 Live from New York City, it's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify and the Institute for Critical Infrastructure Technologies. Okay, welcome back everyone. This is theCUBE's coverage of CyberConnect 2017. Live here in New York City at the Grand Hyatt downtown on 42nd Street, I'm John Furrier. My co is Dave Vellante. This is Centrify's inaugural event that they're presenting and they're underwriting. It's an industry event between industry and government and really around the crisis of our generation, which is cybersecurity and its impact to the transformation to global society and our coverage here. Our next guest is Shira Rubinoff, who is the president of Secure My Social, which is really cutting edge human aspect of social engineering, meets security, prime tech partners, cybersecurity, IOT and an influencer, but also doing some great work, advising startups, great participant in the community and certainly great to have you back on theCUBE. Thanks for joining us. Thank you, pleasure. So you're in the front row, I saw you and Dave, I couldn't get a seat on the back of the bus here at the General Keith Alexander's keynote, among other great keynotes here. Really an inaugural event. And inaugural events are great because it's a sign of the trends, but also, you know, if they do a second event, it worked, right? So you never know, there's never going to be another event, so inaugural event means something. It means that the world has come to the realization that the world has changed, realities are here, and that the old way isn't good enough. And you're in the middle of it. What's your thoughts, what's your reaction to the program? Well, you know, it's interesting. It also even goes back to the old technology days when you buy by brand. No one's going to fault you for buying the brand name, so everyone just went along with buying the trend and buying the brand. And as technology advanced itself as well, we started seeing doing it the old way is just not going anywhere today, especially with the millennials entering the workforce, how things are done, how people approach technology and security is very different. The human factors of information security is taking a front row today in terms of security, in terms of the weakest link of the chain, whether it being phishing, finding the entree into an organization through the weak link of the human, or in terms of tricking people for doing other things while they're outloading malware, or even circumventing different technologies that are layered upon each other because there's just too many layers of security on each other and not making it easy for somebody to use the technology and keeping it strong. Yeah, Shira, I bring up a good point about the human aspect of it. There's an old joke in IT where there's a fork or the cork in it, and someone would say, why is that there so they don't stick the fork in their eye? And that was just a joke on the old system admin joke around human error, around updating. That's been around for a while, but now there's a whole other social engineering going on around the business of cyber attacks, whether it's mafia's or organized hacker units that do it for business, for profit, to state governments where it's social engineering around the human vulnerabilities. Our key, this isn't your area, it's your wheelhouse. What is the key thing that's happening? What should people be aware of? What's your analysis? Well, I think people have to be careful of what we're sharing. I think there's many different entrees into finding again when we talk about the human factors, whether it being government, whether it being a technology company, whether it being a C-suite, whether it being through social media. It's being trusted the wrong people, trusting the wrong sources, and just being open and not being over-careful and checking your sources and making sure you're actually linking up whether it being on the LinkedIn also. I was talking to someone earlier that people were accepting LinkedIn invitations from non-trusted sources, and they'd seem to look okay, but again, a social engineering piece that comes in that allowed others in to actually see context and find a breach within an organization, somewhat like government. It can also be across all communities. So that's a very nuanced point. That's the LinkedIn, for example, not to pick on LinkedIn, but Facebook, I mean, I'm an overshare, so probably being hacked 10 ways on Sunday, but you can have whatever you want. But, let's take LinkedIn. Here's an example. A practitioner could say, I work on the servers for Chase Bank, and I handle the Apache, whatever, project. That's metadata that can be used against that person. He's putting it out there. He or she, for a job, potentially, to showcase their skills, yet the bad actors can use that and figure out what communities they're in GitHub, their participants. So it's a gesture signal point that you, is that right? Am I getting it right? Correct, correct. And that's what some of the companies actually puts allowances around what people are allowed to share on LinkedIn. However, there's the double edged sword because they're telling their employees, do not overshare and say specifically what you're doing. The employee themselves are saying, hey, I want to be open to recruiters to come find me because who knows what my next gig is. So they're going to overshare what they're doing to show all the experience that they have so they're open to other job opportunities. This is really interesting conflict. And again, I'm torn because, religiously, I'm a big believer in the democratization of media and society. But what you're talking about really is a counter against the democratization because that's based on sharing which sets for open sources from and so this is going to be some sort of shift. Correct, correct. Well, that also plays into the whole millennial shift of how it's approached through the workforce. Millennial generation share everything. Everything is open. My whole life is opening itself up on social media. I want you to know what I'm having for breakfast because you might want to have it too. By the way, this is what I'm working on at work because you might find it interesting whether it being that their boss are saying, don't do this. They're saying, don't tell me what to do and I'm going to work from home half the time. It's a millennial shift and we have to shift with it. It's going that round. So to what degree can we take bad human behavior out of the equation? Tooling, technology, maybe it's process education. Well, I think it has to be many factors. There has to be the education around it. There also has to be implementing the right technology to warn users if they're doing things the wrong way. For example, my company Secure My Social, we are technology assisted self-monitoring company to allow for employers to give employees to self-monitor across social media based on compliance with the organization real-time warnings. So it would warn the employee if they've employed themselves would be doing something wrong. So implementing technologies of that sort whether being whatever the organization may be open to. So you have the education piece. You have the partnerships with the right technology companies and you also have allowing the employees to have the right types of security around what they're doing themselves without being so involved in what they're doing because then they're going to have a big push back. So there's a very fine line you have to walk here. And the psychology is interesting. You mentioned the millennials too because that's their norm. Correct. And they want to be part of a tribe, right? So the belonging aspect of social is becoming a norm. But now we have to have practices. What's your vision of this? Because that probably won't stop. It's a behavior that will constantly be there. Is that going to come in the form of products, solutions, a better identity? Well it's going to come everywhere. If you look across all generationals from the boomers, Gen X, millennials, things shift with the generations as it comes down the path. So certainly through technology it's going to shift too. Easy to use, no extra steps to download as Centrify has. They want a one point of contact. They want to overlay technologies on technologies which is what I speak about a lot. My background is heavily in psychology and human aspects. So make things as strong as they can be without cumbersome to the employee. You want them to use it, not break it, not go around it and not just throw it out the window. So you're a great guest and music to our ears because Dave knows I've been on this rant for a long time. User experience is really about user expectations. And as expectations shift, that's kind of where the puck will be or whether you're skating through the puck or skating with the puck as some people are. The question comes down to this young generation because General talked about this new cyber warfare but there's no West Point, there's no Navy SEALs. Yeah, and that's going to come from a gamer culture potentially or the younger generation. So I got to ask you, do you think we're going to have a counterculture? Because in every revolution, I think take the 60s. We're the 50s parents now, right? Or the 50s generation, or are we? So I've been kind of speculating that I think we're on a cusp of a counterculture revolution. The summer of love of digital is coming. Or maybe not, what do you think? I think it's very interesting the way it's shifting across generations. I think that the generation, our generation before us are trying to take this millennial generation and put them in a box and saying, follow my rules or else you're out and the millennial generation is like, make me. So it's not going to happen that way. They're going to actually drive the force of how technology is going to be created and how the business world is actually going to react and act towards them and how things are going to flow after them. And just way to the following generation, things are going to be a lot looser. So you think it's going to be some massive change being shifted from their expectations. Correct, correct, yes. Well, I mean, I feel like millennials are in for a great awakening because right now they don't have a ton to lose. As they get older and the crew more well. Millennials are generally lazy, right? I mean, as my son would say, no, they're smarter, they're lazy. They make me generation. Okay, and so fine, be careful what you wish for. But is there a gamification involved, the psychology of getting humans to behave the way that you need them to behave in order to have good security practices? Yes, no, I think that's a great question. I think that based on what the millennials are doing now and how the shift is happening through the Gen X and millennials kind of intertwining the businesses and the way technology is created and move forward, I think that it's going to somehow have to kind of combine forces. I think there's going to have to be a little give and take and I think as time progresses and things mature, that it's going to be understood and it's going to be adapted by them and adopted by them as well. So, talk a little bit more about your company, MySocial, security MySocial. Secure MySocial, yes. Yeah, what does it do? How does it help solve some of these issues? So, Secure MySocial is a technology-assisted self-monitoring tool for employers to give employees to self-monitor across social media based on compliance and regulations of the organization with real-time warnings and auto-delete capabilities. Basically, the organization would buy it based on where a person would fall in the organization. There'll be specific rule sets applied to them, whether it being group rule sets for C-level people, marketing and the like. You don't want false positives. And they, the people themselves, would get a real-time warning to their known device for SMS or to the known web address. But I will backtrack a little bit because most organizations, if not all today, have certain criteria of what you can and can't do across social media. But the most of the problems, if not 98 or more percent, of data loss and reputation happen outside of the office. It happens on lunch breaks, vacations, weekends. We can't monitor people's personal accounts. So we're making the users themselves, they would get the real-time warnings. There's nothing to download, nothing to install. They don't give over any personal information, yet they're protected and we're able to keep it across the whole thing. So it's an insurance policy for the employee saying, look, here's a little notification because you know that if you say that drunk tweet, let's get real, right? Or do something that's at a concert. The CFO of Twitter mistakenly tweeted out the earnings of Twitter instead of doing a direct tweet. Things happen, mistakes happen, it's the human factors, as at all. And your technology could have stopped that? We could have actually obviously deleted it before it went out. It's almost, I don't know if it's happening on the West Coast, but around where I live, there's all these, their speed signs are going up. It tells you how fast you're going. And you know, it's kind of like- It's like that angel on your shoulder saying, do you really want to do this? It might be 25 and you see it, you're going too fast and it's flashing. You slow down. It actually works. We use Waze in California, it's more- It lets you know where the cops are. No, but no cops. There's no cops around. I know, that's the same. Waze is more effective. You get there faster, you know? No. If you don't mind, I'll let you- Yeah, if you don't mind. It's this subliminal message that says, hey, whoa, yo, slow down. Like that angel on your shoulder tapping on your shoulder letting you know. It's the good angel. No, I just wanted to mention also, a new venture actually launching at the end of the month is called Prime Tech Partners. We're an incubator here in New York City near the Flatiron District. We're going to be launching then to November focusing on augmented reality, cyber security, information security, and e-commerce. Opening up to startups. And please check it out, Prime Tech Partners. Sure, do some great work. I got to ask you the question because you have the startups of the Canary in the coal mine. They'll tell you kind of what's happening, give you a barometer. What is going on in the startup areas around security because there's now a range, diverse range of opportunities from blockchain all the way to enterprise. Sure. So, everything in between. What's the chirping happening in the minds of the startups as they create new ventures? Well, it's interesting. When you talk about what's out there, we talk about almost like an umbrella. Sometimes people would put cyber security over the whole umbrella and then fit artificial intelligence, augmented reality, virtual reality, blockchain, everything kind of falls under there. So, it's actually moving along with the system. There's a lot of artificial intelligence is making a big play in the high IoT world. There's quite a bit of technology coming out there, all finding the whole problem. And if you look at everything, there's a lot of the human aspects of information security that they have to take into account when developing and when pushing it out because at the end of the day, it's all social engineering. It's the human factor, whatever you're creating. And we're seeing the same thing of the Kubernetes that go to hundreds of interviews and shows a year. The trend is every part of the stack is impacted by this. Exactly. At an infrastructure low level from multi-factor authentication all the way up to Docker and Kubernetes at the DevOps level, the app level to wearables and... Well, wearables certainly, right? Gaining someone's information. Geo information. And being able to write. Well, here was an interesting, I went into, I had a law firm that contacted me. They wanted me to do some consulting for them. They implement this most beautiful, high-tech, gorgeous office. And so I was in there talking to some of the partners and they were plugging in their new smart TVs and their smart fridges, everything into their network. You don't have to breach the network to get their information. Well, breach Sony. You breach into Sony, whatever, whoever the manufacturer of the TV, the fridge, whatever it is, they're thinking IoT. Well, they can gain access into that law firm, gain information, and just take all that information and utilize that. So there's so much thought to be put around, even the IoT world, artificial intelligence, the human factor, take a step back. If it's a network device, it could be hacked. Exactly, yes. So as part of your mission, just to make people aware of humans' role in bad security practices, I mean, is that a big part of this, is sort of shining a light on it? Yes, I think there's also most like a stop and pause. When you're creating a technology, whatever it is, and people are looking, oh, I'm going to make this stronger, I'm going to make this better, I'm going to make this faster. Oh, here, let me put another control over it. And here's another control. And by the way, they have to go around this and do five things, we're going to have the best thing out there. They're not going to use it. They're going to break it and circumvent it. Stop, there's a person there. How are we going to make the person use this to the best capacity? How's it going to be strong without giving them all those extra layers? Anything you're doing, there's a person there. You've got to stop and think and figure out how to utilize it the best way. Shira, give us some predictions for next year. It's the end of the year, so predictions are coming. We had our meeting this week, our last week on our predictions. So we're going to put you in the hot seat. Your predictions for next year, hot trends you expect to see, what are you expecting? What's your prediction for next year? Well, I think IOT is going to take a big forefront, especially with the smarter cities, the smarter homes, as you're talking about the wearables, artificial intelligence is going to kind of play into that as well. But I think that people are very excited about becoming, let's quote unquote, smart. Not at no extra steps, right? When you have the no extra steps, remember you're opening yourself up for something, do it smart. But IOT is really expanding itself into every infrastructure, whether it being utilizing, engineering, whether it being cities itself, whether it being homes, and the wearables are also, like if you look at what's going on with Fitbit and then you have the next Apple and then there's something else every other day that you could put on yourself and you could get any information what you want. So people are connecting the IOT to the industrial side of their analog to digital. Exactly, yes, yes. And I think that's going to become a forefront in the next year. Great, what do you think of the event here so far? I think the event's terrific. We've had some amazing speakers here and I think they're all highlighting the fact that we have to share expertise and really come together to bypass the problems that are out there and work as a unit and certainly Centrify's doing a great job here. Very happy to be here. Great, well good luck everything next year. Thanks for coming on theCUBE, really appreciate it. Thank you, happy to be here. Fabulous commentary, great analysis and opinion here on theCUBE here at Centrify's event that they're underwriting for the industry it's an industry event called CyberConnect presented by Centrify, I'm John Furrier, Dave Vellante. Stay tuned for more live coverage here in New York City after this short break.