 Good afternoon, Cloud Community, and welcome back to Chicago. It's day two of KubeCon, CloudNativeCon. My name is Savannah Peterson. I'm joined with analyst Dustin Kirkland here this afternoon. Dustin, we are about to have a spicy conversation about security. I can't wait. And I know this is your wheelhouse. Are you pumped? Yes, absolutely, and I know Arun. I've actually been a guest on Arun's show in the past. So the table's a turn here. Oh, this is a fun one. Yeah. How long ago was that? Oh, 2017, I think. Yeah, about six years ago. You guys are OGs. This is awesome. Wow, a lot of love at the table then. Arun, welcome to the show. Thank you for being here with us on the Kube. Thank you for having me. I have to say, one of the most striking things about glancing your direction right now is that fabulous stash you've got going on. Is this a November celebration? It is a November celebration. I've done this for the last nine years now. And really, this is an opportunity to create a fancy stash. Yes. No, but the whole idea here is to give an opportunity to talk about why men's health matters, right? So if you are a man or there is a man in your life, a brother, father, partner, son, make sure they are sleeping well, seven to eight hours of sleep. Make sure they're eating healthy. Make sure they are working out regularly. And just not physically, but mentally as well. And positive masculinity is not about being stoic. It's about getting your annual checkup done. So I think those are important elements. That's what I've always leveraged this stash for the last nine years, to talk about those points. I'm really glad we got to give you the opportunity to do so, and then we got to open our segment with that. Thank you. Does Intel encourage November participation? It does, actually. Last year, we were part of the November Foundation. We recently started a men at Intel chapter, and we are doing international men's day celebration. Some of our folks went to Better Men's Conference. So again, going back to that positive masculinity, becoming that role model for people around the company. I love that. Moving on from the stash, though it is absolutely fantastic, and the cause is worthy. You are, we were just joking, you're kind of a part of the furniture at CNCF. You've been a participant, but also on the leadership side for over seven years, and you just stepped into a new role. Tell us a little bit about that. Yeah, so I joined CNCF governing board back in 2017. So about six and a half years now. For the last two years, I'm on the governing board as a chair, so that's very exciting, because I get to work with not just the governing board members, but with the entire CNCF leadership, LF leadership, TOC, to take that CNCF mission forward, which is making cloud-native computing ubiquitous. Then over the last year and a half, I was part of OpenSSF, which is Open Source Security Foundation. And after being there, and you know what? You ask questions. Why about this? Why is this not working? And then there was an election time, I said, okay, I'll put my name in the ring, and I ended up becoming an OpenSSF governing board chair as well. So that just happened about four, six weeks ago. Congratulations. Thank you. But it's like doing a full-time job with, as a CNCF governing board chair, with the way things are happening, and now security is super hard. So that is a full-time job, and I really feel blessed in that sense that Intel allows me to continue in that role. Yeah, security is certainly in my wheelhouse. I want to hear a little bit about some of the projects that OpenSSF is investing, and some of the ones you're most passionate about. Yeah, yeah, quite a few projects actually. So one of them is the OpenSSF scorecard, which basically you can take, so what OpenSSF, basically, it gives you the security scorecard of your GitHub repo. You can run it as a GitHub action, as a CLI integrated, and it'll give you a score on the range of zero to 10, and it goes through multiple elements. Do you have branch protection? Are you putting secrets in your repo? Things like that, and then it gives you a score. And so, let's say from zero to 10, your score is four, then you aspire to be five, and then six, so that you're overall improving the security of your project. Gamification is tapping into that. It's beautiful, actually. And it's very concrete suggestions, because it when it gives you the scorecard, it tells you, what are we digging you for? So then you know exactly what it is. And the beauty of that is, we have done that at Intel as well. So for example, we are looking at six and a half thousand public repos that we have. We are running OpenSSF scorecard over there, and then in the process of automating that process, where execs can start getting reports, that oh, that repo doesn't have a good security score, bump it up, what do we need to do to improve the security score? I think that's phenomenal. So OpenSSF scorecard is a poster child, essentially, for OpenSSF. Then there is six store. So you create these packages, how do you sign those packages, attestation and all of that. So that's where we have a managed service called as six store, so that's pretty popular. Then there is Salsa, which is service level specification agreement. Where do you agree in terms of what level of security you're going to provide? And we are constantly working across the industry. And again, the mission of OpenSSF is to really raise the security posture of open source. So that's exciting. A huge conversation too. We've got so many people contributing from all over the place, companies, individuals, and keeping that all secure is so successful for the whole movement. You said something as we were getting warmed up, and I think I'm trying to get you to repeat it. How does Intel rank on that scorecard that you were talking about? Well, so there are six and a half thousand repos. So across the range of repos, the scores differ very much. Yes. Really not about, see this as a number, as a baseline. But once you get the baseline, it's about what you do after that. So it doesn't matter whether it's three or four or five, but once you get that baseline, how do you improve that to get to the next higher line? So that's sort of the mentality that we're trying to build. There was a survey by Forbes, I believe a couple of months ago, where Intel was rated as the most cyber secure company. And so there's a reason, because down from the chip to the applications, to our internal processes, we invest a lot of time to make sure we stay in that mode. I love that. You're practicing what you preach. You're creating tools that empower you at Intel. Yeah, and I got a question just around the events. I know that there's a lot of events. Is this the primary event where open SSF shows up in force, or is it spread across multiple of the? Well, so this is cloud native con, cube con. So this is a primary event for CNCF. Right, so that's where I'm involved. We had our board strategy session this morning. We just had a board panel with the members of the community. So that was really good. Open SSF is sort of scattered. Like there is an open SSF day that usually happens in association with open source summit. So there was a Bilbao, for example, that happened, Bilbao in Spain. That's where open source summit happened. So there was an open SSF day. Now there is an open source summit happening in Japan in early December, and there's an open SSF day over there. And so that's where I'm going to be there, meeting customers, working with the federal government over there. Because one of the critical elements of open source security is because of the executive mandate that came out. Everybody got to have an S-bomb. And how do we operationalize that? And those are the elements that open SSF is mobilizing. So a couple of months ago, three months ago actually, we had this thing called as SOS, S-O-S-S, Secure Open Source Summit. So we had representation from NIST and we have NSA and CISA and ONCD, these are all federal agencies that really care about elevating the security posture. And do you have a voice to those agencies as they're developing this, or are you more facing the downstream users of that? No, they actually asked us to organize that summit together. Yeah, so we had a good- So you're a facilitator. We are facilitator because LF is a very neutral party in that sense, right? So open SSF worked with the federal government to organize this. We had about 70 plus people over there. A good mix of federal, so Ann Newberger, who is the head of all the strategy in the US government. She was there to kick it off. And then we had all the governing, several governing board members over there. So really good partnership between federal government, private sector, academia, because that's where a lot of fun is happening. So it's a good combination of people. Collaboration is the core of this community in general and it's great to see it's happening on the government level as well. It's absolutely mandatory. Here we are celebrating the largest open source community and we've got the most cyber secure company on the planet. How important and why is it so important for Intel to collaborate with the open source community and how do you view that internally? It's super important actually. And I've done open source building and led and be part of open source communities over the last 20 years. The only lesson that comes out of it is open source is only sustainable if it's tied to your core business. Otherwise, you know, it's going to happen on the fringes. Executives don't care about it. In case of Intel, it is fundamentally tied to who the company is. Pat Gelsinger, Greg Lavender, they talk about how Intel believes in an open ecosystem mission. And that's the fundamental part of our product strategy because we believe it creates a level playground, level feel where others can compete. It increases the total addressable market, market segment share for Intel. So everybody went together as opposed to those wall gardens. So think of our customers. They take our silicon. Intel is a semiconductor company. So they consume our silicon at a cloud service provider, data center, laptop, a networking edge, pick a device, right? That's where they consume it. They expect that the open source frameworks that they're going to download over there are going to run out of the box in a fully optimized manner and be able to leverage the latest silicon features, the accelerators that we introduce over there. So that's the joy of it. So that's where Intel contributes to 300 plus open source projects out in the community. There are 19,000 software engineers at Intel. We are part of 700 plus open source foundations and standard bodies for that reason because that is really the leveling, the playground so that everybody else can compete together. Impressive. Yeah, I love that. I know that's been important. And right at the heart of Intel for a very long time, I'm just curious, you know, coming from a product background, are you able to measure that return on investment? I know it's hard, but how do you think about ROI? Well, I mean, that strategy is software-defined, hardware-enabled, that's Intel's strategy, right? You can produce a silicon and if you're sitting over there with no software running on it, it's a brick, right? So how do you make sure that, you know, you are able to bring that software run on it in a more optimal manner? So really, that software-defined hardware-enabled is how we are looking at it. So for example, we look at, okay, you know what? Sapphire Rapids was launched earlier this year. How widely it is being adopted across the industry, what softwares are running on it. So software-enabledment is a big part of really driving that strategy. And to the day, a lot of the money really comes from the underlying silicon. So there is a direct relevance and that goes back to the point I was making earlier. If it's not tied to your core business, it's not going to sustain. That's where those three, I mean, we are top three contributor to PyTorch, top three contributor to TensorFlow. We have been the top corporate contributor to Linux kernel for 15 plus years, top 10 to open JDK. And the philosophy really here is we contribute upstream customer, or the partners pick it up into their downstream distribution and customers give us feedback. So that flywheel upstream, downstream customers is what we are really building in the company and that's what keeps the open source thriving and really very well. And it lets your product development be very community driven, as well as business enterprise driven, depending on the situation. Well, customer first is the Intel core value. So it really keeps them in mind that I don't want you to build a random feature that is sitting in a GitHub repo that nobody knows about it. All right, nobody cares. Nobody cares? Doesn't matter. Who cares if a tree fell in the forest? Right, right. No, it's true and it's really nice to hear about that commitment. It seems like Intel's incredibly supportive of you with your multiple roles within CNCF and other people within the organization getting involved. Very much so. When I was the CNCF governing board chair that was itself quite a big heavy lift and before I stood up for election for the open SSF governing board chair, I went to my boss. I said, you know what? I'm going to stand up for this election. If I win, I would need support. And she was like, okay, what do you need? I said, well, I will need somebody to do my Intel work so that I could be the public face and guide them and strategize them. And she gave me one, which is great. And that's awesome actually. And that's the culture of Intel. It really allows you to be authentic self. You know, year and a half ago when I joined Intel, I wrote an article, how Intel allows me to be authentic self, same person at work and at home. The stash. It's beautiful and they encourage it. So I think that is a fundamental element that allows me to be very happy and excited about Intel. Yeah, I love that. From the stash to the tech stack, you get to be you and drive a lot of decisions. And yeah, it's nice to hear that, especially for some of the bigger players here who I think are going to have a lot of influence. I've got a question for you that's kind of fun. So we've been talking about how Kubernetes is reaching its Linux moment, its true adoption and implementation moment where it's not just this future thing, but actually built into everything that we're doing. The analogy that I've been making is soon, Kubernetes is going to be like the Intel inside. It's going to be this tool that's helping enable all these projects. Do you agree? I think so. I very much think so. Cool. Perfect, and I'll keep saying it. Well, no, I mean, because I was at TED AI. So TED organized an AI focused event in San Francisco. And I was a part of the core team that helped build that event. As part of that, we did a TED AI hackathon. These were 30 plus teams running their AI platforms, AI solutions, and you asked them that how are you deploying solutions on-prem? And how are you deploying on-prem? Kubernetes? So that's some of the feedback we are getting. And if you saw Priyanka's keynote, she talked about how, as Gen AI is growing faster and faster, Kubernetes is really providing that scaffold for it to grow. Absolutely, totally agree with you. It's been a hot conversation that we've had here the whole day. I have one last very important question to you. So we opened this segment. You were talking about health. You've now described what I count as a minimum of at least three jobs. How do you sleep? How do you balance all of this? How do you prioritize? I think it's super important for me to get my seven to eight hours of sleep. And get a 45 minutes to an hour of workout every day. You're an avid runner, I believe, right? I run every day. I like to run every day. If not running, I'm lifting. So that's important to me. I think the key part really is I think more effective now at triaging things. I don't hold things onto my hands too long. And getting that support back from Intel is very effective. Because now I can just quickly triage. All right, this needs to be done. So we just hired a director of open-source strategy in my team. So I'm able to hand over a lot of, a lot more things to her, getting her connected within the team. And so really quick triaging. I mean, I'm not ready to read long narrative emails, but quick back and forth emails, triage it. Okay, who needs to do? Where can I be more effective? Am I really needed over there? And I do practice a lot of mindfulness as well. So that's super important. Like really taking five minutes, like usually when I sleep in the night, I'm in the bed and I'm just reflecting on the day. Not focusing on the bad things that have happened, but what good things happen. And that allows you to sleep well at night. It does. What a perfect note to end on. My gosh, your cell phone even matches your sweater. It has been a joy to have everyone. Thank you so much for being here. And thank you, Dustin, for all of your wonderful insights as always. And most importantly, thank you to our community for tuning in, because without you there is no us. My name's Savannah Peterson. We're here in Chicago at CloudNativeCon, KubeCon. You're watching theCUBE, the leading source for emerging technology news.