 Hi everybody, we're back at Moscone West here in San Francisco. This is day three. John Furrier, Dave Vellante. I forgot what day it was there for a minute there. RSA 2023. You're fading. It's packed. Yeah, I mean, it's been good though. It's good energy. I mean, you and I were out last night. I was telling people, you know, bunch of VC meetings that we had, a bunch of other meetups. We got to do it all again tonight. We had John Chambers on this morning. A great lineup of guests today. Yeah, we're talking to everybody. I mean, Dave, I talked with multiple VCs. You were with me on a bunch of them. I talked to a bunch of CISOs as well. There are people here in the crowd. The White House is here. I have not talked to the White House yet because I'm not in on that circuit. We're not having access yet. We should. We are talking with some of the hot companies, the startups and the big players. The number one story in my opinion is the platformification of security. Where security is trying to be a platform, but I don't think they know what a platform is. So the problem is that you can't please everybody. You got to just build a platform with an objective, not trying to please every single thousands of tools that are out there. So I'm not bullish on this whole platform thing. Well, the platform, I think the definition of platform is not a point product, right? But security is the platform that matters. It is the new IT because nothing runs without the network and security period being locked down. And doing it in a way that enables developers to code fast. And that's the cloud native trend. You got open source, modern application on the top of the stack. All got to be secure. That's going to change the endpoint game and going to change a lot of the security products just by default in the architecture. Okay, so to me- You're not buying this platform. No, I buy the platform. It has to happen. But it's not like just a security platform like a department. It's the company. The company's platform has to be security first, AI enabled period. And that's just like a radical structural, architectural thinking. So it's going to be interesting to see if the security guys can kind of come together with the network guys who are the most powerful people in the enterprise and say let's lock down an architecture that gives us the room to innovate without foreclosing any ops performance and scale. Because AI is only going to screw things up more because it's going to cause more problems. And ops people are going to shut that down immediately. So you're going to go into a reverse psychology mode of people saying stop everything. Remember the old no ops debate? They're a no op. They say no to everything. INR, instant negative reaction, no. Yeah, no, stop. Don't do anything. So if they don't get their arms around reigning in the chaos, which is an Andy Grove expression we could talk about. I think IT will really, I mean the department security and IT, they won't get it done. A thousand islands can't merge without clashes. Right, so that's the silos of security. And I think the security business has to realize that they are now the new IT. Right, we just heard a startup saying basically we're the virtual desktop. I didn't say that, but they're saying they're integrating natively into Chrome back end for Google Cloud. That was CrowdStrike. You got that big deal. All the native integrations are big discussion points. Native integration means code connecting in with APIs and data. And having agents run or having other middleman-like activities whether it's software or professional services that just doesn't cut the platform architecture. So I want to switch subjects here on you a little bit. So Meta announced, Facebook announced their earnings and it did better than people expected. Sales were up 12% after hours right now. That's kind of interesting. Microsoft beat pretty significantly. They were up like 7% today. Alphabet was kind of flattish, but all the cloud companies were seeing compressed growth. Actually John, I don't know if you heard me this morning, but I nailed the Azure forecast. I had 30%, they came in at 31% in constant currency. I think Google's maybe 20% growth, a much smaller base. I got Amazon, AWS 15%, we'll see. I think they announced tomorrow, so we'll see what they come in at it. But we're seeing a compression of cloud growth, but I was talking to Brendan about this from Samurai Securities, like Dave, this is a blip. Okay, I totally agree with him. All the innovation is in the cloud. That's where all the startups are going and now we're going to have a spate of new startups spinning up new companies with AI and of course, John, they're going to be in the cloud, right? I mean- Well, the thing about, I'm just typing something into ChatGPT to see what our answer is for all my notes from the thing. Okay, so John's spinning up ChatGPT. I'll chatter that for a little bit. Oh, here we go, here we go. Go ahead, what do you got? All my notes, every interview. You basically took all your interview notes and put it in? Too long, ChatGP won't take it too long. Oh, fuck it. Well, we see that with our videos, right? I mean, you got to chunk them up, right, and automate that. Well, basically, I don't need ChatGPT. I mean, the summary here is that the security industry is back to their old, same old tricks. Your identity crisis post, I think, resonates well. If you look at all the big players, there's an opportunity for Palo Alto, CrowdStrike, other platforms to rise up to be the dominant market share leaders and the top three will win, but they got to be more north of 20% market shares as John Chambers pointed out. So right now, it's like the NASCAR day. We use that analogy. It's like Formula One, they're all starting. Who's ahead? Who's going to fall back? Someone needs to come out as a platform player and be a dominant player from a market share perspective. And I do buy the platform rhetoric. I do that vision. Palo Alto Networks has a great vision. And Zia Cervella explained that as well. However, they're the only ones talking like a platform. Everyone else is talking about a security platform. And I think they got a broad, let's go a little bit. Wait, wait, explain that. What are you talking about? Everyone's talking about a platform versus a security platform. What do you mean? Well, security depends on how myopic their view is. Not to any advantage, we're building a platform. The couple of key questions is, how horizontal scalable is it? What else does it include? And what I'm suggesting is the platforms that are needed are essentially the business platforms that run the company. That includes IT. So I think security supersedes IT. And the network people, network security, which is run by the networks, it's got to get bored on the cloud. The only thing that matters here, in my opinion, is the fact that this entire ecosystem, it's about cloud. Cloud scale, cloud operations, cloud native. Cloud native networking, nobody's talking about cloud native networking. Cloud native networking security nobody's talking about. So Zia's brought this up in the analyst session earlier. I know people are talking about that. Who? CrowdStrike was sort of born in the cloud. They're not a networking company, but certainly Palo Alto talks about that. So, but I mean, and Zia Scaravallo said that is, and you agreed with them, I think. That's where all the action is, right? I want to ask you or share with you. So everybody says that cyber's kind of immune from the downturn, but I want to share some stats. So year-to-date, the Global Cybersecurity Index, it's the bug ETF that I follow, it's up 3.57%. So it's called 4%. Fortinet up 30%, Palo Alto up 32%, CrowdStrike up 20%, and the NASDAQ up 14%. So overall, the bug ETF security is performing year-to-date worse than the NASDAQ with some exceptions. Fortinet, Palo Alto, CrowdStrike, which I knew we're doing better, I think probably CyberArk, let me check on them. They're probably doing pretty well also. So there's a lot of, so my point of this, you know, CyberArk's down year-to-date actually, down 3%. So my point is, there's like halves and halves nots in security, right? It's really bifurcated. You got this big legacy install base that's ripe for disruption. It's trying to hang on, right? And then you got all these sort of new companies hitting escape velocity where CrowdStrike is on a path of five billion in ARR, Palo Alto Network's obviously doing very well. Fortinet's kicking ass. I mean, they're really doing amazing. But then you got a lot of the legacy companies just aren't doing that well, right? And they're going to get churned. Well, I mean, this is where I think the customer demand's going to be critical. We're going to be talking to some CISOs prior to reinforce. Dave, we're going to try to get down to Miami for this big mini CISO event that's being put on. What's that called? Pre-enforce. Pre-enforce. The pre-game of reinforce. June 8th, pre-enforce. So the queue will be at reinforce this year in small fashion. However, we are going to a pre-game pre-enforce event in Miami put on by some folks, about 10 to 20 CISOs, Chatham House Rules. We'll check it out. But the questions that they're going to be bringing up is going to be, no press, off the record. I mean, I always find that funny. Don't tell anyone. Don't quote us, but we're going to tell you. Well, they don't want it specifically attributed to them. But we'll still put it on the queue. They just want the trends to get out there because they want to help people sort of understand and educate people and inspire them for action, right? But I think your numbers and the stats are going to come down to cloud. To me, it's all pointing to cloud, cloud scale, data, the metrics that ZK was saying. I mean, if you look at cloud, cloud on premise edge, okay, that's the new environment. Okay, step back and go, okay, how does that get secured? I mean, basic questions like hybrid works coming back. That's causing security teams and network security teams just to retool. And that's an easy problem to solve. Okay, and they're still struggling or like, this should be all automated. So I think there's going to be a real mindset shift around cloud scale, automation, AI, that's going to come right down main street, security industry and change the game. And again, I feel strongly that IT used to be subordinate to the network teams and enterprise and the classic enterprise. You ran the networks, you ran the most important things, perimeter-based security, making sure no one hacks, but now the perimeter is dead, network security teams still have to do their job. And now you got to secure apps and everything up in between and in the cloud, the game is completely changed. And the mindset really has, and I haven't seen it. Is all the generative AI sort of chat here, it's like, it's everywhere. Is it BS hype in your opinion or is it real? No, not generally, I'm talking about specifically for security. Well, it's BS and everyone's mind because they have no thoughts of their own on how they feel about it. Most people here in this community all know the value of automation just like the ops teams in cloud native, right? They all know the importance of what it could do. But they also know that it's got some flaws and not to say that they're no ops, but anyone with any half a brains will like keep that out of my network and security posture because it's not baked. Now that's one hand. On the other hand, they also know that man, this could be a game changer. So you're going to see opportunity recognition from folks going, okay, I'm going to start experimenting. I'm going to get into it. And then you're going to see results and be like, let's double down. And they will quickly put together an architecture where you've got more graph databases, a Puro, I think that company has a great like software approach to how they're looking at the databases and they're going to track, they're going to get better. So I think there'll be some new things emerging. That's why I asked John Chambers, what is out there that nobody's talking about? Airbnb started out as they wanted to rent mattresses and apartments and sell you cereal. Okay, now they're a huge, huge company. Yeah, look at Amazon. Look at Amazon. Karl Aschenbach called him a bookseller when he was at VMware. Yeah, most of the best ideas are misunderstood. So the question is, is there something out there that's not understood that will come in and change the game? Because it needs to be disrupted. This market has to turn into an infrastructure platform and application stack, fully baked with security. And there's going to be a lot of losers, David, some winners. Not everyone's going to win. I don't buy this. Every tool needs to run on the platform. That's fantasy. Well, and to me, the big concern is critical infrastructure, right? I mean, you saw it with the solar winds hack, obviously was a big, I don't want to say wake up call because not like the industry was asleep, but the meatpacking hack, the oil pipeline hack. I mean, you've got dams, you've got power grids, you've got reservoirs, you've got all those critical infrastructure that is vulnerable, right? And so, and we've seen it and we've seen the disruptions that it causes to supply chains and how it impacts the economy. That's why the White House is here. That's why politics are on the keynote. I think there's a real awakening to the societal impact of what cybersecurity is. And I hope this is our rant on our podcast every week pretty much that the cyber criminals are operating freely without any challenge or any kind of authority coming down and slapping them around. And that's because our doctrine in the government is it needs to be changed. And I think this is hearing John Chambers basically saying that, you know, we need leadership that's going to come in and understand what's happening and lay down some new rules. He also said that the tension between big tech and the US government was self-inflicted by big tech. I mean, that's sort of a non-conventional, I mean, actually it's not true. I mean, everybody wants to slam on big tech, but he's inside big tech. He's a big tech insider saying, hey, we got to be more responsible. I thought that was pretty, you know. Dave, I was talking with a source in Palo Alto, tech nerdy guy in the Bay Area. It was an incident that happened in either Los Altos or Los Gatos, very wealthy family and the Russian hackers came in and wiped this guy out and his family's wealth. Millions and millions of dollars. Just dropped in, took all his cash, gone. FBI helped me. Like, what did you do? There's no, you can't call the Palo Alto police and say, hey, I just got robbed. And they're like, well, no big deal. I go, okay, what if instead of that happening, what if Russia had a helicopter and dropped some military folks going down the rope, they ran sack his house, take all his jewels, fly him out and leave the country? What would happen? Would the government say, oh, Russians just dropped on our shores, invaded an American's house, didn't kill them, but stole all their goods and split? The military probably would be involved. Would you agree? What do you think would happen? I mean, you're right, it's a powerful analogy. What's different about it? What's different is the cyber version. It's digital. They're going untouched. They're doing it at banks. The criminals, cyber criminals operate freely in the United States. Are they? And they're disruption. Everybody knows, every bank, they're sitting there. Yeah, but I mean, that's the question. How is the U.S. government retaliating? Again, this goes back to my Robert Gates conversation. They're letting it go because no one thinks it's important. I don't know if they are or not. They know about it, approve it. I don't think we know, right? What's happened, it's like that movie where we're all standing around talking about what the government does and the insiders and the government are like, oh my God, nobody knows what they're talking about. So we don't really know. But I do know this. I do know that the U.S. government has the ability. What do you know? Hold on, hold on. We know this, because we've talked to people who have said there are cyber criminals in our banks, in our networks, sitting there with us and doing things. And there's evidence of ransom there and there. Yes, but we've also talked to people who have said the U.S. government actually retaliates to those other countries by basically saying, hey, we have a gun pointed at your critical infrastructure. We're going to pull it if you don't stop. I'm sure they are. They do that to North Korea. They do that to Russia. They do that to China. And it's this game of, it's like the Cold War game of Cat and Mouse. That's what we don't know. But we do know that a lot of small businesses and enterprises are getting killed. But people have told us, insiders have told us, that is what happens. We just don't know to what degree. And to Gates's point, we have more to lose. It's a richer country. It's an open question. What's their priorities on that digital cyber? It's like Cineopody was here on Monday saying, look, we're going to go after the low risk, high reward opportunities first. Why is that? Because they got a lot to lose. If they go up to high risk opportunities, high risk, high reward, it could turn against them. And Google's a big company. They could get in big trouble if they're not more careful. So they got to go after like, fixing infrastructure and do an automation, low risk stuff that's easy, low hanging fruit. U.S. government, it's got to be somewhat careful because so much critical infrastructure. It's like, no critical infrastructure in Afghanistan. I mean, what are you going to do? Well, what are you going to take out? Take out a mountain? No, so it's a hard one, right? I mean, whereas U.S. military, that example, yeah, you can retaliate in a variety of different ways, sending a missile, boom, you're done. But I do have to believe that the U.S. government has cyber missiles pointed at, not real missiles, but cyber attack. From a military standpoint, I think, but from a general, we live in a society in America where we have freedom, liberty. And if that's going to be attacked to small businesses in people's homes, and that's nation states, and we know about it and it's known by the folks that are here, then there's real questions around, what is our doctrine on cyber? So that's all I'm saying. And I know for a fact, no one's told me that the U.S. has a policy that says if ransomware by foreign people happens on businesses here that we would attack. Because we know ransomware's happening. Schools, hospitals, small businesses. And we know that's happened, for a fact. We don't know what the government's doing. But I can tell you, it's probably nothing. If you have the bet on it, 80% nothing. Well, if you're right and the government's not doing anything, that's a real issue. Well, the White House is here. So we'll see. Hopefully, they're getting information around society and we'll see, figure it out. Maybe they're trying to figure it out. I mean, my big concern about the executive branches, every four years or sometimes eight years you have a transition of power. And it just seems like there's so much contention now in the U.S. government that you think back to 9-11 when Richard Clarke was trying to convince the George W. Bush administration that there was a threat and they were like, hey, we're too busy. And okay, so because you're the previous administration, you're stupid. And you get that between the Republicans and the Democrats now, instead of data sharing across. The security industry is facing an identity crisis as organizations struggle to handle the attacks, threats, cyber threats, proliferation of malware, too many tools, tons of venture capital coming in for potentially that next big thing. We'll see. I mean, I think the spending's not going to stop personally, but because it can't. The threat intelligence, the actionable trust of data is going to be big, but it's going to be very fun to cover the space. You know where the spending action is right now. I think I shared this with you. It's in small business and government. Of course, the government spend the money, but the small businesses are spending at a significantly higher clip than are sort of the overall average, as is the government. You know, again, no surprise, right? This softness in the market, but not in the U.S. government. So anyway, all right. Day three, wrapping up here, John. Final thoughts on the week. I just love this market. I think this is going to be disrupted. The security industry is going to be the next IT. It has to become the operational bedrock with the network teams. Security and networks are going to come together. That's the last piece of the puzzle. That can enable this new layer on top, this modern application. It will absolutely be a platform. The big story is platformification of security as a solid foundation for businesses to run like IT. That's going to be the big story. And then the political angle, the White House, societal, government involvement. How can companies be innovative? Because at the end of the day, if we don't solve the security problem and be open about it, then businesses can't operate. People can't be innovative. And we're seeing the biggest technology boom and productivity boom upon us with AI and scalable cloud. That's just a huge opportunity. It comes back down to cloud scale, distributed computing, cloud on premise edge, at scale. It's just going to be a fun time. And this industry is going to transform from the old security industry to a new modern ecosystem. And I think that's going to be starting as of right now. So I want to just tell people, got to go to siliconangle.com. It's amazing what the crew there is doing. We've got the write up from Jay Chaudry yesterday. We've got John Chambers on the network. We've got all the news and announcements. I mean, they've got a special RSA section. John, this is, it's just unbelievable how much content is flowing. We try to have the Microsoft's top people on there. PR is only putting marketing people out there. Microsoft's not putting spokespeople out there. We had AWS on. They're putting people out there. So very easy to see the big companies, their transparency there is interesting. I mean, this is incredible. All the news, all the stuff, the RSA highlights, what CrowdStrike's doing, what Dell's doing, the Google Chrome announcement that we just talked about. Gartner's got a new SASE, Magic Quadrant that they've analyzed. News on inflow blocks, Akamai, IBM. I mean, dozens and dozens and dozens and dozens of news articles and analysis. We've got our breaking analysis up there. And John and I do, we launch the podcast, The Cube Pod. We record it every Friday. We drop it, you know, later that day. John, I think we're in what, episode eight now? And so that's been a real success. It's still in beta. Yeah, but we're playing around. We're perfecting it. We'd love to know your feedback. Check out The Cube Pod. You know, wherever you listen to podcasts, love to subscribe. And check out TheCube.net. That's where all the action is. We'll be here back here tomorrow, Thursday, to wrap up RSA 2023. Dave Vellante for John Furrier, the entire Cube team. We'll see you tomorrow.