 Hi, I'm Peter Burris, and welcome to another CUBE conversation. We are here in our Palo Alto studios with Chenxi Wang. Thank you Peter. Chenxi is the founder and general partner of Rain Capital and an old colleague. Chenxi, you've been around for a long time. We're very happy to have you here in theCUBE. Thank you for having me. At least in my opinion, one of the leading thinkers in security, what's happening in IT, data security, digital business security. We were colleagues at Forrester many years ago. What are you doing now? Well, I'm doing this new fund. I just started Rain Capital. It's an early stage venture fund focusing on cyber security innovation. So very excited about that. And very specific. Yeah, cyber security and AI as well, but the core focus is cyber security. So let's talk about what that actually means because there's a lot of new practices, new groups within IT that are being spawned as a consequence of this need for more AI agile DevOps. One of the groups or one of the practices or expertise centers that's especially underrepresented in the security world, somewhat surprisingly is DevOps. What do we need to do to bring more security into DevOps? Right, that's a really good question. And that's one of the areas that I've been focusing on in the last two, three years is looking at the impact of DevOps practices to IT, including security. And it's a huge impact because initially or originally what we have is security is a practice that is gatekeeper. So you got applications being developed and then you test them and then you go through security tests at the end and before you could deploy it. DevOps practices disrupt all of that. What DevOps says is, I'm a developer, I can deploy my application directly onto a production server without going through all those gates because business agility demands it, right? Once you have developers or testers touching your production servers directly, some of the old security practices go away, right? You cannot do that anymore because too heavy handed. There's also the notion of portability. So today it's very common for companies to want to move their workloads from the internal data center to AWS or maybe next month I want to move to Google Cloud or Azure and I don't want to go through all the testing and pre-implementation practices, I want to do it right away. And the portability also disrupts existing security practices, right? So if your security policy depends on you instrumenting the server to put some kind of module on there, tomorrow the server's not there anymore, right? So what do you do? So engender is a whole slew of issues and also is a catalyst for innovation. So that's why I'm very, very excited about that. So when you talk to customers, users, because I know you still have a lot of relationships in the industry and I'm sure that's going to be one of the distinctions that you bring to bear when you think about what rain capital does, what are say the three things that you tell, I mean you've already mentioned you got to ensure that the practices are in place, that portability is at least made more obvious and that you don't bind security down to a particular device because that device may not be there. That's three, what are some of the kind of organizational and institutional things that dev ops folks have to do to make sure that everybody gets the security profile that they need. Right, so what we're seeing in terms of organizationally or culturally, the change is that in a dev ops led organization, the boundaries are going away, right? So some of the companies that I'm seeing cloud native to start with, they may not have an ops team, right? What they do is that IT, their infrastructure team is embedded with the applications team. It breathes the application demand and knowing what the application wants to do and then works with the developers to establish policies and deployment practices as opposed to being arms length from the developers which creates all kinds of tension. So it's an organizational shift as well and mindset shift, right? So the mindset shift is that you're no longer somebody who enforces policies, you actually enable business versus the policy enforcer and it's easy to say, but it actually requires a very deep shift in thinking. So I got another question from security and then we'll move to something else really quickly. As IT organizations or as businesses source their IT capabilities more from public cloud or service providers, that means that they also have to have a new approach to institutionalizing the work, the practice, the processes, the certainty associated with good security. In your experience, what are just a couple of things that businesses have to worry about as they negotiate and monitor and manage relationships with third parties as it pertains to security? Right, that's a good question. They are possibly a long list of things, right? The top things is don't get locked in, right? All the platform providers want to give you oh, all these enriched capabilities as long as you buy into our services, right? So what you want to do is I want to stay at the level that I can easily move, right? So this may mean I have to do a little bit more things or I have to compensate with the party technologies as opposed to buying into this vertically integrated notion of the platform providers and that's where you need to stay at because otherwise you get locked in. So that's one. Second is the ability to do monitoring has to be real-time and the thing about DevOps is real-time visibility, real-time closed-loop response, right? So you cannot like security analytics in the past has to usually is you get tons of logs put there and somebody turn through logs and look for anomalies. It's not fast enough, it's not good enough anymore. So what we want is monitoring capabilities that are able to do it platform-independent way but able to give you real-time visibility and response capability right there and that's where the innovation comes from. You know, one thing I've noticed we've been talking, I've been talking to a couple of customers and they're starting to discover that some of the cloud service providers are using security as a way to lock in. Yeah, right. So security I think should be built in, right? It should be by default. Secure by default is the way we want it to be. But always know how to get out. Yeah, and you should be able to get out. If security is a differentiation then maybe it's not the right market, right? That's a great point. All right, so Ring Capital has, in addition to looking at the whole DevOps world you bring in your security expertise to bear on potential investments, it's got another distinction. What's the other distinction about Ring Capital? It's a woman led venture fund which is a rarity in Silicon Valley, right? So. Oh, is it? I don't know, you tell me. No, I've heard, yeah, no, it is a rarity. There are not a lot of firms that one would associate as being broadly representative or very inclusive. So as you are moving forward with Ring Capital, talk a bit about the evolving role of women in technology. So I would say that even though it's a woman led venture fund, I don't think of ourselves as different just because woman led. I think we are different because we have a deep, deep understanding of the market and deep understanding of the technology and also very extensive relationship with end users. But in terms of women in technology and women in security, I'm a big advocate. So for the past two years, I was the program co-chair for the Grace Hopper Conference. I put together the security and privacy content for the conference. And the need for an ecosystem that is inclusive, that is enabling for underrepresented either gender or race is huge, right? So people go to Grace Hopper Conference and they come back and they're so inspired because they see all these women representing them. And I think in Silicon Valley, we need that. In security, we need that even more because if you look at some statistics, I think women in general IT is about 24% representative, I mean, representation. In security is about 11%. So we have a long way to go. Yeah, and I'm going to avoid making comments about that because it's smart not to. But those are numbers that are distressing. That's obvious. Clearly, there's a lot of talent. You're not the only one. There's a lot of talent there that could be bought to bear. And so you might not be differentiated by the fact that as women, you do things differently, but it might nonetheless be a more comfortable home for women like yourself that have a great idea and want to turn it into a business. We hope so, yeah. Excellent. All right, so, Chency, and by the way, I got to say just a quick advertisement for theCUBE. theCUBE has been a major supporter for women in tech for a couple of years now. We've been in a number of these different conferences. Jeff Frick, who's the general manager, John Furrier, co-CEO, Dave Laundee, co-CEO, put a lot of time and energy. So we look forward to. Thank you for your support. Oh, absolutely. We look forward to more fruitful relationships like that in the future. So once again, I'm Peter Burris with Wikibon SiliconANGLE, and we've been talking to Chency Wang of Rain Capital, founder, general partner, about a number of different topics. Chency, once again, thank you very much for being on theCUBE. Thank you for having me.