 Hello everyone, we are wrapping up our coverage of MYs here in Washington DC. We've had three action-packed days of theCUBE's live coverage. I'm Rebecca Knight, your host, along with my co-hosts and analysts, Rob Streche and John Furrier. So, gentlemen, social engineering, malware, push fatigue, S-bombs, tabletop exercises, China as varsity. Where are we, what have we learned? We'll get you out. That's the wrap-up right there. Done. I'm glad I got you. John, I'm going to start with you. What has struck you most about this, about what we've been talking about here on theCUBE and the hallway conversations are happening? I think probably this is one of the most invigorating CUBE events in a long, long time. In the sense of the content was on point, very relevant. I think it's cool because I like cybersecurity. I've always been talking about cyber war and been yelling on top of my lungs for 10 years. And finally now the world gets it. But I think my big walk away is the learnings that I learned was there's a lot more to unpack in this than I thought. And I thought it was huge to unpack. The geopolitical aspect of it is very mainstream right now. And I think it's a time that everyone's kind of taking notice that we got a problem. And the problem is more than just getting malware hacks. They talk about zero day threats, which means for the folks who don't know in zero day, it means vulnerabilities that are not yet discovered, just hasn't been in the days. Clock hasn't started on fixing things. So software that has bugs in it are discovered by the hackers first, so they get the time on the exploit before anyone knows it, that's zero day. So the fact that more zero days are happening means that they're in compromised net systems, free reign, what they call lateral movement or living off the land, a term that they're using. So I learned a term living off the land. I learned it off that, but the threats are real. Not just your old fashioned good old malware, keylogger and or hacks, it's targeted militant like funded teams who are pre-orchestrating maneuvers and plays to infiltrate and get the jewels, the data and from ransomware to other damage. So the problem is massive. And so to me that was my key learning. The other learning was, which we kind of known for a while is that the social engineering thing is state of the art hack. That is it. And the fact is that's never going away. That was another learning. So to me, social engineering and then the whole China playing as varsity, as you mentioned, it's huge. And I think it's good news. We had now know that the states are running, state actors, China, Russia, North Korea are actively using cyber as an income generating mechanism and a warfare tactic on the United States and other countries. Right. And I think from a zero day perspective, I thought what was very interesting was the fact that the fact that there are more zero days being used means that other defenses have gotten better. So I'll take the positive sign side of, as they were calling it, hot zero day summer, ought day or whatever you want to call it. It was O day and it was all thrown around in different ways it was put together. But I think that is actually a positive when you start to look at it. We've gotten our defenses. We've got perimeter. We still need to do more because again, they throw, they lob one thing over it causes a thousand different responses that are needed. They only have to be right once. We have to be right every time. There's that burnout and those organizations to your point, John, where are building out like with, they have HR teams. They have like their corporations that are making millions and millions of dollars. They're formed that way and they have employees and they have payroll and I think to me. Not just teenagers and hoodies. Yeah, it's not the guy in a hoodie in the basement that you have to be most worried about. In fact, they were talking about one of the most successful hacking groups actually doesn't use malware. It doesn't use zero days. It's all about social engineering and you were talking about the whole push fatigue and really how do you get people to give you access versus how do I hack in to get access? And I thought that to me was one of the keys. I think the whole conversation and we just finished with Phil, the CISO for Mandiant and Google, it's you start to look at the fact that AI is going to change the game both positively and negatively for attackers and for defense. I think I'll take that glass half full on that one as well and say I think it's going to help even more on the defense side than attack side. I think the social engineering part of it scares me a little bit with deep fakes and some of the stuff that's going to be done there. But I think that to me was really interesting. Yeah, yeah. Rebecca, what did you learn? So all of the above. I mean, this has been a really illuminating conference for me. It's my first time being back with theCUBE since the pandemic. So it's been a lot of fun hosting with you guys. But as you said, we're in really shaky geopolitical territory right now. So truly grasping the threat of China and of course Russia, North Korea, Iran, the other big espionage actors, that's been frankly pretty scary. But then as Rob said, there are some things that we should be excited about and really say, okay, things, we can get better here and AI is going to help with the burnout problem. It is, I mean, of course it will help the attackers too, but it will really help teams get their jobs done because it will take a lot of the toil out of take a lot of the rote tasks that are frankly boring and allow them to either spend more time on the stuff that is interesting and value added, but also do more training and really get to know their organizations inside and out and understand what they're dealing with so they can spot things faster. Yeah, and I think on that point, we talk about culture a lot on theCUBE, Rebecca and the future of work and personnel and I think from a personal standpoint, cyber is moving out of that niche discipline where certain skills are needed, mostly male dominated, now we're seeing more females, the aperture of opportunity, democratization of data and clouds bringing security up and with a geopolitical focus, I think people can look at it and saying, wow, this relates to the common person and I think that mainstream aspect of security is going to open up new opportunities across the board, more diverse workforce, because let's face it, more diversity equals more solutions, more creative solutions, and two, it's a lucrative field. And the skills to get in like a grandmaster chess player, there's only a few of them, with AI an average chess player can be a grandmaster, so I think AI is going to be an opportunity for the personnel side of careers and that's going to open up, I think, a flood gate of new opportunities for people to enter in and level up as the technology transfer from old to new comes in, I think it's going to be an interesting industry and I think the mainstream of it where it's like, the bad guys are hurting my fellow American or fellow citizen is one and then the other thing is the collaboration and the Ukraine war Russia dynamic, I learned that that actually made China become number one, but also distracted and forked Russia, because Ukraine's well known as the test kitchen for the Russian stuff and we heard that today from Sandra. So, okay, now Russia's kind of been taked down a peg, but the collaboration that the US is learning from that war creates a collaborative geopolitical opportunity for diplomacy, Rebecca, rather than military response. So that to me was an awakening for me saying, this is not just a military response issue, it's an opportunity for democracy to work. But also getting back to what you were saying about the jobs itself, we know from research that Gen Z in particular really wants to work in a field where they feel a strong mission, where they feel a sense of purpose, they feel a value, you're protecting, you're protecting our country, you're protecting fellow citizens from attack and so I think that it's a really powerful mission. So I do think that there is a lot of hope for filling some of these jobs in cybersecurity. Yeah, I agree and I think also the diversity for a creativity aspect of it is key. I think we have to think differently and getting more people, more diverse voices there really does help you be more creative and I think that's been talked about in a lot of the different folks that we've had on, as well as some of the talks in the hallways and I think that people thinking and doing the same things they've always done, I think a lot of the people who are here know that that doesn't haunt anymore and you have to think differently, you have to think more creatively because they're not sitting there. Again, they're trying to be as creative as possible about how they come in, get into your network, get into your facilities, take your money, take things down, ruin your reputation, what have you and I think that creativity is one of the things, it should spur new people to get into this industry because I think if you want to be creative, you want to solve problems, you want to save the world, this is one of the good angles you can go down as well. The other thing that surprised me is the North Koreans, crypto focus and nuclear tie in which I wasn't really paying attention to that piece but they're funding their entire cyber war effort and their nuclear programs. 300 million. With crypto stealing, that to me was a shock. Yeah, that was crazy, I mean they were talking about that 300 million dollars of stolen crypto had gone into the DPRK and basically is funding the missiles and the uranium and all of that which is scary when you start to look at it and also that the North Koreans are really good at supply chain attacks and that was one of the learnings that they're like the varsity team on supply chain attack which was very interesting to hear and I think there was a lot of hey, this is how people go and I think that actual ecosystem that was here and the sharing amongst the ecosystem was another thing that I thought was extremely strong here this week. Yeah, no, I think there's a real urgency to solve these problems and a real desire to bring government and the private sector to work together and we need this to happen. Yeah, I mean my big takeaway on that piece is that the speed game, the varsity sport comment was made in China being now the new varsity sport things that number one was this is a athletic like vibe, varsity sports we heard, team sport, shared responsibility model. So a lot of teamwork, a lot of collaboration, a lot of culture there but to me the issue was the technology proliferating faster than you can protect it and the speed game is key and there's a need for modernization of the defense. The same tree between the attacker and defense is tilted big time so that asymmetry fixed is going to be happening but if you're an IT guy from say 10 years ago you got to up your game to be in this it's a pace of play as you told us at Google Next, massive. Yeah, I think that was it, it was also it was a continuation of what happened I think again we came out of Google Cloud Next really pumped up and drinking the AI cooler drunk on AI as we were saying there but I think this had that same kind of vibe smaller event but really had that strong sense of ecosystem and strong sense of let's get work done. You know we're beyond just playing around now let's actually get to work on this stuff. I mean I think a whole new category is emerging on from a vendor standpoint where you'll see startups come out of the woodwork or big players augment their offerings where we always been talking about AI what AI does for the security industry making us more protected and defending ourselves but securing AI, okay to get regulation for a minute which I'm against I think that's going down the wrong road but how do you secure AI was a big topic here that to me is going to be an ongoing conversation I mean the SEC has rulings now you've got to file 10 K's in your 10 K any breach notify investors. It's like it's getting serious. Yeah it is a great note to end on we're serious you heard it here first we're serious John Robb a pleasure working with you this has been a really great show. Awesome a lot of fun. I'm Rebecca Knight for Rob Stretch and John Furrier stay tuned for more of the cubes live coverage we'll catch you next time.