 Hey everyone, welcome back to Las Vegas. It's theCUBE. We're here day four of our coverage of AWS re-invent 22. There's been about, we've heard north of 55,000 folks here in person. We're seeing only a fraction of that, but it's packed in the Expo Center. We're at the Venetian Expo. Lisa Martin, Dave Vellante, Dave we've had such great conversations as we always do on theCUBE with the AWS ecosystem. We're going to be talking with another partner in that ecosystem and what they're doing to innovate together. Well, we know security is the number one topic on IT practitioners' minds, CIOs, CISOs. We also know that they don't have the bench strength. That's why they look to manage service providers, manage service security providers. It's a growing topic. We've talked about it. We talked about it at reinforce earlier this year. I think it was July actually in August. Believe it or not, not everybody was at the Cape. It was pretty well attended. And that's their security focus, conference exclusive on security, but there's a lot of security here too. A lot of security. We're going to be talking about that next. We have two guests from Capgemini joining us, Mike Fasciolowski, the head of cloud security and next gen secure architectures. Welcome, Mike. And Saunders also joins us, the director of cybersecurity technology partnerships at Capgemini. Welcome, Ann. Hey guys. So day four of the show. How are you feeling? It's a long show. It is a long, and it's still jamming in here. Normally on the last day, it dwindles down. Not here. The put traffic around the booth and around the totality of this expert floor has been amazing, I think. It really has. Ann, I want to start with you. Capgemini, making some moves in the waves in the cloud and cloud security spaces. Talk to us about what Cap's got going on there. Well, we actually have a variety of things going on. Very much partner driven. The SOC Essentials offering that Mike's going to talk about shortly is the kind of the starter offer where we're going to build from and build out from. SOC Essentials is definitely critical for establishing that foundation. A lot of good stuff coming along with partners. Since I manage the partners, I'm kind of keen on who we get involved with and how we work with them to build out value and focus on our overall cloud security strategy. Mike, you want to talk about SOC Essentials? Mr. Giz? Yeah, well no, I think at Capgemini, we really say cyber security is part of our DNA. And so as we look at what we do in the cloud, you'll find that security has always been an underpinning to a lot of what we deliver, whether it's on the DevSecOps services, migration services, stuff like that. But what we're really trying to do is be intentional about how we approach the security piece of the cloud in different ways, right? Traditional infrastructure. You mentioned the totality of security vendors here and at Reinforce. We're really seeing that you have to approach it differently. So we're bringing together the right partners. We're using what's part of our DNA to really be able to drive the next generation of security inside those clouds for our clients and customers. So as Ann was talking about, we have a new service called the Capgemini Cloud SOC Essentials. And we've really brought our partners to bear, in this case, Trend Micro, really bringing a lot of their intelligence and building off of what they do so that we can help customers that, you know, SOC services can be pretty expensive, right? When you go for the high end. Or if you have to try to run one yourself, there's a lot of time. I think you mentioned earlier, right? The people's benches, it's really hard to have really good cyber security people in those smaller businesses. So what we're trying to do is we're really trying to help companies, whether you're the really big buyers of the world or some of the smaller ones, right? We want to be able to give you the visibility and ability to deliver to your customers securely. So that's how we're approaching security now. I mean, we're Cloud SOC Essentials. The new thing that we're announcing while we were here is really driving out of it. When I came out of, you know, when you do these events, you get this Kool-Aid injection after a while, you're like, what did I learn? And one of the things that struck me in talking to people is you've got the shared responsibility model that the Cloud has sort of created. And I know there's complexities across Cloud, but let's just keep it at Cloud generically for a moment. And then you've got, you know, the CISO, the app dev, app sec dev, the group is being asked to do a lot. They're kind of being dragged into security. That's really not their wheelhouse. And then you've got audit, which is like the last line of defense. And so one of the things that struck me is that it reinforces like, okay, Amazon, great job for their portion of the shared responsibility model. But I didn't hear a lot in terms of making the CISO's life easier. And I'm guessing that's where you guys come in. I wonder if you could talk about that trend, that conceptual layers that I just laid out and where you guys fit. Sure. So I think first and foremost, I always go back to a quote from, I think it's attributed to Peter Drucker, whether that's right or wrong, who knows. But culture eats strategy for breakfast. And I think what we've seen in our conversations with, whether you're talking to the CISO, the application team, the app dev team, wherever throughout the organization, we really see that culture is what's going to drive success or failure of security in the org. And so what we do is we really do bring that totality of perspective. We're not just cloud, not just security, not just app dev. We can really bring across the totality of the Capgemini estate. So that when we go, and you're right, a CISO says, I'm having a hard time getting the app people to deliver what I need. If you just come from a security perspective, you're right, that's what's going to happen. So what we try to do is we really bring, so we've got a great DevSecOps service, for example, in the club, where we do that. We bring all the perspectives together. How do we align KPIs? That's a big problem, I think, for what you're seeing. Making CISOs' lives easier is about making sure that the app team KPIs are aligned with the CISOs, but also the CISOs KPIs are aligned with the app teams. And by doing that, we have had really great success in the number of organizations, by giving them the tools then, and the people on our side, to be able to make those alignments at the business level, to drive the right business outcome, to drive the right security outcome, the right application outcome. That's where I think we've really come to play. Absolutely, and I will say, from a partnering perspective, what's key in supporting that strategy is we will learn from our partners. We lean on our partners to understand what the trends there seem, and where they're having an impact with regards to supporting the CISO, and supporting an overall security strategy within a company. I mean, they're on the cutting edge. We do a lot to track their technology roadmaps. We do a lot to track how they build their buyer for Sonos, and what issues they're dealing with, and what issues they're preparing to deal with with regards to where they're investing, and who's investing in them. A lot of strategy around which partner to bring in and support how we're going to address the challenges the CISO and the IT teams are having to kind of support that overall security as a part of everything. DNA kind of strategy. Yeah, do you have a favorite example, Ann, of a partner that came in with Capgemini helped a customer really be able to do what Capgemini is doing, and that is have cybersecurity be actually part of their DNA when there are so many challenges, the skills gap. Any favorite example that really I think articulates how you're able to enable organizations to achieve just that? Well, actually the SOC Essentials offering that we're rolling out is a private example of that. I mean, we work very, very closely with Trend on all fronts with regards to developing it. It's one of those completely collaborative from day one to going to the customer. And it's almost that seamless connectivity and that partnering at that such a strategic level is a great example of how it's done right. And when it's done right, how successful it can be. Why did you, why Trend Micro? Because I mean, I'm sure you've seen, I think it's Optif has the eye test with all the tools. And you talk to CISO's like, we're really trying to consolidate those tools. So I presume there's a portfolio play there, but tell us, tell the audience a little bit more about why Trend Micro and I mean, you're branding with them, why those guys? Well, you know, it goes towards the technology of course and all the development they've done and their position within AWS and how they address, you know, assuring security for our clients who are moving onto and running their estates on AWS. There's such a long heritage with regards to their technology platform and what they've developed that deep experience that kind of the strength of the technology because of the longevity they've had and where they sit within, you know, their domain. I like, you know, I try to call partners out by their domain and their area of expertise as part of the reason, I mean. Yeah, I think another big part of it is Gartner is expecting, I think they published on this end the next three years, we expect to see another consolidation both inside of the enterprises as well as, you know, I look back a couple of years when Palo Alto went on a very nice spending spree, right? And put together a lot of really great companies that built their Prisma platform. So what I think one of the reasons we pick trend in this particular case is as we look forward for our customers and our clients, not just having point solutions, right? This isn't just about endpoint protection. This isn't just about security posture management. This is really who can take the totality of the customer's problems and deliver on the right outcomes from a single platform. And so when we look at companies like Trend, like Palo, some of the bigger partners for us, that's where we try to focus. You know, they're definitely best in breed. We bring those to our customers too, for certain things. But as we look to the future, I think really finding those partners that are going to be able to solve a swath of problems at the right price point for their customers, that is where I think we see the industry moving. And maybe be around as an independent company. Was that a factor as well? I mean, you see Toma Bravo buying up all those very companies, right? So, and maybe they're trying to create, you know, something that could be competitive, but you're saying Trend Micro's there. Well, I think as Ann mentioned, the 30-year heritage, I think the Trend Micro really driving this. And I've done work with them in various past things. There's also a big part of just the people you like, the people that are good to work with, that are really trying to be customer obsessed, going back, right, at an AWS event. The ones that get the cloud tend to be able to follow those Amazon LPs as well, right, just kind of naturally. And so I think when you look at the Trend Micro's of the world, that's where, you know, that kind of cloud native piece comes out. And I like working with that. In this environment, you know, the macro environment, we talk about the earnings season, it's really mixed. I mean, you're seeing some really good earnings, some mixed earnings, some good earnings with, with cautious, you know, guidance, somebody really, and it was for a period of time, there was a thinking that security was non-discretionary and it's clearly non-discretionary. But the CISO, she or he doesn't have unlimited budgets. All right, so what are you seeing in terms of, how are customers dealing with this challenging macro environment? Is it through tools consolidation? Is that a play that's going on? What are you seeing in the customer base? I see ways, and we're working through this right now, where we're actually weaving cybersecurity in at the very beginning of how we're designing offers across our entire, you know, offer portfolio, not just the cybersecurity business. So, taking that approach in the long run will help contain costs and our hope, and we're already seeing it, is it's actually helping change the perception that security is that cost center and that final obstacle you have to get over, and it's going to, you know, throw your margins off and all that sort of stuff. I like that, at least it's like a security cover charge. You're not kidding me. Unless we do the security thing first. Exactly, a security cover charge, that's what you should call it. Yeah. Like, another piece though, you mentioned earlier about making CISO's life easier, right? And I think, as Ann did, really absolutely true about building it in, not to the security stack, but application developers, they want visibility. They want observability. They want to do it right. They want CI CD pipeline that can give them confidence in their security. So, should the CISO have a budget issue, right? And they can't necessarily afford it. But the application team, as they're looking at what products they want to purchase, can I get a SAST or a DAST, right? The static or dynamic application security testing in my product up front? And if the app team buys into that methodology, the CISO convinces them, yes, this is important, now I've got two budgets to pull from. And in the end, I end up with a cheaper, lower cost of a service. So, I think that's another way that we see with DevSecOps and a few other services, that building in on day one that you mentioned, getting both teams involved. That's interesting, Mike, because that's the alignment that you were talking about earlier in the case of CISO. And you're not a tech vendor saying, buy my product, you guys have deep consultancy backgrounds. And the customer appreciates that. They see us as looking out for their best interest when we're trying to support them and help them and bringing it to the table at the very beginning, as something that is there and we're conscientious of, just helps them in the long run. And I think they're seeing that, they appreciate that. Yeah, you can bring best practice around measurements, alignment, business process, stuff like that, maybe even some industry expertise, and which you're not typically going to get from a product company. Well, one thing you just mentioned that I love talking about with Capgemini is the industry expertise, right? So, when you look at systems integrators, they're a lot of really, really good ones. You know, to say otherwise would be foolish. But, Capgemini with our acquisition of Altrend, a couple years ago, I think it was, right? How many other GSIs or SIs are actually building silicon for IoT chips? So, IoT's huge right now and the intelligent industry moving forward is going to drive a lot of those business outcomes that people are looking for. Who else can say, we've built an autonomous vehicle? Capgemini, who can say that we've built the IoT devices from the ground up? We know not just how to integrate them into AWS, into the IoT services in the club, but to build and have that secure development for the firmware and all. And that's where I think our customers really look to us as being those industry experts and being able to bring that totality of our business to bear for what they need to do to achieve their objectives, to deliver to their customer. That's interesting. I mean, using silicon as a differentiator to drive a lot of business outcomes and security. I mean, you see what Amazon's doing in silicon. Look at Apple, look what Tesla's doing with silicon. I mean, it's- That's where you're seeing a lot of people start focusing because it's not everybody can do it. It's hard. It's hard. And you'll see some interesting announcements from us and some interesting information and trends that we'll be driving because of where we're placed and what we have going around security and intelligent industry overall. We have a lot of investment going on there right now. And again, from the partner perspective, it's an ecosystem of key partners that together, collectively work together to kind of create a seamless security posture for an intelligent industry initiative with these companies that we're working with. So last question, probably toughest question, and that's to give us a 30-second elevator picture of Billboard, and I'm going to ask you, and specifically about the SOC Essentials program powered by Trend Micro, why should organizations look to that? Organizations should move to it or work with us on it because we have the expertise. We have the width and breadth to help them fill the gaps, be those eyes, be that team, the police behind it all, so to speak, and be the team behind them to make sure we're giving them the right information they need to actually act effectively on maintaining their security posture. Nice. And then last question for you, Mike, is that Billboard, why should organizations in any industry work with Capgemini to help become an intelligent industrial player? Sure, so if you look at our board up top, right, we've got our tagline, this is get the future you want. And that's what you're going to get with Capgemini. It's not just about selling a service. It's not just about what partners, right, and reselling, we don't want that to be why you come to us. You, as a company, have a vision. We will help you achieve that vision in a way that nobody else can because of our depth, because of the breadth that we have that's very hard to replicate. Awesome, guys, that was great answers, Mike, and thank you for spending some time with Dave and me on the program today talking about what we do at Capgemini. We'll be following this space. All right, thank you very much. Thank you for our guests and for Dave Vellante. I'm Lisa Martin, you're watching theCUBE, the leader in live enterprise and emerging tech coverage.