 Hey everyone, welcome back to theCUBE's day two live coverage of CrowdStrike Falcon 23 from Caesars Palace in Las Vegas. Lisa Martin here with Dave Vellante. We've had an amazing, nearly two full days talking with CrowdStrike, its community, the ecosystem, customers, partners, executive leaders. We have one of our alumni back with us. Sean Henry joins us. The Chief Security Officer at CrowdStrike. Sean, great to have you back on theCUBE. Thanks for having me here, it's fantastic. This morning's keynote was even more full than yesterday's keynote. So, lots of interest, people were sitting on the floor when I was leaving the keynote to get to set. So, over 4,000 people here, 7th Falcon. Talk a little bit about the global security industry from your perspective, what are some of the things that you see the challenges customers are facing and how CrowdStrike has positioned to help them. Yeah, that's great. I mean, being here at my 7th Falcon as well, just to see the growth. And particularly, you talk about kind of global. We are a global company, the international attendees. There are people here from all over the world. I've talked to people from Australia, from the Middle East, from Japan, all over Europe. Canada, my colleagues gave me a Canadian pin. So important to recognize that this issue is really a global issue, it's not a US-centric issue. And to listen to some of the challenges and the complexities that our international partners are seeing and facing and how we can help them is really important, I think, for us as a company to step into. So adversaries are dangerous, they're increasing their speed, their tactics and techniques have been augmented over the years, and when I talk to people around the world, they're facing that strife. Is the cyber world flat, Sean, or are there stark differences in regions and approaches? That's a great question. There are different adversaries that will target different regions, but there are other adversaries that will target organizations regardless of where they are. So as an example, some of the nation states that will use cyber as a weapon. Iran is a great example. They're targeting certain parts of the world, right? They're targeting Israel, they're targeting certain countries in the Middle East. There are other nations looking for competitive advantages in certain areas. Then there are other groups within those same nations that are much more global and they're targeting sectors. So the financial services sector, for example. Regardless of where a bank or a financial company is located, they're going to target them. They don't care. So some geographic is associated with political attacks, with kinetic attacks, what we saw Russia, Ukraine, for example, others are much more widely based and really pose a threat to industries regardless of where they're located. Who was the, I don't know what the right sports analogy is, you know, the Kansas City Chiefs or the, maybe it's the joke of it. Who's the joke of it of nation state attackers? Like, who's really good and bad at being bad? There are dozens of nation states that have offensive cyber capabilities. So the ability to make access to exfiltrate data, intellectual property, government secrets and strategies, and also to launch destructive types of attacks. But we usually talk about the big four, Russia, China, Iran, North Korea. Different capabilities with different types of tactics, but all four of those collectively are posing a risk. And interestingly enough, we've seen overlap where there's been some collaboration, sharing of tools, sharing of malware, sharing of tactics, much the way nations align in the physical world, they also align in the cyber world. We talked about this last year. A lot of this transpired in the past 12 months in Ukraine, I heard Elon Musk on the All In Summit this past week talking about Starlink, and that's really the only way you can get internet evidently in Ukraine. But are we basically seeing the future of war unfold before our eyes? And that's, it's cyber led? Yeah, I think cyber type of attacks have been part of the kinetic world, the physical world for actually probably a decade or more. What we've seen historically is adversaries using digital exploitation of devices for espionage, to steal corporate secrets, to target companies that are in the defense industrial base, to learn about what new weaponry is being developed. So we've seen that for the last decade at least. But what we're seeing now is digital attacks in advance of a kinetic attack. So for example, in Ukraine, where we saw targeting of the power grid, where we saw disinformation to try and cause confusion and to create some type of dysfunction on the ground in advance of tanks rolling across the border. So it's very interesting to see how it's being used in collaboration with physical attacks. Previously it was used as a component, but now I think we're seeing it more move to the physical world. As we look forward, we might be seeing it as a very strategic attack vector where networks are attacked, taken down, causing much more disruption and destruction than we saw in Ukraine two years ago. So has the U.S. posture, and I don't know, you probably consult with them so you probably can't say much, but to the extent that you can, has it changed in terms of offensive or defensive versus offensive, say in the past decade, and if so, how? So we always say the offense informs the defense. We talk about this digital game of cat and mouse where you build a defense to counter an offensive attack and then there's a new offensive strategy that's put in place, you build another defense. I think that it's important for us as a cybersecurity company to understand adversary tactics, to collect the intelligence that helps us understand who are they targeting, why are they targeting them, how are they targeting them, which allows us to be proactive and to get in front of the attack so that if we can start to see some of the strategies being deployed or some of the malware being deployed, some of the tactics being deployed that we know are indicative of what they've done historically, what they're likely to do based on intelligence we've collected, we can actually prevent it, stop it from happening. So the offense and the defense are always going to play off each other, not unlike sports, football, baseball, cricket, whatever it is, you've got a strategy, offensive strategy, defensive strategy to overcome it, you've got to be able to exploit weaknesses in one or the other. How's cricket work? Can you explain that? Never mind. Let's talk about the defenders as the global cybersecurity landscape, as you've described, is so dynamic. We've seen so much change. You talked about the four nation state actors, you talk with customers all the time, you led a great panel yesterday with four customers, but what are some of the major pains they're coming to you with saying, help us figure this out because as we know, one of the themes from this event is speed. Great Formula One reference here, but helping the defenders get faster as the adversaries get faster. What are some of the pains they're coming to you with? Yeah, I think one of the things Mike Santona as our president spoke about this morning was the complexity. Yes. And you think about organizations that are bringing new technologies, innovation to enable their businesses, right? It's technology for good. And when you do that, oftentimes what you do is you increase the attacks space for the adversary. You put new technology, new devices, new innovation, and there are inevitably going to be vulnerabilities that will be exploited. It becomes incredibly complex for defenders to understand the totality of their environment and then to understand how those adversaries are creating those exploits and where they're deploying them. And what our customers are looking to us for are a couple of things. One is clarity. They're looking for a strategic vision to do all the back end legwork if you will, to do all the homework to understand all of this. So when they do deploy it, we can come in and help them provide the security that will allow them to run their operations without them having to scramble for days or weeks or months trying to figure that out. That's what they're asking for. They want the easy button. They want to be able to support their organization and not just spend just inordinate amounts of time and money trying to figure out how to secure it. So I think with the technology we've developed the Falcon platform, it really does enable that capability and gives them the level of comfort and confidence that we're by them when they're in a dark time, we're going to stand beside it as a partner. You know, we'll go ahead, please. Giving them that comfort, confidence, helping them, I'll go with the Cs. Eradicate the complexity, the cost and the catastrophe that Mike also talked about because nobody wants to be the next headline. Yeah, you know, a lot of these CISOs sometimes I think they feel like they're walking on eggs, right? The reality of it is, while the CISO may be the accountable executive in a company, it has to be a whole of company response. Security is a whole of company response. So there may be people in other organizations, there may be financial decisions that are made not to invest in certain areas that ultimately lead to a breach. And the CISO is going to be held accountable sometimes, oftentimes. I think that one of the things, and I've heard many CISOs say to me personally and to other colleagues of mine, like you saved us, you helped us, I can sleep at night. Those are the things that, honest to goodness, just make me feel good. I've been saying it to people for the last two days when they grabbed me in the elevator or getting a sandwich at lunch. Hey, it's so great, we love you guys. And it does make me feel good that we are helping to protect critical infrastructure. We are protecting good people from bad things. And I'm in this for the mission. I'm in this to help save people and we're doing it and it just feels good. The Mattel CISO basically said that. What'd he say? He said CrowdStrike basically paid for itself. He won an award for that. Well, I got to tell you, I hear that often enough to know things are working the way they're intended to work. If there are gaps or there are things that need to be addressed, I love to hear that too because we always want to get better. Anybody that knows George Kurtz, our CEO, he wants to win. He wants to go fast. He wants to be on top. He wants to protect our customers. And we are listening to people. So as wonderful as it is to hear all the platitudes, I love it. I also listen to people and talk to people about things they want to see differently. I've been taking notes here for the last day today, talking to customers about things that they want to do. So it's important for us to listen to customers, to hear their pain points. What are the problems that they're having? So going forward, we can be in front of those things, not having to react, but to be proactive. You guys obviously have a very wide observation space. You see things that, you know, we don't, you see things well before they hit the press. Like I didn't know scattered spider until the MGM or Caesar's hack, I forget what it was. But that sounds like it was just a failure of where a user just wasn't educated or the processes fell down. And I don't know, does the CISO, he or she's got responsibility for everything, but to your point, it's a whole house problem. I mean, that just was an amazing breach of trust. I mean, but, you know, bad user behavior is going to beat good security every time. So as a CISO or CSO, how do you inject that culture into the environment? So it's a great point. I think that from a security perspective, I tell people that I work with you, you got to lean in, right? We need to be pushing the envelope. We need to walk up to the line. We always are going to do things lawfully with integrity, with good morals, but we're going to walk up to the line. We want to make sure we do everything that we're able to do to protect our employees internally. I'm talking not the customers, but internally as a Chief Security Officer for our folks. And we have to have the right culture that people need to understand that we're the first line of defense, right? Social engineering is a way, adversaries are able to get credentials from somebody, utilize them to gain access to bypass technology, not unlike somebody who leaves a back door open, they go out for a cigarette smoke or they prop the door open because they don't want to use, bring their keys down and employees for us are top line of defense. And I think every company needs to understand that you've got to look at security 360 holistically, 360 degrees, everybody is a part of the solution and everybody could be a part of the problem if they don't address it and take it seriously. Well, it's funny, I mean, everybody's been affected in some way, shape or form. I was talking to somebody the other day, I won't say what was it. They had never heard of the term ransomware. Right, that's what I said. What? Excuse me? What? It was like, you know, weekend party kind of scene. I go, yeah. And they go, explain that. And there was no awareness and that just struck me in our little enclave of a hundred people in 99 seats. You know, we're very much in tune to it but the broader society, we still got a lot of work to do. Yeah, education of the public is a top priority. For me, it's been for many, many years to have people understand the risk and I now am doing that with boards of directors where they certainly have heard of ransomware but they don't necessarily understand what the implications are if their organizations hit with ransomware. They know it's bad and they don't want it to happen but I don't know that they have a total appreciation for the complexities around it and the liability that they face, both as a corporation and maybe even personally where there have been lawsuits against individuals. So I think it's incumbent upon me and others in the security business to be evangelists to let people know, you know, we're not here to tell you the sky's falling. We're talking about real life facts, real life examples of what the vulnerabilities are, how you might suffer, what your personal risk is, what your corporate risk is. So you can pay attention and appropriate and deploy the appropriate resources to ensure you're helping to mitigate that problem. That shocks me that because we talk about ransomware so often and it's become a matter of when we're going to get hit, not if. We've seen so much change in evolution in it over the last couple of years alone. I thought it became more household when colonial pipeline happened but I'm in tech so maybe I'm biased to that. But it sounds like from your perspective there's still a lot of evangelism that needs to go on across every industry because as we look at what happened in Vegas and the world knows about Vegas as this big crazy party city and maybe there will be silver lines that will come out of it that will start to help on the evangelism front knowing that a casino, ransomware, what is this? Should I be concerned? Yes. I think everybody wants to know when they hear about a particular issue, whatever it may be, what does it mean to me? And part of speaking to groups, speaking to companies, speaking to boards is letting them to know this is what it means to you. If what happens to your company doesn't really concern you, well it might actually have an impact on you and people just need to understand that and by the way, when I talk about that think about future generations as well, right? You have children, grandchildren, this problem is going to be here long after I'm gone and I'm hoping that younger people are getting into the space, they're focused on security, they get it, they understand it because everything we do is internet enabled, right? The way we get water and electricity, the way we move goods, the way we buy and purchase, manufacture, everything we do has some type of internet connectivity today in 2023. Fast forward to 2045, you know, there are going to be innovations that we can't even think about today and they're going to be there. We need to be prepared to protect against them, otherwise people are going to seriously suffer. What do you do when you meet with a customer or you're consulting with somebody and they say, under what conditions should I pay the ransom? The FBI would tell you never, because you're just feeding the beast or if you're paying money to North Korea, that's against the law. But if my business is down and I can't get data back, my application's back, under what condition should I pay the ransom? I've had this conversation, right? I would say I would never want to pay. I understand where companies have been in positions where they felt they had no way out and had to pay. What I will tell companies when they ask that question, well in advance of it actually happening is, invest in security and don't worry about making that decision in the future. If you invest in security, you're going to be able to mitigate the consequences of an attack. If you are asking me a question like that six months from now, then you've made some bad decisions along the way and it's really important that you're thinking about this proactively, not reactively. It's so important being proactive. Sean, it's been such a pleasure having you back on the program. We know you have to get to a meeting, but thank you so much for coming out and talking about the global landscape, what's going on, and still all the education that's needed. We are appreciative that you're in the position that you're in. It's a pleasure. Thanks for doing what you do because you're helping to evangelize and get people to understand what they're facing. Thank you, Sean. Thank you. Thank you. For Sean Henry and Dave Vellante, I'm Lisa Martin. You're watching theCUBE live from Caesars Palace. Crowdster, ExcelCon 23. We have a couple more guests next. Exciting conversations. Don't go away.