. So we rolled out the DevOps model and things like that and started giving more responsibility to the development team. That freed up a lot of my team's time to basically go out and start looking at more secure ways of letting our software go out. So that whole shift left mentality, but we wanted to find the things a little bit quicker, make sure we were doing some baseline examples of secure practices and things like that. So that was really where we started focusing in on what we've been doing for the past year and trying to roll this process out. Okay, I did a little poking around online. I understand you're also involved in the Kubernetes rollout in your company. In early days of container security was, you know, a hot button topic. Feels like we've made some good progress on that, but maybe if you could connect the dots between what you're doing on the security side and, you know, general containers. Love to hear more about your Kubernetes deployment too. Sure, so we do everything through templates, through cloud formation. So we kind of locked them down to a certain security groups and things like that. But we're also having a rollout of making sure things are patched in a cohesive manner. So we have a rollout process for, you know, running the latest versions of code, updating everything. You know, that's what my team really focuses on is making sure that we have a clear, concise process for the development team to focus in on and roll out so that they're comfortable with it. Whether it goes through all the environments of our dev environment, our integration environment, our staging environment, all the way up to production, it's the same process. Yeah, and how do you look at that kind of a line between the developers and the infrastructure? So TechOps usually is, you know, building the place and, you know, not the ones that are actually building the new products. And how does Kubernetes fit into that overall discussion? So we have a bunch of different teams that we work with, three primarily, and each one's at a different phase. And I think that's the thing that you have to realize. You have to do what works well for your company. So certain teams do more on the infrastructure side when we kind of give them these guidelines as to what sizes and things like that for infrastructure they should be using. In others, we have to do a little more handholding and make sure that they understand, you know, okay, let's take a step back and understand what you're trying to accomplish, what kind of traffic patterns you want to roll out and get a little bit deeper understanding and work with them. So each team's a little different, but we really blur the line a lot between Dev and Ops. I mean, that's the only way you really develop fast and secure. Excellent. What about automation? How does that fit into everything we've been talking about here? Yeah, so we've spent a ton of time on that. So again, with the CloudFormation templates, it's basically you could blow up an account and just rerun the scripts and recreate the account from scratch with a bunch of auto scaling groups. So if nodes go down, they get replaced automatically. So there's all sorts of automation built in. I think, you know, we've cut down all our alerts 10-fold over the past year just by all these automation scripts and we get notifications that things have happened, but there's usually no human interaction anymore, you know, for simple hardware failures. We're investigating more of a hard problem right now as far as some incompatibility or difference that may have come with an upgrade. So Patrick, how does your organization look at cloud? Are you all in a public cloud or using, you know, multiple clouds? You know, what's that environment? Yeah, so we were born in AWS and we've stayed in AWS. We are not multi-cloud, but we do our DR plan in there and everything, but 100% in the public cloud. Okay, excellent. So, you know, you're obviously using Cloud Health as part of your overall solution. How do they fit into that discussion and, you know, give us a little bit about how long you've been using them and what you've been seeing? Sure, so we started with their cost program, Cloud Health, and we wanted to get a, you know, better understanding of all of our costs, especially when we're going to this more distributed model where developers had the ability to roll out infrastructure. We wanted to make sure not so much that they had budgets but had an understanding of how much they were spending. So when you go from that centralized control as to releasing controlled individuals, what that control comes responsibility and, you know, we wanted to make sure we're making good business decisions. So we rolled out Cloud Health to all the users to be able to see what each program was costing. We did that about two years ago and we've really just finalized it the last couple of months of making sure that everything was tagged appropriately and engineers can see how much each application costs to run. And then last year, we decided to look at some security programs to kind of help us launch that. We're doing a lot of stuff by hand and using some of the AWS services. But we wanted something to kind of roll up more to the executive team to be able to see how we're doing as far as, you know, benchmarks and things like that. So we looked at a couple of different programs but we had such a really good experience with Cloud Health on the onboarding. We decided to use VMware SecureState and have been rolling that out and using that on my team, primarily right now and starting to roll it out to all the dev teams. It's really interesting, Patrick. You know, you've been around long enough. I'm sure that there have been times where security or the billing or all those other things is something that somebody else took care of if I'm, you know, kind of a typical business person. What you're laying out sounds like there's, you know, communication, collaboration, you know, the business and the technical side working together. You know, are we getting closer to that? You know, we're all pulling in the same direction and, you know, have clear visibility as to what the business needs and what the kind of the technical and financial pieces are? Yeah, absolutely. I mean, it's definitely been a joint effort. I work with, you know, the finance team on a regular basis to kind of give forecasts and things like that. Especially during these challenging times you have to know how much you're spending on these bills. I mean, Cloud is one of our biggest bills, obviously for a job case. So we wanted to have a good understanding there but we also want to drive the business forward. We're working with partners right now during these times to make sure we're getting, you know, even some free services as far as doing some trials and things like that to ensure that we're being cost conscious for the company, but also driving initiative forward. You know, Patrick, is there anything out there? You know, in the ecosystem that is on your wish list that would make your company and your job even easier? Well, great question. You know, I think better integration between all the programs. I mean, you've got a lot of best of breed programs out there, so you worry about technology sprawl, you know, from application monitoring to system monitoring to cost monitoring and things like that. There is no silver bullet. So, you know, if there was, that would be great but you have to kind of pick the best of breed in all the cases. We kind of go with the AD20 rule. If a program does 80% but it integrates with other programs then we're going to use that over one that's maybe 90, 95% just for ease of use and implementation. Great, well, Patrick, I want to give you the final word. Any other final takeaways that you would share with your peers as to things they should be looking at or things they should prepare their teams for to be more effective and more secure? Yeah, I would say don't be afraid of change but also work with your dev teams. If you make it too difficult for them or it comes in us versus them, it's just never going to work. It has to be a partnership. They have to buy into the things that you're trying to do and in most cases they will. They want to do the right things but you've got to kind of eliminate the noise from them and make sure that they're only getting the things that are important to the company. Well, Patrick, thank you much for sharing and absolutely a very important service. Job cases performing especially right now when jobs and as you said, flexible work environments are critically important. Thanks so much. Thank you. All right, be sure to check out the Cloud Health Cloud Live event. I'm Stu Miniman. You'll see me and Corey Quinn in the great cloud debate and thank you for watching theCUBE.